From 96f58f1cff33a611b3819ce5d3c0496a984f6ae5 Mon Sep 17 00:00:00 2001 From: techno-467 Date: Tue, 7 Jan 2025 21:24:24 +0530 Subject: [PATCH 1/2] [DSD-6971] ARC 1.2.0.2 release changes Signed-off-by: techno-467 --- deploy/README.md | 16 + deploy/copy_cm.sh | 24 ++ deploy/delete.sh | 39 ++ deploy/group1_values.yaml | 3 + deploy/install.sh | 84 ++++ deploy/restart.sh | 25 ++ deploy/topic/create_topics.sh | 24 ++ deploy/upgrade/README.md | 13 + deploy/upgrade/dmz-landing-pv.yaml | 15 + deploy/upgrade/dmz-landing-pvc.yaml | 14 + deploy/upgrade/dmz-pkt-pv.yaml | 15 + deploy/upgrade/dmz-pkt-pvc.yaml | 15 + deploy/upgrade/dmz-sc.yaml | 6 + helm/regproc-camel/.gitignore | 2 + helm/regproc-camel/.helmignore | 21 + helm/regproc-camel/Chart.yaml | 21 + helm/regproc-camel/README.md | 11 + helm/regproc-camel/templates/NOTES.txt | 1 + helm/regproc-camel/templates/_helpers.tpl | 60 +++ helm/regproc-camel/templates/deployment.yaml | 135 ++++++ helm/regproc-camel/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-camel/templates/service.yaml | 28 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-camel/values.yaml | 380 ++++++++++++++++ helm/regproc-group1/.gitignore | 2 + helm/regproc-group1/.helmignore | 21 + helm/regproc-group1/Chart.yaml | 20 + helm/regproc-group1/README.md | 11 + helm/regproc-group1/templates/NOTES.txt | 1 + helm/regproc-group1/templates/_helpers.tpl | 60 +++ helm/regproc-group1/templates/deployment.yaml | 142 ++++++ helm/regproc-group1/templates/extra-list.yaml | 4 + helm/regproc-group1/templates/pvc.yaml | 32 ++ .../templates/service-account.yaml | 12 + helm/regproc-group1/templates/service.yaml | 28 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-group1/values.yaml | 383 +++++++++++++++++ helm/regproc-group2/.gitignore | 2 + helm/regproc-group2/.helmignore | 21 + helm/regproc-group2/Chart.yaml | 20 + helm/regproc-group2/README.md | 11 + helm/regproc-group2/templates/NOTES.txt | 1 + helm/regproc-group2/templates/_helpers.tpl | 60 +++ helm/regproc-group2/templates/deployment.yaml | 131 ++++++ helm/regproc-group2/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-group2/templates/service.yaml | 31 ++ .../templates/servicemonitor.yaml | 38 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-group2/values.yaml | 397 +++++++++++++++++ helm/regproc-group3/.gitignore | 2 + helm/regproc-group3/.helmignore | 21 + helm/regproc-group3/Chart.yaml | 20 + helm/regproc-group3/README.md | 11 + helm/regproc-group3/templates/NOTES.txt | 1 + helm/regproc-group3/templates/_helpers.tpl | 60 +++ helm/regproc-group3/templates/deployment.yaml | 131 ++++++ helm/regproc-group3/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-group3/templates/service.yaml | 31 ++ .../templates/servicemonitor.yaml | 38 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-group3/values.yaml | 397 +++++++++++++++++ helm/regproc-group4/.gitignore | 2 + helm/regproc-group4/.helmignore | 21 + helm/regproc-group4/Chart.lock | 6 + helm/regproc-group4/Chart.yaml | 20 + helm/regproc-group4/README.md | 11 + helm/regproc-group4/templates/NOTES.txt | 1 + helm/regproc-group4/templates/_helpers.tpl | 60 +++ helm/regproc-group4/templates/deployment.yaml | 131 ++++++ helm/regproc-group4/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-group4/templates/service.yaml | 31 ++ .../templates/servicemonitor.yaml | 38 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-group4/values.yaml | 392 +++++++++++++++++ helm/regproc-group5/.gitignore | 2 + helm/regproc-group5/.helmignore | 21 + helm/regproc-group5/Chart.yaml | 20 + helm/regproc-group5/README.md | 11 + helm/regproc-group5/templates/NOTES.txt | 1 + helm/regproc-group5/templates/_helpers.tpl | 60 +++ helm/regproc-group5/templates/deployment.yaml | 131 ++++++ helm/regproc-group5/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-group5/templates/service.yaml | 31 ++ .../templates/servicemonitor.yaml | 38 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-group5/values.yaml | 405 ++++++++++++++++++ helm/regproc-group6/.gitignore | 2 + helm/regproc-group6/.helmignore | 21 + helm/regproc-group6/Chart.yaml | 20 + helm/regproc-group6/README.md | 11 + helm/regproc-group6/templates/NOTES.txt | 1 + helm/regproc-group6/templates/_helpers.tpl | 60 +++ helm/regproc-group6/templates/deployment.yaml | 131 ++++++ helm/regproc-group6/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-group6/templates/service.yaml | 31 ++ .../templates/servicemonitor.yaml | 38 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-group6/values.yaml | 393 +++++++++++++++++ helm/regproc-group7/.gitignore | 2 + helm/regproc-group7/.helmignore | 21 + helm/regproc-group7/Chart.yaml | 20 + helm/regproc-group7/README.md | 11 + helm/regproc-group7/templates/NOTES.txt | 1 + helm/regproc-group7/templates/_helpers.tpl | 60 +++ helm/regproc-group7/templates/deployment.yaml | 131 ++++++ helm/regproc-group7/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-group7/templates/service.yaml | 31 ++ .../templates/servicemonitor.yaml | 38 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-group7/values.yaml | 393 +++++++++++++++++ helm/regproc-landingzone/.gitignore | 2 + helm/regproc-landingzone/.helmignore | 21 + helm/regproc-landingzone/Chart.yaml | 20 + helm/regproc-landingzone/README.md | 10 + helm/regproc-landingzone/templates/NOTES.txt | 1 + .../templates/_helpers.tpl | 60 +++ .../templates/deployment.yaml | 142 ++++++ .../templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + .../templates/service.yaml | 28 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-landingzone/values.yaml | 381 ++++++++++++++++ helm/regproc-notifier/.gitignore | 2 + helm/regproc-notifier/.helmignore | 21 + helm/regproc-notifier/Chart.yaml | 20 + helm/regproc-notifier/README.md | 11 + helm/regproc-notifier/templates/NOTES.txt | 1 + helm/regproc-notifier/templates/_helpers.tpl | 60 +++ .../templates/deployment.yaml | 133 ++++++ .../templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-notifier/templates/service.yaml | 28 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-notifier/values.yaml | 377 ++++++++++++++++ helm/regproc-opencrvs/.gitignore | 2 + helm/regproc-opencrvs/Chart.yaml | 23 + helm/regproc-opencrvs/README.md | 10 + helm/regproc-opencrvs/templates/NOTES.txt | 1 + helm/regproc-opencrvs/templates/_helpers.tpl | 58 +++ .../templates/deployment.yaml | 144 +++++++ .../templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 14 + helm/regproc-opencrvs/templates/service.yaml | 30 ++ .../templates/servicemonitor.yaml | 39 ++ helm/regproc-opencrvs/values.yaml | 358 ++++++++++++++++ helm/regproc-pktserver/.gitignore | 2 + helm/regproc-pktserver/.helmignore | 21 + helm/regproc-pktserver/Chart.yaml | 20 + helm/regproc-pktserver/README.md | 19 + helm/regproc-pktserver/templates/NOTES.txt | 1 + helm/regproc-pktserver/templates/_helpers.tpl | 60 +++ .../templates/deployment.yaml | 144 +++++++ .../templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-pktserver/templates/service.yaml | 28 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-pktserver/values.yaml | 383 +++++++++++++++++ helm/regproc-reprocess/.gitignore | 2 + helm/regproc-reprocess/.helmignore | 21 + helm/regproc-reprocess/Chart.yaml | 20 + helm/regproc-reprocess/README.md | 11 + helm/regproc-reprocess/templates/NOTES.txt | 1 + helm/regproc-reprocess/templates/_helpers.tpl | 60 +++ .../templates/deployment.yaml | 131 ++++++ .../templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-reprocess/templates/service.yaml | 28 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-reprocess/values.yaml | 380 ++++++++++++++++ helm/regproc-salt/.gitignore | 2 + helm/regproc-salt/.helmignore | 21 + helm/regproc-salt/Chart.yaml | 20 + helm/regproc-salt/README.md | 10 + helm/regproc-salt/templates/NOTES.txt | 1 + helm/regproc-salt/templates/_helpers.tpl | 60 +++ helm/regproc-salt/templates/extra-list.yaml | 4 + helm/regproc-salt/templates/job.yaml | 83 ++++ .../templates/service-account.yaml | 12 + helm/regproc-salt/values.yaml | 262 +++++++++++ helm/regproc-status/.gitignore | 2 + helm/regproc-status/.helmignore | 21 + helm/regproc-status/Chart.yaml | 20 + helm/regproc-status/README.md | 17 + helm/regproc-status/templates/NOTES.txt | 1 + helm/regproc-status/templates/_helpers.tpl | 60 +++ helm/regproc-status/templates/deployment.yaml | 143 +++++++ helm/regproc-status/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-status/templates/service.yaml | 28 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-status/values.yaml | 380 ++++++++++++++++ helm/regproc-trans/.gitignore | 2 + helm/regproc-trans/.helmignore | 21 + helm/regproc-trans/Chart.yaml | 20 + helm/regproc-trans/README.md | 17 + helm/regproc-trans/templates/NOTES.txt | 1 + helm/regproc-trans/templates/_helpers.tpl | 60 +++ helm/regproc-trans/templates/deployment.yaml | 143 +++++++ helm/regproc-trans/templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-trans/templates/service.yaml | 28 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 32 ++ helm/regproc-trans/values.yaml | 380 ++++++++++++++++ helm/regproc-workflow/.gitignore | 2 + helm/regproc-workflow/.helmignore | 21 + helm/regproc-workflow/Chart.yaml | 20 + helm/regproc-workflow/README.md | 11 + helm/regproc-workflow/templates/NOTES.txt | 1 + helm/regproc-workflow/templates/_helpers.tpl | 60 +++ .../templates/deployment.yaml | 135 ++++++ .../templates/extra-list.yaml | 4 + .../templates/service-account.yaml | 12 + helm/regproc-workflow/templates/service.yaml | 33 ++ .../templates/servicemonitor.yaml | 36 ++ .../templates/virtualservice.yaml | 43 ++ helm/regproc-workflow/values.yaml | 383 +++++++++++++++++ 231 files changed, 12798 insertions(+) create mode 100644 deploy/README.md create mode 100755 deploy/copy_cm.sh create mode 100755 deploy/delete.sh create mode 100644 deploy/group1_values.yaml create mode 100755 deploy/install.sh create mode 100755 deploy/restart.sh create mode 100755 deploy/topic/create_topics.sh create mode 100644 deploy/upgrade/README.md create mode 100644 deploy/upgrade/dmz-landing-pv.yaml create mode 100644 deploy/upgrade/dmz-landing-pvc.yaml create mode 100644 deploy/upgrade/dmz-pkt-pv.yaml create mode 100644 deploy/upgrade/dmz-pkt-pvc.yaml create mode 100644 deploy/upgrade/dmz-sc.yaml create mode 100644 helm/regproc-camel/.gitignore create mode 100644 helm/regproc-camel/.helmignore create mode 100644 helm/regproc-camel/Chart.yaml create mode 100644 helm/regproc-camel/README.md create mode 100644 helm/regproc-camel/templates/NOTES.txt create mode 100644 helm/regproc-camel/templates/_helpers.tpl create mode 100644 helm/regproc-camel/templates/deployment.yaml create mode 100644 helm/regproc-camel/templates/extra-list.yaml create mode 100644 helm/regproc-camel/templates/service-account.yaml create mode 100644 helm/regproc-camel/templates/service.yaml create mode 100644 helm/regproc-camel/templates/servicemonitor.yaml create mode 100644 helm/regproc-camel/templates/virtualservice.yaml create mode 100644 helm/regproc-camel/values.yaml create mode 100644 helm/regproc-group1/.gitignore create mode 100644 helm/regproc-group1/.helmignore create mode 100644 helm/regproc-group1/Chart.yaml create mode 100644 helm/regproc-group1/README.md create mode 100644 helm/regproc-group1/templates/NOTES.txt create mode 100644 helm/regproc-group1/templates/_helpers.tpl create mode 100644 helm/regproc-group1/templates/deployment.yaml create mode 100644 helm/regproc-group1/templates/extra-list.yaml create mode 100644 helm/regproc-group1/templates/pvc.yaml create mode 100644 helm/regproc-group1/templates/service-account.yaml create mode 100644 helm/regproc-group1/templates/service.yaml create mode 100644 helm/regproc-group1/templates/servicemonitor.yaml create mode 100644 helm/regproc-group1/templates/virtualservice.yaml create mode 100644 helm/regproc-group1/values.yaml create mode 100644 helm/regproc-group2/.gitignore create mode 100644 helm/regproc-group2/.helmignore create mode 100644 helm/regproc-group2/Chart.yaml create mode 100644 helm/regproc-group2/README.md create mode 100644 helm/regproc-group2/templates/NOTES.txt create mode 100644 helm/regproc-group2/templates/_helpers.tpl create mode 100644 helm/regproc-group2/templates/deployment.yaml create mode 100644 helm/regproc-group2/templates/extra-list.yaml create mode 100644 helm/regproc-group2/templates/service-account.yaml create mode 100644 helm/regproc-group2/templates/service.yaml create mode 100644 helm/regproc-group2/templates/servicemonitor.yaml create mode 100644 helm/regproc-group2/templates/virtualservice.yaml create mode 100644 helm/regproc-group2/values.yaml create mode 100644 helm/regproc-group3/.gitignore create mode 100644 helm/regproc-group3/.helmignore create mode 100644 helm/regproc-group3/Chart.yaml create mode 100644 helm/regproc-group3/README.md create mode 100644 helm/regproc-group3/templates/NOTES.txt create mode 100644 helm/regproc-group3/templates/_helpers.tpl create mode 100644 helm/regproc-group3/templates/deployment.yaml create mode 100644 helm/regproc-group3/templates/extra-list.yaml create mode 100644 helm/regproc-group3/templates/service-account.yaml create mode 100644 helm/regproc-group3/templates/service.yaml create mode 100644 helm/regproc-group3/templates/servicemonitor.yaml create mode 100644 helm/regproc-group3/templates/virtualservice.yaml create mode 100644 helm/regproc-group3/values.yaml create mode 100644 helm/regproc-group4/.gitignore create mode 100644 helm/regproc-group4/.helmignore create mode 100644 helm/regproc-group4/Chart.lock create mode 100644 helm/regproc-group4/Chart.yaml create mode 100644 helm/regproc-group4/README.md create mode 100644 helm/regproc-group4/templates/NOTES.txt create mode 100644 helm/regproc-group4/templates/_helpers.tpl create mode 100644 helm/regproc-group4/templates/deployment.yaml create mode 100644 helm/regproc-group4/templates/extra-list.yaml create mode 100644 helm/regproc-group4/templates/service-account.yaml create mode 100644 helm/regproc-group4/templates/service.yaml create mode 100644 helm/regproc-group4/templates/servicemonitor.yaml create mode 100644 helm/regproc-group4/templates/virtualservice.yaml create mode 100644 helm/regproc-group4/values.yaml create mode 100644 helm/regproc-group5/.gitignore create mode 100644 helm/regproc-group5/.helmignore create mode 100644 helm/regproc-group5/Chart.yaml create mode 100644 helm/regproc-group5/README.md create mode 100644 helm/regproc-group5/templates/NOTES.txt create mode 100644 helm/regproc-group5/templates/_helpers.tpl create mode 100644 helm/regproc-group5/templates/deployment.yaml create mode 100644 helm/regproc-group5/templates/extra-list.yaml create mode 100644 helm/regproc-group5/templates/service-account.yaml create mode 100644 helm/regproc-group5/templates/service.yaml create mode 100644 helm/regproc-group5/templates/servicemonitor.yaml create mode 100644 helm/regproc-group5/templates/virtualservice.yaml create mode 100644 helm/regproc-group5/values.yaml create mode 100644 helm/regproc-group6/.gitignore create mode 100644 helm/regproc-group6/.helmignore create mode 100644 helm/regproc-group6/Chart.yaml create mode 100644 helm/regproc-group6/README.md create mode 100644 helm/regproc-group6/templates/NOTES.txt create mode 100644 helm/regproc-group6/templates/_helpers.tpl create mode 100644 helm/regproc-group6/templates/deployment.yaml create mode 100644 helm/regproc-group6/templates/extra-list.yaml create mode 100644 helm/regproc-group6/templates/service-account.yaml create mode 100644 helm/regproc-group6/templates/service.yaml create mode 100644 helm/regproc-group6/templates/servicemonitor.yaml create mode 100644 helm/regproc-group6/templates/virtualservice.yaml create mode 100644 helm/regproc-group6/values.yaml create mode 100644 helm/regproc-group7/.gitignore create mode 100644 helm/regproc-group7/.helmignore create mode 100644 helm/regproc-group7/Chart.yaml create mode 100644 helm/regproc-group7/README.md create mode 100644 helm/regproc-group7/templates/NOTES.txt create mode 100644 helm/regproc-group7/templates/_helpers.tpl create mode 100644 helm/regproc-group7/templates/deployment.yaml create mode 100644 helm/regproc-group7/templates/extra-list.yaml create mode 100644 helm/regproc-group7/templates/service-account.yaml create mode 100644 helm/regproc-group7/templates/service.yaml create mode 100644 helm/regproc-group7/templates/servicemonitor.yaml create mode 100644 helm/regproc-group7/templates/virtualservice.yaml create mode 100644 helm/regproc-group7/values.yaml create mode 100644 helm/regproc-landingzone/.gitignore create mode 100644 helm/regproc-landingzone/.helmignore create mode 100644 helm/regproc-landingzone/Chart.yaml create mode 100644 helm/regproc-landingzone/README.md create mode 100644 helm/regproc-landingzone/templates/NOTES.txt create mode 100644 helm/regproc-landingzone/templates/_helpers.tpl create mode 100644 helm/regproc-landingzone/templates/deployment.yaml create mode 100644 helm/regproc-landingzone/templates/extra-list.yaml create mode 100644 helm/regproc-landingzone/templates/service-account.yaml create mode 100644 helm/regproc-landingzone/templates/service.yaml create mode 100644 helm/regproc-landingzone/templates/servicemonitor.yaml create mode 100644 helm/regproc-landingzone/templates/virtualservice.yaml create mode 100644 helm/regproc-landingzone/values.yaml create mode 100644 helm/regproc-notifier/.gitignore create mode 100644 helm/regproc-notifier/.helmignore create mode 100644 helm/regproc-notifier/Chart.yaml create mode 100644 helm/regproc-notifier/README.md create mode 100644 helm/regproc-notifier/templates/NOTES.txt create mode 100644 helm/regproc-notifier/templates/_helpers.tpl create mode 100644 helm/regproc-notifier/templates/deployment.yaml create mode 100644 helm/regproc-notifier/templates/extra-list.yaml create mode 100644 helm/regproc-notifier/templates/service-account.yaml create mode 100644 helm/regproc-notifier/templates/service.yaml create mode 100644 helm/regproc-notifier/templates/servicemonitor.yaml create mode 100644 helm/regproc-notifier/templates/virtualservice.yaml create mode 100644 helm/regproc-notifier/values.yaml create mode 100644 helm/regproc-opencrvs/.gitignore create mode 100644 helm/regproc-opencrvs/Chart.yaml create mode 100644 helm/regproc-opencrvs/README.md create mode 100644 helm/regproc-opencrvs/templates/NOTES.txt create mode 100644 helm/regproc-opencrvs/templates/_helpers.tpl create mode 100644 helm/regproc-opencrvs/templates/deployment.yaml create mode 100644 helm/regproc-opencrvs/templates/extra-list.yaml create mode 100644 helm/regproc-opencrvs/templates/service-account.yaml create mode 100644 helm/regproc-opencrvs/templates/service.yaml create mode 100644 helm/regproc-opencrvs/templates/servicemonitor.yaml create mode 100644 helm/regproc-opencrvs/values.yaml create mode 100644 helm/regproc-pktserver/.gitignore create mode 100644 helm/regproc-pktserver/.helmignore create mode 100644 helm/regproc-pktserver/Chart.yaml create mode 100644 helm/regproc-pktserver/README.md create mode 100644 helm/regproc-pktserver/templates/NOTES.txt create mode 100644 helm/regproc-pktserver/templates/_helpers.tpl create mode 100644 helm/regproc-pktserver/templates/deployment.yaml create mode 100644 helm/regproc-pktserver/templates/extra-list.yaml create mode 100644 helm/regproc-pktserver/templates/service-account.yaml create mode 100644 helm/regproc-pktserver/templates/service.yaml create mode 100644 helm/regproc-pktserver/templates/servicemonitor.yaml create mode 100644 helm/regproc-pktserver/templates/virtualservice.yaml create mode 100644 helm/regproc-pktserver/values.yaml create mode 100644 helm/regproc-reprocess/.gitignore create mode 100644 helm/regproc-reprocess/.helmignore create mode 100644 helm/regproc-reprocess/Chart.yaml create mode 100644 helm/regproc-reprocess/README.md create mode 100644 helm/regproc-reprocess/templates/NOTES.txt create mode 100644 helm/regproc-reprocess/templates/_helpers.tpl create mode 100644 helm/regproc-reprocess/templates/deployment.yaml create mode 100644 helm/regproc-reprocess/templates/extra-list.yaml create mode 100644 helm/regproc-reprocess/templates/service-account.yaml create mode 100644 helm/regproc-reprocess/templates/service.yaml create mode 100644 helm/regproc-reprocess/templates/servicemonitor.yaml create mode 100644 helm/regproc-reprocess/templates/virtualservice.yaml create mode 100644 helm/regproc-reprocess/values.yaml create mode 100644 helm/regproc-salt/.gitignore create mode 100644 helm/regproc-salt/.helmignore create mode 100644 helm/regproc-salt/Chart.yaml create mode 100644 helm/regproc-salt/README.md create mode 100644 helm/regproc-salt/templates/NOTES.txt create mode 100644 helm/regproc-salt/templates/_helpers.tpl create mode 100644 helm/regproc-salt/templates/extra-list.yaml create mode 100644 helm/regproc-salt/templates/job.yaml create mode 100644 helm/regproc-salt/templates/service-account.yaml create mode 100644 helm/regproc-salt/values.yaml create mode 100644 helm/regproc-status/.gitignore create mode 100644 helm/regproc-status/.helmignore create mode 100644 helm/regproc-status/Chart.yaml create mode 100644 helm/regproc-status/README.md create mode 100644 helm/regproc-status/templates/NOTES.txt create mode 100644 helm/regproc-status/templates/_helpers.tpl create mode 100644 helm/regproc-status/templates/deployment.yaml create mode 100644 helm/regproc-status/templates/extra-list.yaml create mode 100644 helm/regproc-status/templates/service-account.yaml create mode 100644 helm/regproc-status/templates/service.yaml create mode 100644 helm/regproc-status/templates/servicemonitor.yaml create mode 100644 helm/regproc-status/templates/virtualservice.yaml create mode 100644 helm/regproc-status/values.yaml create mode 100644 helm/regproc-trans/.gitignore create mode 100644 helm/regproc-trans/.helmignore create mode 100644 helm/regproc-trans/Chart.yaml create mode 100644 helm/regproc-trans/README.md create mode 100644 helm/regproc-trans/templates/NOTES.txt create mode 100644 helm/regproc-trans/templates/_helpers.tpl create mode 100644 helm/regproc-trans/templates/deployment.yaml create mode 100644 helm/regproc-trans/templates/extra-list.yaml create mode 100644 helm/regproc-trans/templates/service-account.yaml create mode 100644 helm/regproc-trans/templates/service.yaml create mode 100644 helm/regproc-trans/templates/servicemonitor.yaml create mode 100644 helm/regproc-trans/templates/virtualservice.yaml create mode 100644 helm/regproc-trans/values.yaml create mode 100644 helm/regproc-workflow/.gitignore create mode 100644 helm/regproc-workflow/.helmignore create mode 100644 helm/regproc-workflow/Chart.yaml create mode 100644 helm/regproc-workflow/README.md create mode 100644 helm/regproc-workflow/templates/NOTES.txt create mode 100644 helm/regproc-workflow/templates/_helpers.tpl create mode 100644 helm/regproc-workflow/templates/deployment.yaml create mode 100644 helm/regproc-workflow/templates/extra-list.yaml create mode 100644 helm/regproc-workflow/templates/service-account.yaml create mode 100644 helm/regproc-workflow/templates/service.yaml create mode 100644 helm/regproc-workflow/templates/servicemonitor.yaml create mode 100644 helm/regproc-workflow/templates/virtualservice.yaml create mode 100644 helm/regproc-workflow/values.yaml diff --git a/deploy/README.md b/deploy/README.md new file mode 100644 index 00000000000..faea2c430cd --- /dev/null +++ b/deploy/README.md @@ -0,0 +1,16 @@ +# Registration processor services + +## Prerequisites +* Install Kafka as given [here](../../external/kafka/README.md) +## Install +``` +./install.sh +``` +## To delete all modules +``` +./delete.sh +``` +## To restart all modules +``` +./restart.sh +``` diff --git a/deploy/copy_cm.sh b/deploy/copy_cm.sh new file mode 100755 index 00000000000..acf46ec64b6 --- /dev/null +++ b/deploy/copy_cm.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# Copy configmaps from other namespaces +# DST_NS: Destination namespace + +function copying_cm() { + UTIL_URL=https://raw.githubusercontent.com/mosip/mosip-infra/master/deployment/v3/utils/copy_cm_func.sh + COPY_UTIL=./copy_cm_func.sh + DST_NS=regproc + + wget -q $UTIL_URL -O copy_cm_func.sh && chmod +x copy_cm_func.sh + + $COPY_UTIL configmap global default $DST_NS + $COPY_UTIL configmap artifactory-share artifactory $DST_NS + $COPY_UTIL configmap config-server-share config-server $DST_NS + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +copying_cm # calling function diff --git a/deploy/delete.sh b/deploy/delete.sh new file mode 100755 index 00000000000..ad4824e935c --- /dev/null +++ b/deploy/delete.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# Uninstalls all regproc helm charts +function deleting_regproc() { + NS=regproc + while true; do + read -p "Are you sure you want to delete all regproc helm charts?(Y/n) " yn + if [ $yn = "Y" ] + then + helm -n $NS delete regproc-salt + helm -n $NS delete regproc-workflow + helm -n $NS delete regproc-status + helm -n $NS delete regproc-camel + helm -n $NS delete regproc-pktserver + helm -n $NS delete regproc-group1 + helm -n $NS delete regproc-group2 + helm -n $NS delete regproc-group3 + helm -n $NS delete regproc-group4 + helm -n $NS delete regproc-group5 + helm -n $NS delete regproc-group6 + helm -n $NS delete regproc-group7 + helm -n $NS delete regproc-notifier + helm -n $NS delete regproc-trans + helm -n $NS delete regproc-reprocess + helm -n $NS delete regproc-landingzone + break + else + break + fi + done + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +deleting_regproc # calling function diff --git a/deploy/group1_values.yaml b/deploy/group1_values.yaml new file mode 100644 index 00000000000..a3eaaeb0c0d --- /dev/null +++ b/deploy/group1_values.yaml @@ -0,0 +1,3 @@ +persistence: + storageClass: longhorn + size: 5Gi diff --git a/deploy/install.sh b/deploy/install.sh new file mode 100755 index 00000000000..5f39195e44b --- /dev/null +++ b/deploy/install.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# Installs all regproc helm charts +## Usage: ./install.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +NS=regproc +CHART_VERSION=12.0.2 + +echo Create $NS namespace +kubectl create ns $NS + +function installing_regproc() { + echo Istio label + kubectl label ns $NS istio-injection=enabled --overwrite + helm repo update + + echo Copy configmaps + sed -i 's/\r$//' copy_cm.sh + ./copy_cm.sh + + echo Running regproc-salt job + helm -n $NS install regproc-salt mosip/regproc-salt --version $CHART_VERSION --wait --wait-for-jobs + + echo Installing regproc-workflow + helm -n $NS install regproc-workflow mosip/regproc-workflow --version $CHART_VERSION + + echo Installing regproc-status + helm -n $NS install regproc-status mosip/regproc-status --version $CHART_VERSION + + echo Installing regproc-camel + helm -n $NS install regproc-camel mosip/regproc-camel --version $CHART_VERSION + + echo Installing regproc-pktserver + helm -n $NS install regproc-pktserver mosip/regproc-pktserver --version $CHART_VERSION + + echo Installing group1 + helm -n $NS install regproc-group1 mosip/regproc-group1 -f group1_values.yaml --version $CHART_VERSION + + echo Installing group2 + helm -n $NS install regproc-group2 mosip/regproc-group2 --version $CHART_VERSION + + echo Installing group3 + helm -n $NS install regproc-group3 mosip/regproc-group3 --version $CHART_VERSION + + echo Installing group4 + helm -n $NS install regproc-group4 mosip/regproc-group4 --version $CHART_VERSION + + echo Installing group5 + helm -n $NS install regproc-group5 mosip/regproc-group5 --version $CHART_VERSION + + echo Installing group6 + helm -n $NS install regproc-group6 mosip/regproc-group6 --version $CHART_VERSION + + echo Installing group7 + helm -n $NS install regproc-group7 mosip/regproc-group7 --version $CHART_VERSION + + echo Installing regproc-trans + helm -n $NS install regproc-trans mosip/regproc-trans --version $CHART_VERSION + + echo Installing regproc-notifier + helm -n $NS install regproc-notifier mosip/regproc-notifier --version $CHART_VERSION + + echo Installing regproc-reprocess + helm -n $NS install regproc-reprocess mosip/regproc-reprocess --version $CHART_VERSION + + echo Installing regproc-landingzone + helm -n $NS install regproc-landingzone mosip/regproc-landingzone --version $CHART_VERSION + + kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Installed regproc services + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +installing_regproc # calling function diff --git a/deploy/restart.sh b/deploy/restart.sh new file mode 100755 index 00000000000..cf622fa0b6d --- /dev/null +++ b/deploy/restart.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Restart the regproc services +## Usage: ./restart.sh [kubeconfig] + +if [ $# -ge 1 ] ; then + export KUBECONFIG=$1 +fi + +function Restarting_regproc() { + NS=regproc + kubectl -n $NS rollout restart deploy + + kubectl -n $NS get deploy -o name | xargs -n1 -t kubectl -n $NS rollout status + + echo Restarted regproc services + return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +Restarting_regproc # calling function diff --git a/deploy/topic/create_topics.sh b/deploy/topic/create_topics.sh new file mode 100755 index 00000000000..a495c68578c --- /dev/null +++ b/deploy/topic/create_topics.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# + +function create_topics() { + read -p "Enter IAM username: " iam_user + + # This username is hardcoded in sql scripts + DB_PWD=$(kubectl get secret --namespace postgres db-common-secrets -o jsonpath={.data.db-dbuser-password} | base64 --decode) + DB_HOST=$(kubectl get cm global -o jsonpath={.data.mosip-api-internal-host}) + DB_PORT=5432 + + echo Creating topics + cd lib + python3 create_topics.py $DB_HOST $DB_PWD $iam_user ../topics.xlsx +return 0 +} + +# set commands for error handling. +set -e +set -o errexit ## set -e : exit the script if any statement returns a non-true return value +set -o nounset ## set -u : exit the script if you try to use an uninitialised variable +set -o errtrace # trace ERR through 'time command' and other functions +set -o pipefail # trace ERR through pipes +create_topics # calling function diff --git a/deploy/upgrade/README.md b/deploy/upgrade/README.md new file mode 100644 index 00000000000..310611fbd4f --- /dev/null +++ b/deploy/upgrade/README.md @@ -0,0 +1,13 @@ +# To Mount NFS folder to regproc packet server and regproc group 1 stage: + +* Update NFS server and path in dmz-landing-pv.yaml and dmz-pkt-pv.yaml. +* Run commands in sequential: +``` +kubectl apply -f dmz-sc.yaml +kubectl apply -f dmz-pkt-pv.yaml +kubectl apply -f dmz-pkt-pvc.yaml +kubectl apply -f dmz-landing-pv.yaml +kubectl apply -f dmz-landing-pvc.yaml +``` +* Edit persistent Volume claim name in regproc-group1 deployment as given in dmz-landing-pvc.yaml +* Edit persistent Volume claim name in regproc-pktserver deployment as given in dmz-pkt-pvc.yaml \ No newline at end of file diff --git a/deploy/upgrade/dmz-landing-pv.yaml b/deploy/upgrade/dmz-landing-pv.yaml new file mode 100644 index 00000000000..47bed228228 --- /dev/null +++ b/deploy/upgrade/dmz-landing-pv.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: landing-pv + labels: + name: landing-pv +spec: + storageClassName: manual + capacity: + storage: 5Gi + accessModes: + - ReadWriteMany + nfs: + server: + path: diff --git a/deploy/upgrade/dmz-landing-pvc.yaml b/deploy/upgrade/dmz-landing-pvc.yaml new file mode 100644 index 00000000000..1ffe81d9d11 --- /dev/null +++ b/deploy/upgrade/dmz-landing-pvc.yaml @@ -0,0 +1,14 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: landing-pvc + namespace: regproc + labels: + app: landing-pvc +spec: + storageClassName: manual + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi diff --git a/deploy/upgrade/dmz-pkt-pv.yaml b/deploy/upgrade/dmz-pkt-pv.yaml new file mode 100644 index 00000000000..b1571fc95b2 --- /dev/null +++ b/deploy/upgrade/dmz-pkt-pv.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pktserver-pv + labels: + name: pktserver-pv +spec: + storageClassName: manual + capacity: + storage: 5Gi + accessModes: + - ReadOnlyMany + nfs: + server: + path: diff --git a/deploy/upgrade/dmz-pkt-pvc.yaml b/deploy/upgrade/dmz-pkt-pvc.yaml new file mode 100644 index 00000000000..3a30a367102 --- /dev/null +++ b/deploy/upgrade/dmz-pkt-pvc.yaml @@ -0,0 +1,15 @@ +# Source: dmzregproc/templates/pktserver-pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: pktserver-pvc + namespace: regproc + labels: + app: pktserver-pvc +spec: + storageClassName: manual + accessModes: + - ReadOnlyMany + resources: + requests: + storage: 5Gi diff --git a/deploy/upgrade/dmz-sc.yaml b/deploy/upgrade/dmz-sc.yaml new file mode 100644 index 00000000000..b63f6187eaa --- /dev/null +++ b/deploy/upgrade/dmz-sc.yaml @@ -0,0 +1,6 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: manual +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer diff --git a/helm/regproc-camel/.gitignore b/helm/regproc-camel/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-camel/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-camel/.helmignore b/helm/regproc-camel/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-camel/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-camel/Chart.yaml b/helm/regproc-camel/Chart.yaml new file mode 100644 index 00000000000..603c73f4522 --- /dev/null +++ b/helm/regproc-camel/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: regproc-camel +description: A Helm chart for MOSIP Registration Processor Camel stage +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-camel + - regproc + - camel +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-camel/README.md b/helm/regproc-camel/README.md new file mode 100644 index 00000000000..e680c5831ca --- /dev/null +++ b/helm/regproc-camel/README.md @@ -0,0 +1,11 @@ +# Camel + +Helm chart for installing Registration Processor Camel stage. + +## Install +```console +$ kubectl create namespace regproc +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-camel +``` + diff --git a/helm/regproc-camel/templates/NOTES.txt b/helm/regproc-camel/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-camel/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-camel/templates/_helpers.tpl b/helm/regproc-camel/templates/_helpers.tpl new file mode 100644 index 00000000000..7ab575bcd02 --- /dev/null +++ b/helm/regproc-camel/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-camel.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-camel.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-camel.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-camel.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-camel.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-camel.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-camel.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-camel.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-camel/templates/deployment.yaml b/helm/regproc-camel/templates/deployment.yaml new file mode 100644 index 00000000000..9379532d55c --- /dev/null +++ b/helm/regproc-camel/templates/deployment.yaml @@ -0,0 +1,135 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-camel.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-camel.serviceAccountName" . }} + {{- include "regproc-camel.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-camel.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-camel + image: {{ template "regproc-camel.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + - name: zone_env + value: default + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: spring-service + containerPort: {{ .Values.springServicePort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-camel/templates/extra-list.yaml b/helm/regproc-camel/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-camel/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-camel/templates/service-account.yaml b/helm/regproc-camel/templates/service-account.yaml new file mode 100644 index 00000000000..432c6024f4c --- /dev/null +++ b/helm/regproc-camel/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-camel.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-camel/templates/service.yaml b/helm/regproc-camel/templates/service.yaml new file mode 100644 index 00000000000..018e6985d05 --- /dev/null +++ b/helm/regproc-camel/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-camel/templates/servicemonitor.yaml b/helm/regproc-camel/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-camel/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-camel/templates/virtualservice.yaml b/helm/regproc-camel/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-camel/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-camel/values.yaml b/helm/regproc-camel/values.yaml new file mode 100644 index 00000000000..58a9ba3ac1c --- /dev/null +++ b/helm/regproc-camel/values.yaml @@ -0,0 +1,380 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-common-camel-bridge + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +springServicePort: 8022 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## TODO: enable probes once health urls are available +startupProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/camelbridge/actuator/health + port: 8022 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/camelbridge/actuator/health + port: 8022 + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/camelbridge/actuator/health + port: 8022 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 2000Mi + requests: + cpu: 100m + memory: 1500Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms750M -Xmx750M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: + reclaimPolicy: + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/camelbridge/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/camelbridge diff --git a/helm/regproc-group1/.gitignore b/helm/regproc-group1/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-group1/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-group1/.helmignore b/helm/regproc-group1/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-group1/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-group1/Chart.yaml b/helm/regproc-group1/Chart.yaml new file mode 100644 index 00000000000..f222036cd1e --- /dev/null +++ b/helm/regproc-group1/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-group1 +description: A Helm chart for MOSIP Registration Processor Group 1 +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-group1 + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-group1/README.md b/helm/regproc-group1/README.md new file mode 100644 index 00000000000..ebed5b33f80 --- /dev/null +++ b/helm/regproc-group1/README.md @@ -0,0 +1,11 @@ +# Group 1 stage + +Helm chart for installing RegProc Group 1 stage. + +## TL;DR + +```console +$ helm repo add mosip https://mosip.github.io +$ helm install my-release mosip/regproc-group1 +``` + diff --git a/helm/regproc-group1/templates/NOTES.txt b/helm/regproc-group1/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-group1/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-group1/templates/_helpers.tpl b/helm/regproc-group1/templates/_helpers.tpl new file mode 100644 index 00000000000..c63ac873260 --- /dev/null +++ b/helm/regproc-group1/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-group1.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-group1.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-group1.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-group1.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-group1.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-group1.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-group1.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-group1.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-group1/templates/deployment.yaml b/helm/regproc-group1/templates/deployment.yaml new file mode 100644 index 00000000000..72c577428fa --- /dev/null +++ b/helm/regproc-group1/templates/deployment.yaml @@ -0,0 +1,142 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-group1.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-group1.serviceAccountName" . }} + {{- include "regproc-group1.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-group1.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-group1 + image: {{ template "regproc-group1.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + volumeMounts: + - name: landing-folder + mountPath: {{ .Values.persistence.mountDir }} + ports: [] + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: landing-folder + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} + {{- else }} + emptyDir: {} + {{ end }} diff --git a/helm/regproc-group1/templates/extra-list.yaml b/helm/regproc-group1/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-group1/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-group1/templates/pvc.yaml b/helm/regproc-group1/templates/pvc.yaml new file mode 100644 index 00000000000..7db9bc8a797 --- /dev/null +++ b/helm/regproc-group1/templates/pvc.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + "helm.sh/resource-policy": keep +spec: + accessModes: + {{- if not (empty .Values.persistence.accessModes) }} + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- else }} + - {{ .Values.persistence.accessMode | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/regproc-group1/templates/service-account.yaml b/helm/regproc-group1/templates/service-account.yaml new file mode 100644 index 00000000000..c2d8fb9442d --- /dev/null +++ b/helm/regproc-group1/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-group1.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-group1/templates/service.yaml b/helm/regproc-group1/templates/service.yaml new file mode 100644 index 00000000000..018e6985d05 --- /dev/null +++ b/helm/regproc-group1/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-group1/templates/servicemonitor.yaml b/helm/regproc-group1/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-group1/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-group1/templates/virtualservice.yaml b/helm/regproc-group1/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-group1/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-group1/values.yaml b/helm/regproc-group1/values.yaml new file mode 100644 index 00000000000..5a0a1a04550 --- /dev/null +++ b/helm/regproc-group1/values.yaml @@ -0,0 +1,383 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-stage-group-1 + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## TODO: enable probes once health urls are available +springServicePort: 8081 +startupProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/packetreceiver/actuator/health + port: 8081 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/packetreceiver/actuator/health + port: 8081 + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/packetreceiver/actuator/health + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1000m + memory: 5000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms4000M -Xmx4000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: true + storageClass: longhorn + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + accessModes: + - ReadWriteMany + size: 5Gi + existingClaim: + # Dir where all incoming packets are stored + # Make sure this matches with what is given in the config properties + mountDir: /mnt/landing + labels: + purpose: landing-folder + reclaimPolicy: Retain +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/packetreceiver/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires public access. +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/packetreceiver diff --git a/helm/regproc-group2/.gitignore b/helm/regproc-group2/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-group2/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-group2/.helmignore b/helm/regproc-group2/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-group2/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-group2/Chart.yaml b/helm/regproc-group2/Chart.yaml new file mode 100644 index 00000000000..456349aed6e --- /dev/null +++ b/helm/regproc-group2/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-group2 +description: A Helm chart for MOSIP Registration Processor Group 2 stage +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-group2 + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-group2/README.md b/helm/regproc-group2/README.md new file mode 100644 index 00000000000..94e20c17395 --- /dev/null +++ b/helm/regproc-group2/README.md @@ -0,0 +1,11 @@ +# Group2 stage + +Helm chart for installing Registration Processor Group 2 stage. + +## Install +```console +$ kubectl create namespace regproc +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-group2 +``` + diff --git a/helm/regproc-group2/templates/NOTES.txt b/helm/regproc-group2/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-group2/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-group2/templates/_helpers.tpl b/helm/regproc-group2/templates/_helpers.tpl new file mode 100644 index 00000000000..9a21cdbcc17 --- /dev/null +++ b/helm/regproc-group2/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-group2.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-group2.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-group2.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-group2.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-group2.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-group2.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-group2.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-group2.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-group2/templates/deployment.yaml b/helm/regproc-group2/templates/deployment.yaml new file mode 100644 index 00000000000..b48f65b45ba --- /dev/null +++ b/helm/regproc-group2/templates/deployment.yaml @@ -0,0 +1,131 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-group2.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-group2.serviceAccountName" . }} + {{- include "regproc-group2.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-group2.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-group2 + image: {{ template "regproc-group2.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: [] + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-group2/templates/extra-list.yaml b/helm/regproc-group2/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-group2/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-group2/templates/service-account.yaml b/helm/regproc-group2/templates/service-account.yaml new file mode 100644 index 00000000000..679c28205ad --- /dev/null +++ b/helm/regproc-group2/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-group2.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-group2/templates/service.yaml b/helm/regproc-group2/templates/service.yaml new file mode 100644 index 00000000000..431f126641d --- /dev/null +++ b/helm/regproc-group2/templates/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + {{- range $ep := .Values.metrics.endpointPathList }} + - name: {{ $ep.port_name }} + port: {{ $ep.port }} + protocol: TCP + targetPort: {{ $ep.targetPort }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-group2/templates/servicemonitor.yaml b/helm/regproc-group2/templates/servicemonitor.yaml new file mode 100644 index 00000000000..d833a97e19d --- /dev/null +++ b/helm/regproc-group2/templates/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- range $ep := .Values.metrics.endpointPathList }} + - port: {{ $ep.port_name }} + path: {{ $ep.endpointPath }} + {{- if $.Values.metrics.serviceMonitor.interval }} + interval: {{ $.Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ $.Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml $.Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-group2/templates/virtualservice.yaml b/helm/regproc-group2/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-group2/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-group2/values.yaml b/helm/regproc-group2/values.yaml new file mode 100644 index 00000000000..cd4609b7760 --- /dev/null +++ b/helm/regproc-group2/values.yaml @@ -0,0 +1,397 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-stage-group-2 + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +springServicePort: 8090 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## When configuring Probe, please make sure to remove from the url paths that are not required from the probe list +startupProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8090/registrationprocessor/v1/securezone/actuator/health,http://localhost:9072/registrationprocessor/v1/qualityclassifier/actuator/health,http://localhost:8088/registrationprocessor/v1/sender-stage/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8090/registrationprocessor/v1/securezone/actuator/health,http://localhost:9072/registrationprocessor/v1/qualityclassifier/actuator/health,http://localhost:8088/registrationprocessor/v1/sender-stage/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + # initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8090/registrationprocessor/v1/securezone/actuator/health,http://localhost:9072/registrationprocessor/v1/qualityclassifier/actuator/health,http://localhost:8088/registrationprocessor/v1/sender-stage/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 4000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms3000M -Xmx3000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: + reclaimPolicy: + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPathList: + - endpointPath: '/registrationprocessor/v1/securezone/actuator/prometheus' + port_name: securezone + port: 80 + targetPort: 8090 + - endpointPath: '/registrationprocessor/v1/qualityclassifier/actuator/prometheus' + port_name: qualityclassifier + port: 9072 + targetPort: 9072 + - endpointPath: '/registrationprocessor/v1/sender-stage/actuator/prometheus' + port_name: sender-stage + port: 8088 + targetPort: 8088 + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/securezone diff --git a/helm/regproc-group3/.gitignore b/helm/regproc-group3/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-group3/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-group3/.helmignore b/helm/regproc-group3/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-group3/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-group3/Chart.yaml b/helm/regproc-group3/Chart.yaml new file mode 100644 index 00000000000..1a7a5f0ee8b --- /dev/null +++ b/helm/regproc-group3/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-group3 +description: A Helm chart for MOSIP Registration Processor Group 3 stage +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-group3 + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-group3/README.md b/helm/regproc-group3/README.md new file mode 100644 index 00000000000..503fc1c82c0 --- /dev/null +++ b/helm/regproc-group3/README.md @@ -0,0 +1,11 @@ +# Group 3 Stage + +Helm chart for installing Registration Processor Group 3 stage. + +## Install +```console +$ kubectl create namespace regproc +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-group3 +``` + diff --git a/helm/regproc-group3/templates/NOTES.txt b/helm/regproc-group3/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-group3/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-group3/templates/_helpers.tpl b/helm/regproc-group3/templates/_helpers.tpl new file mode 100644 index 00000000000..f1deb7c1603 --- /dev/null +++ b/helm/regproc-group3/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-group3.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-group3.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-group3.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-group3.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-group3.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-group3.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-group3.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-group3.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-group3/templates/deployment.yaml b/helm/regproc-group3/templates/deployment.yaml new file mode 100644 index 00000000000..e407f7aafd3 --- /dev/null +++ b/helm/regproc-group3/templates/deployment.yaml @@ -0,0 +1,131 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-group3.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-group3.serviceAccountName" . }} + {{- include "regproc-group3.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-group3.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-group3 + image: {{ template "regproc-group3.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: [] + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-group3/templates/extra-list.yaml b/helm/regproc-group3/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-group3/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-group3/templates/service-account.yaml b/helm/regproc-group3/templates/service-account.yaml new file mode 100644 index 00000000000..e36a366e7e6 --- /dev/null +++ b/helm/regproc-group3/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-group3.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-group3/templates/service.yaml b/helm/regproc-group3/templates/service.yaml new file mode 100644 index 00000000000..431f126641d --- /dev/null +++ b/helm/regproc-group3/templates/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + {{- range $ep := .Values.metrics.endpointPathList }} + - name: {{ $ep.port_name }} + port: {{ $ep.port }} + protocol: TCP + targetPort: {{ $ep.targetPort }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-group3/templates/servicemonitor.yaml b/helm/regproc-group3/templates/servicemonitor.yaml new file mode 100644 index 00000000000..bd01e3b0545 --- /dev/null +++ b/helm/regproc-group3/templates/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- range $ep := .Values.metrics.endpointPathList }} + - port: {{ $ep.port_name }} + path: {{ $ep.endpointPath }} + {{- if $.Values.metrics.serviceMonitor.interval }} + interval: {{ $.Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ $.Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml $.Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- end }} diff --git a/helm/regproc-group3/templates/virtualservice.yaml b/helm/regproc-group3/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-group3/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-group3/values.yaml b/helm/regproc-group3/values.yaml new file mode 100644 index 00000000000..f5b82b0c0b7 --- /dev/null +++ b/helm/regproc-group3/values.yaml @@ -0,0 +1,397 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-stage-group-3 + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## When configuring Probe, please make sure to remove from the url paths that are not required from the probe list +startupProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:9096/registrationprocessor/v1/biodedupe/actuator/health,http://localhost:9071/registrationprocessor/v1/abishandler/actuator/health,http://localhost:8084/registrationprocessor/v1/manualverification/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:9096/registrationprocessor/v1/biodedupe/actuator/health,http://localhost:9071/registrationprocessor/v1/abishandler/actuator/health,http://localhost:8084/registrationprocessor/v1/manualverification/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:9096/registrationprocessor/v1/biodedupe/actuator/health,http://localhost:9071/registrationprocessor/v1/abishandler/actuator/health,http://localhost:8084/registrationprocessor/v1/manualverification/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 4000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms3000M -Xmx3000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: + reclaimPolicy: + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPathList: + - endpointPath: '/registrationprocessor/v1/biodedupe/actuator/prometheus' + port_name: biodedupe + port: 9096 + targetPort: 9096 + - endpointPath: '/registrationprocessor/v1/abishandler/actuator/prometheus' + port_name: abishandler + port: 9071 + targetPort: 9071 + - endpointPath: '/registrationprocessor/v1/manualverification/actuator/prometheus' + port_name: manualverification + port: 8084 + targetPort: 8084 + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +## TODO: Enable once access is available +istio: + enabled: false + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/abishandler diff --git a/helm/regproc-group4/.gitignore b/helm/regproc-group4/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-group4/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-group4/.helmignore b/helm/regproc-group4/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-group4/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-group4/Chart.lock b/helm/regproc-group4/Chart.lock new file mode 100644 index 00000000000..be10d7b6f6a --- /dev/null +++ b/helm/regproc-group4/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.17.1 +digest: sha256:dacc73770a5640c011e067ff8840ddf89631fc19016c8d0a9e5ea160e7da8690 +generated: "2023-01-05T19:12:50.260600119+05:30" diff --git a/helm/regproc-group4/Chart.yaml b/helm/regproc-group4/Chart.yaml new file mode 100644 index 00000000000..27c5e9ebd59 --- /dev/null +++ b/helm/regproc-group4/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-group4 +description: A Helm chart for MOSIP Registration Processor Group 4 +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-group4 + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-group4/README.md b/helm/regproc-group4/README.md new file mode 100644 index 00000000000..366209b382a --- /dev/null +++ b/helm/regproc-group4/README.md @@ -0,0 +1,11 @@ +# Group 4 Stage + +Helm chart for installing Registration Processor Group 4 stage. + +## Install +```console +$ kubectl create namespace regproc +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-group4 +``` + diff --git a/helm/regproc-group4/templates/NOTES.txt b/helm/regproc-group4/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-group4/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-group4/templates/_helpers.tpl b/helm/regproc-group4/templates/_helpers.tpl new file mode 100644 index 00000000000..dc0d1272219 --- /dev/null +++ b/helm/regproc-group4/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-group4.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-group4.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-group4.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-group4.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-group4.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-group4.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-group4.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-group4.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-group4/templates/deployment.yaml b/helm/regproc-group4/templates/deployment.yaml new file mode 100644 index 00000000000..26df667980f --- /dev/null +++ b/helm/regproc-group4/templates/deployment.yaml @@ -0,0 +1,131 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-group4.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-group4.serviceAccountName" . }} + {{- include "regproc-group4.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-group4.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-group4 + image: {{ template "regproc-group4.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: [] + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-group4/templates/extra-list.yaml b/helm/regproc-group4/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-group4/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-group4/templates/service-account.yaml b/helm/regproc-group4/templates/service-account.yaml new file mode 100644 index 00000000000..fa38dc3897d --- /dev/null +++ b/helm/regproc-group4/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-group4.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-group4/templates/service.yaml b/helm/regproc-group4/templates/service.yaml new file mode 100644 index 00000000000..431f126641d --- /dev/null +++ b/helm/regproc-group4/templates/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + {{- range $ep := .Values.metrics.endpointPathList }} + - name: {{ $ep.port_name }} + port: {{ $ep.port }} + protocol: TCP + targetPort: {{ $ep.targetPort }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-group4/templates/servicemonitor.yaml b/helm/regproc-group4/templates/servicemonitor.yaml new file mode 100644 index 00000000000..bd01e3b0545 --- /dev/null +++ b/helm/regproc-group4/templates/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- range $ep := .Values.metrics.endpointPathList }} + - port: {{ $ep.port_name }} + path: {{ $ep.endpointPath }} + {{- if $.Values.metrics.serviceMonitor.interval }} + interval: {{ $.Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ $.Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml $.Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- end }} diff --git a/helm/regproc-group4/templates/virtualservice.yaml b/helm/regproc-group4/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-group4/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-group4/values.yaml b/helm/regproc-group4/values.yaml new file mode 100644 index 00000000000..ea02fdfd426 --- /dev/null +++ b/helm/regproc-group4/values.yaml @@ -0,0 +1,392 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-stage-group-4 + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## When configuring Probe, please make sure to remove from the url paths that are not required from the probe list +startupProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8020/registrationprocessor/v1/bioauth/actuator/health,http://localhost:8091/registrationprocessor/v1/demodedupe/actuator/health"; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then exit 1; fi; done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8020/registrationprocessor/v1/bioauth/actuator/health,http://localhost:8091/registrationprocessor/v1/demodedupe/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8020/registrationprocessor/v1/bioauth/actuator/health,http://localhost:8091/registrationprocessor/v1/demodedupe/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 4000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms3000M -Xmx3000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: + reclaimPolicy: + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPathList: + - endpointPath: '/registrationprocessor/v1/bioauth/actuator/prometheus' + port_name: bioauth + port: 8020 + targetPort: 8020 + - endpointPath: '/registrationprocessor/v1/demodedupe/actuator/prometheus' + port_name: demodedupe + port: 8091 + targetPort: 8091 + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +istio: + enabled: false + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/demodedupe diff --git a/helm/regproc-group5/.gitignore b/helm/regproc-group5/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-group5/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-group5/.helmignore b/helm/regproc-group5/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-group5/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-group5/Chart.yaml b/helm/regproc-group5/Chart.yaml new file mode 100644 index 00000000000..d03caa87ade --- /dev/null +++ b/helm/regproc-group5/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-group5 +description: A Helm chart for MOSIP Registration Processor Group 5 +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-group5 + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-group5/README.md b/helm/regproc-group5/README.md new file mode 100644 index 00000000000..79caa34f542 --- /dev/null +++ b/helm/regproc-group5/README.md @@ -0,0 +1,11 @@ +# Group 5 Stage + +Helm chart for installing Registration Processor Group 5 stage. + +## Install +```console +$ kubectl create namespace regproc +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-group5 +``` + diff --git a/helm/regproc-group5/templates/NOTES.txt b/helm/regproc-group5/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-group5/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-group5/templates/_helpers.tpl b/helm/regproc-group5/templates/_helpers.tpl new file mode 100644 index 00000000000..19ded16b847 --- /dev/null +++ b/helm/regproc-group5/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-group5.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-group5.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-group5.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-group5.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-group5.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-group5.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-group5.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-group5.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-group5/templates/deployment.yaml b/helm/regproc-group5/templates/deployment.yaml new file mode 100644 index 00000000000..67dc6ac3760 --- /dev/null +++ b/helm/regproc-group5/templates/deployment.yaml @@ -0,0 +1,131 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-group5.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-group5.serviceAccountName" . }} + {{- include "regproc-group5.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-group5.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-group5 + image: {{ template "regproc-group5.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: [] + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-group5/templates/extra-list.yaml b/helm/regproc-group5/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-group5/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-group5/templates/service-account.yaml b/helm/regproc-group5/templates/service-account.yaml new file mode 100644 index 00000000000..485b92ee9e9 --- /dev/null +++ b/helm/regproc-group5/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-group5.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-group5/templates/service.yaml b/helm/regproc-group5/templates/service.yaml new file mode 100644 index 00000000000..431f126641d --- /dev/null +++ b/helm/regproc-group5/templates/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + {{- range $ep := .Values.metrics.endpointPathList }} + - name: {{ $ep.port_name }} + port: {{ $ep.port }} + protocol: TCP + targetPort: {{ $ep.targetPort }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-group5/templates/servicemonitor.yaml b/helm/regproc-group5/templates/servicemonitor.yaml new file mode 100644 index 00000000000..bd01e3b0545 --- /dev/null +++ b/helm/regproc-group5/templates/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- range $ep := .Values.metrics.endpointPathList }} + - port: {{ $ep.port_name }} + path: {{ $ep.endpointPath }} + {{- if $.Values.metrics.serviceMonitor.interval }} + interval: {{ $.Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ $.Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml $.Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- end }} diff --git a/helm/regproc-group5/templates/virtualservice.yaml b/helm/regproc-group5/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-group5/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-group5/values.yaml b/helm/regproc-group5/values.yaml new file mode 100644 index 00000000000..45ade4bfe05 --- /dev/null +++ b/helm/regproc-group5/values.yaml @@ -0,0 +1,405 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-stage-group-5 + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## When configuring Probe, please make sure to remove from the url paths that are not required from the probe list +startupProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8088/registrationprocessor/v1/packetvalidator/actuator/health,http://localhost:8089/registrationprocessor/v1/cmdvalidator/actuator/health,http://localhost:8093/registrationprocessor/v1/operatorvalidator/actuator/health,http://localhost:8094/registrationprocessor/v1/supervisorvalidator/actuator/health,http://localhost:8095/registrationprocessor/v1/introducervalidator/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8088/registrationprocessor/v1/packetvalidator/actuator/health,http://localhost:8089/registrationprocessor/v1/cmdvalidator/actuator/health,http://localhost:8093/registrationprocessor/v1/operatorvalidator/actuator/health,http://localhost:8094/registrationprocessor/v1/supervisorvalidator/actuator/health,http://localhost:8095/registrationprocessor/v1/introducervalidator/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8088/registrationprocessor/v1/packetvalidator/actuator/health,http://localhost:8089/registrationprocessor/v1/cmdvalidator/actuator/health,http://localhost:8093/registrationprocessor/v1/operatorvalidator/actuator/health,http://localhost:8094/registrationprocessor/v1/supervisorvalidator/actuator/health,http://localhost:8095/registrationprocessor/v1/introducervalidator/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 4000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms3000M -Xmx3000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: + reclaimPolicy: + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +## TODO: Enable when prometheus url is available +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPathList: + - endpointPath: '/registrationprocessor/v1/packetvalidator/actuator/prometheus' + port_name: packetvalidator + port: 8088 + targetPort: 8088 + - endpointPath: '/registrationprocessor/v1/cmdvalidator/actuator/prometheus' + port_name: cmdvalidator + port: 8089 + targetPort: 8089 + - endpointPath: '/registrationprocessor/v1/operatorvalidator/actuator/prometheus' + port_name: operatorvalidator + port: 8093 + targetPort: 8093 + - endpointPath: '/registrationprocessor/v1/supervisorvalidator/actuator/prometheus' + port_name: supervisorvalidator + port: 8094 + targetPort: 8094 + - endpointPath: '/registrationprocessor/v1/introducervalidator/actuator/prometheus' + port_name: introducervalidator + port: 8095 + targetPort: 8095 + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +istio: + enabled: false + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/demodedupe diff --git a/helm/regproc-group6/.gitignore b/helm/regproc-group6/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-group6/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-group6/.helmignore b/helm/regproc-group6/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-group6/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-group6/Chart.yaml b/helm/regproc-group6/Chart.yaml new file mode 100644 index 00000000000..c799b901925 --- /dev/null +++ b/helm/regproc-group6/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-group6 +description: A Helm chart for MOSIP Registration Processor Group 6 +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-group6 + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-group6/README.md b/helm/regproc-group6/README.md new file mode 100644 index 00000000000..85354cc8b46 --- /dev/null +++ b/helm/regproc-group6/README.md @@ -0,0 +1,11 @@ +# Group 6 Stage + +Helm chart for installing Registration Processor Group 6 stage. + +## Install +```console +$ kubectl create namespace regproc +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-group6 +``` + diff --git a/helm/regproc-group6/templates/NOTES.txt b/helm/regproc-group6/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-group6/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-group6/templates/_helpers.tpl b/helm/regproc-group6/templates/_helpers.tpl new file mode 100644 index 00000000000..28b6decfa4b --- /dev/null +++ b/helm/regproc-group6/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-group6.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-group6.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-group6.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-group6.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-group6.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-group6.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-group6.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-group6.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-group6/templates/deployment.yaml b/helm/regproc-group6/templates/deployment.yaml new file mode 100644 index 00000000000..477dcada6f2 --- /dev/null +++ b/helm/regproc-group6/templates/deployment.yaml @@ -0,0 +1,131 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-group6.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-group6.serviceAccountName" . }} + {{- include "regproc-group6.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-group6.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-group6 + image: {{ template "regproc-group6.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: [] + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-group6/templates/extra-list.yaml b/helm/regproc-group6/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-group6/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-group6/templates/service-account.yaml b/helm/regproc-group6/templates/service-account.yaml new file mode 100644 index 00000000000..8a09a582f8c --- /dev/null +++ b/helm/regproc-group6/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-group6.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-group6/templates/service.yaml b/helm/regproc-group6/templates/service.yaml new file mode 100644 index 00000000000..431f126641d --- /dev/null +++ b/helm/regproc-group6/templates/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + {{- range $ep := .Values.metrics.endpointPathList }} + - name: {{ $ep.port_name }} + port: {{ $ep.port }} + protocol: TCP + targetPort: {{ $ep.targetPort }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-group6/templates/servicemonitor.yaml b/helm/regproc-group6/templates/servicemonitor.yaml new file mode 100644 index 00000000000..bd01e3b0545 --- /dev/null +++ b/helm/regproc-group6/templates/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- range $ep := .Values.metrics.endpointPathList }} + - port: {{ $ep.port_name }} + path: {{ $ep.endpointPath }} + {{- if $.Values.metrics.serviceMonitor.interval }} + interval: {{ $.Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ $.Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml $.Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- end }} diff --git a/helm/regproc-group6/templates/virtualservice.yaml b/helm/regproc-group6/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-group6/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-group6/values.yaml b/helm/regproc-group6/values.yaml new file mode 100644 index 00000000000..f786eacb312 --- /dev/null +++ b/helm/regproc-group6/values.yaml @@ -0,0 +1,393 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-stage-group-6 + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## When configuring Probe, please make sure to remove from the url paths that are not required from the probe list +startupProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8087/registrationprocessor/v1/uploader/actuator/health,http://localhost:8092/registrationprocessor/v1/packetclassifier/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8087/registrationprocessor/v1/uploader/actuator/health,http://localhost:8092/registrationprocessor/v1/packetclassifier/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8087/registrationprocessor/v1/uploader/actuator/health,http://localhost:8092/registrationprocessor/v1/packetclassifier/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 4000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms3000M -Xmx3000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: + reclaimPolicy: + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +## TODO: Enable when prometheus url is available +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPathList: + - endpointPath: '/registrationprocessor/v1/uploader/actuator/prometheus' + port_name: uploader + port: 8087 + targetPort: 8087 + - endpointPath: '/registrationprocessor/v1/packetclassifier/actuator/prometheus' + port_name: packetclassifier + port: 8092 + targetPort: 8092 + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +istio: + enabled: false + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/group6 diff --git a/helm/regproc-group7/.gitignore b/helm/regproc-group7/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-group7/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-group7/.helmignore b/helm/regproc-group7/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-group7/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-group7/Chart.yaml b/helm/regproc-group7/Chart.yaml new file mode 100644 index 00000000000..20aea1cdfc4 --- /dev/null +++ b/helm/regproc-group7/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-group7 +description: A Helm chart for MOSIP Registration Processor Group 7 +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-group7 + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-group7/README.md b/helm/regproc-group7/README.md new file mode 100644 index 00000000000..c115b1d221c --- /dev/null +++ b/helm/regproc-group7/README.md @@ -0,0 +1,11 @@ +# Group 7 Stage + +Helm chart for installing Registration Processor Group 7 stage. + +## Install +```console +$ kubectl create namespace regproc +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-group7 +``` + diff --git a/helm/regproc-group7/templates/NOTES.txt b/helm/regproc-group7/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-group7/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-group7/templates/_helpers.tpl b/helm/regproc-group7/templates/_helpers.tpl new file mode 100644 index 00000000000..bac90d55f7a --- /dev/null +++ b/helm/regproc-group7/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-group7.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-group7.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-group7.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-group7.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-group7.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-group7.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-group7.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-group7.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-group7/templates/deployment.yaml b/helm/regproc-group7/templates/deployment.yaml new file mode 100644 index 00000000000..cfdba592280 --- /dev/null +++ b/helm/regproc-group7/templates/deployment.yaml @@ -0,0 +1,131 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-group7.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-group7.serviceAccountName" . }} + {{- include "regproc-group7.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-group7.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-group7 + image: {{ template "regproc-group7.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: [] + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-group7/templates/extra-list.yaml b/helm/regproc-group7/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-group7/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-group7/templates/service-account.yaml b/helm/regproc-group7/templates/service-account.yaml new file mode 100644 index 00000000000..ee6c7da0448 --- /dev/null +++ b/helm/regproc-group7/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-group7.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-group7/templates/service.yaml b/helm/regproc-group7/templates/service.yaml new file mode 100644 index 00000000000..431f126641d --- /dev/null +++ b/helm/regproc-group7/templates/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + {{- range $ep := .Values.metrics.endpointPathList }} + - name: {{ $ep.port_name }} + port: {{ $ep.port }} + protocol: TCP + targetPort: {{ $ep.targetPort }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-group7/templates/servicemonitor.yaml b/helm/regproc-group7/templates/servicemonitor.yaml new file mode 100644 index 00000000000..bd01e3b0545 --- /dev/null +++ b/helm/regproc-group7/templates/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- range $ep := .Values.metrics.endpointPathList }} + - port: {{ $ep.port_name }} + path: {{ $ep.endpointPath }} + {{- if $.Values.metrics.serviceMonitor.interval }} + interval: {{ $.Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ $.Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ $.Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if $.Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml $.Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- end }} diff --git a/helm/regproc-group7/templates/virtualservice.yaml b/helm/regproc-group7/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-group7/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-group7/values.yaml b/helm/regproc-group7/values.yaml new file mode 100644 index 00000000000..99eedd70cc3 --- /dev/null +++ b/helm/regproc-group7/values.yaml @@ -0,0 +1,393 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-stage-group-7 + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## When configuring Probe, please make sure to remove from the url paths that are not required from the probe list +#### The following probes are not working and are hence disabled. TODO: debug this +startupProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8099/registrationprocessor/v1/uin-generator/actuator/health,http://localhost:8097/registrationprocessor/v1/credentialrequestor-stage/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8099/registrationprocessor/v1/uin-generator/actuator/health,http://localhost:8097/registrationprocessor/v1/credentialrequestor-stage/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - MY_PROBE_CHECK_PATHS="http://localhost:8099/registrationprocessor/v1/uin-generator/actuator/health,http://localhost:8097/registrationprocessor/v1/credentialrequestor-stage/actuator/health"; i=1; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; ((i++)); done + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 4000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms3000M -Xmx3000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: + reclaimPolicy: + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPathList: + - endpointPath: '/registrationprocessor/v1/uin-generator/actuator/prometheus' + port_name: uin-generator + port: 8099 + targetPort: 8099 + - endpointPath: '/registrationprocessor/v1/credentialrequestor-stage/actuator/prometheus' + port_name: credentialrequestor-stage + port: 8097 + targetPort: 8097 + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +istio: + enabled: false + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/group7 diff --git a/helm/regproc-landingzone/.gitignore b/helm/regproc-landingzone/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-landingzone/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-landingzone/.helmignore b/helm/regproc-landingzone/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-landingzone/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-landingzone/Chart.yaml b/helm/regproc-landingzone/Chart.yaml new file mode 100644 index 00000000000..5d76a95bf44 --- /dev/null +++ b/helm/regproc-landingzone/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-landingzone +description: A Helm chart for MOSIP Registration Processor Group 7 +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-landingzone + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-landingzone/README.md b/helm/regproc-landingzone/README.md new file mode 100644 index 00000000000..78648ecd62a --- /dev/null +++ b/helm/regproc-landingzone/README.md @@ -0,0 +1,10 @@ +# Regproc Landing Zone Service + +Helm chart for installing Reg.Proc.Landing Zone Service. + +## TL;DR +```console +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-landingzone +``` + diff --git a/helm/regproc-landingzone/templates/NOTES.txt b/helm/regproc-landingzone/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-landingzone/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-landingzone/templates/_helpers.tpl b/helm/regproc-landingzone/templates/_helpers.tpl new file mode 100644 index 00000000000..e7e31e056f1 --- /dev/null +++ b/helm/regproc-landingzone/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-landingzone.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-landingzone.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-landingzone.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-landingzone.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-landingzone.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-landingzone.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-landingzone.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-landingzone.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-landingzone/templates/deployment.yaml b/helm/regproc-landingzone/templates/deployment.yaml new file mode 100644 index 00000000000..3f7d3f19018 --- /dev/null +++ b/helm/regproc-landingzone/templates/deployment.yaml @@ -0,0 +1,142 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-landingzone.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-landingzone.serviceAccountName" . }} + {{- include "regproc-landingzone.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-landingzone.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-landingzone + image: {{ template "regproc-landingzone.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + volumeMounts: + - name: landing-folder + mountPath: {{ .Values.persistence.mountDir }} + ports: [] + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: landing-folder + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} + {{- else }} + emptyDir: {} + {{ end }} diff --git a/helm/regproc-landingzone/templates/extra-list.yaml b/helm/regproc-landingzone/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-landingzone/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-landingzone/templates/service-account.yaml b/helm/regproc-landingzone/templates/service-account.yaml new file mode 100644 index 00000000000..1679a79415f --- /dev/null +++ b/helm/regproc-landingzone/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-landingzone.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-landingzone/templates/service.yaml b/helm/regproc-landingzone/templates/service.yaml new file mode 100644 index 00000000000..018e6985d05 --- /dev/null +++ b/helm/regproc-landingzone/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-landingzone/templates/servicemonitor.yaml b/helm/regproc-landingzone/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-landingzone/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-landingzone/templates/virtualservice.yaml b/helm/regproc-landingzone/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-landingzone/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-landingzone/values.yaml b/helm/regproc-landingzone/values.yaml new file mode 100644 index 00000000000..8556dff56ae --- /dev/null +++ b/helm/regproc-landingzone/values.yaml @@ -0,0 +1,381 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-landing-zone + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +springServicePort: 8098 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## When configuring Probe, please make sure to remove from the url paths that are not required from the probe list +#### The following probes are not working and are hence disabled. TODO: debug this +startupProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/landingzone/actuator/health + port: 8098 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/landingzone/actuator/health + port: 8098 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/landingzone/actuator/health + port: 8098 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 4000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms3000M -Xmx3000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: true + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: regproc-group1 + reclaimPolicy: + mountDir: /mnt/landing +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/landingzone/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/landingzone diff --git a/helm/regproc-notifier/.gitignore b/helm/regproc-notifier/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-notifier/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-notifier/.helmignore b/helm/regproc-notifier/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-notifier/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-notifier/Chart.yaml b/helm/regproc-notifier/Chart.yaml new file mode 100644 index 00000000000..4d460e03af8 --- /dev/null +++ b/helm/regproc-notifier/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-notifier +description: A Helm chart for MOSIP Registration Processor Notification Service +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-notifier + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-notifier/README.md b/helm/regproc-notifier/README.md new file mode 100644 index 00000000000..1f2353f63e5 --- /dev/null +++ b/helm/regproc-notifier/README.md @@ -0,0 +1,11 @@ +# Regproc Notification Service + +Helm chart for installing Reg Proc Notification Service. + +## TL;DR + +```console +$ helm repo add mosip https://mosip.github.io +$ helm install my-release mosip/regproc-notifier +``` + diff --git a/helm/regproc-notifier/templates/NOTES.txt b/helm/regproc-notifier/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-notifier/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-notifier/templates/_helpers.tpl b/helm/regproc-notifier/templates/_helpers.tpl new file mode 100644 index 00000000000..93a0a5f62ae --- /dev/null +++ b/helm/regproc-notifier/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-notifier.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-notifier.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-notifier.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-notifier.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-notifier.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-notifier.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-notifier.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-notifier.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-notifier/templates/deployment.yaml b/helm/regproc-notifier/templates/deployment.yaml new file mode 100644 index 00000000000..f0d1bf0e7c9 --- /dev/null +++ b/helm/regproc-notifier/templates/deployment.yaml @@ -0,0 +1,133 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-notifier.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-notifier.serviceAccountName" . }} + {{- include "regproc-notifier.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-notifier.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-notifier + image: {{ template "regproc-notifier.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: spring-service + containerPort: {{ .Values.springServicePort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-notifier/templates/extra-list.yaml b/helm/regproc-notifier/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-notifier/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-notifier/templates/service-account.yaml b/helm/regproc-notifier/templates/service-account.yaml new file mode 100644 index 00000000000..76e64c294fd --- /dev/null +++ b/helm/regproc-notifier/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-notifier.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-notifier/templates/service.yaml b/helm/regproc-notifier/templates/service.yaml new file mode 100644 index 00000000000..018e6985d05 --- /dev/null +++ b/helm/regproc-notifier/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-notifier/templates/servicemonitor.yaml b/helm/regproc-notifier/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-notifier/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-notifier/templates/virtualservice.yaml b/helm/regproc-notifier/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-notifier/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-notifier/values.yaml b/helm/regproc-notifier/values.yaml new file mode 100644 index 00000000000..1386ef98585 --- /dev/null +++ b/helm/regproc-notifier/values.yaml @@ -0,0 +1,377 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-notification-service + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +springServicePort: 8088 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +startupProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/notification/actuator/health + port: 8088 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/notification/actuator/health + port: 8088 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/notification/actuator/health + port: 8088 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 200m + memory: 1500Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms750M -Xmx750M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## + +## ConfigMap with extra environment variables that used +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## ConfigMap with extra environment variables that used +## + +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + storageClass: + accessModes: + - ReadWriteOnce + size: 10M + existingClaim: + # Dir where config and keys are written inside container + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/notification/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/notification diff --git a/helm/regproc-opencrvs/.gitignore b/helm/regproc-opencrvs/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-opencrvs/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-opencrvs/Chart.yaml b/helm/regproc-opencrvs/Chart.yaml new file mode 100644 index 00000000000..4aa876d6f63 --- /dev/null +++ b/helm/regproc-opencrvs/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: regproc-opencrvs +description: A Helm chart for mosip regproc-opencrvs stage. +type: application +version: 12.0.2 +appVersion: "" +home: https://mosip.io +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +keywords: + - mosip + - mosip-opencrvs-mediator + - opencrvs-mediator + - regproc-opencrvs + - regproc-opencrvs-stage + - opencrvs +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-opencrvs/README.md b/helm/regproc-opencrvs/README.md new file mode 100644 index 00000000000..54463a6a005 --- /dev/null +++ b/helm/regproc-opencrvs/README.md @@ -0,0 +1,10 @@ +# MOSIP Regproc Opencrvs Stage + +Helm chart for installing for Regproc Opencrvs Stage. + +## Install + +```console +$ helm repo add mosip https://mosip.github.io +$ helm install my-release mosip/regproc-opencrvs +``` diff --git a/helm/regproc-opencrvs/templates/NOTES.txt b/helm/regproc-opencrvs/templates/NOTES.txt new file mode 100644 index 00000000000..4f4b86dd60e --- /dev/null +++ b/helm/regproc-opencrvs/templates/NOTES.txt @@ -0,0 +1 @@ +Installation done diff --git a/helm/regproc-opencrvs/templates/_helpers.tpl b/helm/regproc-opencrvs/templates/_helpers.tpl new file mode 100644 index 00000000000..5b95557caad --- /dev/null +++ b/helm/regproc-opencrvs/templates/_helpers.tpl @@ -0,0 +1,58 @@ +{{/* +Return the proper image name +*/}} +{{- define "regprocOpencrvs.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regprocOpencrvs.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regprocOpencrvs.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regprocOpencrvs.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regprocOpencrvs.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regprocOpencrvs.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regprocOpencrvs.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regprocOpencrvs.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} diff --git a/helm/regproc-opencrvs/templates/deployment.yaml b/helm/regproc-opencrvs/templates/deployment.yaml new file mode 100644 index 00000000000..dda98b1b823 --- /dev/null +++ b/helm/regproc-opencrvs/templates/deployment.yaml @@ -0,0 +1,144 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.podLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{- include "regprocOpencrvs.serviceAccountName" . | nindent 8 }} + {{- include "regprocOpencrvs.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: + {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{- include "regprocOpencrvs.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-opencrvs + image: {{ template "regprocOpencrvs.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + {{- range .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ . }} + {{- end }} + {{- end }} + ports: + - name: container-port + containerPort: {{ .Values.containerPort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-opencrvs/templates/extra-list.yaml b/helm/regproc-opencrvs/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-opencrvs/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-opencrvs/templates/service-account.yaml b/helm/regproc-opencrvs/templates/service-account.yaml new file mode 100644 index 00000000000..f827cd277a0 --- /dev/null +++ b/helm/regproc-opencrvs/templates/service-account.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "regprocOpencrvs.serviceAccountName" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-opencrvs/templates/service.yaml b/helm/regproc-opencrvs/templates/service.yaml new file mode 100644 index 00000000000..20cb4931d34 --- /dev/null +++ b/helm/regproc-opencrvs/templates/service.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.containerPort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-opencrvs/templates/servicemonitor.yaml b/helm/regproc-opencrvs/templates/servicemonitor.yaml new file mode 100644 index 00000000000..64db5089ac8 --- /dev/null +++ b/helm/regproc-opencrvs/templates/servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.containerPort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-opencrvs/values.yaml b/helm/regproc-opencrvs/values.yaml new file mode 100644 index 00000000000..ec5c17deed2 --- /dev/null +++ b/helm/regproc-opencrvs/values.yaml @@ -0,0 +1,358 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: {} +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-opencrvs-stage + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +containerPort: 4545 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +startupProbe: + enabled: true + httpGet: + path: "/registrationprocessor/v1/opencrvs-stage/actuator/health" + port: 8045 + initialDelaySeconds: 0 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 10 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: "/registrationprocessor/v1/opencrvs-stage/actuator/health" + port: 8045 + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: "/registrationprocessor/v1/opencrvs-stage/actuator/health" + port: 8045 + initialDelaySeconds: 0 + periodSeconds: 20 + timeoutSeconds: 5 + failureThreshold: 2 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 200m + # memory: 256Mi + requests: {} + # cpu: 100m + # memory: 1500Mi +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +priorityClassName: "" +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: [] +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + storageClass: + accessModes: + - ReadWriteOnce + size: 10M + existingClaim: + # Dir where config and keys are written inside container + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/opencrvs-stage/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] diff --git a/helm/regproc-pktserver/.gitignore b/helm/regproc-pktserver/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-pktserver/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-pktserver/.helmignore b/helm/regproc-pktserver/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-pktserver/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-pktserver/Chart.yaml b/helm/regproc-pktserver/Chart.yaml new file mode 100644 index 00000000000..9bd780f1b73 --- /dev/null +++ b/helm/regproc-pktserver/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-pktserver +description: A Helm chart for MOSIP Registration Processor Packet Server +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-pktserver + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-pktserver/README.md b/helm/regproc-pktserver/README.md new file mode 100644 index 00000000000..d6c53541a03 --- /dev/null +++ b/helm/regproc-pktserver/README.md @@ -0,0 +1,19 @@ +# Packet server + +Helm chart for installing RegProc Packet Server. This serves packets from landing folder to other stages. + +## TL;DR + +```console +$ helm repo add mosip https://mosip.github.io +$ helm install my-release mosip/regproc-pktserver +``` +## Persistence +It is assumed PVC created in Receiver is available to be mounted here. + +## Prerequisites +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + diff --git a/helm/regproc-pktserver/templates/NOTES.txt b/helm/regproc-pktserver/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-pktserver/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-pktserver/templates/_helpers.tpl b/helm/regproc-pktserver/templates/_helpers.tpl new file mode 100644 index 00000000000..3f1384a02b2 --- /dev/null +++ b/helm/regproc-pktserver/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-pktserver.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-pktserver.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-pktserver.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-pktserver.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-pktserver.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-pktserver.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-pktserver.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-pktserver.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-pktserver/templates/deployment.yaml b/helm/regproc-pktserver/templates/deployment.yaml new file mode 100644 index 00000000000..0b9f844b771 --- /dev/null +++ b/helm/regproc-pktserver/templates/deployment.yaml @@ -0,0 +1,144 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-pktserver.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-pktserver.serviceAccountName" . }} + {{- include "regproc-pktserver.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-pktserver.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-pktserver + image: {{ template "regproc-pktserver.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + volumeMounts: + - name: landing-folder + mountPath: {{ .Values.persistence.mountDir }} + ports: + - name: spring-service + containerPort: {{ .Values.springServicePort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: landing-folder + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} + {{- else }} + emptyDir: {} + {{ end }} diff --git a/helm/regproc-pktserver/templates/extra-list.yaml b/helm/regproc-pktserver/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-pktserver/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-pktserver/templates/service-account.yaml b/helm/regproc-pktserver/templates/service-account.yaml new file mode 100644 index 00000000000..f380bd9bc82 --- /dev/null +++ b/helm/regproc-pktserver/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-pktserver.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-pktserver/templates/service.yaml b/helm/regproc-pktserver/templates/service.yaml new file mode 100644 index 00000000000..018e6985d05 --- /dev/null +++ b/helm/regproc-pktserver/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-pktserver/templates/servicemonitor.yaml b/helm/regproc-pktserver/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-pktserver/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-pktserver/templates/virtualservice.yaml b/helm/regproc-pktserver/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-pktserver/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-pktserver/values.yaml b/helm/regproc-pktserver/values.yaml new file mode 100644 index 00000000000..44130645f15 --- /dev/null +++ b/helm/regproc-pktserver/values.yaml @@ -0,0 +1,383 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-dmz-packet-server + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +springServicePort: 8082 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## TODO: enable probes once health urls are available +startupProbe: + enabled: true + exec: + command: + - /bin/bash + - -c + - echo "regproc packet server is up !!!" > /home/mosip/landing/healthcheck.txt; url=http://localhost:8082/healthcheck.txt; curl_output="$(curl -w %{http_code} -o /dev/null -s $url)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit $i; fi; + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /healthcheck.txt + port: 8082 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /healthcheck.txt + port: 8082 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 1250Mi + requests: + cpu: 100m + memory: 100Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms1000M -Xmx1000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: true + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + accessModes: + - ReadWriteMany + size: 5Gi + ## Asume that this PVC already exists for receiver. + existingClaim: regproc-group1 + # Hardcoded in Dockerfile. + mountDir: /home/mosip/landing +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +## TODO: Enable when prometheus url is available +metrics: + enabled: false + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## pktserver does NOT require any external access. +istio: + enabled: false + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/packetserver diff --git a/helm/regproc-reprocess/.gitignore b/helm/regproc-reprocess/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-reprocess/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-reprocess/.helmignore b/helm/regproc-reprocess/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-reprocess/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-reprocess/Chart.yaml b/helm/regproc-reprocess/Chart.yaml new file mode 100644 index 00000000000..48dfa54a9a9 --- /dev/null +++ b/helm/regproc-reprocess/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-reprocess +description: A Helm chart for MOSIP Registration Processor Reprocess stage +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-reprocess + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-reprocess/README.md b/helm/regproc-reprocess/README.md new file mode 100644 index 00000000000..3c0607f0b57 --- /dev/null +++ b/helm/regproc-reprocess/README.md @@ -0,0 +1,11 @@ +# Packet Reprocess + +Helm chart for installing Registration Processor Reprocess stage. + +## Install +```console +$ kubectl create namespace regproc +$ helm repo add mosip https://mosip.github.io +$ helm -n regproc install my-release mosip/regproc-reprocess +``` + diff --git a/helm/regproc-reprocess/templates/NOTES.txt b/helm/regproc-reprocess/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-reprocess/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-reprocess/templates/_helpers.tpl b/helm/regproc-reprocess/templates/_helpers.tpl new file mode 100644 index 00000000000..895f11fb410 --- /dev/null +++ b/helm/regproc-reprocess/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-reprocess.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-reprocess.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-reprocess.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-reprocess.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-reprocess.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-reprocess.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-reprocess.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-reprocess.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-reprocess/templates/deployment.yaml b/helm/regproc-reprocess/templates/deployment.yaml new file mode 100644 index 00000000000..7f107a87d9e --- /dev/null +++ b/helm/regproc-reprocess/templates/deployment.yaml @@ -0,0 +1,131 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-reprocess.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-reprocess.serviceAccountName" . }} + {{- include "regproc-reprocess.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-reprocess.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-reprocess + image: {{ template "regproc-reprocess.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: spring-service + containerPort: {{ .Values.springServicePort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-reprocess/templates/extra-list.yaml b/helm/regproc-reprocess/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-reprocess/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-reprocess/templates/service-account.yaml b/helm/regproc-reprocess/templates/service-account.yaml new file mode 100644 index 00000000000..b9d73817bc7 --- /dev/null +++ b/helm/regproc-reprocess/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-reprocess.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-reprocess/templates/service.yaml b/helm/regproc-reprocess/templates/service.yaml new file mode 100644 index 00000000000..018e6985d05 --- /dev/null +++ b/helm/regproc-reprocess/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-reprocess/templates/servicemonitor.yaml b/helm/regproc-reprocess/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-reprocess/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-reprocess/templates/virtualservice.yaml b/helm/regproc-reprocess/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-reprocess/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-reprocess/values.yaml b/helm/regproc-reprocess/values.yaml new file mode 100644 index 00000000000..a19e9d1b46d --- /dev/null +++ b/helm/regproc-reprocess/values.yaml @@ -0,0 +1,380 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-reprocessor + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +springServicePort: 8021 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +## TODO: enable probes once health urls are available +startupProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/reprocessor/actuator/health + port: 8021 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/reprocessor/actuator/health + port: 8021 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/reprocessor/actuator/health + port: 8021 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 2500Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms2000M -Xmx2000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +# true # ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + ## We use EFS storage class as that supports ReadWriteMany. Make sure you have installed the same as given + ## here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html + ## Packet landing zone requires ReadWriteMany + storageClass: + accessModes: + - ReadWriteMany + size: + existingClaim: + reclaimPolicy: + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/reprocessor/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Requires only internal access for swagger +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/reprocessor diff --git a/helm/regproc-salt/.gitignore b/helm/regproc-salt/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-salt/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-salt/.helmignore b/helm/regproc-salt/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-salt/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-salt/Chart.yaml b/helm/regproc-salt/Chart.yaml new file mode 100644 index 00000000000..8add62c48e5 --- /dev/null +++ b/helm/regproc-salt/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-salt +description: A Helm chart to generate keys for Kernel +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-salt + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-salt/README.md b/helm/regproc-salt/README.md new file mode 100644 index 00000000000..89cad517def --- /dev/null +++ b/helm/regproc-salt/README.md @@ -0,0 +1,10 @@ +# Regproc salt generator + +Helm chart for running Regproc Salt Generator + +## TL;DR + +```console +$ helm repo add mosip https://mosip.github.io +$ helm install my-release mosip/regproc-salt +``` diff --git a/helm/regproc-salt/templates/NOTES.txt b/helm/regproc-salt/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-salt/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-salt/templates/_helpers.tpl b/helm/regproc-salt/templates/_helpers.tpl new file mode 100644 index 00000000000..e16b1138743 --- /dev/null +++ b/helm/regproc-salt/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-salt.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-salt.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-salt.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-salt.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-salt.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-salt.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-salt.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-salt.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-salt/templates/extra-list.yaml b/helm/regproc-salt/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-salt/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-salt/templates/job.yaml b/helm/regproc-salt/templates/job.yaml new file mode 100644 index 00000000000..b09f743cf8b --- /dev/null +++ b/helm/regproc-salt/templates/job.yaml @@ -0,0 +1,83 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + "helm.sh/hook-delete-policy": hook-succeeded + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + sidecar.istio.io/inject: "false" + spec: + {{- include "regproc-salt.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: + fsGroup: {{ .Values.podSecurityContext.fsGroup }} + {{- if .Values.podSecurityContext.sysctls }} + sysctls: + {{- toYaml .Values.podSecurityContext.sysctls | nindent 8 }} + {{- end }} + {{- end }} + serviceAccountName: {{ include "regproc-salt.serviceAccountName" . }} + restartPolicy: Never # This is one time job + containers: + - name: regproc-salt + image: {{ template "regproc-salt.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + - name: salt_gen_schema_name_env + value: regprc + - name: salt_gen_db_alias_env + value: mosip.regproc.db + - name: spring_config_name_env + value: registration-processor + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} diff --git a/helm/regproc-salt/templates/service-account.yaml b/helm/regproc-salt/templates/service-account.yaml new file mode 100644 index 00000000000..8c6231a82d3 --- /dev/null +++ b/helm/regproc-salt/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-salt.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-salt/values.yaml b/helm/regproc-salt/values.yaml new file mode 100644 index 00000000000..7dfde7c3b1e --- /dev/null +++ b/helm/regproc-salt/values.yaml @@ -0,0 +1,262 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +image: + registry: docker.io + repository: mosipid/kernel-salt-generator + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 200m + # memory: 256Mi + requests: {} + # cpu: 200m + # memory: 10Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + storageClass: + accessModes: + - ReadWriteOnce + size: 10M + existingClaim: + # Dir where config and keys are written inside container + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: diff --git a/helm/regproc-status/.gitignore b/helm/regproc-status/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-status/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-status/.helmignore b/helm/regproc-status/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-status/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-status/Chart.yaml b/helm/regproc-status/Chart.yaml new file mode 100644 index 00000000000..9666ec411bd --- /dev/null +++ b/helm/regproc-status/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-status +description: A Helm chart for MOSIP Registration Processor Status Service +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-status + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-status/README.md b/helm/regproc-status/README.md new file mode 100644 index 00000000000..5cf08fe41bf --- /dev/null +++ b/helm/regproc-status/README.md @@ -0,0 +1,17 @@ +# Regproc Status Service + +Helm chart for installing Reg Proc Status Service. + +## TL;DR + +```console +$ helm repo add mosip https://mosip.github.io +$ helm install my-release mosip/regproc-status +``` +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + diff --git a/helm/regproc-status/templates/NOTES.txt b/helm/regproc-status/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-status/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-status/templates/_helpers.tpl b/helm/regproc-status/templates/_helpers.tpl new file mode 100644 index 00000000000..76c02acf098 --- /dev/null +++ b/helm/regproc-status/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-status.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-status.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-status.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-status.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-status.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-status.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-status.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-status.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-status/templates/deployment.yaml b/helm/regproc-status/templates/deployment.yaml new file mode 100644 index 00000000000..6be3e6055d7 --- /dev/null +++ b/helm/regproc-status/templates/deployment.yaml @@ -0,0 +1,143 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-status.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-status.serviceAccountName" . }} + {{- include "regproc-status.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-status.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-status + image: {{ template "regproc-status.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + - name: artifactory_url_env + valueFrom: + configMapKeyRef: + name: artifactory-share + key: artifactory_url_env + - name: iam_adapter_url_env + valueFrom: + configMapKeyRef: + name: artifactory-share + key: iam_adapter_regproc_ext_url_env + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: spring-service + containerPort: {{ .Values.springServicePort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-status/templates/extra-list.yaml b/helm/regproc-status/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-status/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-status/templates/service-account.yaml b/helm/regproc-status/templates/service-account.yaml new file mode 100644 index 00000000000..206512c6a79 --- /dev/null +++ b/helm/regproc-status/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-status.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-status/templates/service.yaml b/helm/regproc-status/templates/service.yaml new file mode 100644 index 00000000000..018e6985d05 --- /dev/null +++ b/helm/regproc-status/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-status/templates/servicemonitor.yaml b/helm/regproc-status/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-status/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-status/templates/virtualservice.yaml b/helm/regproc-status/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-status/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-status/values.yaml b/helm/regproc-status/values.yaml new file mode 100644 index 00000000000..5d9750feebd --- /dev/null +++ b/helm/regproc-status/values.yaml @@ -0,0 +1,380 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-registration-status-service + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +springServicePort: 8083 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +startupProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/registrationstatus/actuator/health + port: 8083 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/registrationstatus/actuator/health + port: 8083 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/registrationstatus/actuator/health + port: 8083 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 4000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms2000M -Xmx2000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## NOTE: we have removed artifactory from this list and passed artifactory parameters as above +## This is done as auth adapter url required by this service is different from the default. +extraEnvVarsCM: + - global + - config-server-share +## ConfigMap with extra environment variables that used +## + +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + storageClass: + accessModes: + - ReadWriteOnce + size: 10M + existingClaim: + # Dir where config and keys are written inside container + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +## TODO: Enable once prometheus url is available +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/registrationstatus/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Needs external access as is connected by reg clients +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/registrationstatus diff --git a/helm/regproc-trans/.gitignore b/helm/regproc-trans/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-trans/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-trans/.helmignore b/helm/regproc-trans/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-trans/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-trans/Chart.yaml b/helm/regproc-trans/Chart.yaml new file mode 100644 index 00000000000..88831845fd0 --- /dev/null +++ b/helm/regproc-trans/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-trans +description: A Helm chart for MOSIP Registration Processor Transaction Service +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-trans + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-trans/README.md b/helm/regproc-trans/README.md new file mode 100644 index 00000000000..5259cc1fc0c --- /dev/null +++ b/helm/regproc-trans/README.md @@ -0,0 +1,17 @@ +# Regproc Transaction Service + +Helm chart for installing Reg Proc Transaction Service. + +## TL;DR + +```console +$ helm repo add mosip https://mosip.github.io +$ helm install my-release mosip/regproc-trans +``` +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + diff --git a/helm/regproc-trans/templates/NOTES.txt b/helm/regproc-trans/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-trans/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-trans/templates/_helpers.tpl b/helm/regproc-trans/templates/_helpers.tpl new file mode 100644 index 00000000000..10a1137ad44 --- /dev/null +++ b/helm/regproc-trans/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-trans.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-trans.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-trans.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-trans.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-trans.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-trans.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-trans.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-trans.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-trans/templates/deployment.yaml b/helm/regproc-trans/templates/deployment.yaml new file mode 100644 index 00000000000..b4e08599512 --- /dev/null +++ b/helm/regproc-trans/templates/deployment.yaml @@ -0,0 +1,143 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-trans.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-trans.serviceAccountName" . }} + {{- include "regproc-trans.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-trans.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-trans + image: {{ template "regproc-trans.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + - name: artifactory_url_env + valueFrom: + configMapKeyRef: + name: artifactory-share + key: artifactory_url_env + - name: iam_adapter_url_env + valueFrom: + configMapKeyRef: + name: artifactory-share + key: iam_adapter_regproc_ext_url_env + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: spring-service + containerPort: {{ .Values.springServicePort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-trans/templates/extra-list.yaml b/helm/regproc-trans/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-trans/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-trans/templates/service-account.yaml b/helm/regproc-trans/templates/service-account.yaml new file mode 100644 index 00000000000..fd9d8b7b615 --- /dev/null +++ b/helm/regproc-trans/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-trans.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-trans/templates/service.yaml b/helm/regproc-trans/templates/service.yaml new file mode 100644 index 00000000000..018e6985d05 --- /dev/null +++ b/helm/regproc-trans/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-trans/templates/servicemonitor.yaml b/helm/regproc-trans/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-trans/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-trans/templates/virtualservice.yaml b/helm/regproc-trans/templates/virtualservice.yaml new file mode 100644 index 00000000000..17a2ca4d734 --- /dev/null +++ b/helm/regproc-trans/templates/virtualservice.yaml @@ -0,0 +1,32 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-trans/values.yaml b/helm/regproc-trans/values.yaml new file mode 100644 index 00000000000..9deb2c169f0 --- /dev/null +++ b/helm/regproc-trans/values.yaml @@ -0,0 +1,380 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-registration-transaction-service + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +springServicePort: 8110 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +startupProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/registrationtransaction/actuator/health + port: 8110 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/registrationtransaction/actuator/health + port: 8110 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/registrationtransaction/actuator/health + port: 8110 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 2500Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms2000M -Xmx2000M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## ConfigMap with extra environment variables that used +## NOTE: we have removed artifactory from this list and passed artifactory parameters as above +## This is done as auth adapter url required by this service is different from the default. +extraEnvVarsCM: + - global + - config-server-share +## ConfigMap with extra environment variables that used +## + +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + storageClass: + accessModes: + - ReadWriteOnce + size: 10M + existingClaim: + # Dir where config and keys are written inside container + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +## TODO: Enable once prometheus url is available +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/registrationtransaction/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +## Needs external access as is connected by reg clients +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/registrationtransaction diff --git a/helm/regproc-workflow/.gitignore b/helm/regproc-workflow/.gitignore new file mode 100644 index 00000000000..b3c94bf6431 --- /dev/null +++ b/helm/regproc-workflow/.gitignore @@ -0,0 +1,2 @@ +charts/ +Charts.lock diff --git a/helm/regproc-workflow/.helmignore b/helm/regproc-workflow/.helmignore new file mode 100644 index 00000000000..f0c13194444 --- /dev/null +++ b/helm/regproc-workflow/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/regproc-workflow/Chart.yaml b/helm/regproc-workflow/Chart.yaml new file mode 100644 index 00000000000..4bfafa84e7b --- /dev/null +++ b/helm/regproc-workflow/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: regproc-workflow +description: A Helm chart for MOSIP Registration Processor Workflow Manager +type: application +version: 12.0.2 +appVersion: "" +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +home: https://mosip.io +keywords: + - mosip + - regproc-workflow + - regproc +maintainers: + - email: info@mosip.io + name: MOSIP diff --git a/helm/regproc-workflow/README.md b/helm/regproc-workflow/README.md new file mode 100644 index 00000000000..3f99644b930 --- /dev/null +++ b/helm/regproc-workflow/README.md @@ -0,0 +1,11 @@ +# Regproc Workflow Manager + +Helm chart for installing Regproc Workflow Manager + +## TL;DR + +```console +$ helm repo add mosip https://mosip.github.io +$ helm install my-release mosip/regproc-workflow +``` + diff --git a/helm/regproc-workflow/templates/NOTES.txt b/helm/regproc-workflow/templates/NOTES.txt new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/helm/regproc-workflow/templates/NOTES.txt @@ -0,0 +1 @@ + diff --git a/helm/regproc-workflow/templates/_helpers.tpl b/helm/regproc-workflow/templates/_helpers.tpl new file mode 100644 index 00000000000..c55cf38026f --- /dev/null +++ b/helm/regproc-workflow/templates/_helpers.tpl @@ -0,0 +1,60 @@ +{{/* +Return the proper image name +*/}} +{{- define "regproc-workflow.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "regproc-workflow.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "regproc-workflow.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "regproc-workflow.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "regproc-workflow.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "regproc-workflow.validateValues.foo" .) -}} +{{- $messages := append $messages (include "regproc-workflow.validateValues.bar" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "regproc-workflow.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + + diff --git a/helm/regproc-workflow/templates/deployment.yaml b/helm/regproc-workflow/templates/deployment.yaml new file mode 100644 index 00000000000..f7934d62696 --- /dev/null +++ b/helm/regproc-workflow/templates/deployment.yaml @@ -0,0 +1,135 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + {{- include "regproc-workflow.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "regproc-workflow.serviceAccountName" . }} + {{- include "regproc-workflow.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "regproc-workflow.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - %%commands%% + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: foo + mountPath: bar + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: regproc-workflow + image: {{ template "regproc-workflow.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: container_user + value: {{ .Values.containerSecurityContext.runAsUser }} + - name: JDK_JAVA_OPTIONS + value: {{ .Values.additionalResources.javaOpts }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + {{- range .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ . }} + {{- end }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: spring-service + containerPort: {{ .Values.springServicePort }} + - name: workflow-action + containerPort: {{ .Values.workflowActionPort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} diff --git a/helm/regproc-workflow/templates/extra-list.yaml b/helm/regproc-workflow/templates/extra-list.yaml new file mode 100644 index 00000000000..9ac65f9e16f --- /dev/null +++ b/helm/regproc-workflow/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/helm/regproc-workflow/templates/service-account.yaml b/helm/regproc-workflow/templates/service-account.yaml new file mode 100644 index 00000000000..b15418b41ac --- /dev/null +++ b/helm/regproc-workflow/templates/service-account.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "regproc-workflow.serviceAccountName" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} diff --git a/helm/regproc-workflow/templates/service.yaml b/helm/regproc-workflow/templates/service.yaml new file mode 100644 index 00000000000..64f2debdd60 --- /dev/null +++ b/helm/regproc-workflow/templates/service.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + name: {{ template "common.names.fullname" . }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: spring-service + port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.springServicePort }} + - name: http-workflow-action + port: {{ .Values.workflowActionPort }} + protocol: TCP + targetPort: {{ .Values.workflowActionPort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/helm/regproc-workflow/templates/servicemonitor.yaml b/helm/regproc-workflow/templates/servicemonitor.yaml new file mode 100644 index 00000000000..15f48fdeecf --- /dev/null +++ b/helm/regproc-workflow/templates/servicemonitor.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.springServicePort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/helm/regproc-workflow/templates/virtualservice.yaml b/helm/regproc-workflow/templates/virtualservice.yaml new file mode 100644 index 00000000000..1808be3c634 --- /dev/null +++ b/helm/regproc-workflow/templates/virtualservice.yaml @@ -0,0 +1,43 @@ +{{- if .Values.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - "*" + gateways: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} + http: + - match: + {{- include "common.tplvalues.render" ( dict "value" .Values.istio.workflowAction "context" $ ) | nindent 4 }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.workflowActionPort }} + headers: + request: + set: + x-forwarded-proto: https + - match: + - uri: + prefix: {{ .Values.istio.prefix }} + route: + - destination: + host: {{ template "common.names.fullname" . }} + port: + number: {{ .Values.service.port }} + headers: + request: + set: + x-forwarded-proto: https +{{- end }} diff --git a/helm/regproc-workflow/values.yaml b/helm/regproc-workflow/values.yaml new file mode 100644 index 00000000000..6d193359ade --- /dev/null +++ b/helm/regproc-workflow/values.yaml @@ -0,0 +1,383 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Add labels to all the deployed resources +## +commonLabels: + app.kubernetes.io/component: mosip +## Add annotations to all the deployed resources +## +commonAnnotations: {} +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] +## Number of nodes +## +replicaCount: 1 +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster +image: + registry: docker.io + repository: mosipid/registration-processor-workflow-manager-service + tag.2.0.2 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +## Port on which this particular spring service module is running. +springServicePort: 8026 +workflowActionPort: 8023 +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +startupProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/workflowmanager/actuator/health + port: 8026 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 +livenessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/workflowmanager/actuator/health + port: 8026 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /registrationprocessor/v1/workflowmanager/actuator/health + port: 8026 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## +# existingConfigmap: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 500m + memory: 3000Mi + requests: + cpu: 100m + memory: 1000Mi +additionalResources: + ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources + ## Example: java_opts: "-Xms500M -Xmx500M" + javaOpts: "-Xms2250M -Xmx2250M" +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: mosip + runAsNonRoot: true +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} +## Custom Liveness probes for +## +customLivenessProbe: {} +## Custom Rediness probes +## +customReadinessProbe: {} +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate +## Additional environment variables to set +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## + +## ConfigMap with extra environment variables that used +extraEnvVarsCM: + - global + - config-server-share + - artifactory-share +## ConfigMap with extra environment variables that used +## + +## Secret with extra environment variables +## +extraEnvVarsSecret: +## Extra volumes to add to the deployment +## +extraVolumes: [] +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: {} +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +persistence: + enabled: false + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack). + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + ## ReadWriteMany not supported by AWS gp2 + storageClass: + accessModes: + - ReadWriteOnce + size: 10M + existingClaim: + # Dir where config and keys are written inside container + mountDir: +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + pullSecrets: [] + ## - myRegistryKeySecretName + ## Init containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## + limits: {} + ## cpu: 100m + ## memory: 128Mi + ## + requests: {} + ## cpu: 100m + ## memory: 128Mi + ## +## Specifies whether RBAC resources should be created +## +rbac: + create: true +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: +## Prometheus Metrics +## +metrics: + enabled: true + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + endpointPath: /registrationprocessor/v1/workflowmanager/actuator/prometheus + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] +istio: + enabled: true + gateways: + - istio-system/internal + prefix: /registrationprocessor/v1/workflowmanager + workflowAction: + - uri: + prefix: /registrationprocessor/v1/workflowmanager/workflowaction + - uri: + prefix: /registrationprocessor/v1/workflowmanager/workflow/search From abefd33e72a30708e8293fd1b41d45476479bf45 Mon Sep 17 00:00:00 2001 From: techno-467 Date: Tue, 7 Jan 2025 21:29:40 +0530 Subject: [PATCH 2/2] [DSD-6971] ARC 1.2.0.2 release changes Signed-off-by: techno-467 --- helm/regproc-camel/values.yaml | 2 +- helm/regproc-group1/values.yaml | 2 +- helm/regproc-group2/values.yaml | 2 +- helm/regproc-group3/values.yaml | 2 +- helm/regproc-group4/values.yaml | 2 +- helm/regproc-group5/values.yaml | 2 +- helm/regproc-group6/values.yaml | 2 +- helm/regproc-group7/values.yaml | 2 +- helm/regproc-landingzone/values.yaml | 2 +- helm/regproc-notifier/values.yaml | 2 +- helm/regproc-opencrvs/values.yaml | 2 +- helm/regproc-pktserver/values.yaml | 2 +- helm/regproc-reprocess/values.yaml | 2 +- helm/regproc-salt/values.yaml | 2 +- helm/regproc-status/values.yaml | 2 +- helm/regproc-trans/values.yaml | 2 +- helm/regproc-workflow/values.yaml | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/helm/regproc-camel/values.yaml b/helm/regproc-camel/values.yaml index 58a9ba3ac1c..3debbea0b2b 100644 --- a/helm/regproc-camel/values.yaml +++ b/helm/regproc-camel/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-common-camel-bridge - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-group1/values.yaml b/helm/regproc-group1/values.yaml index 5a0a1a04550..4dd048828b9 100644 --- a/helm/regproc-group1/values.yaml +++ b/helm/regproc-group1/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-stage-group-1 - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-group2/values.yaml b/helm/regproc-group2/values.yaml index cd4609b7760..ebc33e74418 100644 --- a/helm/regproc-group2/values.yaml +++ b/helm/regproc-group2/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-stage-group-2 - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-group3/values.yaml b/helm/regproc-group3/values.yaml index f5b82b0c0b7..66c34f8f58a 100644 --- a/helm/regproc-group3/values.yaml +++ b/helm/regproc-group3/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-stage-group-3 - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-group4/values.yaml b/helm/regproc-group4/values.yaml index ea02fdfd426..6d1551a985e 100644 --- a/helm/regproc-group4/values.yaml +++ b/helm/regproc-group4/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-stage-group-4 - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-group5/values.yaml b/helm/regproc-group5/values.yaml index 45ade4bfe05..ac76523fe67 100644 --- a/helm/regproc-group5/values.yaml +++ b/helm/regproc-group5/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-stage-group-5 - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-group6/values.yaml b/helm/regproc-group6/values.yaml index f786eacb312..279f29a5550 100644 --- a/helm/regproc-group6/values.yaml +++ b/helm/regproc-group6/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-stage-group-6 - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-group7/values.yaml b/helm/regproc-group7/values.yaml index 99eedd70cc3..5a06e6bbb09 100644 --- a/helm/regproc-group7/values.yaml +++ b/helm/regproc-group7/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-stage-group-7 - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-landingzone/values.yaml b/helm/regproc-landingzone/values.yaml index 8556dff56ae..35b2484a838 100644 --- a/helm/regproc-landingzone/values.yaml +++ b/helm/regproc-landingzone/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-landing-zone - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-notifier/values.yaml b/helm/regproc-notifier/values.yaml index 1386ef98585..02fa6068e3f 100644 --- a/helm/regproc-notifier/values.yaml +++ b/helm/regproc-notifier/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-notification-service - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-opencrvs/values.yaml b/helm/regproc-opencrvs/values.yaml index ec5c17deed2..2ca2f960cf7 100644 --- a/helm/regproc-opencrvs/values.yaml +++ b/helm/regproc-opencrvs/values.yaml @@ -45,7 +45,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-opencrvs-stage - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-pktserver/values.yaml b/helm/regproc-pktserver/values.yaml index 44130645f15..fe70fc91f47 100644 --- a/helm/regproc-pktserver/values.yaml +++ b/helm/regproc-pktserver/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-dmz-packet-server - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-reprocess/values.yaml b/helm/regproc-reprocess/values.yaml index a19e9d1b46d..8bb68bd21a1 100644 --- a/helm/regproc-reprocess/values.yaml +++ b/helm/regproc-reprocess/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-reprocessor - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-salt/values.yaml b/helm/regproc-salt/values.yaml index 7dfde7c3b1e..51b61df7fae 100644 --- a/helm/regproc-salt/values.yaml +++ b/helm/regproc-salt/values.yaml @@ -27,7 +27,7 @@ replicaCount: 1 image: registry: docker.io repository: mosipid/kernel-salt-generator - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-status/values.yaml b/helm/regproc-status/values.yaml index 5d9750feebd..f1e98784d7b 100644 --- a/helm/regproc-status/values.yaml +++ b/helm/regproc-status/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-registration-status-service - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-trans/values.yaml b/helm/regproc-trans/values.yaml index 9deb2c169f0..916c69b659f 100644 --- a/helm/regproc-trans/values.yaml +++ b/helm/regproc-trans/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-registration-transaction-service - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/helm/regproc-workflow/values.yaml b/helm/regproc-workflow/values.yaml index 6d193359ade..33dc40f4a68 100644 --- a/helm/regproc-workflow/values.yaml +++ b/helm/regproc-workflow/values.yaml @@ -47,7 +47,7 @@ service: image: registry: docker.io repository: mosipid/registration-processor-workflow-manager-service - tag.2.0.2 + tag: 1.2.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images