postgresql subchart

.gitignore

@@ -1,3 +1,8 @@
 helm-docs
 kubeval
-charts/**/rendered/
+charts/**/rendered/
+.vscode
+charts/*/charts
+charts/*/index.yaml
+charts/*/Chart.lock
+.history

README.md

@@ -1,5 +1,7 @@
-# The Papercups Library for Kubernetes
-Deploy the Papercups application to Kubernetes
+# Papercups Helm Chart for Kubernetes
+[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/papercups)](https://artifacthub.io/packages/search?repo=papercups)
+
+Deploy the [Papercups](https://papercups.io) application to Kubernetes
 
 ## TL;DR
 ```
@@ -12,7 +14,36 @@ $ helm repo update
 - [Kubernetes 1.17.4+](http://kubernetes.io/docs/getting-started-guides/)
 - [Helm 3.4+](https://github.com/helm/helm#install)
 
-### Add Repo
+## Common Settings
+
+```yml
+secrets:
+  # PUT YOUR OWN SECRET KEYBASE HERE (MUST BE AT LEAST 64 BYTES)
+  SECRET_KEY_BASE: "dvPPvOjpgX2Wk8Y3ONrqWsgM9ZtU4sSrs4l/5CFD1sLm4H+CjLU+EidjNGuSz7bz"
+  # -- The connection parameters for ecto to connect to EXTERNAL postgresql
+  #DATABASE_URL: "ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups"
+
+## PostgreSQL specific settings (https://hub.helm.sh/charts/bitnami/postgresql/10.3.18)
+postgresql:
+  # -- Install PostgreSQL using subchart
+  install: true
+
+global:
+  postgresql:
+    enabled: true
+
+    # -- postgresqlUsername which should be used by Rasa to connect to Postgres
+    postgresqlUsername: "postgres"
+
+    # -- postgresqlPassword is the password which is used when the postgresqlUsername equals "postgres"
+    postgresqlPassword: "password"
+
+    # -- existingSecret which should be used for the password instead of putting it in the values file
+    existingSecret: ""
+
+    # -- postgresDatabase which should be used by Papercups
+    postgresqlDatabase: "papercups"
+
+    # -- servicePort which is used to expose postgres to the other components
+    servicePort: 5432
 ```
-$ helm repo add papercups http://helm.papercups.io/
-```

charts/papercups/Chart.yaml

@@ -4,13 +4,22 @@ description: A Helm chart to deploy the papercups chat server to Kubernetes
 type: application
 
 # This is the chart version.
-version: 0.1.3
+version: 0.2.0
 
 # This is the version number of the application being deployed.
 appVersion: "latest"
 
+dependencies:
+  - name: postgresql
+    version: ~10.10.3
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.install
+
 maintainers:
 - name: jim80net
   email: jim@ramtank.com
   url: https://github.com/jim80net
+- name: rgstephens
+  email: greg@udon.org
+  url: https://github.com/rgstephens
 icon: https://papercups.io/papercups-v2.svg

charts/papercups/README.md

@@ -1,6 +1,6 @@
 # Papercups Helm Chart
 
-![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
 
 This chart was designed to deploy [papercups](https://papercups.io) to your Kubernetes cluster.
 
@@ -28,6 +28,10 @@ $ helm repo add bitnami https://charts.bitnami.com/bitnami
 $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercups,postgresqlPassword=changeit,postgresqlDatabase=papercups
 ```
 
+## Deploying to AWS
+
+Read more at [https://docs.papercups.io/aws](https://docs.papercups.io/aws).
+
 ## Values
 
 | Key | Type | Default | Description |
@@ -40,9 +44,12 @@ $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercup
 | image.command | list | `["/entrypoint.sh"]` | Equivalent to Docker's Entrypoint |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"papercups/papercups"` | Override default registry + image.name |
-| image.tag | string | `"latest@sha256:3c369ea5d68b258c88b12c9fbdfa97e651e4a5b6136f4651553afd217fa55299"` | Override the image tag |
+| image.tag | string | `"latest@sha256:9134991ef653cdaceeead862bafdfe332ba9d1e24f49fce386ea092e26bbbd1e"` | Override the image tag |
 | imagePullSecrets | list | `[]` |  |
-| ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"papercups.example.com","paths":[]}],"tls":[]}` | TODO: This is untested |
+| ingress.annotations | object | `{"alb.ingress.kubernetes.io/scheme":"internet-facing","alb.ingress.kubernetes.io/target-type":"instance","kubernetes.io/ingress.class":"alb"}` | Specify Ingress controller's annotations. |
+| ingress.enabled | bool | `false` | Enable using an Ingress controller. |
+| ingress.hosts | list | `[{"host":"*","paths":["/"]}]` | Specify what hosts the listener will listen for. -- If external-dns is enabled, then create DNS records for each host entry |
+| ingress.tls | list | `[]` |  |
 | initialize_database.enabled | bool | `true` | Create the databases upon install/upgrade. This runs in a distinct job. This is idempotent, but you can disable this if you want. |
 | migration.enabled | bool | `true` | Perform a DB migration upon install/upgrade. This runs in a distinct job. |
 | nameOverride | string | `""` | Override name of app |
@@ -51,12 +58,13 @@ $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercup
 | podSecurityContext | object | `{}` | PodSecurityContext holds pod-level security attributes and common container settings. |
 | replicaCount | int | `1` | Specify the number of papercups instances. |
 | resources | object | `{}` | Set resources requests / limits for pods. |
-| secrets.DATABASE_URL | string | `"ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups"` | The connection parameters for ecto to connect to postgresql |
+| secrets.DATABASE_URL | string | `"ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups"` | The connection parameters for ecto to connect to external postgres postgresql |
 | secrets.SECRET_KEY_BASE | string | `"dvPPvOjpgX2Wk8Y3ONrqWsgM9ZtU4sSrs4l/5CFD1sLm4H+CjLU+EidjNGuSz7bz"` | The secret Phoenix uses to sign and encrypt important information |
 | securityContext | object | `{}` | SecurityContext holds security configuration that will be applied to a container. |
 | service.port | int | `4000` |  |
-| service.type | string | `"ClusterIP"` |  |
+| service.type | string | `"NodePort"` |  |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` | Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints. |
+| global.postgresql.enabled | bool | `true` | Deploy Postgresql [subchart](https://hub.helm.sh/charts/bitnami/postgresql/10.3.18) |

charts/papercups/README.md.gotmpl

@@ -28,4 +28,8 @@ $ helm repo add bitnami https://charts.bitnami.com/bitnami
 $ helm install papercups-db bitnami/postgresql --set postgresqlUsername=papercups,postgresqlPassword=changeit,postgresqlDatabase=papercups
 ```
 
+## Deploying to AWS
+
+Read more at [https://docs.papercups.io/aws](https://docs.papercups.io/aws).
+
 {{ template "chart.valuesSection" . }}

charts/papercups/templates/_postgres.tpl

@@ -0,0 +1,96 @@
+{{/*
+Return the postgresql host.
+*/}}
+{{- define "papercups.psql.host" -}}
+  {{- if .Values.postgresql.install -}}
+    {{- template "papercups.psql.fullname" . -}}
+  {{- else if .Values.postgresql.external.enabled -}}
+    {{- .Values.postgresql.external.host -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Override the fullname template of the subchart.
+*/}}
+{{- define "papercups.psql.fullname" -}}
+{{- printf "%s-postgresql" .Release.Name -}}
+{{- end -}}
+
+{{/*
+Return the db database name.
+*/}}
+{{- define "papercups.psql.database" -}}
+{{- coalesce .databaseName .Values.global.postgresql.postgresqlDatabase "papercups" -}}
+{{- end -}}
+
+{{/*
+Return the db username.
+*/}}
+{{- define "papercups.psql.username" -}}
+{{- coalesce .Values.global.postgresql.postgresqlUsername "papercups" -}}
+{{- end -}}
+
+{{/*
+Return the db port.
+*/}}
+{{- define "papercups.psql.port" -}}
+{{- coalesce .Values.global.postgresql.servicePort 5432 -}}
+{{- end -}}
+
+{{/*
+Return the secret name.
+*/}}
+{{- define "papercups.psql.password.secret" -}}
+{{- default (include "papercups.psql.fullname" .) .Values.global.postgresql.existingSecret | quote -}}
+{{- end -}}
+
+
+{{/*
+Return the name of the key in a secret that contains the postgres password.
+*/}}
+{{- define "papercups.psql.password.key" -}}
+  {{- if .Values.postgresql.existingSecretKey -}}
+    {{- .Values.postgresql.existingSecretKey -}}
+  {{- else if (not (eq .Values.global.postgresql.postgresqlUsername "postgres")) -}}
+postgresql-postgres-password
+  {{- else -}}
+postgresql-password
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Determine if PostgreSQL is available
+*/}}
+{{- define "papercups.psql.available" -}}
+{{- if or .Values.postgresql.external.enabled .Values.postgresql.install -}}
+{{- print "true" -}}
+{{- else -}}
+{{- print "false" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the common database env variables.
+              value: {{- print "ecto://" .Values.global.postgresql.postgresqlUsername -}}
+              #value: "ecto://{{ .Values.global.postgresql.postgresqlUsername }}:{{ .Values.global.postgresql.postgresqlPassword }}@papercups-postgresql.default.svc.cluster.local/{{ .Values.global.postgresql.postgresqlDatabase }}"
+*/}}
+{{- define "papercups.psql.envs" -}}
+- name: "DB_USER"
+  value: "{{ template "papercups.psql.username" . }}"
+- name: "DB_HOST"
+  value: "{{ template "papercups.psql.host" . }}"
+- name: "DB_PORT"
+  value: "{{ template "papercups.psql.port" . }}"
+- name: "DB_DATABASE"
+  value: "{{ template "papercups.psql.database" . }}"
+- name: "DB_PASSWORD"
+  valueFrom:
+    secretKeyRef:
+      name: {{ template "papercups.psql.password.secret" . }}
+      key: {{ template "papercups.psql.password.key" . }}
+#- name: "DATABASE_URL"
+#  valueFrom:
+#    secretKeyRef:
+#      name: {{ template "papercups.psql.password.secret" . }}
+#      key: {{ template "papercups.psql.password.key" . }}
+{{- end -}}

charts/papercups/templates/deployment.yaml

@@ -57,12 +57,14 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           {{- if or ($.Values.configMap) ($.Values.secrets) }}
+          env:
+          {{- include "papercups.psql.envs" . | nindent 12 }}
           envFrom:
           {{- if $.Values.configMap }}
             - configMapRef:
                 name: {{ template "papercups.fullname" $ }}
           {{- end }}
-          {{- if $.Values.secrets }}
+          {{- if or $.Values.secrets $.Values.global.postgresql }}
             - secretRef:
                 name: {{ template "papercups.fullname" $ }}
           {{- end }}

charts/papercups/templates/dnsutils.yaml

@@ -0,0 +1,16 @@
+{{- if (.Values.dnsutils).install -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dnsutils
+  namespace: default
+spec:
+  containers:
+  - name: dnsutils
+    image: gcr.io/kubernetes-e2e-test-images/dnsutils:1.3
+    command:
+      - sleep
+      - "3600"
+    imagePullPolicy: IfNotPresent
+  restartPolicy: Always
+{{- end }}

charts/papercups/templates/ingress.yaml

@@ -1,7 +1,9 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "papercups.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
-{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1beta1
 {{- else -}}
 apiVersion: extensions/v1beta1

charts/papercups/templates/secrets.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.secrets }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,7 +6,17 @@ metadata:
     {{- include "papercups.labels" . | nindent 4 }}
 type: Opaque
 data:
+{{- $db_host := include "papercups.psql.host" . -}}
+{{- $db_name := coalesce .databaseName .Values.global.postgresql.postgresqlDatabase "papercups" -}}
+{{- $db_user := coalesce .Values.global.postgresql.postgresqlUsername "papercups" -}}
+{{- $db_password := coalesce .Values.global.postgresql.postgresqlPassword "changeit" -}}
+{{- $db_url := printf "ecto://%s:%s@%s.%s.svc.cluster.local/%s" $db_user $db_password $db_host .Release.Namespace $db_name -}}
+{{- if .Values.secrets }}
 {{- range $key, $value := .Values.secrets }}
   {{ $key }}: {{ default "MISSING" $value | b64enc | quote }}
 {{- end }}
-{{- end}}
+{{- end }}
+{{- if and .Values.global.postgresql (not .Values.secrets.DATABASE_URL) }}
+#  DATABASE_URL_ASCII: {{ $db_url | quote }}
+  DATABASE_URL: {{ $db_url | b64enc | quote }}
+{{ end }}

charts/papercups/values.yaml

@@ -50,18 +50,24 @@ securityContext: {}
   # runAsUser: 1000
 
 service:
-  type: ClusterIP
+  type: NodePort
   port: 4000
 
-# -- TODO: This is untested
 ingress:
+  # -- Enable using an Ingress controller.
   enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
+  # -- Specify Ingress controller's annotations.
+  annotations:
+    # AWS annotations - Read more at https://docs.papercups.io/aws
+    kubernetes.io/ingress.class: alb
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: instance
+  # -- Specify what hosts the listener will listen for.
+  # -- If external-dns is enabled, then create DNS records for each host entry
   hosts:
-    - host: papercups.example.com
-      paths: []
+    - host: "*"
+      paths:
+        - /
   tls: []
   #  - secretName: papercups-example-com-tls
   #    hosts:
@@ -106,7 +112,7 @@ secrets:
   # -- The secret Phoenix uses to sign and encrypt important information
   SECRET_KEY_BASE: "dvPPvOjpgX2Wk8Y3ONrqWsgM9ZtU4sSrs4l/5CFD1sLm4H+CjLU+EidjNGuSz7bz"
   # -- The connection parameters for ecto to connect to postgresql
-  DATABASE_URL: "ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups"
+  #DATABASE_URL: "ecto://papercups:changeit@papercups-db-postgresql.default.svc.cluster.local/papercups"
 
 migration:
   # -- Perform a DB migration upon install/upgrade. This runs in a distinct job.
@@ -116,3 +122,37 @@ initialize_database:
   # -- Create the databases upon install/upgrade. This runs in a distinct job.
   # This is idempotent, but you can disable this if you want.
   enabled: true
+
+## PostgreSQL specific settings (https://hub.helm.sh/charts/bitnami/postgresql/10.3.18)
+postgresql:
+  # -- Install PostgreSQL
+  install: true
+
+  ## Use external PostgreSQL installation
+  ## This section is not a part of the PostgreSQL subchart
+  external:
+    # -- Determine if use an external PostgreSQL host
+    enabled: false
+
+    # -- External PostgreSQL hostname
+    ## The host value is accessible via the `${DB_HOST}` environment variable
+    host: "external-postgresql"
+
+global:
+  postgresql:
+    enabled: true
+
+    # -- postgresqlUsername which should be used by Rasa to connect to Postgres
+    postgresqlUsername: "postgres"
+
+    # -- postgresqlPassword is the password which is used when the postgresqlUsername equals "postgres"
+    postgresqlPassword: "password"
+
+    # -- existingSecret which should be used for the password instead of putting it in the values file
+    existingSecret: ""
+
+    # -- postgresDatabase which should be used by Papercups
+    postgresqlDatabase: "papercups"
+
+    # -- servicePort which is used to expose postgres to the other components
+    servicePort: 5432