From 2c28a94f8809e98b45abc5f127c3bc0a3a607c4a Mon Sep 17 00:00:00 2001 From: Nimish Date: Wed, 7 Aug 2024 17:49:22 +0530 Subject: [PATCH 01/21] wip: phase console deployments --- phase-k8s.yaml | 338 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 338 insertions(+) create mode 100644 phase-k8s.yaml diff --git a/phase-k8s.yaml b/phase-k8s.yaml new file mode 100644 index 0000000..31c9195 --- /dev/null +++ b/phase-k8s.yaml @@ -0,0 +1,338 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: phase-config +data: + HOST: "localhost" + HTTP_PROTOCOL: "http://" # Need to change to https after TLS + SSO_PROVIDERS: "google,github,gitlab" + DATABASE_HOST: "phase-postgres" + DATABASE_PORT: "5432" + DATABASE_NAME: "postgres-db-name" + DATABASE_USER: "postgres-user" + REDIS_HOST: "phase-redis" + REDIS_PORT: "6379" + NEXT_TELEMETRY_DISABLED: "1" + +--- +apiVersion: v1 +kind: Secret +metadata: + name: phase-secrets +type: Opaque +stringData: + NEXTAUTH_SECRET: "82031b3760ac58352bb2d48fd9f32e9f72a0614343b669038139f18652ed1447" + SECRET_KEY: "92d44efc4f9a4c0556cc67d2d033d3217829c263d5ab7d1954cf4b5bfd533e58" + SERVER_SECRET: "9e760539415af07b22249b5878593bd4deb9b8961c7dd0570117549f2f32a2" + DATABASE_PASSWORD: "a765b221799be364c53c8a32acccf5dd90d5fc832607bdd14fccaaaa0062adfd" + GOOGLE_CLIENT_ID: + GOOGLE_CLIENT_SECRET: + GITHUB_CLIENT_ID: + GITHUB_CLIENT_SECRET: + GITLAB_CLIENT_ID: + GITLAB_CLIENT_SECRET: + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phase-frontend +spec: + replicas: 1 + selector: + matchLabels: + app: phase-frontend + template: + metadata: + labels: + app: phase-frontend + spec: + containers: + - name: frontend + image: phasehq/frontend:bae2759 + ports: + - containerPort: 3000 + envFrom: + - configMapRef: + name: phase-config + - secretRef: + name: phase-secrets + env: + - name: NEXTAUTH_URL + value: "$(HTTP_PROTOCOL)$(HOST)" + - name: BACKEND_API_BASE + value: "$(HTTP_PROTOCOL)$(HOST)/service" + - name: NEXT_PUBLIC_BACKEND_API_BASE + value: "$(HTTP_PROTOCOL)$(HOST)/service" + - name: NEXT_PUBLIC_NEXTAUTH_PROVIDERS + value: "$(SSO_PROVIDERS)" + # readinessProbe: + # httpGet: + # path: /api/health + # port: 3000 + # initialDelaySeconds: 10 + # periodSeconds: 5 + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phase-backend +spec: + replicas: 1 + selector: + matchLabels: + app: phase-backend + template: + metadata: + labels: + app: phase-backend + spec: + initContainers: + - name: wait-for-postgres + image: busybox:1.28 + command: ['sh', '-c', 'until nc -z phase-postgres 5432; do echo waiting for postgres; sleep 2; done;'] + containers: + - name: backend + image: phasehq/backend:latest + envFrom: + - configMapRef: + name: phase-config + - secretRef: + name: phase-secrets + env: + - name: OAUTH_REDIRECT_URI + value: "$(HTTP_PROTOCOL)$(HOST)" + - name: ALLOWED_HOSTS + value: "$(HOST),phase-backend" + - name: ALLOWED_ORIGINS + value: "$(HTTP_PROTOCOL)$(HOST)" + - name: SESSION_COOKIE_DOMAIN + value: "$(HOST)" + # readinessProbe: + # httpGet: + # path: /health + # port: 8000 + # httpHeaders: + # - name: Host + # value: "phase-backend" + # initialDelaySeconds: 10 + # periodSeconds: 5 + # timeoutSeconds: 5 + # livenessProbe: + # httpGet: + # path: /health + # port: 8000 + # httpHeaders: + # - name: Host + # value: "phase-backend" + # initialDelaySeconds: 15 + # periodSeconds: 20 + # timeoutSeconds: 5 + # lifecycle: + # postStart: + # exec: + # command: ["/bin/sh", "-c", "python manage.py migrate"] + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phase-worker +spec: + replicas: 1 + selector: + matchLabels: + app: phase-worker + template: + metadata: + labels: + app: phase-worker + spec: + initContainers: + # Wait for Postgresql to boot up before starting worker + - name: wait-for-postgres + image: busybox + command: ['sh', '-c', 'until nc -z $DATABASE_HOST $DATABASE_PORT; do echo waiting for postgres; sleep 2; done;'] + envFrom: + - configMapRef: + name: phase-config + # Wait for Redis to boot up before starting worker + - name: wait-for-redis + image: busybox + command: ['sh', '-c', 'until nc -z $REDIS_HOST $REDIS_PORT; do echo waiting for redis; sleep 2; done;'] + envFrom: + - configMapRef: + name: phase-config + containers: + - name: worker + image: phasehq/backend:latest + command: ["python", "manage.py", "rqworker", "default"] + envFrom: + - configMapRef: + name: phase-config + - secretRef: + name: phase-secrets + env: + - name: ALLOWED_HOSTS + value: "$(HOST),phase-worker" + - name: ALLOWED_ORIGINS + value: "$(HTTP_PROTOCOL)$(HOST)" + - name: SESSION_COOKIE_DOMAIN + value: "$(HOST)" + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phase-postgres +spec: + replicas: 1 + selector: + matchLabels: + app: phase-postgres + template: + metadata: + labels: + app: phase-postgres + spec: + containers: + - name: postgres + image: postgres:15.4-alpine3.17 + envFrom: + - configMapRef: + name: phase-config + - secretRef: + name: phase-secrets + env: + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: phase-config + key: DATABASE_NAME + - name: POSTGRES_USER + valueFrom: + configMapKeyRef: + name: phase-config + key: DATABASE_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: phase-secrets + key: DATABASE_PASSWORD + volumeMounts: + - name: postgres-storage + mountPath: /var/lib/postgresql/data + volumes: + - name: postgres-storage + emptyDir: {} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phase-redis +spec: + replicas: 1 + selector: + matchLabels: + app: phase-redis + template: + metadata: + labels: + app: phase-redis + spec: + containers: + - name: redis + image: redis:alpine3.19 + readinessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 5 + periodSeconds: 5 + +--- +apiVersion: v1 +kind: Service +metadata: + name: phase-frontend +spec: + selector: + app: phase-frontend + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + +--- +apiVersion: v1 +kind: Service +metadata: + name: phase-backend +spec: + selector: + app: phase-backend + ports: + - protocol: TCP + port: 8000 + targetPort: 8000 + +--- +apiVersion: v1 +kind: Service +metadata: + name: phase-postgres +spec: + selector: + app: phase-postgres + ports: + - protocol: TCP + port: 5432 + targetPort: 5432 + +--- +apiVersion: v1 +kind: Service +metadata: + name: phase-redis +spec: + selector: + app: phase-redis + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: phase-ingress + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" +spec: + rules: + - http: + paths: + - path: /service + pathType: Prefix + backend: + service: + name: phase-backend + port: + number: 8000 + - path: /kms + pathType: Prefix + backend: + service: + name: phase-backend + port: + number: 8000 + - path: / + pathType: Prefix + backend: + service: + name: phase-frontend + port: + number: 3000 \ No newline at end of file From 9c8b70bb01c88961e0e1342035a2638cd198756d Mon Sep 17 00:00:00 2001 From: Nimish Date: Thu, 8 Aug 2024 12:53:16 +0530 Subject: [PATCH 02/21] helm chart --- phase/templates/NOTES.txt | 21 ++++ phase/templates/_helpers.tpl | 62 ++++++++++ phase/templates/configmap.yaml | 15 +++ phase/templates/deployment-backend.yaml | 64 +++++++++++ phase/templates/deployment-frontend.yaml | 46 ++++++++ phase/templates/deployment-postgres.yaml | 99 ++++++++++++++++ phase/templates/deployment-redis.yaml | 29 +++++ phase/templates/deployment-worker.yaml | 48 ++++++++ phase/templates/secret.yaml | 16 +++ phase/templates/service-backend.yaml | 15 +++ phase/templates/service-frontend.yaml | 15 +++ phase/templates/service-postgres.yaml | 15 +++ phase/templates/service-redis.yaml | 15 +++ phase/values.yaml | 138 +++++++++++++++++++++++ 14 files changed, 598 insertions(+) create mode 100644 phase/templates/NOTES.txt create mode 100644 phase/templates/_helpers.tpl create mode 100644 phase/templates/configmap.yaml create mode 100644 phase/templates/deployment-backend.yaml create mode 100644 phase/templates/deployment-frontend.yaml create mode 100644 phase/templates/deployment-postgres.yaml create mode 100644 phase/templates/deployment-redis.yaml create mode 100644 phase/templates/deployment-worker.yaml create mode 100644 phase/templates/secret.yaml create mode 100644 phase/templates/service-backend.yaml create mode 100644 phase/templates/service-frontend.yaml create mode 100644 phase/templates/service-postgres.yaml create mode 100644 phase/templates/service-redis.yaml create mode 100644 phase/values.yaml diff --git a/phase/templates/NOTES.txt b/phase/templates/NOTES.txt new file mode 100644 index 0000000..b62b4d8 --- /dev/null +++ b/phase/templates/NOTES.txt @@ -0,0 +1,21 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} + +{{- if .Values.ingress.enabled }} +You can access the application at: +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }} +{{- end }} +{{- else }} +To access the application, you need to set up your own ingress or use port-forwarding: + + $ kubectl port-forward svc/{{ .Release.Name }}-frontend 3000:3000 + +Then access the application at: http://localhost:3000 +{{- end }} \ No newline at end of file diff --git a/phase/templates/_helpers.tpl b/phase/templates/_helpers.tpl new file mode 100644 index 0000000..0b9dd7f --- /dev/null +++ b/phase/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "phase.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "phase.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "phase.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "phase.labels" -}} +helm.sh/chart: {{ include "phase.chart" . }} +{{ include "phase.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "phase.selectorLabels" -}} +app.kubernetes.io/name: {{ include "phase.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "phase.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "phase.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/phase/templates/configmap.yaml b/phase/templates/configmap.yaml new file mode 100644 index 0000000..d6e6548 --- /dev/null +++ b/phase/templates/configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "phase.fullname" . }}-config +data: + HOST: {{ .Values.global.host | quote }} + HTTP_PROTOCOL: {{ .Values.global.httpProtocol | quote }} + SSO_PROVIDERS: {{ .Values.sso.providers | quote }} + DATABASE_HOST: {{ .Values.database.host | quote }} + DATABASE_PORT: {{ .Values.database.port | quote }} + DATABASE_NAME: {{ .Values.database.name | quote }} + DATABASE_USER: {{ .Values.database.user | quote }} + REDIS_HOST: {{ .Values.redis.host | quote }} + REDIS_PORT: {{ .Values.redis.port | quote }} + NEXT_TELEMETRY_DISABLED: "1" \ No newline at end of file diff --git a/phase/templates/deployment-backend.yaml b/phase/templates/deployment-backend.yaml new file mode 100644 index 0000000..00df4fd --- /dev/null +++ b/phase/templates/deployment-backend.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "phase.fullname" . }}-backend + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.backend.replicaCount }} + selector: + matchLabels: + {{- include "phase.selectorLabels" . | nindent 6 }} + app: backend + template: + metadata: + labels: + {{- include "phase.selectorLabels" . | nindent 8 }} + app: backend + spec: + initContainers: + - name: wait-for-postgres + image: busybox:1.28 + command: ['sh', '-c', 'until nc -z {{ .Values.database.host }} {{ .Values.database.port }}; do echo waiting for postgres; sleep 2; done;'] + containers: + - name: backend + image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" + imagePullPolicy: {{ .Values.backend.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "phase.fullname" . }}-config + - secretRef: + name: {{ include "phase.fullname" . }}-secrets + env: + - name: OAUTH_REDIRECT_URI + value: "$(HTTP_PROTOCOL)$(HOST)" + - name: ALLOWED_HOSTS + value: "$(HOST),{{ include "phase.fullname" . }}-backend" + - name: ALLOWED_ORIGINS + value: "$(HTTP_PROTOCOL)$(HOST)" + - name: SESSION_COOKIE_DOMAIN + value: "$(HOST)" + {{- if .Values.backend.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /health + port: 8000 + httpHeaders: + - name: Host + value: "{{ include "phase.fullname" . }}-backend" + initialDelaySeconds: {{ .Values.backend.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.backend.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.backend.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.backend.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /health + port: 8000 + httpHeaders: + - name: Host + value: "{{ include "phase.fullname" . }}-backend" + initialDelaySeconds: {{ .Values.backend.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.backend.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.backend.livenessProbe.timeoutSeconds }} + {{- end }} \ No newline at end of file diff --git a/phase/templates/deployment-frontend.yaml b/phase/templates/deployment-frontend.yaml new file mode 100644 index 0000000..321f6f8 --- /dev/null +++ b/phase/templates/deployment-frontend.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "phase.fullname" . }}-frontend + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + selector: + matchLabels: + {{- include "phase.selectorLabels" . | nindent 6 }} + app: frontend + template: + metadata: + labels: + {{- include "phase.selectorLabels" . | nindent 8 }} + app: frontend + spec: + containers: + - name: frontend + image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" + imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} + ports: + - containerPort: 3000 + envFrom: + - configMapRef: + name: {{ include "phase.fullname" . }}-config + - secretRef: + name: {{ include "phase.fullname" . }}-secrets + env: + - name: NEXTAUTH_URL + value: "$(HTTP_PROTOCOL)$(HOST)" + - name: BACKEND_API_BASE + value: "$(HTTP_PROTOCOL)$(HOST)/service" + - name: NEXT_PUBLIC_BACKEND_API_BASE + value: "$(HTTP_PROTOCOL)$(HOST)/service" + - name: NEXT_PUBLIC_NEXTAUTH_PROVIDERS + value: "$(SSO_PROVIDERS)" + {{- if .Values.frontend.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: {{ .Values.frontend.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.frontend.readinessProbe.periodSeconds }} + {{- end }} \ No newline at end of file diff --git a/phase/templates/deployment-postgres.yaml b/phase/templates/deployment-postgres.yaml new file mode 100644 index 0000000..5724c60 --- /dev/null +++ b/phase/templates/deployment-postgres.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "phase.fullname" . }}-postgres + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "phase.selectorLabels" . | nindent 6 }} + app: postgres + template: + metadata: + labels: + {{- include "phase.selectorLabels" . | nindent 8 }} + app: postgres + spec: + securityContext: + fsGroup: 999 + containers: + - name: postgres + image: "{{ .Values.database.image.repository }}:{{ .Values.database.image.tag }}" + imagePullPolicy: {{ .Values.database.image.pullPolicy }} + securityContext: + runAsUser: 999 + runAsGroup: 999 + envFrom: + - configMapRef: + name: {{ include "phase.fullname" . }}-config + - secretRef: + name: {{ include "phase.fullname" . }}-secrets + env: + - name: POSTGRES_DB + value: {{ .Values.database.name | quote }} + - name: POSTGRES_USER + value: {{ .Values.database.user | quote }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "phase.fullname" . }}-secrets + key: DATABASE_PASSWORD + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + ports: + - name: postgres + containerPort: 5432 + volumeMounts: + - name: postgres-storage + mountPath: /var/lib/postgresql/data + resources: + {{- toYaml .Values.database.resources | nindent 12 }} + livenessProbe: + exec: + command: + - pg_isready + - -U + - {{ .Values.database.user | quote }} + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + readinessProbe: + exec: + command: + - pg_isready + - -U + - {{ .Values.database.user | quote }} + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + volumes: + - name: postgres-storage + {{- if .Values.database.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "phase.fullname" . }}-postgres-pvc + {{- else }} + emptyDir: {} + {{- end }} + +--- +{{- if .Values.database.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "phase.fullname" . }}-postgres-pvc + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.database.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.database.persistence.size }} + {{- if .Values.database.persistence.storageClass }} + storageClassName: {{ .Values.database.persistence.storageClass }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/phase/templates/deployment-redis.yaml b/phase/templates/deployment-redis.yaml new file mode 100644 index 0000000..0732db0 --- /dev/null +++ b/phase/templates/deployment-redis.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "phase.fullname" . }}-redis + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "phase.selectorLabels" . | nindent 6 }} + app: redis + template: + metadata: + labels: + {{- include "phase.selectorLabels" . | nindent 8 }} + app: redis + spec: + containers: + - name: redis + image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}" + imagePullPolicy: {{ .Values.redis.image.pullPolicy }} + ports: + - containerPort: 6379 + readinessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} \ No newline at end of file diff --git a/phase/templates/deployment-worker.yaml b/phase/templates/deployment-worker.yaml new file mode 100644 index 0000000..dc3e0a1 --- /dev/null +++ b/phase/templates/deployment-worker.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "phase.fullname" . }}-worker + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.worker.replicaCount }} + selector: + matchLabels: + {{- include "phase.selectorLabels" . | nindent 6 }} + app: worker + template: + metadata: + labels: + {{- include "phase.selectorLabels" . | nindent 8 }} + app: worker + spec: + initContainers: + - name: wait-for-postgres + image: busybox + command: ['sh', '-c', 'until nc -z $DATABASE_HOST $DATABASE_PORT; do echo waiting for postgres; sleep 2; done;'] + envFrom: + - configMapRef: + name: {{ include "phase.fullname" . }}-config + - name: wait-for-redis + image: busybox + command: ['sh', '-c', 'until nc -z $REDIS_HOST $REDIS_PORT; do echo waiting for redis; sleep 2; done;'] + envFrom: + - configMapRef: + name: {{ include "phase.fullname" . }}-config + containers: + - name: worker + image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" + imagePullPolicy: {{ .Values.backend.image.pullPolicy }} + command: ["python", "manage.py", "rqworker", "default"] + envFrom: + - configMapRef: + name: {{ include "phase.fullname" . }}-config + - secretRef: + name: {{ include "phase.fullname" . }}-secrets + env: + - name: ALLOWED_HOSTS + value: "$(HOST),{{ include "phase.fullname" . }}-worker" + - name: ALLOWED_ORIGINS + value: "$(HTTP_PROTOCOL)$(HOST)" + - name: SESSION_COOKIE_DOMAIN + value: "$(HOST)" \ No newline at end of file diff --git a/phase/templates/secret.yaml b/phase/templates/secret.yaml new file mode 100644 index 0000000..3588bd6 --- /dev/null +++ b/phase/templates/secret.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "phase.fullname" . }}-secrets +type: Opaque +stringData: + NEXTAUTH_SECRET: {{ .Values.secrets.nextauthSecret | quote }} + SECRET_KEY: {{ .Values.secrets.secretKey | quote }} + SERVER_SECRET: {{ .Values.secrets.serverSecret | quote }} + DATABASE_PASSWORD: {{ .Values.secrets.databasePassword | quote }} + GOOGLE_CLIENT_ID: {{ .Values.secrets.googleClientId | quote }} + GOOGLE_CLIENT_SECRET: {{ .Values.secrets.googleClientSecret | quote }} + GITHUB_CLIENT_ID: {{ .Values.secrets.githubClientId | quote }} + GITHUB_CLIENT_SECRET: {{ .Values.secrets.githubClientSecret | quote }} + GITLAB_CLIENT_ID: {{ .Values.secrets.gitlabClientId | quote }} + GITLAB_CLIENT_SECRET: {{ .Values.secrets.gitlabClientSecret | quote }} \ No newline at end of file diff --git a/phase/templates/service-backend.yaml b/phase/templates/service-backend.yaml new file mode 100644 index 0000000..008231b --- /dev/null +++ b/phase/templates/service-backend.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "phase.fullname" . }}-backend + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + type: {{ .Values.backend.service.type }} + ports: + - port: {{ .Values.backend.service.port }} + targetPort: 8000 + protocol: TCP + selector: + {{- include "phase.selectorLabels" . | nindent 4 }} + app: backend \ No newline at end of file diff --git a/phase/templates/service-frontend.yaml b/phase/templates/service-frontend.yaml new file mode 100644 index 0000000..7f9cf70 --- /dev/null +++ b/phase/templates/service-frontend.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "phase.fullname" . }}-frontend + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + type: {{ .Values.frontend.service.type }} + ports: + - port: {{ .Values.frontend.service.port }} + targetPort: 3000 + protocol: TCP + selector: + {{- include "phase.selectorLabels" . | nindent 4 }} + app: frontend \ No newline at end of file diff --git a/phase/templates/service-postgres.yaml b/phase/templates/service-postgres.yaml new file mode 100644 index 0000000..2451890 --- /dev/null +++ b/phase/templates/service-postgres.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "phase.fullname" . }}-postgres + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.database.service.port }} + targetPort: 5432 + protocol: TCP + selector: + {{- include "phase.selectorLabels" . | nindent 4 }} + app: postgres \ No newline at end of file diff --git a/phase/templates/service-redis.yaml b/phase/templates/service-redis.yaml new file mode 100644 index 0000000..990cbe6 --- /dev/null +++ b/phase/templates/service-redis.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "phase.fullname" . }}-redis + labels: + {{- include "phase.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.redis.service.port }} + targetPort: 6379 + protocol: TCP + selector: + {{- include "phase.selectorLabels" . | nindent 4 }} + app: redis \ No newline at end of file diff --git a/phase/values.yaml b/phase/values.yaml new file mode 100644 index 0000000..307cbf8 --- /dev/null +++ b/phase/values.yaml @@ -0,0 +1,138 @@ +# Global settings +global: + host: "localhost" + httpProtocol: "https://" + +frontend: + image: + repository: phasehq/frontend + tag: latest + pullPolicy: IfNotPresent + replicaCount: 1 + service: + type: ClusterIP + port: 3000 + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 5 + resources: + requests: + cpu: 250m + memory: 512Mi + +backend: + image: + repository: phasehq/backend + tag: latest + pullPolicy: IfNotPresent + replicaCount: 1 + service: + type: ClusterIP + port: 8000 + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 5 + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 5 + resources: + requests: + cpu: 500m + memory: 1Gi + +worker: + replicaCount: 1 + resources: + requests: + cpu: 250m + memory: 512Mi + +database: + host: "phase-postgres" + port: "5432" + name: "postgres-db-name" + user: "postgres-user" + image: + repository: postgres + tag: 15.4-alpine3.17 + pullPolicy: IfNotPresent + service: + port: 5432 + persistence: + enabled: true + size: 50Gi + storageClass: "" # Use the default StorageClass + accessMode: ReadWriteOnce + resources: + requests: + cpu: 500m + memory: 1Gi + +redis: + host: "phase-redis" + port: "6379" + image: + repository: redis + tag: alpine3.19 + pullPolicy: IfNotPresent + service: + port: 6379 + readinessProbe: + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + requests: + cpu: 100m + memory: 256Mi + +# SSO settings +sso: + providers: "google,github,gitlab" + +# Secrets (DO NOT use these in production, generate your own secure values) +secrets: + nextauthSecret: "82031b3760ac58352bb2d48fd9f32e9f72a0614343b669038139f18652ed1447" + secretKey: "92d44efc4f9a4c0556cc67d2d033d3217829c263d5ab7d1954cf4b5bfd533e58" + serverSecret: "9e760539415af07b22249b5878593bd4deb9b8961c7dd0570117549f2f32a2" + databasePassword: "a765b221799be364c53c8a32acccf5dd90d5fc832607bdd14fccaaaa0062adfd" + googleClientId: "" + googleClientSecret: "" + githubClientId: "" + githubClientSecret: "" + gitlabClientId: "" + gitlabClientSecret: "" + +# Ingress settings +ingress: + enabled: false + className: "" + annotations: {} + hosts: + - host: chart-example.local + paths: + - path: / + pathType: Prefix + tls: [] + +# Autoscaling settings +autoscaling: + frontend: + enabled: false + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 80 + backend: + enabled: false + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 80 + worker: + enabled: false + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 80 \ No newline at end of file From 97093a81a09c852f157d8fe9a8f6c0a5f6dd9a08 Mon Sep 17 00:00:00 2001 From: Nimish Date: Thu, 8 Aug 2024 18:39:35 +0530 Subject: [PATCH 03/21] feat: added templates, fixed linting issues --- phase/Chart.yaml | 16 ++++ phase/templates/configmap.yaml | 4 +- phase/templates/deployment-backend.yaml | 34 +++---- phase/templates/deployment-frontend.yaml | 16 ++-- phase/templates/deployment-postgres.yaml | 4 +- phase/templates/deployment-redis.yaml | 6 +- phase/templates/deployment-worker.yaml | 10 ++- phase/templates/service-backend.yaml | 4 +- phase/templates/service-frontend.yaml | 4 +- phase/values.yaml | 109 +++++++++++++---------- 10 files changed, 125 insertions(+), 82 deletions(-) create mode 100644 phase/Chart.yaml diff --git a/phase/Chart.yaml b/phase/Chart.yaml new file mode 100644 index 0000000..e878a47 --- /dev/null +++ b/phase/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: phase +icon: https://phase.dev/apple-touch-icon.png +description: A Helm chart for deploying the Phase Secrets Manager +type: application +version: 0.1.0 +appVersion: "v2.29.7" +keywords: + - phase + - deployment +home: https://github.com/phasehq/kubernetes-secrets-operator +sources: + - https://github.com/phasehq/console +maintainers: + - name: Nimish + email: nimish@phase.dev diff --git a/phase/templates/configmap.yaml b/phase/templates/configmap.yaml index d6e6548..e172744 100644 --- a/phase/templates/configmap.yaml +++ b/phase/templates/configmap.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "phase.fullname" . }}-config + labels: + {{- include "phase.labels" . | nindent 4 }} data: HOST: {{ .Values.global.host | quote }} HTTP_PROTOCOL: {{ .Values.global.httpProtocol | quote }} @@ -12,4 +14,4 @@ data: DATABASE_USER: {{ .Values.database.user | quote }} REDIS_HOST: {{ .Values.redis.host | quote }} REDIS_PORT: {{ .Values.redis.port | quote }} - NEXT_TELEMETRY_DISABLED: "1" \ No newline at end of file + NEXT_TELEMETRY_DISABLED: {{ .Values.config.nextTelemetryDisabled | default "1" | quote }} \ No newline at end of file diff --git a/phase/templates/deployment-backend.yaml b/phase/templates/deployment-backend.yaml index 00df4fd..3b6efaf 100644 --- a/phase/templates/deployment-backend.yaml +++ b/phase/templates/deployment-backend.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "phase.labels" . | nindent 4 }} spec: - replicas: {{ .Values.backend.replicaCount }} + replicas: {{ .Values.app.backend.replicaCount }} selector: matchLabels: {{- include "phase.selectorLabels" . | nindent 6 }} @@ -22,8 +22,8 @@ spec: command: ['sh', '-c', 'until nc -z {{ .Values.database.host }} {{ .Values.database.port }}; do echo waiting for postgres; sleep 2; done;'] containers: - name: backend - image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" - imagePullPolicy: {{ .Values.backend.image.pullPolicy }} + image: "{{ .Values.app.backend.image.repository }}:{{ .Values.app.backend.image.tag }}" + imagePullPolicy: {{ .Values.app.backend.image.pullPolicy }} envFrom: - configMapRef: name: {{ include "phase.fullname" . }}-config @@ -38,27 +38,29 @@ spec: value: "$(HTTP_PROTOCOL)$(HOST)" - name: SESSION_COOKIE_DOMAIN value: "$(HOST)" - {{- if .Values.backend.readinessProbe.enabled }} + {{- if .Values.app.backend.readinessProbe.enabled }} readinessProbe: httpGet: path: /health port: 8000 httpHeaders: - - name: Host - value: "{{ include "phase.fullname" . }}-backend" - initialDelaySeconds: {{ .Values.backend.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.backend.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.backend.readinessProbe.timeoutSeconds }} + - name: Host + value: "{{ include "phase.fullname" . }}-backend" + initialDelaySeconds: {{ .Values.app.backend.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.app.backend.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.app.backend.readinessProbe.timeoutSeconds }} {{- end }} - {{- if .Values.backend.livenessProbe.enabled }} + {{- if .Values.app.backend.livenessProbe.enabled }} livenessProbe: httpGet: path: /health port: 8000 httpHeaders: - - name: Host - value: "{{ include "phase.fullname" . }}-backend" - initialDelaySeconds: {{ .Values.backend.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.backend.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.backend.livenessProbe.timeoutSeconds }} - {{- end }} \ No newline at end of file + - name: Host + value: "{{ include "phase.fullname" . }}-backend" + initialDelaySeconds: {{ .Values.app.backend.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.app.backend.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.app.backend.livenessProbe.timeoutSeconds }} + {{- end }} + resources: + {{- toYaml .Values.app.backend.resources | nindent 12 }} \ No newline at end of file diff --git a/phase/templates/deployment-frontend.yaml b/phase/templates/deployment-frontend.yaml index 321f6f8..df8c80c 100644 --- a/phase/templates/deployment-frontend.yaml +++ b/phase/templates/deployment-frontend.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "phase.labels" . | nindent 4 }} spec: - replicas: {{ .Values.frontend.replicaCount }} + replicas: {{ .Values.app.frontend.replicaCount }} selector: matchLabels: {{- include "phase.selectorLabels" . | nindent 6 }} @@ -18,8 +18,8 @@ spec: spec: containers: - name: frontend - image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" - imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} + image: "{{ .Values.app.frontend.image.repository }}:{{ .Values.app.frontend.image.tag }}" + imagePullPolicy: {{ .Values.app.frontend.image.pullPolicy }} ports: - containerPort: 3000 envFrom: @@ -36,11 +36,13 @@ spec: value: "$(HTTP_PROTOCOL)$(HOST)/service" - name: NEXT_PUBLIC_NEXTAUTH_PROVIDERS value: "$(SSO_PROVIDERS)" - {{- if .Values.frontend.readinessProbe.enabled }} + {{- if .Values.app.frontend.readinessProbe.enabled }} readinessProbe: httpGet: path: /api/health port: 3000 - initialDelaySeconds: {{ .Values.frontend.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.frontend.readinessProbe.periodSeconds }} - {{- end }} \ No newline at end of file + initialDelaySeconds: {{ .Values.app.frontend.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.app.frontend.readinessProbe.periodSeconds }} + {{- end }} + resources: + {{- toYaml .Values.app.frontend.resources | nindent 12 }} \ No newline at end of file diff --git a/phase/templates/deployment-postgres.yaml b/phase/templates/deployment-postgres.yaml index 5724c60..bc87d59 100644 --- a/phase/templates/deployment-postgres.yaml +++ b/phase/templates/deployment-postgres.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.global.external.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -80,7 +81,7 @@ spec: {{- end }} --- -{{- if .Values.database.persistence.enabled }} +{{- if and (not .Values.global.external.enabled) .Values.database.persistence.enabled }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -96,4 +97,5 @@ spec: {{- if .Values.database.persistence.storageClass }} storageClassName: {{ .Values.database.persistence.storageClass }} {{- end }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/phase/templates/deployment-redis.yaml b/phase/templates/deployment-redis.yaml index 0732db0..3d539f7 100644 --- a/phase/templates/deployment-redis.yaml +++ b/phase/templates/deployment-redis.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.global.external.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -26,4 +27,7 @@ spec: tcpSocket: port: 6379 initialDelaySeconds: {{ .Values.redis.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} \ No newline at end of file + periodSeconds: {{ .Values.redis.readinessProbe.periodSeconds }} + resources: + {{- toYaml .Values.redis.resources | nindent 12 }} +{{- end }} \ No newline at end of file diff --git a/phase/templates/deployment-worker.yaml b/phase/templates/deployment-worker.yaml index dc3e0a1..1c9f031 100644 --- a/phase/templates/deployment-worker.yaml +++ b/phase/templates/deployment-worker.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "phase.labels" . | nindent 4 }} spec: - replicas: {{ .Values.worker.replicaCount }} + replicas: {{ .Values.app.worker.replicaCount }} selector: matchLabels: {{- include "phase.selectorLabels" . | nindent 6 }} @@ -31,8 +31,8 @@ spec: name: {{ include "phase.fullname" . }}-config containers: - name: worker - image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" - imagePullPolicy: {{ .Values.backend.image.pullPolicy }} + image: "{{ .Values.app.worker.image.repository }}:{{ .Values.app.worker.image.tag }}" + imagePullPolicy: {{ .Values.app.worker.image.pullPolicy }} command: ["python", "manage.py", "rqworker", "default"] envFrom: - configMapRef: @@ -45,4 +45,6 @@ spec: - name: ALLOWED_ORIGINS value: "$(HTTP_PROTOCOL)$(HOST)" - name: SESSION_COOKIE_DOMAIN - value: "$(HOST)" \ No newline at end of file + value: "$(HOST)" + resources: + {{- toYaml .Values.app.worker.resources | nindent 12 }} \ No newline at end of file diff --git a/phase/templates/service-backend.yaml b/phase/templates/service-backend.yaml index 008231b..612ae9d 100644 --- a/phase/templates/service-backend.yaml +++ b/phase/templates/service-backend.yaml @@ -5,9 +5,9 @@ metadata: labels: {{- include "phase.labels" . | nindent 4 }} spec: - type: {{ .Values.backend.service.type }} + type: {{ .Values.app.backend.service.type }} ports: - - port: {{ .Values.backend.service.port }} + - port: {{ .Values.app.backend.service.port }} targetPort: 8000 protocol: TCP selector: diff --git a/phase/templates/service-frontend.yaml b/phase/templates/service-frontend.yaml index 7f9cf70..64d86d4 100644 --- a/phase/templates/service-frontend.yaml +++ b/phase/templates/service-frontend.yaml @@ -5,9 +5,9 @@ metadata: labels: {{- include "phase.labels" . | nindent 4 }} spec: - type: {{ .Values.frontend.service.type }} + type: {{ .Values.app.frontend.service.type }} ports: - - port: {{ .Values.frontend.service.port }} + - port: {{ .Values.app.frontend.service.port }} targetPort: 3000 protocol: TCP selector: diff --git a/phase/values.yaml b/phase/values.yaml index 307cbf8..71a42d0 100644 --- a/phase/values.yaml +++ b/phase/values.yaml @@ -2,57 +2,69 @@ global: host: "localhost" httpProtocol: "https://" + version: "latest" + external: + enabled: false # Set to true to use external managed services -frontend: - image: - repository: phasehq/frontend - tag: latest - pullPolicy: IfNotPresent - replicaCount: 1 - service: - type: ClusterIP - port: 3000 - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - resources: - requests: - cpu: 250m - memory: 512Mi +config: + nextTelemetryDisabled: "1" -backend: - image: - repository: phasehq/backend - tag: latest - pullPolicy: IfNotPresent - replicaCount: 1 - service: - type: ClusterIP - port: 8000 - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 5 - livenessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 20 - timeoutSeconds: 5 - resources: - requests: - cpu: 500m - memory: 1Gi +app: + frontend: + image: + repository: phasehq/frontend + tag: "{{ .Values.global.version }}" + pullPolicy: IfNotPresent + replicaCount: 1 + service: + type: ClusterIP + port: 3000 + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 5 + resources: + requests: + cpu: 500m + memory: 1Gi -worker: - replicaCount: 1 - resources: - requests: - cpu: 250m - memory: 512Mi + backend: + image: + repository: phasehq/backend + tag: "{{ .Values.global.version }}" + pullPolicy: IfNotPresent + replicaCount: 1 + service: + type: ClusterIP + port: 8000 + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 5 + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 5 + resources: + requests: + cpu: 500m + memory: 1Gi + + worker: + image: + repository: phasehq/backend + tag: "{{ .Values.global.version }}" + pullPolicy: IfNotPresent + replicaCount: 1 + resources: + requests: + cpu: 250m + memory: 512Mi database: + external: "{{ .Values.global.external.enabled }}" host: "phase-postgres" port: "5432" name: "postgres-db-name" @@ -66,14 +78,16 @@ database: persistence: enabled: true size: 50Gi - storageClass: "" # Use the default StorageClass + storageClass: "" accessMode: ReadWriteOnce resources: requests: cpu: 500m memory: 1Gi +# Redis settings redis: + external: "{{ .Values.global.external.enabled }}" host: "phase-redis" port: "6379" image: @@ -90,7 +104,6 @@ redis: cpu: 100m memory: 256Mi -# SSO settings sso: providers: "google,github,gitlab" From 0436c7eb0e7bb60fe3c52dc2c3df78fb64277485 Mon Sep 17 00:00:00 2001 From: Nimish Date: Fri, 9 Aug 2024 13:22:16 +0530 Subject: [PATCH 04/21] fix: readinessProbe and livenessProbe --- phase/templates/deployment-postgres.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/phase/templates/deployment-postgres.yaml b/phase/templates/deployment-postgres.yaml index bc87d59..f1afc99 100644 --- a/phase/templates/deployment-postgres.yaml +++ b/phase/templates/deployment-postgres.yaml @@ -54,9 +54,9 @@ spec: livenessProbe: exec: command: - - pg_isready - - -U - - {{ .Values.database.user | quote }} + - /bin/sh + - -c + - exec pg_isready -U $POSTGRES_USER -d $POSTGRES_DB initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 @@ -64,9 +64,9 @@ spec: readinessProbe: exec: command: - - pg_isready - - -U - - {{ .Values.database.user | quote }} + - /bin/sh + - -c + - exec pg_isready -U $POSTGRES_USER -d $POSTGRES_DB initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 From 98c4b394e093e00752ef3059a055e5e2257b6d74 Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 14:28:17 +0530 Subject: [PATCH 05/21] feat: removed init containers --- phase/templates/deployment-backend.yaml | 4 ---- phase/templates/deployment-worker.yaml | 13 ------------- 2 files changed, 17 deletions(-) diff --git a/phase/templates/deployment-backend.yaml b/phase/templates/deployment-backend.yaml index 3b6efaf..0be575c 100644 --- a/phase/templates/deployment-backend.yaml +++ b/phase/templates/deployment-backend.yaml @@ -16,10 +16,6 @@ spec: {{- include "phase.selectorLabels" . | nindent 8 }} app: backend spec: - initContainers: - - name: wait-for-postgres - image: busybox:1.28 - command: ['sh', '-c', 'until nc -z {{ .Values.database.host }} {{ .Values.database.port }}; do echo waiting for postgres; sleep 2; done;'] containers: - name: backend image: "{{ .Values.app.backend.image.repository }}:{{ .Values.app.backend.image.tag }}" diff --git a/phase/templates/deployment-worker.yaml b/phase/templates/deployment-worker.yaml index 1c9f031..80e3d21 100644 --- a/phase/templates/deployment-worker.yaml +++ b/phase/templates/deployment-worker.yaml @@ -16,19 +16,6 @@ spec: {{- include "phase.selectorLabels" . | nindent 8 }} app: worker spec: - initContainers: - - name: wait-for-postgres - image: busybox - command: ['sh', '-c', 'until nc -z $DATABASE_HOST $DATABASE_PORT; do echo waiting for postgres; sleep 2; done;'] - envFrom: - - configMapRef: - name: {{ include "phase.fullname" . }}-config - - name: wait-for-redis - image: busybox - command: ['sh', '-c', 'until nc -z $REDIS_HOST $REDIS_PORT; do echo waiting for redis; sleep 2; done;'] - envFrom: - - configMapRef: - name: {{ include "phase.fullname" . }}-config containers: - name: worker image: "{{ .Values.app.worker.image.repository }}:{{ .Values.app.worker.image.tag }}" From 25fddd96b6ac90be89a6cb99604f97090318c603 Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 14:47:26 +0530 Subject: [PATCH 06/21] feat: updated config map --- phase/templates/configmap.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phase/templates/configmap.yaml b/phase/templates/configmap.yaml index e172744..1bf48c6 100644 --- a/phase/templates/configmap.yaml +++ b/phase/templates/configmap.yaml @@ -8,10 +8,10 @@ data: HOST: {{ .Values.global.host | quote }} HTTP_PROTOCOL: {{ .Values.global.httpProtocol | quote }} SSO_PROVIDERS: {{ .Values.sso.providers | quote }} - DATABASE_HOST: {{ .Values.database.host | quote }} + DATABASE_HOST: {{ tpl .Values.database.host . | quote }} DATABASE_PORT: {{ .Values.database.port | quote }} DATABASE_NAME: {{ .Values.database.name | quote }} DATABASE_USER: {{ .Values.database.user | quote }} - REDIS_HOST: {{ .Values.redis.host | quote }} + REDIS_HOST: {{ tpl .Values.redis.host . | quote }} REDIS_PORT: {{ .Values.redis.port | quote }} NEXT_TELEMETRY_DISABLED: {{ .Values.config.nextTelemetryDisabled | default "1" | quote }} \ No newline at end of file From 4b54ce6e131bccc340ec508a5c8dbd4a197407e1 Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 14:47:45 +0530 Subject: [PATCH 07/21] fix: health endpoint --- phase/templates/deployment-backend.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phase/templates/deployment-backend.yaml b/phase/templates/deployment-backend.yaml index 0be575c..bee39fd 100644 --- a/phase/templates/deployment-backend.yaml +++ b/phase/templates/deployment-backend.yaml @@ -37,7 +37,7 @@ spec: {{- if .Values.app.backend.readinessProbe.enabled }} readinessProbe: httpGet: - path: /health + path: 493c5048-99f9-4eac-ad0d-98c3740b491f/health port: 8000 httpHeaders: - name: Host @@ -49,7 +49,7 @@ spec: {{- if .Values.app.backend.livenessProbe.enabled }} livenessProbe: httpGet: - path: /health + path: 493c5048-99f9-4eac-ad0d-98c3740b491f/health port: 8000 httpHeaders: - name: Host From a5dbecdb10aa4f63b5c34c59b862cdae5e548e95 Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 14:48:21 +0530 Subject: [PATCH 08/21] fix: frontend health --- phase/templates/deployment-frontend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phase/templates/deployment-frontend.yaml b/phase/templates/deployment-frontend.yaml index df8c80c..10247da 100644 --- a/phase/templates/deployment-frontend.yaml +++ b/phase/templates/deployment-frontend.yaml @@ -39,7 +39,7 @@ spec: {{- if .Values.app.frontend.readinessProbe.enabled }} readinessProbe: httpGet: - path: /api/health + path: api/health port: 3000 initialDelaySeconds: {{ .Values.app.frontend.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.app.frontend.readinessProbe.periodSeconds }} From 0587a1fd2877f2a8f194a9b82c952819c8bda5dc Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 15:59:49 +0530 Subject: [PATCH 09/21] feat: added support for versions --- phase/templates/deployment-backend.yaml | 2 +- phase/templates/deployment-frontend.yaml | 2 +- phase/templates/deployment-worker.yaml | 2 +- phase/values.yaml | 28 ++++++++++-------------- 4 files changed, 15 insertions(+), 19 deletions(-) diff --git a/phase/templates/deployment-backend.yaml b/phase/templates/deployment-backend.yaml index bee39fd..8db9797 100644 --- a/phase/templates/deployment-backend.yaml +++ b/phase/templates/deployment-backend.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: backend - image: "{{ .Values.app.backend.image.repository }}:{{ .Values.app.backend.image.tag }}" + image: "{{ .Values.global.images.backend.repository }}:{{ .Values.global.version }}" imagePullPolicy: {{ .Values.app.backend.image.pullPolicy }} envFrom: - configMapRef: diff --git a/phase/templates/deployment-frontend.yaml b/phase/templates/deployment-frontend.yaml index 10247da..974e2bf 100644 --- a/phase/templates/deployment-frontend.yaml +++ b/phase/templates/deployment-frontend.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: frontend - image: "{{ .Values.app.frontend.image.repository }}:{{ .Values.app.frontend.image.tag }}" + image: "{{ .Values.global.images.frontend.repository }}:{{ .Values.global.version }}" imagePullPolicy: {{ .Values.app.frontend.image.pullPolicy }} ports: - containerPort: 3000 diff --git a/phase/templates/deployment-worker.yaml b/phase/templates/deployment-worker.yaml index 80e3d21..bf81d76 100644 --- a/phase/templates/deployment-worker.yaml +++ b/phase/templates/deployment-worker.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: worker - image: "{{ .Values.app.worker.image.repository }}:{{ .Values.app.worker.image.tag }}" + image: "{{ .Values.global.images.backend.repository }}:{{ .Values.global.version }}" imagePullPolicy: {{ .Values.app.worker.image.pullPolicy }} command: ["python", "manage.py", "rqworker", "default"] envFrom: diff --git a/phase/values.yaml b/phase/values.yaml index 71a42d0..8b70710 100644 --- a/phase/values.yaml +++ b/phase/values.yaml @@ -2,18 +2,18 @@ global: host: "localhost" httpProtocol: "https://" - version: "latest" + version: v2.29.8 + images: + frontend: + repository: phasehq/frontend + backend: + repository: phasehq/backend external: enabled: false # Set to true to use external managed services -config: - nextTelemetryDisabled: "1" - app: frontend: image: - repository: phasehq/frontend - tag: "{{ .Values.global.version }}" pullPolicy: IfNotPresent replicaCount: 1 service: @@ -30,8 +30,6 @@ app: backend: image: - repository: phasehq/backend - tag: "{{ .Values.global.version }}" pullPolicy: IfNotPresent replicaCount: 1 service: @@ -54,8 +52,6 @@ app: worker: image: - repository: phasehq/backend - tag: "{{ .Values.global.version }}" pullPolicy: IfNotPresent replicaCount: 1 resources: @@ -64,15 +60,15 @@ app: memory: 512Mi database: - external: "{{ .Values.global.external.enabled }}" - host: "phase-postgres" + external: false + host: "{{ .Release.Name }}-postgres" port: "5432" name: "postgres-db-name" user: "postgres-user" image: repository: postgres tag: 15.4-alpine3.17 - pullPolicy: IfNotPresent + pullPolicy: IfNotPresent service: port: 5432 persistence: @@ -87,13 +83,13 @@ database: # Redis settings redis: - external: "{{ .Values.global.external.enabled }}" - host: "phase-redis" + external: false + host: "{{ .Release.Name }}-redis" port: "6379" image: repository: redis tag: alpine3.19 - pullPolicy: IfNotPresent + pullPolicy: IfNotPresent service: port: 6379 readinessProbe: From 95eaaa922d87bad6f6f50e194f20a82b4d351afd Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 16:00:14 +0530 Subject: [PATCH 10/21] feat: disable next telemetry --- phase/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phase/templates/configmap.yaml b/phase/templates/configmap.yaml index 1bf48c6..1407134 100644 --- a/phase/templates/configmap.yaml +++ b/phase/templates/configmap.yaml @@ -14,4 +14,4 @@ data: DATABASE_USER: {{ .Values.database.user | quote }} REDIS_HOST: {{ tpl .Values.redis.host . | quote }} REDIS_PORT: {{ .Values.redis.port | quote }} - NEXT_TELEMETRY_DISABLED: {{ .Values.config.nextTelemetryDisabled | default "1" | quote }} \ No newline at end of file + NEXT_TELEMETRY_DISABLED: {{ default "1" | quote }} \ No newline at end of file From d514d54242521b7df63af765bdffb98fc30faa59 Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 18:33:33 +0530 Subject: [PATCH 11/21] feat: added ingress template --- phase/templates/ingress.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 phase/templates/ingress.yaml diff --git a/phase/templates/ingress.yaml b/phase/templates/ingress.yaml new file mode 100644 index 0000000..c842587 --- /dev/null +++ b/phase/templates/ingress.yaml @@ -0,0 +1,31 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "phase.fullname" . }} + labels: + {{- include "phase.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .http.paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ include "phase.fullname" $ }}-{{ .service.name }} + port: + number: {{ .service.port }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file From 01c05e602be383fb1ad23ac54740312d0a04523f Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 19:58:59 +0530 Subject: [PATCH 12/21] feat: added nginx ingress --- phase/values.yaml | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/phase/values.yaml b/phase/values.yaml index 8b70710..dce7f1b 100644 --- a/phase/values.yaml +++ b/phase/values.yaml @@ -118,15 +118,26 @@ secrets: # Ingress settings ingress: - enabled: false - className: "" - annotations: {} + enabled: true + className: "nginx" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" hosts: - - host: chart-example.local - paths: - - path: / - pathType: Prefix - tls: [] + - host: phase.local # or use {{ .Values.global.host }} if you want to use the global host value + http: + paths: + - path: /service + pathType: Prefix + service: + name: backend + port: 8000 + - path: / + pathType: Prefix + service: + name: frontend + port: 3000 + tls: [] # Remove TLS configuration for now, add it back if you need HTTPS # Autoscaling settings autoscaling: From 6aa9f3e3f1c4bd853d52d91de23698d96cdbf43a Mon Sep 17 00:00:00 2001 From: Nimish Date: Mon, 12 Aug 2024 20:06:30 +0530 Subject: [PATCH 13/21] feat: updated helm NOTES --- phase/templates/NOTES.txt | 41 +++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/phase/templates/NOTES.txt b/phase/templates/NOTES.txt index b62b4d8..94b8275 100644 --- a/phase/templates/NOTES.txt +++ b/phase/templates/NOTES.txt @@ -1,21 +1,42 @@ -Thank you for installing {{ .Chart.Name }}. +{{- define "phase.asciiArt" -}} +⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠔⠋⣳⣖⠚⣲⢖⠙⠳⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⡴⠉⢀⡼⠃⢘⣞⠁⠙⡆⠀⠘⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⢀⡜⠁⢠⠞⠀⢠⠞⠸⡆⠀⠹⡄⠀⠹⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⢀⠞⠀⢠⠏⠀⣠⠏⠀⠀⢳⠀⠀⢳⠀⠀⢧⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⢠⠎⠀⣠⠏⠀⣰⠃⠀⠀⠀⠈⣇⠀⠘⡇⠀⠘⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⢠⠏⠀⣰⠇⠀⣰⠃⠀⠀⠀⠀⠀⢺⡀⠀⢹⠀⠀⢽⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⢠⠏⠀⣰⠃⠀⣰⠃⠀⠀⠀⠀⠀⠀⠀⣇⠀⠈⣇⠀⠘⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⢠⠏⠀⢰⠃⠀⣰⠃⠀⠀⠀⠀⠀⠀⠀⠀⢸⡀⠀⢹⡀⠀⢹⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⢠⠏⠀⢰⠃⠀⣰⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣇⠀⠈⣇⠀⠈⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +⠛⠒⠚⠛⠒⠓⠚⠒⠒⠓⠒⠓⠚⠒⠓⠚⠒⠓⢻⡒⠒⢻⡒⠒⢻⡒⠒⠒⠒⠒⠒⠒⠒⠒⠒⠒⣲⠒⠒⣲⠒⠒⡲⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢧⠀⠀⢧⠀⠈⣇⠀⠀⠀⠀⠀⠀⠀⠀⢠⠇⠀⣰⠃⠀⣰⠃⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⡆⠀⠘⡆⠀⠸⡄⠀⠀⠀⠀⠀⠀⣠⠇⠀⣰⠃⠀⣴⠃⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⡄⠀⠹⡄⠀⠹⡄⠀⠀⠀⠀⡴⠃⢀⡼⠁⢀⡼⠁⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⣆⠀⠙⣆⠀⠹⣄⠀⣠⠎⠁⣠⠞⠀⡤⠏⠀⠀⠀⠀⠀⠀⠀⠀ +⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠳⢤⣈⣳⣤⣼⣹⢥⣰⣋⡥⡴⠊⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀ +{{- end -}} -Your release is named {{ .Release.Name }}. +{{- define "phase.installationMessage" -}} +{{ include "phase.asciiArt" . }} +Thank you for installing {{ .Chart.Name }}! -To learn more about the release, try: +To learn more about the deployment, try: + - `helm status {{ .Release.Name }}` + - `helm get all {{ .Release.Name }}` - $ helm status {{ .Release.Name }} - $ helm get all {{ .Release.Name }} +🙋 Need help?: https://slack.phase.dev +💻 Bug reports / feature requests: https://github.com/phasehq/console {{- if .Values.ingress.enabled }} You can access the application at: {{- range .Values.ingress.hosts }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }} + - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .host }} {{- end }} {{- else }} To access the application, you need to set up your own ingress or use port-forwarding: - - $ kubectl port-forward svc/{{ .Release.Name }}-frontend 3000:3000 - + - kubectl port-forward svc/{{ .Release.Name }}-frontend 3000:3000 Then access the application at: http://localhost:3000 -{{- end }} \ No newline at end of file +{{- end }} +{{- end -}} + +{{ include "phase.installationMessage" . }} \ No newline at end of file From 15e90431f7d644c589a3969b95af04b6559f53cf Mon Sep 17 00:00:00 2001 From: Nimish Date: Tue, 13 Aug 2024 12:26:06 +0530 Subject: [PATCH 14/21] feat: use internal backend api base --- phase/templates/deployment-frontend.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phase/templates/deployment-frontend.yaml b/phase/templates/deployment-frontend.yaml index 974e2bf..7807b10 100644 --- a/phase/templates/deployment-frontend.yaml +++ b/phase/templates/deployment-frontend.yaml @@ -31,7 +31,7 @@ spec: - name: NEXTAUTH_URL value: "$(HTTP_PROTOCOL)$(HOST)" - name: BACKEND_API_BASE - value: "$(HTTP_PROTOCOL)$(HOST)/service" + value: "http://{{ include "phase.fullname" . }}-backend:{{ .Values.app.backend.service.port }}" - name: NEXT_PUBLIC_BACKEND_API_BASE value: "$(HTTP_PROTOCOL)$(HOST)/service" - name: NEXT_PUBLIC_NEXTAUTH_PROVIDERS From cb1726de06963e8a5cde279a2c6f42cc3213999c Mon Sep 17 00:00:00 2001 From: Nimish Date: Tue, 13 Aug 2024 12:27:40 +0530 Subject: [PATCH 15/21] feat: simplified ingress, removed hard coded version --- phase/values.yaml | 63 ++++++++++++++++++----------------------------- 1 file changed, 24 insertions(+), 39 deletions(-) diff --git a/phase/values.yaml b/phase/values.yaml index dce7f1b..e528fd7 100644 --- a/phase/values.yaml +++ b/phase/values.yaml @@ -2,7 +2,7 @@ global: host: "localhost" httpProtocol: "https://" - version: v2.29.8 + version: latest images: frontend: repository: phasehq/frontend @@ -11,6 +11,29 @@ global: external: enabled: false # Set to true to use external managed services +sso: + providers: "google,github,gitlab" + +# Secrets (DO NOT use these in production, generate your own secure values) +secrets: + nextauthSecret: "efd7e1e87edd416bc8ee28e7ee1d961ab7f4a4724ea4249d36f07c92616a322d" + secretKey: "ee728b91f92b48841a847fad61549f9f0b384f172b74bdcc859c1aadbfb633bd" + serverSecret: "896d2d2462ebd12683cee44d7808939217da961d1f15e69c977ae250f23a65c9" + databasePassword: "f5cc076c4788bba216567380247b394d71a2fa0c8970052005a824bad340c6be" + googleClientId: "" + googleClientSecret: "" + githubClientId: "" + githubClientSecret: "" + gitlabClientId: "" + gitlabClientSecret: "" + +# Ingress settings +ingress: + enabled: true + className: "nginx" + # host: "your-domain.com" + tls: [] + app: frontend: image: @@ -100,44 +123,6 @@ redis: cpu: 100m memory: 256Mi -sso: - providers: "google,github,gitlab" - -# Secrets (DO NOT use these in production, generate your own secure values) -secrets: - nextauthSecret: "82031b3760ac58352bb2d48fd9f32e9f72a0614343b669038139f18652ed1447" - secretKey: "92d44efc4f9a4c0556cc67d2d033d3217829c263d5ab7d1954cf4b5bfd533e58" - serverSecret: "9e760539415af07b22249b5878593bd4deb9b8961c7dd0570117549f2f32a2" - databasePassword: "a765b221799be364c53c8a32acccf5dd90d5fc832607bdd14fccaaaa0062adfd" - googleClientId: "" - googleClientSecret: "" - githubClientId: "" - githubClientSecret: "" - gitlabClientId: "" - gitlabClientSecret: "" - -# Ingress settings -ingress: - enabled: true - className: "nginx" - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/ssl-redirect: "false" - hosts: - - host: phase.local # or use {{ .Values.global.host }} if you want to use the global host value - http: - paths: - - path: /service - pathType: Prefix - service: - name: backend - port: 8000 - - path: / - pathType: Prefix - service: - name: frontend - port: 3000 - tls: [] # Remove TLS configuration for now, add it back if you need HTTPS # Autoscaling settings autoscaling: From 7cd665864ebd18e3a4b39de77a4780fa45097211 Mon Sep 17 00:00:00 2001 From: Nimish Date: Tue, 13 Aug 2024 12:27:58 +0530 Subject: [PATCH 16/21] feat: ported nginx config to ingress template --- phase/templates/ingress.yaml | 49 ++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 16 deletions(-) diff --git a/phase/templates/ingress.yaml b/phase/templates/ingress.yaml index c842587..e8d2d27 100644 --- a/phase/templates/ingress.yaml +++ b/phase/templates/ingress.yaml @@ -5,27 +5,44 @@ metadata: name: {{ include "phase.fullname" . }} labels: {{- include "phase.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" + nginx.ingress.kubernetes.io/proxy-send-timeout: "30" + nginx.ingress.kubernetes.io/proxy-read-timeout: "30" + nginx.ingress.kubernetes.io/proxy-body-size: "64m" + nginx.ingress.kubernetes.io/proxy-buffer-size: "64k" + nginx.ingress.kubernetes.io/proxy-buffers-number: "8" + nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "128k" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className }} {{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .http.paths }} - - path: {{ .path }} - pathType: {{ .pathType }} - backend: - service: - name: {{ include "phase.fullname" $ }}-{{ .service.name }} - port: - number: {{ .service.port }} - {{- end }} + - host: {{ .Values.ingress.host | default .Values.global.host | quote }} + http: + paths: + - path: /service(/|$)(.*) + pathType: Prefix + backend: + service: + name: {{ include "phase.fullname" $ }}-backend + port: + number: 8000 + - path: /()(.*) + pathType: Prefix + backend: + service: + name: {{ include "phase.fullname" $ }}-frontend + port: + number: 3000 + {{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host | default .Values.global.host | quote }} + secretName: {{ include "phase.fullname" . }}-tls {{- end }} {{- end }} \ No newline at end of file From 8270cc5a0aa48f0593b1f93712b8d35c52497454 Mon Sep 17 00:00:00 2001 From: Nimish Date: Wed, 14 Aug 2024 15:45:13 +0530 Subject: [PATCH 17/21] feat: removed version name from helm chart to avoid confusion --- phase/Chart.yaml | 1 - phase/templates/_helpers.tpl | 2 -- 2 files changed, 3 deletions(-) diff --git a/phase/Chart.yaml b/phase/Chart.yaml index e878a47..ded60c4 100644 --- a/phase/Chart.yaml +++ b/phase/Chart.yaml @@ -4,7 +4,6 @@ icon: https://phase.dev/apple-touch-icon.png description: A Helm chart for deploying the Phase Secrets Manager type: application version: 0.1.0 -appVersion: "v2.29.7" keywords: - phase - deployment diff --git a/phase/templates/_helpers.tpl b/phase/templates/_helpers.tpl index 0b9dd7f..dab174e 100644 --- a/phase/templates/_helpers.tpl +++ b/phase/templates/_helpers.tpl @@ -36,8 +36,6 @@ Common labels {{- define "phase.labels" -}} helm.sh/chart: {{ include "phase.chart" . }} {{ include "phase.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} From 302c446d8aee9f64a04bfbcab5bd504aeaf49b62 Mon Sep 17 00:00:00 2001 From: Nimish Date: Wed, 14 Aug 2024 16:01:39 +0530 Subject: [PATCH 18/21] fix: helpers --- phase/templates/_helpers.tpl | 1 - 1 file changed, 1 deletion(-) diff --git a/phase/templates/_helpers.tpl b/phase/templates/_helpers.tpl index dab174e..3a2aa74 100644 --- a/phase/templates/_helpers.tpl +++ b/phase/templates/_helpers.tpl @@ -36,7 +36,6 @@ Common labels {{- define "phase.labels" -}} helm.sh/chart: {{ include "phase.chart" . }} {{ include "phase.selectorLabels" . }} -{{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} From 03418ab0cf32f37cb7ba58708879f30f05d3a415 Mon Sep 17 00:00:00 2001 From: Nimish Date: Thu, 15 Aug 2024 17:20:02 +0530 Subject: [PATCH 19/21] feat: added ingress --- phase/values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/phase/values.yaml b/phase/values.yaml index e528fd7..7d1a2cb 100644 --- a/phase/values.yaml +++ b/phase/values.yaml @@ -34,6 +34,12 @@ ingress: # host: "your-domain.com" tls: [] +# Cert manager settings +certManager: + enabled: false + issuerName: "" + issuerKind: "" + app: frontend: image: From 5dbeff4863b2f24b0cb050f079447d85aa1986d6 Mon Sep 17 00:00:00 2001 From: Nimish Date: Thu, 15 Aug 2024 17:20:14 +0530 Subject: [PATCH 20/21] fix: ingress template --- phase/templates/ingress.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/phase/templates/ingress.yaml b/phase/templates/ingress.yaml index e8d2d27..c458203 100644 --- a/phase/templates/ingress.yaml +++ b/phase/templates/ingress.yaml @@ -6,7 +6,10 @@ metadata: labels: {{- include "phase.labels" . | nindent 4 }} annotations: - kubernetes.io/ingress.class: nginx + kubernetes.io/ingress.class: {{ .Values.ingress.className | default "nginx" }} + {{- if .Values.certManager.enabled }} + cert-manager.io/cluster-issuer: {{ .Values.certManager.issuerName }} + {{- end }} nginx.ingress.kubernetes.io/ssl-redirect: "false" nginx.ingress.kubernetes.io/proxy-connect-timeout: "30" nginx.ingress.kubernetes.io/proxy-send-timeout: "30" @@ -39,10 +42,14 @@ spec: name: {{ include "phase.fullname" $ }}-frontend port: number: 3000 - {{- if .Values.ingress.tls }} + {{- if or .Values.ingress.tls .Values.certManager.enabled }} tls: - hosts: - {{ .Values.ingress.host | default .Values.global.host | quote }} + {{- if .Values.certManager.enabled }} secretName: {{ include "phase.fullname" . }}-tls + {{- else }} + secretName: {{ .Values.ingress.tlsSecretName }} + {{- end }} {{- end }} {{- end }} \ No newline at end of file From 8d6d1379fd1df4e7b2615cfcb652517bd5ed7c8a Mon Sep 17 00:00:00 2001 From: Nimish Date: Thu, 15 Aug 2024 17:21:47 +0530 Subject: [PATCH 21/21] feat: updated the repo --- helm-repo/index.yaml | 26 +++++++++++++++++++++++--- helm-repo/phase-0.1.0.tgz | Bin 0 -> 5280 bytes 2 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 helm-repo/phase-0.1.0.tgz diff --git a/helm-repo/index.yaml b/helm-repo/index.yaml index 78c38df..4ea550d 100644 --- a/helm-repo/index.yaml +++ b/helm-repo/index.yaml @@ -1,9 +1,29 @@ apiVersion: v1 entries: + phase: + - apiVersion: v2 + created: "2024-08-15T17:20:48.04662344+05:30" + description: A Helm chart for deploying the Phase Secrets Manager + digest: 35fb1622a8b3d83e461f8d83c957e90d1afd5c6a69049e92da7594a8af302461 + home: https://github.com/phasehq/kubernetes-secrets-operator + icon: https://phase.dev/apple-touch-icon.png + keywords: + - phase + - deployment + maintainers: + - email: nimish@phase.dev + name: Nimish + name: phase + sources: + - https://github.com/phasehq/console + type: application + urls: + - phase-0.1.0.tgz + version: 0.1.0 phase-kubernetes-operator: - apiVersion: v2 appVersion: 1.2.1 - created: "2024-07-29T18:55:33.848979547+05:30" + created: "2024-08-15T17:20:48.047188122+05:30" description: A Helm chart for deploying the Phase Kubernetes Operator digest: dc708b49b17107c0bf6efd354777f2ddaf4e080c18f7ab0541968338dfe808c5 home: https://github.com/phasehq/kubernetes-secrets-operator @@ -21,6 +41,6 @@ entries: - https://github.com/phasehq/kubernetes-secrets-operator type: application urls: - - https://helm.phase.dev/phase-kubernetes-operator-1.2.1.tgz + - phase-kubernetes-operator-1.2.1.tgz version: 1.2.1 -generated: "2024-07-29T18:55:33.848176069+05:30" +generated: "2024-08-15T17:20:48.045460903+05:30" diff --git a/helm-repo/phase-0.1.0.tgz b/helm-repo/phase-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..08528d2fd19a6663f6c5c79be2c2c5518598da6f GIT binary patch literal 5280 zcmV;R6kqEfiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBjZ{x_3@P6j6=tnaFX7UUr>RlpmxbxV$8Dl(_V0m`42m+@? zwj{z7$zeA=R%Q)sa6xwO7RUj6hakB-Y&_!)?(1PUA9gRfKcioepK$0GzLOGd%bMLi zH4K;{yQ-_JtE#KIi%n+=F{Hf(2-->bHkbdGDToOMF$L#<|2Z@b7;W{a;2#~Ln@dO;$XE>nHXg1jmnxm zt1wBMzO0;jBjj3$AS`1JE87loA+cS_&}h3pFoP)T=&S-A$3!x*J#8w}I%UV2NT+E2 z%64_EN-|(oC0S57Ll%){(69(JEab8pXa)^a1(q>0@bvEj)Di#|q!b^r2NM6m(P7(j zHN>Eo^hdKTY@0|Ta|fw_Qfg?BGEh468LO15Wkq_|L!DW;{+~h9L-?)?zzY3uwrlOA z{x@67R{u9q?tv$!J%T2{h!De?U}?gBs}cZH8xs|jOk0B{y)Myvgg67&CbnjqDk%AS zK_3O;ZbE`EkpM7ea6R*gs~d$rND(42xpWJ&hWJM___1YUL1^ z+nx*TR~EoX^IQbD@;#JVX!+pnng+7SK1G_m8FYd@U}K!D9l4pTZNiM&!Oci*=^og(CN9D_R5yd) zpram$EfrG<0L_FLAF>IlWK9g~oT9$xt0fg9S-0slN9QB@jF?yjKm8ePXBW9dNVXd` zrXiPzi8|IG(-W$&7<0prTd)ZEuo$1}}=Z5rBK1^eSen+#lp z>3l4dn9h#7wr3F)RM|bDc0N3xMt4mQ6Xfm>e5|%hR8UtGMc{$DVIhnMu00Asll)_} zSq3qnxraxlC4*@)#$VqXsA&B*RMhO2$_g_u~c2b#f9wHm{40n^_I&+soAL4N`Z@8@@vTY zNT#>wBM&1t`iTB6Nijymre0BxJs@yG2d>t2|Z-2YE{Qctc>&2U2ErY%09{~B3y!q4O@*fv(KVH1~%i{7M7H@yIxcXvo z`AbU1n_sg!zw;FtIuKWvn z^Xt^bf8GftwDsS_TEF@)Iy7OOPZw98_(Su_8pkL`$=hh_pJb82tNr)l4Zrx-zw*$@x#oIqG-mp69izRG7WFa0>5GHiW%gW;YGIC+=iHs>8y11>-fdDi>qJx4EYUh_sX9{ z-h3Ha?>ixeNz3Kei??4cu0Cb+_?L^Tzbvl4UA+Ax9ha-m7H|H@`14Ph42cp$T?u6A z%x#d;euZIS0!@=StIrX}aDupt@%l9|EY0-v3>TyfE-s|wDYQ<(-1gWel)yv72O44V ztxFMK{Xa=Mwtpa2fo3ip&|n1QHK}jCk$mky;Z( z05r|)YSLf-@cYleAwoKsBGdWXa1#rgP&+M$`%QoS!{>hnkG%K1&k3So{Pd* zs>pT|QL~?L*rG8ni@A%(xKQo&u1l42cV^2}bj3$;?A9HQWW4X!L6@JkaTHl%hARgc&>Ta=N+rtu;0oN&cl zGzx5&t+P`G%46Go1zlZ4jxsp)Mo1%O>>bN~;3y8vivuDsVNz5Mmrh?Y&pCQ*ZbOb&E#Puu< zwCe2Am<_%0*f<9zxsgBHe~Y0kk*51PiG0CC)`KA|np z9$+v+8l>g|+cN~71?dO8uVVw5ItI{1z%*tC;f9Ay4GbQP=8O+}heKMIEm%27dsvqC z$H3*5gd@>xmTG`St^~Vh5b(+{O)x^#R_Op@02%Ru+8nmh8gbS}jJ*Fa;HIdO`@9IZ zg-NE@_Zj8t-xMFtkj8)q97)pDaynx-uSuNa8WtIY(vPtGBV0=0;*Ay;uI$U0$VJAI zYKPd~rsK%QQwRsIWx^3MbH|j`2?sRUktmP(wMfYUAF*8qs3B1L|0Pg5DP3QE?Agq= zIDI&eKK_&wNPV3$o>mymDoD>?qBCWX>AGQLB8}MYfk4TsLB}bFX+LGdu82K%c{EpJ z4%LvaTxWJ=C{VBHOp*dQlK{RWlBS=lUJli4>b5kbW;ubma+EZyVs)PS7`A5-k&lqy z9aejXS3bg|l zw#LR}2Awq~gRSuYsw6}SUR!@Xi)3mxA(L^Jm!{G7#5zH#zV`Gz)R2O z77l=?$H#+{!BPLXzuP~^1c_v=#X*O|K81XLf3J5mjDccomxBzjIMCkC@y_F&Vecd$ zkvL`m=x^Y2Ld!XzgZ@#xcL5j;Tyua9cb@mMfrR^$1@vOrJIV&~FmmHSN4>rMVRpCJ zUUX)kI8drX93b7B!`@GhPmX&Bz308-qYqE^_J=!<4|;nHHkehar3lcwR+1lZN!tH# znM@Y@;_#mu-R0@0Qmf2SvPk0ssq0xi-C$lg!yeeIVnCz@?`BOS4A2UxVTW$)%|ez;-VBs zK8WNc<%}4sR}K@HqWwhH+26bNEM%GtG~XRLLgVm0E!TBPe2hF5`ljeaqIQ(zD7hR< zf9J*V(-S&19`$yQPhK4DN19?O-zq5Ge-LwB9^QXIr{0I96tA-JvK8Bvk_6i zM@98AzlHwM{*(Q~oHmLPJM0aI`~Aa{-G2Yse(z+j|9ofvFrVmBTtCJ+N*+yIi|%sx zz}Y#kv{3Kw2_o^ab|9ImpwX>sO{LM1yWMeDZXl@1P*-%h+tKRnhB9h&tK-TPL6c15 z(D8iRXiHBK)FX-*XU$U^lh}ih8`mGYoYcKsGa2Jx256L ze#I+G{C|IM^wt5us{OxOE4lyIt~IyoKN~4`<^M-s<-4;0AP~^aM*xxTZ8!voy(3vH z28e-xB0)fuvulq60_4lW0G1n*2m*Nb2Ju(Hzz-;9IPCr8n1u~5jt*|)fIr^ZebzhN zJJ}iRpFG|f_A+pZES92fgPJqrioG7b$`=)aXqQd~FCHK4@17JOE2oPU(av)G0sDdl z-OLtZOTNpakBA=JN%#RBBi}!)$Nj@1-dY~LxAfQY(B^tgUmZvDSa6k+r%nMX;T!e?V=v-H z{XllAghA%J)P|l%rkyc<;@Y00f^N6F(r1jJ2iZPju#d)=6(A3q#da?l?hKRN0RPxcW#9Q*BQQP!p=s68{mmrhH3-S@9GYT?bu4f*_*LK)~;m&o|R0gu!^+68DtMZ>D{F}x6d!OVCkCb->m0~0!2Os216hyUiRnnDpIuk- zo#m>sWTmnhc{YZI>AC25>LNU~O&)Oul4aS?^n{iU9u)A? z9v1F!vQ>(_+`dk7?QcJfrDt04&I`HG_}ge2u8Wkv8};}-&B5n+oS zQz8~8BXx1k#jw||#ATC3MY##8#TJY17GbdBqDm?-v{-R*nnbRNc zOOA$K`>&n-><71Wx3*kQ!K~Z{-es!ib+!WoP2X+?uDvAZfB#sIbsh!3D*vlpPoMu# z-^PC%DJxEqkrP3mg$UI~!j z5*wM7Vo$_*1i|ZP{J3p@c1kcQa*B3xDUm*s#j)G8d5xdbEc0`;W9>(=gy(KYn~Y>o zFnR)#<6XqqWC65`G@^nMJ598-63TJy^EsX0ETj=xtj(&RR9A|^Vr1zz0;F-!jQ~fs zK9~6^z@=7WRv641kC7V!o?Z_S%a%7Au~U*e#UXJBE*h@ZIt5zxFp^y~LFXzc5!Wj) zk}i7X8U)GwR9F>M?$-kEIY+%inP>7PZf7q@=D@@R)b-48S(YDvoPj~SxEq`;vg);7 zAd;s-7r}vK8uJ)rkx1nyh&`x$bpPRl@{b?J*8m`y97VVeFW)lKwyD8})CSGk}i5U~K*s{@@ zB(Auz_qU@9?g|kTN1BLl1tkz=@Maj)h?5%V;LWxHlKvkjWW8SkTDAV)P*UeVH*4GX ze>YMx_W-%9-DKIv4{-TcD*6t5=^+Ud*RUpg0#lHsJM8Tq_2Nec2=H?J`!|Ub8yMKh zv)+f9ph1R666)yv-qEr)qo1?MJF`Kgg=E4fzg-i@@uc5>a?m^3J=pIZ9-r)IqlkZ} zW*LGd{YZb;CV^=G`00zst0;+m17{h6Wt618nUg|vuv37N$oF-YAy`gH;(I*X(HpeZ{webP=SFJ(zuDaC|3=EX^?!|T@}$3X zxLm`7%*oZ-9m%G@L+$o?@vg^sS;^D?wIzQR(f@jK{imgD&;Q&^S-1YLE0goO%FpF> mwdO|>0q;=r88z>EXt!lswq;wEmj4X^0RR6#RIjQ4h5!J@m3o~3 literal 0 HcmV?d00001