Merge pull request #352 from kikkomep/fix/deployment-settings

build/helm chart updates

docker/nginx.conf

@@ -12,24 +12,29 @@ server {
   #server_name localhost;
   keepalive_timeout 60;
   etag on;
-  
+
   ssl_certificate /nginx/certs/lm.crt;
   ssl_certificate_key /nginx/certs/lm.key;
 
   # force HTTP traffic to HTTPS
-  error_page  497 https://$host:8443$request_uri;
+  error_page 497 https://$host:8443$request_uri;
 
   # set static files location
   location /static/ {
     root /app/lifemonitor;
   }
 
+  # if the path matches to root, redirect to the account page
+  location = / {
+    return 301 https://$host:8443/account/;
+  }
+
   # set proxy location
   location / {
     # resolver 127.0.0.11 ipv6=off valid=30s;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Host $http_host;
+    proxy_set_header Host lm:8000;
     # we don't want nginx trying to do something clever with
     # redirects, we set the Host: header above already.
     proxy_redirect off;

docker/nginx.dev.conf

@@ -37,6 +37,11 @@ server {
     proxy_set_header        Host lm:8000;
   }
 
+  # if the path matches to root, redirect to the account page
+  location = / {
+    return 301 https://$host:8443/account/;
+  }
+
   # set proxy location
   location / {
     # resolver 127.0.0.11 ipv6=off valid=30s;

k8s/Chart.yaml

@@ -7,7 +7,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.8.0
+version: 0.10.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -17,7 +17,7 @@ appVersion: 0.11.4
 # Chart dependencies
 dependencies:
   - name: nginx
-    version: 8.8.4
+    version: 13.2.28
     repository: https://charts.bitnami.com/bitnami
   - name: postgresql
     version: 10.1.1

k8s/templates/_helpers.tpl

@@ -49,7 +49,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
-
 Define lifemonitor image
 */}}
 {{- define "chart.lifemonitor.image" -}}
@@ -61,6 +60,35 @@ Define lifemonitor image
 {{- end }}
 
 
+{{/*
+Define lifemonitor TLS secret name
+*/}}
+{{- define "chart.lifemonitor.tls" -}}
+{{- printf "%s-tls" .Release.Name }}
+{{- end }}
+
+
+{{/*
+Define volume name of LifeMonitor backup data 
+*/}}
+{{- define "chart.lifemonitor.data.backup" -}}
+{{- printf "data-%s-backup" .Release.Name }}
+{{- end }}
+
+{{/*
+Define volume name of LifeMonitor workflows data
+*/}}
+{{- define "chart.lifemonitor.data.workflows" -}}
+{{- printf "data-%s-workflows" .Release.Name }}
+{{- end }}
+
+{{/*
+Define volume name of LifeMonitor logs data
+*/}}
+{{- define "chart.lifemonitor.data.logs" -}}
+{{- printf "data-%s-logs" .Release.Name }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}
@@ -112,10 +140,12 @@ Define volumes shared by some pods.
 {{- define "lifemonitor.common-volume" -}}
 - name: lifemonitor-tls
   secret:
-    secretName: lifemonitor-tls
+    secretName: {{ include "chart.lifemonitor.tls" . }}
 - name: lifemonitor-settings
   secret:
     secretName: {{ include "chart.fullname" . }}-settings
+- name: lifemonitor-logs
+  emptyDir: {}
 - name: lifemonitor-data
   persistentVolumeClaim:
     claimName: data-{{- .Release.Name -}}-workflows
@@ -153,3 +183,32 @@ Define mount points shared by some pods.
 {{- end -}}
 {{- end -}}
 {{- end -}}
+
+
+{{/*
+Generate certificates for the LifeMonitor Api Server .
+*/}}
+{{- define "gen-certs" -}}
+{{- $altNames := list ( printf "%s.%s" (include "chart.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "chart.name" .) .Release.Namespace ) -}}
+{{- $ca := genCA "lifemonitor-ca" 365 -}}
+{{- $cert := genSignedCert ( include "chart.name" . ) nil $altNames 365 $ca -}}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end -}}
+
+
+{{/*
+Define lifemonitor GithubApp secret name
+*/}}
+{{- define "chart.lifemonitor.githubApp.key" -}}
+{{- printf "%s-ghapp-key" .Release.Name }}
+{{- end }}
+
+{{/*
+Read and encode the GitHub App private key.
+*/}}
+{{- define "lifemonitor.githubApp.readPrivateKey" -}}
+{{- $fileContent := $.Files.Get .Values.integrations.github.private_key.path -}}
+{{- $base64Content := $fileContent | b64enc -}}
+{{- printf "%s" $base64Content -}}
+{{- end -}}

k8s/templates/backend-deployment.yaml → k8s/templates/backend.deployment.yaml

@@ -1,5 +1,5 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: {{ include "chart.fullname" . }}-backend
   labels:
@@ -8,6 +8,7 @@ metadata:
 spec:
   {{- if not .Values.lifemonitor.autoscaling.enabled }}
   replicas: {{ .Values.lifemonitor.replicaCount }}
+  serviceName: "lifemonitor-backend"
   {{- end }}
   selector:
     matchLabels:
@@ -16,13 +17,19 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/settings: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        checksum/settings: {{ include (print $.Template.BasePath "/settings.secret.yaml") . | sha256sum }}
       {{- with .Values.lifemonitor.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}       
       labels:
         {{- include "chart.selectorLabels" . | nindent 8 }}
         app.kubernetes.io/component: backend
+        {{- if $.Values.monitoring.enabled }}
+        prometheus.io/scrape: 'true'
+        prometheus.io/path: 'metrics'
+        prometheus.io/port: '9090'
+        prometheus.io/scheme: 'http'
+        {{- end }}
     spec:
       {{- with .Values.lifemonitor.imagePullSecrets }}
       imagePullSecrets:
@@ -32,19 +39,23 @@ spec:
       securityContext:
         {{- toYaml .Values.lifemonitor.podSecurityContext | nindent 8 }}
       initContainers:
-        - name: init
+        - name: init-backend
           securityContext:
             {{- toYaml .Values.lifemonitor.securityContext | nindent 12 }}
           image: {{ include "chart.lifemonitor.image" . }}
           imagePullPolicy: {{ .Values.lifemonitor.imagePullPolicy }}
-          command: ["/bin/sh","-c"]
-          args: ["wait-for-redis.sh && wait-for-postgres.sh && ./lm-admin db wait-for-db"]
+          command:
+            - "/bin/sh"
+            - "-c"
+            - |
+              wait-for-redis.sh && wait-for-postgres.sh
+              ./lm-admin db wait-for-db
           env:
           {{- include "lifemonitor.common-env" . | nindent 12 }}
           volumeMounts:
           {{- include "lifemonitor.common-volume-mounts" . | nindent 12 }}
       containers:
-        - name: app
+        - name: backend
           securityContext:
             {{- toYaml .Values.lifemonitor.securityContext | nindent 12 }}
           image: {{ include "chart.lifemonitor.image" . }}
@@ -57,6 +68,9 @@ spec:
             - name: http
               containerPort: 8000
               protocol: TCP
+            - name: metrics
+              containerPort: 9090
+              protocol: TCP
           livenessProbe:
             httpGet:
               scheme: HTTPS

k8s/templates/data-backup.pvc.yaml

@@ -0,0 +1,15 @@
+{{- $dataBackupExists := (lookup "v1" "PersistentVolumeClaim" .Release.Namespace ( include "chart.lifemonitor.data.backup" . ) ) }}
+{{- if not $dataBackupExists }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "chart.lifemonitor.data.backup" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  storageClassName: {{ .Values.global.readWriteManyStorageClass }}
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+{{- end -}}

k8s/templates/data-logs.pvc.yaml

@@ -0,0 +1,15 @@
+{{- $dataLogsExists := (lookup "v1" "PersistentVolumeClaim" .Release.Namespace ( include "chart.lifemonitor.data.logs" . ) ) }}
+{{- if not $dataLogsExists }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "chart.lifemonitor.data.logs" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  storageClassName: {{ .Values.global.readWriteManyStorageClass }}
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+{{- end -}}

k8s/templates/data-workflows.pvc.yaml

@@ -0,0 +1,15 @@
+{{- $dataWorkflowsExists := (lookup "v1" "PersistentVolumeClaim" .Release.Namespace ( include "chart.lifemonitor.data.workflows" . ) ) }}
+{{- if not $dataWorkflowsExists }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "chart.lifemonitor.data.workflows" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  storageClassName: {{ .Values.global.readWriteManyStorageClass }}
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+{{- end -}}

k8s/templates/ingress.yaml

@@ -1,44 +1,67 @@
 {{- if .Values.ingress.enabled -}}
-{{- $fullName := include "chart.fullname" . -}}
-{{- $svcPort := .Values.lifemonitor.service.port -}}
-{{- if semverCompare ">=1.17-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- $fullname := include "chart.fullname" . -}}
+{{- $serviceNewStyle := semverCompare ">=1.18.0" .Capabilities.KubeVersion.GitVersion -}}
+{{- if semverCompare ">=1.17-0" .Capabilities.KubeVersion.GitVersion }}
 apiVersion: networking.k8s.io/v1
-{{- else -}}
+{{- else }}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
+  name: {{ $fullname }}
   labels:
-    {{- include "chart.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
+    app.kubernetes.io/name: {{ include "chart.name" . }}
+    helm.sh/chart: {{ include "chart.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
   annotations:
+    {{- with .Values.ingress.annotations }}
     {{- toYaml . | nindent 4 }}
-  {{- end }}
+    {{- end }}
+    # nginx.ingress.kubernetes.io/rewrite-target: /
+    # nginx.ingress.kubernetes.io/affinity: "cookie"
+    # traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
+    # nginx.ingress.kubernetes.io/session-cookie-name: "lm-api-back-end"
+    # nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
+    # nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
+    # old way of setting the ingress class
+    {{- if semverCompare "<1.18.0" .Capabilities.KubeVersion.GitVersion }}
+    kubernetes.io/ingress.class: {{ .Values.ingress.className }}
+    {{- end }}
 spec:
+  {{- if semverCompare ">=1.18.0" .Capabilities.KubeVersion.GitVersion }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
   {{- if .Values.ingress.tls }}
   tls:
-    {{- range .Values.ingress.tls }}
+  {{- range .Values.ingress.tls }}
     - hosts:
-        {{- range .hosts }}
+      {{- range .hosts }}
         - {{ . | quote }}
-        {{- end }}
+      {{- end }}
       secretName: {{ .secretName }}
-    {{- end }}
+  {{- end }}
   {{- end }}
   rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ . | quote }}
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ $fullName }}-nginx
-                port:
-                  number: 8080
+  {{- range .Values.ingress.hosts }}
+  - host: {{ .host | quote }}
+    http:
+      paths:
+      {{- range .paths }}
+      - path: {{ . | quote }}
+        {{- if $serviceNewStyle }}
+        pathType: Prefix
+        {{- end }}
+        backend:
+          {{- if $serviceNewStyle }}
+          service:   
+            name: {{$fullname}}-nginx
+            port:
+              name: http
+          {{- else }}
+          serviceName: {{$fullname}}-nginx
+          servicePort: http
           {{- end }}
-    {{- end }}
+      {{- end }}
   {{- end }}
+{{- end }}