Merge pull request GoogleCloudPlatform#2 from FusionAuth/helm-repo

Helm repo

.ci/push.sh

@@ -7,15 +7,15 @@ setup_git() {
 
 commit_website_files() {
   git checkout master
-  git add . *.yaml
+  git add repo/index.yaml
   git commit --message "Update index [skip ci]"
 }
 
 upload_files() {
-  git remote add remote https://${GITHUB_TOKEN}@github.com/FusionAuth/charts.git > /dev/null 2>&1
+  git remote add remote https://${GITHUB_TOKEN}@github.com/FusionAuth/charts.git >/dev/null 2>&1
   git push --quiet remote master
 }
 
 setup_git
 commit_website_files
-upload_files
+upload_files

.travis.yml

@@ -1,10 +1,19 @@
 # borrowed from https://github.com/goreleaser/homebrew-tap
 language: minimal
-if: branch = master
+if: (branch = master) AND (tag IS present)
 before_install:
-  - curl -L https://git.io/get_helm.sh | bash
-  - helm init --client-only
+  - curl -L https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
 script:
-  - helm repo index . --url https://fusionauth.github.io/charts/
+  - cd repo
+  - helm package ../chart --destination ./
+  - helm repo index . --url https://github.com/FusionAuth/charts/releases/download/${TRAVIS_TAG} --merge
 after_success:
   - .ci/push.sh
+deploy:
+  provider: releases
+  api_key:
+    secure: GITHUB_TOKEN
+  file: "repo/fusionauth-${TRAVIS_TAG}.tgz"
+  skip_cleanup: true
+  on:
+    tags: true

README.md

@@ -3,7 +3,7 @@
 To add the FusionAuth public repo:
 
 ```
-helm repo add fusionauth https://github.com/FusionAuth/charts
+helm repo add fusionauth 'https://raw.githubusercontent.com/FusionAuth/charts/master/repo/'
 ```
 
 

chart/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Helm chart for fusionauth
+name: fusionauth
+version: 0.1.28

chart/README.md

@@ -0,0 +1,47 @@
+# FusionAuth
+
+[FusionAuth](https://fusionauth.io/) is a modern platform for Customer Identity and Access Management (CIAM). FusionAuth provides APIs and a responsive web user interface to support login, registration, localized email, multi-factor authentication, reporting and much more.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install . --name my-release
+```
+
+The command deploys FusionAuth and all dependencies (elasticsearch, postgresql) on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Migrations
+
+We use flyway for database migrations as a job
+
+## Configuration
+
+The following table lists the configurable parameters of the FusionAuth chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`data.memory` | The RAM to assign to the Java VM for FusionAuth. Setting this environment variable will override the fusionauth-app.memory in the Configuration file. See the Configuration Reference for more information. | `256M`
+`data.database.host` | The database host. Default is empty. If you want to use your own database instance you need to set `postgres.enabled` to false and set the database host | `nil`
+`data.database.port` | The database port. The default port is 5432 | `5432`
+`data.database.name` | The database name. The default jdbc connection string will be: `jdbc:postgresql://<<release-name>>-postgresql:5432/fusionauth` | `fusionauth`
+`data.database.user` | The database user that will be created during configuration to own the FusionAuth schema and to connect to the database at FusionAuth runtime. Setting this environment variable will override the database.username in the Configuration file. See the Configuration Reference for more information. | `localhost`
+`data.database.password` | The database password that will be created during configuration to own the FusionAuth schema and to connect to the database at FusionAuth runtime. If you are deploying this into production it is extremely important that you sent this value to something other than the default. Setting this environment variable will override the database.password in the Configuration file. See the Configuration Reference for more information. | `localhost`
+`data.database.root.user` | The database root user that is used to create the FusionAuth schema and FusionAuth user. Once FusionAuth is configured and running this value is no longer used and is never persisted. | `localhost`
+| `data.database.root.password` | The database root password that is used to create the FusionAuth schema and FusionAuth user. It is recommended to leave the value of this variable empty as it is shown in the example. Using this configuration, the value will be picked up from the host environment. To use the value in this way, be sure to set this named environment value before calling docker-compose up. Once FusionAuth is configured and running this value is no longer used and is never persisted. | `localhost`
+`migrations.enabled` | If you want to execute database migrations eg. to add an initial user set `migrations.enabled` to `true` | `false`
+`migrations.data` | SQL migrations that will be executed. See [values.yaml](values.yaml) for examples. | `nil`
+
+All other user-configurable settings, default values and some commentary about them can be found in [values.yaml](values.yaml).
+

chart/requirements.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: elasticsearch
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 1.28.0
+- name: postgresql
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 5.3.10
+digest: sha256:63329626a0b09cbf6a477c03d630395772eeaff84827f480f069f7045025c1be
+generated: "2019-06-30T16:42:30.618427+02:00"

chart/requirements.yaml

@@ -0,0 +1,9 @@
+dependencies:
+  - name: elasticsearch
+    version: 1.28.0
+    repository: https://kubernetes-charts.storage.googleapis.com
+    condition: elasticsearch.enabled
+  - name: postgresql
+    version: 5.3.10
+    repository: https://kubernetes-charts.storage.googleapis.com
+    condition: postgresql.enabled

chart/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range $.Values.ingress.paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fusionauth.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ include "fusionauth.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fusionauth.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fusionauth.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}

chart/templates/_helpers.tpl

@@ -0,0 +1,71 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fusionauth.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fusionauth.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "fusionauth.databaseHost" -}}
+{{- if .Values.data.database.host -}}
+{{- .Values.data.database.host -}}
+{{- else -}}
+{{- .Release.Name -}}-postgresql
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fusionauth.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Set name of elasticsearch service
+*/}}
+{{- define "fusionauth.elasticsearchHost" -}}
+{{- if .Values.data.elasticsearch.host -}}
+{{- .Values.data.elasticsearch.host -}}
+{{- else -}}
+{{- .Release.Name -}}-elasticsearch-client
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set apiVersion for ingress
+*/}}
+{{- define "fusionauth.ingressApiVersion" -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
+networking.k8s.io/v1beta1
+{{- else -}}
+extensions/v1beta1
+{{- end -}}
+{{- end -}}
+
+{{/*
+Configure TLS if enabled
+*/}}
+{{- define "fusionauth.databaseTLS" -}}
+{{- if .Values.data.database.tls -}}
+?sslmode=require
+{{- end -}}
+{{- end -}}

chart/templates/configmap.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.migrations.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "fusionauth.fullname" . }}-migrations
+  labels:
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app: {{ template "fusionauth.name" . }}
+data:
+  {{- if .Values.migrations.data }}
+  {{- range $key, $value := .Values.migrations.data }}
+  {{ $key }}: |
+{{ $value | indent 4 }}
+  {{- end -}}
+{{- end -}}
+{{- end }}

chart/templates/deployment.yaml

@@ -0,0 +1,92 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "fusionauth.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "fusionauth.name" . }}
+    helm.sh/chart: {{ include "fusionauth.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "fusionauth.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "fusionauth.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      initContainers:
+        # App has to wait for the database to be online "depends_on" workaround
+        - name: wait-for-db
+          image: darthcabs/tiny-tools:1
+          args:
+            - /bin/bash
+            - -c
+            - >
+              set -x;
+              while [[ "$(nc -zv '{{ include "fusionauth.databaseHost" . }}' {{ .Values.data.database.port }} &> /dev/null; echo $?)" != 0 ]]; do
+                echo '.'
+                sleep 15;
+              done
+        # App has to wait for elasticsearch to be online "depends_on" workaround
+        - name: wait-for-search
+          image: darthcabs/tiny-tools:1
+          args:
+            - /bin/bash
+            - -c
+            - >
+              set -x;
+              while [[ "$(nc -zv '{{ include "fusionauth.elasticsearchHost" . }}' {{ .Values.data.elasticsearch.port }} &> /dev/null; echo $?)" != 0 ]]; do
+                echo '.'
+                sleep 15;
+              done
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 9011
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          env:
+            - name: DATABASE_USER
+              value: {{ .Values.data.database.user }}
+            - name: DATABASE_PASSWORD
+              value: {{ .Values.data.database.password }}
+            - name: DATABASE_ROOT_PASSWORD
+              value: {{ .Values.data.database.root.password }}
+            - name: DATABASE_ROOT_USER
+              value: {{ .Values.data.database.root.user }}
+            - name: DATABASE_URL
+              value: "jdbc:postgresql://{{ include "fusionauth.databaseHost" . }}:{{ .Values.data.database.port }}/{{ .Values.data.database.name }}{{ include "fusionauth.databaseTLS" .}}"
+            - name: FUSIONAUTH_MEMORY
+              value: {{ .Values.data.memory }}
+            - name: FUSIONAUTH_SEARCH_SERVERS
+              value: http://{{ include "fusionauth.elasticsearchHost" . }}:{{ .Values.data.elasticsearch.port }}
+          resources:
+              {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+          {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      restartPolicy: Always