From 0560efbfb5642044422f84956202c6b0846d8c6b Mon Sep 17 00:00:00 2001 From: Sven Ketelsen Date: Tue, 31 May 2022 17:33:32 +0200 Subject: [PATCH] initial commit --- .gitignore | 100 +++++++++++++ smardigo/.helmignore | 22 +++ smardigo/Chart.yaml | 21 +++ smardigo/README.md | 9 ++ smardigo/connect-demo01/deployment.yml | 134 ++++++++++++++++++ smardigo/connect-demo01/ingress.yml | 26 ++++ smardigo/connect-demo01/secret.yml | 7 + smardigo/connect-demo01/service.yml | 17 +++ smardigo/iam/_helpers.tpl | 42 ++++++ smardigo/iam/deployment.yml | 53 +++++++ smardigo/iam/service.yml | 17 +++ smardigo/maria/external-maria-service.yml | 20 +++ .../postgres/external-postgres-service.yml | 20 +++ smardigo/values.yaml | 62 ++++++++ 14 files changed, 550 insertions(+) create mode 100644 .gitignore create mode 100644 smardigo/.helmignore create mode 100644 smardigo/Chart.yaml create mode 100644 smardigo/README.md create mode 100644 smardigo/connect-demo01/deployment.yml create mode 100644 smardigo/connect-demo01/ingress.yml create mode 100644 smardigo/connect-demo01/secret.yml create mode 100644 smardigo/connect-demo01/service.yml create mode 100644 smardigo/iam/_helpers.tpl create mode 100644 smardigo/iam/deployment.yml create mode 100644 smardigo/iam/service.yml create mode 100644 smardigo/maria/external-maria-service.yml create mode 100644 smardigo/postgres/external-postgres-service.yml create mode 100644 smardigo/values.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6530b8b --- /dev/null +++ b/.gitignore @@ -0,0 +1,100 @@ +# ---> Maven +target/ +pom.xml.tag +pom.xml.releaseBackup +pom.xml.versionsBackup +pom.xml.next +release.properties +dependency-reduced-pom.xml +buildNumber.properties +.mvn/timing.properties +# https://github.com/takari/maven-wrapper#usage-without-binary-jar +.mvn/wrapper/maven-wrapper.jar + +# ---> Java +# Compiled class file +*.class + +# Log file +*.log + +# BlueJ files +*.ctxt + +# Mobile Tools for Java (J2ME) +.mtj.tmp/ + +# Package Files # +*.jar +*.war +*.nar +*.ear +*.zip +*.tar.gz +*.rar + +# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml +hs_err_pid* + +# ---> Eclipse +.metadata +bin/ +tmp/ +*.tmp +*.bak +*.swp +*~.nib +local.properties +.settings/ +.loadpath +.recommenders + +# External tool builders +.externalToolBuilders/ + +# Locally stored "Eclipse launch configurations" +*.launch + +# PyDev specific (Python IDE for Eclipse) +*.pydevproject + +# CDT-specific (C/C++ Development Tooling) +.cproject + +# CDT- autotools +.autotools + +# Java annotation processor (APT) +.factorypath + +# PDT-specific (PHP Development Tools) +.buildpath + +# sbteclipse plugin +.target + +# Tern plugin +.tern-project + +# TeXlipse plugin +.texlipse + +# STS (Spring Tool Suite) +.springBeans + +# Code Recommenders +.recommenders/ + +# Annotation Processing +.apt_generated/ +.apt_generated_test/ + +# Scala IDE specific (Scala & Java development for Eclipse) +.cache-main +.scala_dependencies +.worksheet + +# Uncomment this line if you wish to ignore the project description file. +# Typically, this file would be tracked if it contains build/dependency configurations: +.project + diff --git a/smardigo/.helmignore b/smardigo/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/smardigo/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/smardigo/Chart.yaml b/smardigo/Chart.yaml new file mode 100644 index 0000000..fce043a --- /dev/null +++ b/smardigo/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: smardigo +description: This chart installs Smardigo along with its Postgres database. + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.1.0 diff --git a/smardigo/README.md b/smardigo/README.md new file mode 100644 index 0000000..c52915c --- /dev/null +++ b/smardigo/README.md @@ -0,0 +1,9 @@ +# Smardigo Helm Chart + +Dieses Helm Chart installiert Smardigo in einem Kubernetes Cluster. Standardmäßig wird der "default"-Namespace verwendet. +Smardigo wird dabei über einen NodePort-Service zugänglich gemacht. Der genaue Port wird kann in der `values.yaml` konfiguriert werden. + +Das Smardigo-Container-Image muss aus einer privaten Docker-Registry heruntergeladen werden. +Daher enthält das Helm-Chart die Zugangsdaten für diese Registry und legt sie als Pull-Secret in Kubernetes ab. + +Weitere Aspekte, z.B. Benutzername und Passwort des Smardigo-Benutzers können ebenfalls über die values.yaml konfiguriert werden. \ No newline at end of file diff --git a/smardigo/connect-demo01/deployment.yml b/smardigo/connect-demo01/deployment.yml new file mode 100644 index 0000000..3620cad --- /dev/null +++ b/smardigo/connect-demo01/deployment.yml @@ -0,0 +1,134 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Release.Name }}-connect" +spec: + replicas: 1 + selector: + matchLabels: + app: "{{ .Release.Name }}-connect" + template: + metadata: + labels: + app: "{{ .Release.Name }}-connect" + spec: + hostAliases: + - ip: "{{ .Values.sharedService.keycloak.host.ip }}" + hostnames: + - "{{ .Values.sharedService.keycloak.host.name }}" + volumes: + - name: elastic-client-cert + secret: + secretName: elastic-client-cert + containers: + - name: "{{ .Release.Name }}-connect" + image: "{{ .Values.harbor.host.name }}/{{ .Values.connect.image.name }}:{{ .Values.connect.image.version }}" + imagePullPolicy: Always + volumeMounts: + - name: elastic-client-cert + mountPath: '/usr/share/smardigo/' + readOnly: true + env: + - name: TENANT_ID + value: "" + - name: ADMIN_LOGIN + value: "{{ .Values.connect.admin.username }}" + - name: ADMIN_PASSWORD + value: "{{ .Values.connect.admin.password }}" + - name: SMA_JWT_ENABLED + value: "True" + - name: SMA_JWT_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-connect-secrets" + key: JWT_SECRET + + - name: SPRING_PROFILES_INCLUDE + value: "prod,postgres,elastic,swagger" + + - name: DATASOURCE_URL + value: "jdbc:postgresql://{{ .Values.connect.datasource.host }}:{{ .Values.connect.datasource.port }}/{{ .Values.connect.datasource.database }}" + - name: DATASOURCE_USERNAME + value: "{{ .Values.connect.datasource.username }}" + - name: DATASOURCE_PASSWORD + value: "{{ .Values.connect.datasource.password }}" + + - name: ELASTIC_HOST + value: "{{ .Values.connect.elastic.host }}" + - name: ELASTIC_PREFIX + value: "{{ .Release.Name }}-connect" + - name: ELASTIC_USERNAME + value: "{{ .Values.connect.elastic.username }}" + - name: ELASTIC_PASSWORD + value: "{{ .Values.connect.elastic.password }}" + - name: ELASTIC_CA + value: "file:/usr/share/smardigo/ca.crt" + + - name: AUTH_MODULE + value: "oidc" + - name: OIDC_CLIENT_ID + value: "{{ .Values.connect.oidc.client_id }}" + - name: OIDC_CLIENT_SECRET + value: "{{ .Values.connect.oidc.client_secret }}" + - name: OIDC_REGISTRATION_ID + value: "{{ .Values.connect.oidc.registration_id }}" + - name: OIDC_ISSUER_URI + value: "https://{{ .Values.connect.oidc.issuer_host }}/auth/realms/{{ .Values.connect.oidc.realm }}" + + - name: IAM_MODULE + value: "external" + - name: IAM_CLIENT_ENABLED + value: "true" + - name: EXTERNAL_IAM_SERVER_URL + value: "http://{{ .Release.Name }}-iam:8080" + + - name: MAIL_PROTOCOL + value: "smtp" + - name: MAIL_HOST + value: "{{ .Values.connect.mail.host }}" + - name: MAIL_PORT + value: "{{ .Values.connect.mail.post }}" + - name: MAIL_USER + value: "{{ .Values.connect.mail.username }}" + - name: MAIL_PASSWORD + value: "{{ .Values.connect.mail.password }}" + - name: MAIL_PROPERTIES_SIMULATION + value: "{{ .Values.connect.mail.properties.simulation }}" + - name: MAIL_PROPERTIES_BASE_URL + value: "{{ .Values.connect.mail.properties.base_url }}" + - name: MAIL_PROPERTIES_BASE_URL_EXTERN + value: "{{ .Values.connect.mail.properties.base_url_extern }}" + - name: MAIL_PROPERTIES_SENDER + value: "{{ .Values.connect.mail.properties.sender }}" + - name: MAIL_PROPERTIES_SENDER_ALIAS + value: "{{ .Values.connect.mail.properties.sender_alias }}" + + - name: PASSWORD_CHANGE_URL + value: "https://{{ .Values.connect.oidc.issuer_host }}/auth/realms/{{ .Values.connect.oidc.realm }}/account/password" + - name: USER_MANAGEMENT_URL + value: "https://{{ .Values.connect.oidc.issuer_host }}/auth/admin/{{ .Values.connect.oidc.realm }}/console" + + - name: PROCESS_SEARCH_MODULE + value: "external" + - name: ELASTIC_SEARCH_INDEX + value: "search" + - name: ELASTIC_MESSAGE_INDEX + value: "message" + - name: ELASTIC_ANALYSIS_INDEX + value: "analysis" + - name: ELEMENT_TEMPLATE_ENABLED + value: "true" + ports: + - containerPort: 8080 + initContainers: + - name: init-iam + image: busybox:1.28 + command: ['sh', '-c', "until nslookup {{ .Release.Name }}-iam; do echo waiting for iam; sleep 2; done"] + - name: init-postgres + image: busybox:1.28 + command: ['sh', '-c', "until nslookup {{ .Values.connect.datasource.host }}; do echo waiting for postgres; sleep 2; done"] + - name: init-elasticsearch + image: busybox:1.28 + command: ['sh', '-c', "until nslookup {{ .Values.connect.elastic.host }}; do echo waiting for elastic; sleep 2; done"] + imagePullSecrets: + - name: "{{ .Values.connect.pull_secret }}" diff --git a/smardigo/connect-demo01/ingress.yml b/smardigo/connect-demo01/ingress.yml new file mode 100644 index 0000000..f63ad74 --- /dev/null +++ b/smardigo/connect-demo01/ingress.yml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging + cert-manager.io/issue-temporary-certificate: "true" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/preserve-trailing-slash: "true" + nginx.ingress.kubernetes.io/rewrite-target: / + name: "dev-{{ .Release.Name }}-demo01-connect-ingress" +spec: + rules: + - host: "dev-{{ .Release.Name }}-demo01-connect.smardigo.digital" + http: + paths: + - backend: + service: + name: "{{ .Release.Name }}-demo01-connect" + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - "dev-{{ .Release.Name }}-demo01-connect.smardigo.digital" + secretName: "dev-{{ .Release.Name }}-demo01-connect.smardigo.digital-ingress-cert" diff --git a/smardigo/connect-demo01/secret.yml b/smardigo/connect-demo01/secret.yml new file mode 100644 index 0000000..1e8fb8a --- /dev/null +++ b/smardigo/connect-demo01/secret.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-demo01-connect-secrets +data: + JWT_SECRET: ZDI3NTJjNjU3NTU4NDg5Yzg3MjEyZTJhMjkyYTcyNjk= + AUTH_TOKEN: ZXlKbGJtTWlPaUpCTVRJNFEwSkRMVWhUTWpVMklpd2lZV3huSWpvaVpHbHlJbjAuLm5PV2xhZXRhM0swaHpwZ2dXaWNBeXcuaVc5ZF9tUmhKVm1FRzZGT3plT1BQY2VvNTRIMTBzdkZJWDlya1ZqcnZhUS5kSDNfQVlOOUZ1MV9hamk0MkpMY0h3 diff --git a/smardigo/connect-demo01/service.yml b/smardigo/connect-demo01/service.yml new file mode 100644 index 0000000..f84188c --- /dev/null +++ b/smardigo/connect-demo01/service.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}-demo01-connect" +spec: + selector: + app: "{{ .Release.Name }}-demo01-connect" + type: NodePort + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: http + - port: 8081 + targetPort: 8081 + protocol: TCP + name: metrics diff --git a/smardigo/iam/_helpers.tpl b/smardigo/iam/_helpers.tpl new file mode 100644 index 0000000..1ba85f4 --- /dev/null +++ b/smardigo/iam/_helpers.tpl @@ -0,0 +1,42 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "iam.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "iam.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chartName" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Labels that should be added on each resource +*/}} +{{- define "labels" -}} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if eq (default "helm" .Values.creator) "helm" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +helm.sh/chart: {{ include "chartName" . }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/smardigo/iam/deployment.yml b/smardigo/iam/deployment.yml new file mode 100644 index 0000000..49f45d0 --- /dev/null +++ b/smardigo/iam/deployment.yml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ .Release.Name }}-iam" +spec: + replicas: 1 + selector: + matchLabels: + app: "{{ .Release.Name }}-iam" + template: + metadata: + labels: + app: "{{ .Release.Name }}-iam" + spec: + hostAliases: + - ip: "{{ .Values.sharedService.keycloak.host.ip }}" + hostnames: + - "{{ .Values.sharedService.keycloak.host.name }}" + containers: + - name: "{{ .Release.Name }}-iam" + image: "dev-harbor-01.smardigo.digital/smardigo/iam-app:{{ .Values.iam.image.version }}" + imagePullPolicy: Always + env: + - name: SERVER_ERROR_INCLUDE_MESSAGE + value: "always" + - name: IAM_KEYCLOAK_AUTH_SERVER_URL + value: "https://{{ .Values.sharedService.keycloak.host.name }}/auth" + - name: IAM_KEYCLOAK_ADMIN_USER + value: "{{ .Values.iam.keycloak.username }}" + - name: IAM_KEYCLOAK_ADMIN_PASSWORD + value: "{{ .Values.iam.keycloak.username }}" + - name: SMA_JWT_ENABLED + value: "true" + - name: SMA_JWT_SECRET + value: "456ae14462d049d3be76439ef379c7c6" + - name: SPRINGDOC_SERVER_URL + value: "https://dev-{{ .Release.Name }}-iam.smardigo.digital" + - name: SMA_CORS_ORIGINS + value: "https://dev-{{ .Release.Name }}-iam.smardigo.digital:9081" + - name: SMA_CORS_ALLOWED_METHODS + value: "*" + - name: SMA_CORS_ALLOWED_HEADERS + value: "*" + - name: SMA_CORS_PATH_PATTERN + value: "/**" + ports: + - containerPort: 8080 + initContainers: + - name: init-keycloak + image: busybox:1.28 + command: ['sh', '-c', "until nslookup {{ .Values.sharedService.keycloak.host.name }}; do echo waiting for keycloak; sleep 2; done"] + imagePullSecrets: + - name: "{{ .Values.smardigo.pull_secret }}" diff --git a/smardigo/iam/service.yml b/smardigo/iam/service.yml new file mode 100644 index 0000000..dccbefd --- /dev/null +++ b/smardigo/iam/service.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Release.Name }}-iam" +spec: + selector: + app: "{{ .Release.Name }}-iam" + type: NodePort + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: http + - port: 8081 + targetPort: 8081 + protocol: TCP + name: metrics diff --git a/smardigo/maria/external-maria-service.yml b/smardigo/maria/external-maria-service.yml new file mode 100644 index 0000000..c13112a --- /dev/null +++ b/smardigo/maria/external-maria-service.yml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Values.sharedService.maria.host.name }}" +spec: + ports: + - protocol: TCP + port: 3306 + targetPort: 3306 +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: "{{ .Values.sharedService.maria.host.name }}" +subsets: + - addresses: + - ip: {{ .Values.sharedService.maria.host.ip }} + ports: + - port: 3306 \ No newline at end of file diff --git a/smardigo/postgres/external-postgres-service.yml b/smardigo/postgres/external-postgres-service.yml new file mode 100644 index 0000000..0ebda96 --- /dev/null +++ b/smardigo/postgres/external-postgres-service.yml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Values.sharedService.postgres.host.name }}" +spec: + ports: + - protocol: TCP + port: 5432 + targetPort: 5432 +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: "{{ .Values.sharedService.postgres.host.name }}" +subsets: + - addresses: + - ip: {{ .Values.sharedService.postgres.host.ip }} + ports: + - port: 5432 diff --git a/smardigo/values.yaml b/smardigo/values.yaml new file mode 100644 index 0000000..55624a6 --- /dev/null +++ b/smardigo/values.yaml @@ -0,0 +1,62 @@ +sharedService: + keycloak: + host: + ip: 10.0.0.11 + name: dev-keycloak-01.smardigo.digital + postgres: + host: + ip: 10.0.0.19 + name: dev-postgres-01 + maria: + host: + ip: 10.0.0.16 + name: dev-maria-01 + +iam: + image: + version: latest + keycloak: + username: keycloak-admin + password: keycloak-admin + +connect: + image: + version: latest + name: smardigo/connect-whitelabel-app + admin: + username: connect-admin + password: connect-admin + datasource: + host: dev-postgres-01 + port: 5432 + username: dev_mobene_nsodev_connect + password: connect-postgres-admin + database: dev_mobene_nsodev_connect + elastic: + host: dev-postgres-01 + port: 5432 + username: elastic + password: elastic + oidc: + realm: nso + client_id: nsodev + client_secret: nsodev + registration_id: nsodev + issuer_host: dev-keycloak-01.smardigo.digital + mail: + host: dev-mail-01.smardigo.digital + post: 25 + username: + password: + properties: + simulation: true + base_url: "https://dev-teanant-cluster-connect.smardigo.digital" + base_url_extern: "https://dev-teanant-cluster.smardigo.digital" + sender: "noreply-connect@netgo.de" + sender_alias: "noreply-connect" + +harbor: + host: + name: dev-harbor-01.smardigo.digital + # The name of the secret containing the credentials to access the docker registry to download the smardigo image. + pull_secret: dev-harbor-key