initial commit
Sven Ketelsen
4 years ago
commit
0560efbfb5
@ -0,0 +1,100 @@
|
||||
# ---> Maven
|
||||
target/
|
||||
pom.xml.tag
|
||||
pom.xml.releaseBackup
|
||||
pom.xml.versionsBackup
|
||||
pom.xml.next
|
||||
release.properties
|
||||
dependency-reduced-pom.xml
|
||||
buildNumber.properties
|
||||
.mvn/timing.properties
|
||||
# https://github.com/takari/maven-wrapper#usage-without-binary-jar
|
||||
.mvn/wrapper/maven-wrapper.jar
|
||||
|
||||
# ---> Java
|
||||
# Compiled class file
|
||||
*.class
|
||||
|
||||
# Log file
|
||||
*.log
|
||||
|
||||
# BlueJ files
|
||||
*.ctxt
|
||||
|
||||
# Mobile Tools for Java (J2ME)
|
||||
.mtj.tmp/
|
||||
|
||||
# Package Files #
|
||||
*.jar
|
||||
*.war
|
||||
*.nar
|
||||
*.ear
|
||||
*.zip
|
||||
*.tar.gz
|
||||
*.rar
|
||||
|
||||
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
|
||||
hs_err_pid*
|
||||
|
||||
# ---> Eclipse
|
||||
.metadata
|
||||
bin/
|
||||
tmp/
|
||||
*.tmp
|
||||
*.bak
|
||||
*.swp
|
||||
*~.nib
|
||||
local.properties
|
||||
.settings/
|
||||
.loadpath
|
||||
.recommenders
|
||||
|
||||
# External tool builders
|
||||
.externalToolBuilders/
|
||||
|
||||
# Locally stored "Eclipse launch configurations"
|
||||
*.launch
|
||||
|
||||
# PyDev specific (Python IDE for Eclipse)
|
||||
*.pydevproject
|
||||
|
||||
# CDT-specific (C/C++ Development Tooling)
|
||||
.cproject
|
||||
|
||||
# CDT- autotools
|
||||
.autotools
|
||||
|
||||
# Java annotation processor (APT)
|
||||
.factorypath
|
||||
|
||||
# PDT-specific (PHP Development Tools)
|
||||
.buildpath
|
||||
|
||||
# sbteclipse plugin
|
||||
.target
|
||||
|
||||
# Tern plugin
|
||||
.tern-project
|
||||
|
||||
# TeXlipse plugin
|
||||
.texlipse
|
||||
|
||||
# STS (Spring Tool Suite)
|
||||
.springBeans
|
||||
|
||||
# Code Recommenders
|
||||
.recommenders/
|
||||
|
||||
# Annotation Processing
|
||||
.apt_generated/
|
||||
.apt_generated_test/
|
||||
|
||||
# Scala IDE specific (Scala & Java development for Eclipse)
|
||||
.cache-main
|
||||
.scala_dependencies
|
||||
.worksheet
|
||||
|
||||
# Uncomment this line if you wish to ignore the project description file.
|
||||
# Typically, this file would be tracked if it contains build/dependency configurations:
|
||||
.project
|
||||
|
||||
@ -0,0 +1,22 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@ -0,0 +1,21 @@
|
||||
apiVersion: v2
|
||||
name: smardigo
|
||||
description: This chart installs Smardigo along with its Postgres database.
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
version: 0.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application.
|
||||
appVersion: 0.1.0
|
||||
@ -0,0 +1,9 @@
|
||||
# Smardigo Helm Chart
|
||||
|
||||
Dieses Helm Chart installiert Smardigo in einem Kubernetes Cluster. Standardmäßig wird der "default"-Namespace verwendet.
|
||||
Smardigo wird dabei über einen NodePort-Service zugänglich gemacht. Der genaue Port wird kann in der `values.yaml` konfiguriert werden.
|
||||
|
||||
Das Smardigo-Container-Image muss aus einer privaten Docker-Registry heruntergeladen werden.
|
||||
Daher enthält das Helm-Chart die Zugangsdaten für diese Registry und legt sie als Pull-Secret in Kubernetes ab.
|
||||
|
||||
Weitere Aspekte, z.B. Benutzername und Passwort des Smardigo-Benutzers können ebenfalls über die values.yaml konfiguriert werden.
|
||||
@ -0,0 +1,134 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-connect"
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: "{{ .Release.Name }}-connect"
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: "{{ .Release.Name }}-connect"
|
||||
spec:
|
||||
hostAliases:
|
||||
- ip: "{{ .Values.sharedService.keycloak.host.ip }}"
|
||||
hostnames:
|
||||
- "{{ .Values.sharedService.keycloak.host.name }}"
|
||||
volumes:
|
||||
- name: elastic-client-cert
|
||||
secret:
|
||||
secretName: elastic-client-cert
|
||||
containers:
|
||||
- name: "{{ .Release.Name }}-connect"
|
||||
image: "{{ .Values.harbor.host.name }}/{{ .Values.connect.image.name }}:{{ .Values.connect.image.version }}"
|
||||
imagePullPolicy: Always
|
||||
volumeMounts:
|
||||
- name: elastic-client-cert
|
||||
mountPath: '/usr/share/smardigo/'
|
||||
readOnly: true
|
||||
env:
|
||||
- name: TENANT_ID
|
||||
value: ""
|
||||
- name: ADMIN_LOGIN
|
||||
value: "{{ .Values.connect.admin.username }}"
|
||||
- name: ADMIN_PASSWORD
|
||||
value: "{{ .Values.connect.admin.password }}"
|
||||
- name: SMA_JWT_ENABLED
|
||||
value: "True"
|
||||
- name: SMA_JWT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ .Release.Name }}-connect-secrets"
|
||||
key: JWT_SECRET
|
||||
|
||||
- name: SPRING_PROFILES_INCLUDE
|
||||
value: "prod,postgres,elastic,swagger"
|
||||
|
||||
- name: DATASOURCE_URL
|
||||
value: "jdbc:postgresql://{{ .Values.connect.datasource.host }}:{{ .Values.connect.datasource.port }}/{{ .Values.connect.datasource.database }}"
|
||||
- name: DATASOURCE_USERNAME
|
||||
value: "{{ .Values.connect.datasource.username }}"
|
||||
- name: DATASOURCE_PASSWORD
|
||||
value: "{{ .Values.connect.datasource.password }}"
|
||||
|
||||
- name: ELASTIC_HOST
|
||||
value: "{{ .Values.connect.elastic.host }}"
|
||||
- name: ELASTIC_PREFIX
|
||||
value: "{{ .Release.Name }}-connect"
|
||||
- name: ELASTIC_USERNAME
|
||||
value: "{{ .Values.connect.elastic.username }}"
|
||||
- name: ELASTIC_PASSWORD
|
||||
value: "{{ .Values.connect.elastic.password }}"
|
||||
- name: ELASTIC_CA
|
||||
value: "file:/usr/share/smardigo/ca.crt"
|
||||
|
||||
- name: AUTH_MODULE
|
||||
value: "oidc"
|
||||
- name: OIDC_CLIENT_ID
|
||||
value: "{{ .Values.connect.oidc.client_id }}"
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
value: "{{ .Values.connect.oidc.client_secret }}"
|
||||
- name: OIDC_REGISTRATION_ID
|
||||
value: "{{ .Values.connect.oidc.registration_id }}"
|
||||
- name: OIDC_ISSUER_URI
|
||||
value: "https://{{ .Values.connect.oidc.issuer_host }}/auth/realms/{{ .Values.connect.oidc.realm }}"
|
||||
|
||||
- name: IAM_MODULE
|
||||
value: "external"
|
||||
- name: IAM_CLIENT_ENABLED
|
||||
value: "true"
|
||||
- name: EXTERNAL_IAM_SERVER_URL
|
||||
value: "http://{{ .Release.Name }}-iam:8080"
|
||||
|
||||
- name: MAIL_PROTOCOL
|
||||
value: "smtp"
|
||||
- name: MAIL_HOST
|
||||
value: "{{ .Values.connect.mail.host }}"
|
||||
- name: MAIL_PORT
|
||||
value: "{{ .Values.connect.mail.post }}"
|
||||
- name: MAIL_USER
|
||||
value: "{{ .Values.connect.mail.username }}"
|
||||
- name: MAIL_PASSWORD
|
||||
value: "{{ .Values.connect.mail.password }}"
|
||||
- name: MAIL_PROPERTIES_SIMULATION
|
||||
value: "{{ .Values.connect.mail.properties.simulation }}"
|
||||
- name: MAIL_PROPERTIES_BASE_URL
|
||||
value: "{{ .Values.connect.mail.properties.base_url }}"
|
||||
- name: MAIL_PROPERTIES_BASE_URL_EXTERN
|
||||
value: "{{ .Values.connect.mail.properties.base_url_extern }}"
|
||||
- name: MAIL_PROPERTIES_SENDER
|
||||
value: "{{ .Values.connect.mail.properties.sender }}"
|
||||
- name: MAIL_PROPERTIES_SENDER_ALIAS
|
||||
value: "{{ .Values.connect.mail.properties.sender_alias }}"
|
||||
|
||||
- name: PASSWORD_CHANGE_URL
|
||||
value: "https://{{ .Values.connect.oidc.issuer_host }}/auth/realms/{{ .Values.connect.oidc.realm }}/account/password"
|
||||
- name: USER_MANAGEMENT_URL
|
||||
value: "https://{{ .Values.connect.oidc.issuer_host }}/auth/admin/{{ .Values.connect.oidc.realm }}/console"
|
||||
|
||||
- name: PROCESS_SEARCH_MODULE
|
||||
value: "external"
|
||||
- name: ELASTIC_SEARCH_INDEX
|
||||
value: "search"
|
||||
- name: ELASTIC_MESSAGE_INDEX
|
||||
value: "message"
|
||||
- name: ELASTIC_ANALYSIS_INDEX
|
||||
value: "analysis"
|
||||
- name: ELEMENT_TEMPLATE_ENABLED
|
||||
value: "true"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
initContainers:
|
||||
- name: init-iam
|
||||
image: busybox:1.28
|
||||
command: ['sh', '-c', "until nslookup {{ .Release.Name }}-iam; do echo waiting for iam; sleep 2; done"]
|
||||
- name: init-postgres
|
||||
image: busybox:1.28
|
||||
command: ['sh', '-c', "until nslookup {{ .Values.connect.datasource.host }}; do echo waiting for postgres; sleep 2; done"]
|
||||
- name: init-elasticsearch
|
||||
image: busybox:1.28
|
||||
command: ['sh', '-c', "until nslookup {{ .Values.connect.elastic.host }}; do echo waiting for elastic; sleep 2; done"]
|
||||
imagePullSecrets:
|
||||
- name: "{{ .Values.connect.pull_secret }}"
|
||||
@ -0,0 +1,26 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-staging
|
||||
cert-manager.io/issue-temporary-certificate: "true"
|
||||
kubernetes.io/ingress.class: nginx
|
||||
nginx.ingress.kubernetes.io/preserve-trailing-slash: "true"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
name: "dev-{{ .Release.Name }}-demo01-connect-ingress"
|
||||
spec:
|
||||
rules:
|
||||
- host: "dev-{{ .Release.Name }}-demo01-connect.smardigo.digital"
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: "{{ .Release.Name }}-demo01-connect"
|
||||
port:
|
||||
number: 8080
|
||||
path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- "dev-{{ .Release.Name }}-demo01-connect.smardigo.digital"
|
||||
secretName: "dev-{{ .Release.Name }}-demo01-connect.smardigo.digital-ingress-cert"
|
||||
@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-demo01-connect-secrets
|
||||
data:
|
||||
JWT_SECRET: ZDI3NTJjNjU3NTU4NDg5Yzg3MjEyZTJhMjkyYTcyNjk=
|
||||
AUTH_TOKEN: ZXlKbGJtTWlPaUpCTVRJNFEwSkRMVWhUTWpVMklpd2lZV3huSWpvaVpHbHlJbjAuLm5PV2xhZXRhM0swaHpwZ2dXaWNBeXcuaVc5ZF9tUmhKVm1FRzZGT3plT1BQY2VvNTRIMTBzdkZJWDlya1ZqcnZhUS5kSDNfQVlOOUZ1MV9hamk0MkpMY0h3
|
||||
@ -0,0 +1,17 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-demo01-connect"
|
||||
spec:
|
||||
selector:
|
||||
app: "{{ .Release.Name }}-demo01-connect"
|
||||
type: NodePort
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: 8080
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: 8081
|
||||
targetPort: 8081
|
||||
protocol: TCP
|
||||
name: metrics
|
||||
@ -0,0 +1,42 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "iam.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
*/}}
|
||||
{{- define "iam.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "chartName" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Labels that should be added on each resource
|
||||
*/}}
|
||||
{{- define "labels" -}}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- if eq (default "helm" .Values.creator) "helm" }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
helm.sh/chart: {{ include "chartName" . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -0,0 +1,53 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-iam"
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: "{{ .Release.Name }}-iam"
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: "{{ .Release.Name }}-iam"
|
||||
spec:
|
||||
hostAliases:
|
||||
- ip: "{{ .Values.sharedService.keycloak.host.ip }}"
|
||||
hostnames:
|
||||
- "{{ .Values.sharedService.keycloak.host.name }}"
|
||||
containers:
|
||||
- name: "{{ .Release.Name }}-iam"
|
||||
image: "dev-harbor-01.smardigo.digital/smardigo/iam-app:{{ .Values.iam.image.version }}"
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: SERVER_ERROR_INCLUDE_MESSAGE
|
||||
value: "always"
|
||||
- name: IAM_KEYCLOAK_AUTH_SERVER_URL
|
||||
value: "https://{{ .Values.sharedService.keycloak.host.name }}/auth"
|
||||
- name: IAM_KEYCLOAK_ADMIN_USER
|
||||
value: "{{ .Values.iam.keycloak.username }}"
|
||||
- name: IAM_KEYCLOAK_ADMIN_PASSWORD
|
||||
value: "{{ .Values.iam.keycloak.username }}"
|
||||
- name: SMA_JWT_ENABLED
|
||||
value: "true"
|
||||
- name: SMA_JWT_SECRET
|
||||
value: "456ae14462d049d3be76439ef379c7c6"
|
||||
- name: SPRINGDOC_SERVER_URL
|
||||
value: "https://dev-{{ .Release.Name }}-iam.smardigo.digital"
|
||||
- name: SMA_CORS_ORIGINS
|
||||
value: "https://dev-{{ .Release.Name }}-iam.smardigo.digital:9081"
|
||||
- name: SMA_CORS_ALLOWED_METHODS
|
||||
value: "*"
|
||||
- name: SMA_CORS_ALLOWED_HEADERS
|
||||
value: "*"
|
||||
- name: SMA_CORS_PATH_PATTERN
|
||||
value: "/**"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
initContainers:
|
||||
- name: init-keycloak
|
||||
image: busybox:1.28
|
||||
command: ['sh', '-c', "until nslookup {{ .Values.sharedService.keycloak.host.name }}; do echo waiting for keycloak; sleep 2; done"]
|
||||
imagePullSecrets:
|
||||
- name: "{{ .Values.smardigo.pull_secret }}"
|
||||
@ -0,0 +1,17 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: "{{ .Release.Name }}-iam"
|
||||
spec:
|
||||
selector:
|
||||
app: "{{ .Release.Name }}-iam"
|
||||
type: NodePort
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: 8080
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: 8081
|
||||
targetPort: 8081
|
||||
protocol: TCP
|
||||
name: metrics
|
||||
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: "{{ .Values.sharedService.maria.host.name }}"
|
||||
spec:
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3306
|
||||
targetPort: 3306
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: "{{ .Values.sharedService.maria.host.name }}"
|
||||
subsets:
|
||||
- addresses:
|
||||
- ip: {{ .Values.sharedService.maria.host.ip }}
|
||||
ports:
|
||||
- port: 3306
|
||||
@ -0,0 +1,20 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: "{{ .Values.sharedService.postgres.host.name }}"
|
||||
spec:
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5432
|
||||
targetPort: 5432
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: "{{ .Values.sharedService.postgres.host.name }}"
|
||||
subsets:
|
||||
- addresses:
|
||||
- ip: {{ .Values.sharedService.postgres.host.ip }}
|
||||
ports:
|
||||
- port: 5432
|
||||
@ -0,0 +1,62 @@
|
||||
sharedService:
|
||||
keycloak:
|
||||
host:
|
||||
ip: 10.0.0.11
|
||||
name: dev-keycloak-01.smardigo.digital
|
||||
postgres:
|
||||
host:
|
||||
ip: 10.0.0.19
|
||||
name: dev-postgres-01
|
||||
maria:
|
||||
host:
|
||||
ip: 10.0.0.16
|
||||
name: dev-maria-01
|
||||
|
||||
iam:
|
||||
image:
|
||||
version: latest
|
||||
keycloak:
|
||||
username: keycloak-admin
|
||||
password: keycloak-admin
|
||||
|
||||
connect:
|
||||
image:
|
||||
version: latest
|
||||
name: smardigo/connect-whitelabel-app
|
||||
admin:
|
||||
username: connect-admin
|
||||
password: connect-admin
|
||||
datasource:
|
||||
host: dev-postgres-01
|
||||
port: 5432
|
||||
username: dev_mobene_nsodev_connect
|
||||
password: connect-postgres-admin
|
||||
database: dev_mobene_nsodev_connect
|
||||
elastic:
|
||||
host: dev-postgres-01
|
||||
port: 5432
|
||||
username: elastic
|
||||
password: elastic
|
||||
oidc:
|
||||
realm: nso
|
||||
client_id: nsodev
|
||||
client_secret: nsodev
|
||||
registration_id: nsodev
|
||||
issuer_host: dev-keycloak-01.smardigo.digital
|
||||
mail:
|
||||
host: dev-mail-01.smardigo.digital
|
||||
post: 25
|
||||
username:
|
||||
password:
|
||||
properties:
|
||||
simulation: true
|
||||
base_url: "https://dev-teanant-cluster-connect.smardigo.digital"
|
||||
base_url_extern: "https://dev-teanant-cluster.smardigo.digital"
|
||||
sender: "noreply-connect@netgo.de"
|
||||
sender_alias: "noreply-connect"
|
||||
|
||||
harbor:
|
||||
host:
|
||||
name: dev-harbor-01.smardigo.digital
|
||||
# The name of the secret containing the credentials to access the docker registry to download the smardigo image.
|
||||
pull_secret: dev-harbor-key
|
||||
Loading…
Reference in New Issue