diff --git a/charts/mimoto/questions.yaml b/charts/mimoto/questions.yaml index 1880c6a..924291d 100644 --- a/charts/mimoto/questions.yaml +++ b/charts/mimoto/questions.yaml @@ -13,6 +13,10 @@ questions: type: string label: Esignet Hostname +- variable: envVars.openg2p_social_registry_base_url + type: string + label: OpenG2P Social Registry Base URL + - variable: envVars.openg2p_pbms_base_url type: string label: OpenG2P PBMS Base URL diff --git a/charts/mimoto/values.yaml b/charts/mimoto/values.yaml index 1c03e3c..cec0e4e 100644 --- a/charts/mimoto/values.yaml +++ b/charts/mimoto/values.yaml @@ -448,6 +448,7 @@ envVars: mimoto_oidc_openg2p_partner_clientid: openg2p-mimoto-oidc mimoto_wallet_binding_partner_api_key: "" + openg2p_social_registry_base_url: https://socialregistry.openg2p.sandbox.net openg2p_pbms_base_url: https://pbms.openg2p.sandbox.net # Env Vars from this section will be rendered on the service if springCloudConfig.enabled=false. diff --git a/charts/websub/.gitignore b/charts/websub/.gitignore new file mode 100644 index 0000000..9169e44 --- /dev/null +++ b/charts/websub/.gitignore @@ -0,0 +1,2 @@ +charts/*.tgz +Chart.lock diff --git a/charts/websub/.helmignore b/charts/websub/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/websub/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/websub/Chart.yaml b/charts/websub/Chart.yaml new file mode 100644 index 0000000..307b3dc --- /dev/null +++ b/charts/websub/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: websub +description: A Helm chart for WebSub +type: application +version: 12.0.1 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.x.x +- name: kafka + repository: oci://registry-1.docker.io/bitnamicharts + version: 29.x.x + condition: kafka.enabled +keywords: + - mosip + - websub +maintainers: + - email: info@openg2p.org + name: OpenG2P +icon: https://openg2p.github.io/openg2p-helm/openg2p-logo.png +annotations: + catalog.cattle.io/display-name: "WebSub" diff --git a/charts/websub/README.md b/charts/websub/README.md new file mode 100644 index 0000000..ff90cbc --- /dev/null +++ b/charts/websub/README.md @@ -0,0 +1,3 @@ +# WebSub + +Helm chart for installing WebSub module. diff --git a/charts/websub/app-readme.md b/charts/websub/app-readme.md new file mode 100644 index 0000000..1ead844 --- /dev/null +++ b/charts/websub/app-readme.md @@ -0,0 +1 @@ +WebSub Installation. diff --git a/charts/websub/questions.yaml b/charts/websub/questions.yaml new file mode 100644 index 0000000..96f96c5 --- /dev/null +++ b/charts/websub/questions.yaml @@ -0,0 +1,10 @@ +questions: +- variable: hostname + description: Hostname under which WebSub should be accessible + type: string + label: WebSub Hostname + +- variable: global.keycloakBaseUrl + description: Required for API auth validation. + type: string + label: Keycloak Base URL diff --git a/charts/websub/templates/_helpers.tpl b/charts/websub/templates/_helpers.tpl new file mode 100644 index 0000000..5113f7a --- /dev/null +++ b/charts/websub/templates/_helpers.tpl @@ -0,0 +1,101 @@ +{{/* +Return the proper image name +*/}} +{{- define "websub.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{- define "websub.consolidator.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.consolidator.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "websub.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.consolidator.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "websub.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return podAnnotations +*/}} +{{- define "websub.podAnnotations" -}} +{{- if .Values.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + +{{- define "websub.consolidator.podAnnotations" -}} +{{- if .Values.consolidator.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.consolidator.podAnnotations "context" $) }} +{{- end }} +{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} +{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} +{{- end }} +{{- end -}} + +{{/* +Render Env values section +*/}} +{{- define "websub.baseEnvVars" -}} +{{- $context := .context -}} +{{- range $k, $v := .envVars }} +- name: {{ $k }} +{{- if or (kindIs "int64" $v) (kindIs "float64" $v) (kindIs "bool" $v) }} + value: {{ $v | quote }} +{{- else if kindIs "string" $v }} + value: {{ include "common.tplvalues.render" ( dict "value" $v "context" $context ) | squote }} +{{- else }} + valueFrom: {{- include "common.tplvalues.render" ( dict "value" $v "context" $context ) | nindent 4}} +{{- end }} +{{- end }} +{{- end -}} + +{{- define "websub.envVars" -}} +{{- $envVars := merge (deepCopy .Values.envVars) (deepCopy .Values.envVarsFrom) -}} +{{- include "websub.baseEnvVars" (dict "envVars" $envVars "context" $) }} +{{- end -}} + +{{- define "websub.consolidator.envVars" -}} +{{- $envVars := merge (deepCopy .Values.consolidator.envVars) (deepCopy .Values.consolidator.envVarsFrom) -}} +{{- include "websub.baseEnvVars" (dict "envVars" $envVars "context" $) }} +{{- end -}} + +{{/* +Return command +*/}} +{{- define "websub.commandBase" -}} +{{- if or .command .args }} +{{- if .command }} +command: {{- include "common.tplvalues.render" (dict "value" .command "context" .context) }} +{{- end }} +{{- if .args }} +args: {{- include "common.tplvalues.render" (dict "value" .args "context" .context) }} +{{- end }} +{{- else if .startUpCommand }} +command: ["/startup.sh"] +args: [] +{{- end }} +{{- end -}} + +{{- define "websub.command" -}} +{{- include "websub.commandBase" (dict "command" .Values.command "args" .Values.args "startUpCommand" .Values.startUpCommand "context" $) }} +{{- end -}} + +{{- define "websub.consolidator.command" -}} +{{- include "websub.commandBase" (dict "command" .Values.consolidator.command "args" .Values.consolidator.args "startUpCommand" .Values.consolidator.startUpCommand "context" $) }} +{{- end -}} diff --git a/charts/websub/templates/configmap-confg.yaml b/charts/websub/templates/configmap-confg.yaml new file mode 100644 index 0000000..61e97a3 --- /dev/null +++ b/charts/websub/templates/configmap-confg.yaml @@ -0,0 +1,13 @@ +{{- if .Values.configToml }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-config + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + config.toml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.configToml "context" $) | nindent 4 }} +{{- end }} diff --git a/charts/websub/templates/configmap-startup.yaml b/charts/websub/templates/configmap-startup.yaml new file mode 100644 index 0000000..bce096b --- /dev/null +++ b/charts/websub/templates/configmap-startup.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.startUpCommand (not (or .Values.command .Values.args)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-startup + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + startup.sh: |- + {{- include "common.tplvalues.render" (dict "value" .Values.startUpCommand "context" $) | nindent 4 }} +{{- end }} diff --git a/charts/websub/templates/consolidator/configmap-config.yaml b/charts/websub/templates/consolidator/configmap-config.yaml new file mode 100644 index 0000000..f73a020 --- /dev/null +++ b/charts/websub/templates/consolidator/configmap-config.yaml @@ -0,0 +1,13 @@ +{{- if .Values.consolidator.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-consolidator-config + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + config.toml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.consolidator.configToml "context" $) | nindent 4 }} +{{- end }} diff --git a/charts/websub/templates/consolidator/configmap-startup.yaml b/charts/websub/templates/consolidator/configmap-startup.yaml new file mode 100644 index 0000000..e367636 --- /dev/null +++ b/charts/websub/templates/consolidator/configmap-startup.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.consolidator.startUpCommand (not (or .Values.consolidator.command .Values.consolidator.args)) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-consolidator-startup + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + startup.sh: |- + {{- include "common.tplvalues.render" (dict "value" .Values.consolidator.startUpCommand "context" $) | nindent 4 }} +{{- end }} diff --git a/charts/websub/templates/consolidator/deployment.yaml b/charts/websub/templates/consolidator/deployment.yaml new file mode 100644 index 0000000..c5046dd --- /dev/null +++ b/charts/websub/templates/consolidator/deployment.yaml @@ -0,0 +1,113 @@ +{{- if .Values.consolidator.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }}-consolidator + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.consolidator.replicaCount }} + {{- if .Values.consolidator.updateStrategy }} + strategy: {{- toYaml .Values.consolidator.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.consolidator.podLabels "context" $) | nindent 6 }} + template: + metadata: + {{- if or .Values.consolidator.podAnnotations .Values.metrics.enabled }} + annotations: {{- include "websub.consolidator.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.consolidator.podLabels "context" $) | nindent 8 }} + spec: + serviceAccountName: {{ template "websub.serviceAccountName" . }} + {{- include "websub.imagePullSecrets" . | nindent 6 }} + {{- if .Values.consolidator.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.consolidator.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.consolidator.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.consolidator.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.consolidator.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.consolidator.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.consolidator.nodeAffinityPreset.type "key" .Values.consolidator.nodeAffinityPreset.key "values" .Values.consolidator.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.consolidator.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.consolidator.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.consolidator.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.consolidator.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.consolidator.priorityClassName }} + priorityClassName: {{ .Values.consolidator.priorityClassName | quote }} + {{- end }} + {{- if .Values.consolidator.podSecurityContext.enabled }} + securityContext: {{- omit .Values.consolidator.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.consolidator.initContainers }} + initContainers: + {{- include "common.tplvalues.render" (dict "value" .Values.consolidator.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: websub-consolidator + image: {{ template "websub.consolidator.image" . }} + imagePullPolicy: {{ .Values.consolidator.image.pullPolicy }} + {{- if .Values.consolidator.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.consolidator.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.consolidator.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.consolidator.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- include "websub.consolidator.command" . | nindent 10 }} + env: + {{- include "websub.consolidator.envVars" . | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.consolidator.containerPort }} + {{- if .Values.consolidator.resources }} + resources: {{- toYaml .Values.consolidator.resources | nindent 12 }} + {{- end }} + {{- if .Values.consolidator.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.consolidator.startupProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.consolidator.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.consolidator.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.consolidator.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.consolidator.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if and .Values.consolidator.startUpCommand (not (or .Values.consolidator.command .Values.consolidator.args)) }} + - name: startup-command + mountPath: /startup.sh + subPath: startup.sh + {{- end }} + {{- if .Values.consolidator.configToml }} + - name: config-toml + mountPath: {{ include "common.tplvalues.render" (dict "value" .Values.consolidator.configTomlMountPath "context" $) }} + subPath: config.toml + {{- end }} + {{- if .Values.consolidator.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.consolidator.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.consolidator.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.consolidator.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if and .Values.consolidator.startUpCommand (not (or .Values.consolidator.command .Values.consolidator.args)) }} + - name: startup-command + configMap: + name: {{ include "common.names.fullname" . }}-consolidator-startup + defaultMode: 0755 + {{- end }} + {{- if .Values.consolidator.configToml }} + - name: config-toml + configMap: + name: {{ include "common.names.fullname" . }}-consolidator-config + {{- end }} + {{- if .Values.consolidator.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.consolidator.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/websub/templates/consolidator/gateway.yaml b/charts/websub/templates/consolidator/gateway.yaml new file mode 100644 index 0000000..b0dc882 --- /dev/null +++ b/charts/websub/templates/consolidator/gateway.yaml @@ -0,0 +1,40 @@ +{{- if .Values.consolidator.enabled }} +{{- if .Values.consolidator.istio.enabled }} +{{- if .Values.consolidator.istio.gateway.enabled }} +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: {{ include "common.names.fullname" . }}-consolidator + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + {{ toYaml .Values.consolidator.istio.gateway.ingressController | nindent 4 }} + servers: + {{- if .Values.consolidator.istio.gateway.httpEnabled }} + - port: + name: http2 + number: 8080 + protocol: HTTP2 + hosts: + - {{ default .Values.hostname .Values.consolidator.istio.gateway.host | quote }} + {{- if .Values.consolidator.istio.gateway.httpTlsRedirect }} + tls: + httpsRedirect: true + {{- end }} + {{- end }} + {{- if .Values.consolidator.istio.gateway.httpsEnabled }} + - port: + name: https + number: 8443 + protocol: HTTPS + hosts: + - {{ default .Values.hostname .Values.consolidator.istio.gateway.host | quote }} + tls: + {{ toYaml (omit .Values.consolidator.istio.gateway.tls "enabled") | nindent 6 }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/websub/templates/consolidator/service.yaml b/charts/websub/templates/consolidator/service.yaml new file mode 100644 index 0000000..a2303b1 --- /dev/null +++ b/charts/websub/templates/consolidator/service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.consolidator.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }}-consolidator + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.consolidator.service.type }} + {{- if (or (eq .Values.consolidator.service.type "LoadBalancer") (eq .Values.consolidator.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.consolidator.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.consolidator.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.consolidator.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.consolidator.service.type "LoadBalancer") (not (empty .Values.consolidator.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.consolidator.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.consolidator.service.port }} + targetPort: {{ .Values.consolidator.containerPort }} + selector: {{- include "common.labels.matchLabels" (dict "customLabels" .Values.consolidator.podLabels "context" $) | nindent 4 }} +{{- end }} diff --git a/charts/websub/templates/consolidator/virtualservice.yaml b/charts/websub/templates/consolidator/virtualservice.yaml new file mode 100644 index 0000000..0a0c7c9 --- /dev/null +++ b/charts/websub/templates/consolidator/virtualservice.yaml @@ -0,0 +1,37 @@ +{{- if .Values.consolidator.enabled }} +{{- if .Values.consolidator.istio.enabled }} +{{- if .Values.consolidator.istio.virtualservice.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ include "common.names.fullname" . }}-consolidator + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - {{ default .Values.hostname .Values.consolidator.istio.virtualservice.host | quote }} + gateways: + - {{ default (include "common.names.fullname" .) .Values.consolidator.istio.virtualservice.gateway }} + http: + - headers: + request: + set: + x-forwarded-host: {{ default .Values.hostname .Values.consolidator.istio.virtualservice.host | quote }} + x-forwarded-proto: https + match: + - uri: + prefix: {{ .Values.consolidator.istio.virtualservice.prefix }} + {{- if .Values.consolidator.istio.virtualservice.rewriteUri }} + rewrite: + uri: {{ .Values.consolidator.istio.virtualservice.rewriteUri }} + {{- end }} + route: + - destination: + host: {{ include "common.tplvalues.render" (dict "value" .Values.consolidator.istio.virtualservice.destination "context" $) }} + port: + number: {{ include "common.tplvalues.render" (dict "value" .Values.consolidator.istio.virtualservice.destinationPort "context" $) }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/websub/templates/deployment.yaml b/charts/websub/templates/deployment.yaml new file mode 100644 index 0000000..7940d79 --- /dev/null +++ b/charts/websub/templates/deployment.yaml @@ -0,0 +1,117 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + annotations: {{- include "websub.podAnnotations" . | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.podLabels "context" $) | nindent 8 }} + spec: + serviceAccountName: {{ template "websub.serviceAccountName" . }} + {{- include "websub.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.initContainers }} + initContainers: + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: websub + image: {{ template "websub.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- include "websub.command" . | nindent 10 }} + env: + {{- include "websub.envVars" . | nindent 12 }} + ports: + - name: http + containerPort: {{ .Values.containerPort }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if and .Values.startUpCommand (not (or .Values.command .Values.args)) }} + - name: startup-command + mountPath: /startup.sh + subPath: startup.sh + {{- end }} + {{- if .Values.configToml }} + - name: config-toml + mountPath: {{ include "common.tplvalues.render" (dict "value" .Values.configTomlMountPath "context" $) }} + subPath: config.toml + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if and .Values.startUpCommand (not (or .Values.command .Values.args)) }} + - name: startup-command + configMap: + name: {{ include "common.names.fullname" . }}-startup + defaultMode: 0755 + {{- end }} + {{- if .Values.configToml }} + - name: config-toml + configMap: + name: {{ include "common.names.fullname" . }}-config + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/websub/templates/extra-list.yaml b/charts/websub/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/charts/websub/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/websub/templates/gateway.yaml b/charts/websub/templates/gateway.yaml new file mode 100644 index 0000000..a1cd9b4 --- /dev/null +++ b/charts/websub/templates/gateway.yaml @@ -0,0 +1,38 @@ +{{- if .Values.istio.enabled }} +{{- if .Values.istio.gateway.enabled }} +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + {{ toYaml .Values.istio.gateway.ingressController | nindent 4 }} + servers: + {{- if .Values.istio.gateway.httpEnabled }} + - port: + name: http2 + number: 8080 + protocol: HTTP2 + hosts: + - {{ default .Values.hostname .Values.istio.gateway.host | quote }} + {{- if .Values.istio.gateway.httpTlsRedirect }} + tls: + httpsRedirect: true + {{- end }} + {{- end }} + {{- if .Values.istio.gateway.httpsEnabled }} + - port: + name: https + number: 8443 + protocol: HTTPS + hosts: + - {{ default .Values.hostname .Values.istio.gateway.host | quote }} + tls: + {{ toYaml (omit .Values.istio.gateway.tls "enabled") | nindent 6 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/websub/templates/secret.yaml b/charts/websub/templates/secret.yaml new file mode 100644 index 0000000..b72c620 --- /dev/null +++ b/charts/websub/templates/secret.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + encryption-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "encryption-key" "length" 10 "providedValues" (list "encryptionKey") "context" $) }} +{{- end }} diff --git a/charts/websub/templates/service-account.yaml b/charts/websub/templates/service-account.yaml new file mode 100644 index 0000000..6c6e063 --- /dev/null +++ b/charts/websub/templates/service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "websub.serviceAccountName" . }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} diff --git a/charts/websub/templates/service.yaml b/charts/websub/templates/service.yaml new file mode 100644 index 0000000..58ce32e --- /dev/null +++ b/charts/websub/templates/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{ if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{ end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + protocol: TCP + targetPort: {{ .Values.containerPort }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/websub/templates/servicemonitor.yaml b/charts/websub/templates/servicemonitor.yaml new file mode 100644 index 0000000..03f1d96 --- /dev/null +++ b/charts/websub/templates/servicemonitor.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + endpoints: + - targetPort: {{ .Values.containerPort }} + path: {{ .Values.metrics.endpointPath }} + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/websub/templates/virtualservice.yaml b/charts/websub/templates/virtualservice.yaml new file mode 100644 index 0000000..f0bdb87 --- /dev/null +++ b/charts/websub/templates/virtualservice.yaml @@ -0,0 +1,35 @@ +{{- if .Values.istio.enabled }} +{{- if .Values.istio.virtualservice.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + hosts: + - {{ default .Values.hostname .Values.istio.virtualservice.host | quote }} + gateways: + - {{ default (include "common.names.fullname" .) .Values.istio.virtualservice.gateway }} + http: + - headers: + request: + set: + x-forwarded-host: {{ default .Values.hostname .Values.istio.virtualservice.host | quote }} + x-forwarded-proto: https + match: + - uri: + prefix: {{ include "common.tplvalues.render" (dict "value" .Values.istio.virtualservice.prefix "context" $) }} + {{- if .Values.istio.virtualservice.rewriteUri }} + rewrite: + uri: {{ include "common.tplvalues.render" (dict "value" .Values.istio.virtualservice.rewriteUri "context" $) }} + {{- end }} + route: + - destination: + host: {{ include "common.tplvalues.render" (dict "value" .Values.istio.virtualservice.destination "context" $) }} + port: + number: {{ include "common.tplvalues.render" (dict "value" .Values.istio.virtualservice.destinationPort "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/websub/values.yaml b/charts/websub/values.yaml new file mode 100644 index 0000000..12a2d83 --- /dev/null +++ b/charts/websub/values.yaml @@ -0,0 +1,708 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass +global: + keycloakBaseUrl: 'https://keycloak.your.org' + +hostname: websub.openg2p.sandbox.net + +## Add labels to all the deployed resources +## +commonLabels: {} + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] + +## Number of nodes +## +replicaCount: 1 + +service: + type: ClusterIP + port: 80 + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP: + ## + ## nodePorts: + ## http: + ## https: + ## + + nodePorts: + http: "" + https: "" + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + +image: + registry: docker.io + repository: openg2p/websub-service + tag: 1.2.0.1 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + +## Port on which this particular spring service module is running. +containerPort: 9191 + +## Configure extra options for liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +startupProbe: + enabled: true + httpGet: + path: /hub/actuator/health + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + +livenessProbe: + enabled: true + httpGet: + path: /hub/actuator/health + port: http + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + httpGet: + path: /hub/actuator/health + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] + +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] + +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +## We usually recommend not to specify default resources and to leave this as a conscious +## choice for the user. This also increases chances charts run on environments with little +## resources, such as Minikube. If you do want to specify resources, uncomment the following +## lines, adjust them as necessary. +# resources: +# limits: +# cpu: 500m +# memory: 2250Mi +# requests: +# cpu: 100m +# memory: 1500Mi +resources: {} + +## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources. Example: +# javaOpts: "-Xms500M -Xmx500M" +javaOpts: "" + +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## Clamav container already runs as 'mosip' user, so we may not need to enable this +containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: false + fsGroup: 1001 + +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" + +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft + +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} + +## Annotations for server pods. +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## pods' priority. +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## lifecycleHooks for the container to automate configuration before or after startup. +## +lifecycleHooks: {} + +## Custom Liveness probes for +## +customLivenessProbe: {} + +## Custom Rediness probes +## +customReadinessProbe: {} + +## Update strategy - only really applicable for deployments with RWO PVs attached +## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the +## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will +## terminate the single previous pod, so that the new, incoming pod can attach to the PV +## +updateStrategy: + type: RollingUpdate + +## Add init containers to the pods. +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +initContainers: [] + +## Add sidecars to the pods. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] + +## Specifies whether a ServiceAccount should be created +## +serviceAccount: + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: + +## Prometheus Metrics +## +metrics: + enabled: false + ## Prometheus pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + + endpointPath: /v1/websub/actuator/prometheus + + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: true + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 10s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## List of rules, used as template by Helm. + ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html + # rules: + # - alert: RabbitmqDown + # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 + # for: 5m + # labels: + # severity: error + rules: [] + +## Extra volumes to add to the deployment +## +extraVolumes: [] + +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] + +istio: + enabled: true + virtualservice: + enabled: true + host: "" + gateway: "internal" + destination: '{{ include "common.names.fullname" . }}' + destinationPort: '{{ .Values.service.port }}' + prefix: /hub + rewriteUri: "" + gateway: + enabled: false + host: "" + ingressController: + istio: ingressgateway + httpTlsRedirect: false + httpEnabled: true + httpsEnabled: false + tls: + mode: SIMPLE + credentialName: "" + +kafka: + enabled: true + nameOverride: websub-kafka + heapOpts: "" + extraConfig: |- + default.replication.factor=1 + offsets.topic.replication.factor=1 + transaction.state.log.replication.factor=1 + auto.create.topics.enable=true + delete.topic.enable=true + num.partitions=3 + controller: + heapOpts: "" + replicaCount: 1 + resourcesPreset: "none" + broker: + heapOpts: "" + persistence: + enabled: false + listeners: + client: + protocol: PLAINTEXT + controller: + protocol: PLAINTEXT + interbroker: + protocol: PLAINTEXT + external: + protocol: PLAINTEXT + service: + ports: + client: 9092 + +consolidator: + enabled: true + replicaCount: 1 + service: + type: ClusterIP + port: 80 + nodePorts: + http: "" + https: "" + externalTrafficPolicy: Cluster + image: + registry: docker.io + repository: openg2p/consolidator-websub-service + tag: 1.2.0.1 + pullPolicy: Always + pullSecrets: [] + # - myRegistryKeySecretName + containerPort: 9192 + startupProbe: + enabled: true + httpGet: + path: /consolidator/actuator/health + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + livenessProbe: + enabled: true + httpGet: + path: /consolidator/actuator/health + port: http + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + enabled: true + httpGet: + path: /consolidator/actuator/health + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + command: [] + args: [] + hostAliases: [] + resources: {} + javaOpts: "" + containerSecurityContext: + enabled: false + runAsUser: 1001 + runAsNonRoot: true + podSecurityContext: + enabled: false + fsGroup: 1001 + podAffinityPreset: "" + podAntiAffinityPreset: soft + nodeAffinityPreset: + type: "" + key: "" + values: [] + affinity: {} + nodeSelector: {} + tolerations: [] + podLabels: + app.kubernetes.io/name: '{{ include "common.names.name" . }}-consolidator' + podAnnotations: {} + # priorityClassName: "" + lifecycleHooks: {} + updateStrategy: + type: RollingUpdate + initContainers: [] + sidecars: [] + extraVolumes: [] + extraVolumeMounts: [] + istio: + enabled: true + virtualservice: + enabled: true + host: "" + gateway: "internal" + destination: '{{ include "common.names.fullname" . }}-consolidator' + destinationPort: '{{ .Values.consolidator.service.port }}' + prefix: /consolidator + rewriteUri: "" + gateway: + enabled: false + host: "" + ingressController: + istio: ingressgateway + httpTlsRedirect: false + httpEnabled: true + httpsEnabled: false + tls: + mode: SIMPLE + credentialName: "" + envVars: + JDK_JAVA_OPTIONS: '{{ tpl .Values.consolidator.javaOpts $ }}' + CONSOLIDATOR_PORT: '{{ .Values.consolidator.containerPort }}' + KAFKA_BOOTSTRAP_HOSTNAME: '{{ tpl .Values.kafkaInstallationName $ }}' + KAFKA_PORT: '9092' + KAFKA_BOOTSTRAP_SERVER: '{{ tpl .Values.envVars.KAFKA_BOOTSTRAP_HOSTNAME $ }}:{{ tpl .Values.envVars.KAFKA_PORT $ }}' + + envVarsFrom: {} + + configTomlMountPath: /etc/config.template.toml + + configToml: |- + [consolidatorService.config] + # IP and Port of the Kafka bootstrap node + KAFKA_BOOTSTRAP_NODE = "${KAFKA_BOOTSTRAP_SERVER}" + + # Kafka topic which will get notified for websub topic registration/deregistration + # All the hubs must be pointed to the same Kafka topic to notify websub topic registration/deregistration + REGISTERED_WEBSUB_TOPICS_TOPIC = "registered-websub-topics" + + # Kafka topic which stores consolidated websub topics for the hub + CONSOLIDATED_WEBSUB_TOPICS_TOPIC = "consolidated-websub-topics" + + # Kafka topic which will get notified for websub subscription/unsubscription + # All the hubs must be pointed to the same Kafka topic to notify websub subscription/unsubscription + WEBSUB_SUBSCRIBERS_TOPIC = "registered-websub-subscribers" + + # Kafka topic which is stores consolidated websub subscribers for this server + CONSOLIDATED_WEBSUB_SUBSCRIBERS_TOPIC = "consolidated-websub-subscribers" + + # The interval in which Kafka consumers wait for new messages + POLLING_INTERVAL = 10.0 + + # The period in which Kafka close method waits to complete + GRACEFUL_CLOSE_PERIOD = 5.0 + + # The disk space threshold for healthcheck + DISK_SPACE_THRESHOLD = 10485760 + + # The port that is used to start the consolidator + CONSOLIDATOR_PORT = ${CONSOLIDATOR_PORT} + + # consolidator health endpoint + CONSOLIDATOR_HEALTH_ENDPOINT = "/consolidator/actuator/health" + + [ballerina.http.accessLogConfig] + # Enable printing access logs in console + console = true # Default is false + + [ballerina.http.traceLogAdvancedConfig] + # Enable printing trace logs in console + console = false # Default is false + + startUpCommand: |- + #!/usr/bin/env bash + echo "==> Copying Configs" + envsubst < {{ tpl .Values.consolidator.configTomlMountPath $ }} > Config.toml + echo "==> Waiting for kafka" + RETRY_COUNT=0 + while :; do + if nc -z ${KAFKA_BOOTSTRAP_HOSTNAME} ${KAFKA_PORT} ; then + break + elif [ $RETRY_COUNT -ne 200 ]; then + ((RETRY_COUNT++)) + sleep 1s + else + echo "Could not connect to Kafka even after retries..." + exit 1 + fi + done + java -jar ./consolidator.jar + +# If a hub secret already exists give the secret name here. Else will be generated. +existingSecret: "" + +# Give Hub Encryption Key here. If empty it will be autogenerated. +encryptionKey: "" + +envVars: + JDK_JAVA_OPTIONS: '{{ tpl .Values.javaOpts $ }}' + HUB_PORT: '{{ .Values.containerPort }}' + KAFKA_BOOTSTRAP_HOSTNAME: '{{ tpl .Values.kafkaInstallationName $ }}' + KAFKA_PORT: '9092' + KAFKA_BOOTSTRAP_SERVER: '{{ tpl .Values.envVars.KAFKA_BOOTSTRAP_HOSTNAME $ }}:{{ tpl .Values.envVars.KAFKA_PORT $ }}' + CONSOLIDATOR_URL: 'http://{{ include "common.names.fullname" . }}-consolidator' + CONSOLIDATOR_HEALTH_ENDPOINT: '/consolidator/actuator/health' + SECURITY_JWT_ISSUER: '{{ tpl .Values.global.keycloakBaseUrl $ }}/realms/master' + SECURITY_JWT_ISSUER_JWKS_URL: '{{ tpl .Values.envVars.SECURITY_JWT_ISSUER $ }}/protocol/openid-connect/certs' + +envVarsFrom: + hub_secret_encryption_key: + secretKeyRef: + name: '{{ (not .Values.existingSecret) | ternary (include "common.names.fullname" .) .Values.existingSecret }}' + key: encryption-key + +configTomlMountPath: /etc/config.template.toml + +configToml: |- + [kafkaHub.config] + # Flag to check whether to enable/disable security + SECURITY_ON = true + + # Security: JWT Issuer URL + SECURITY_JWT_ISSUER = "${SECURITY_JWT_ISSUER}"; + + # Security: JWKS Url for the configured issuer + SECURITY_JWT_ISSUER_JWKS_URL = "${SECURITY_JWT_ISSUER_JWKS_URL}"; + + # Server ID is is used to uniquely identify each server + # Each server must have a unique ID + SERVER_ID = "server-1" + + # IP and Port of the Kafka bootstrap node + KAFKA_BOOTSTRAP_NODE = "${KAFKA_BOOTSTRAP_SERVER}" + + # Kafka topic which will get notified for websub topic registration/deregistration + # All the hubs must be pointed to the same Kafka topic to notify websub topic registration/deregistration + REGISTERED_WEBSUB_TOPICS_TOPIC = "registered-websub-topics" + + # Kafka topic which stores consolidated websub topics for the hub + CONSOLIDATED_WEBSUB_TOPICS_TOPIC = "consolidated-websub-topics" + + # Kafka topic which will get notified for websub subscription/unsubscription + # All the hubs must be pointed to the same Kafka topic to notify websub subscription/unsubscription + WEBSUB_SUBSCRIBERS_TOPIC = "registered-websub-subscribers" + + # Kafka topic which is stores consolidated websub subscribers for this server + CONSOLIDATED_WEBSUB_SUBSCRIBERS_TOPIC = "consolidated-websub-subscribers" + + # The interval in which Kafka consumers wait for new messages + POLLING_INTERVAL = 10.0 + + # The period in which Kafka close method waits to complete + GRACEFUL_CLOSE_PERIOD = 5.0 + + # The port that is used to start the hub + HUB_PORT = ${HUB_PORT} + + # The period between retry requests + MESSAGE_DELIVERY_RETRY_INTERVAL = 3.0 + + # The maximum retry count + MESSAGE_DELIVERY_COUNT = 3 + + # The message delivery timeout + MESSAGE_DELIVERY_TIMEOUT = 30.0 + + # The token validation URL of IDP + DISK_SPACE_THRESHOLD = 10485760 + + # The token validation URL of IDP + PARTNER_USER_ID_PREFIX = "service-account-" + + # The period between retry requests + INTENT_VERIFICATION_RETRY_INTERVAL = 3.0 + + # The maximum retry count + INTENT_VERIFICATION_COUNT = 3 + + # The period between retry requests + INTENT_VERIFICATION_BACKOFF_FACTOR = 2.0 + + # The maximum retry count + INTENT_VERIFICATION_MAX_INTERVAL = 20.0 + + # The maximum retry count + KAFKA_CONSUMER_MAX_POLL_RECORDS = 3 + + # The maximum retry count + KAFKA_CONSUMER_FETCH_MAX_BYTES = 3145728 + + # The maximum retry count + KAFKA_CONSUMER_MAX_PARTITION_FETCH_BYTES = 524288 + + # Kafka topic which is stores consolidated websub subscribers for this server + META_TOPICS = "registered-websub-topics,consolidated-websub-topics,registered-websub-subscribers,consolidated-websub-subscribers" + + # consolidator base url + CONSOLIDATOR_BASE_URL = "${CONSOLIDATOR_URL}" + + # consolidator health endpoint + CONSOLIDATOR_HEALTH_ENDPOINT = "/consolidator/actuator/health" + + #Encryption key that will be used to encrypt / decrypt the hub secret + HUB_SECRET_ENCRYPTION_KEY = "${hub_secret_encryption_key}" + + # Below config will allow base64-encoded-bytes / alpha-numeric. + # Recommended to use base64-encoded-bytes since alpha-numeric is considered less secure. This is just given to ensure the backward compatiblity + HUB_SECRET_ENCRYPTION_KEY_FORMAT = "alpha-numeric" + + [ballerina.http.accessLogConfig] + # Enable printing access logs in console + console = true # Default is false + + [ballerina.http.traceLogAdvancedConfig] + # Enable printing trace logs in console + console = false # Default is false + +startUpCommand: |- + #!/usr/bin/env bash + echo "==> Copying Configs" + envsubst < {{ tpl .Values.consolidator.configTomlMountPath $ }} > Config.toml + echo "==> Waiting for kafka" + RETRY_COUNT=0 + while :; do + if nc -z ${KAFKA_BOOTSTRAP_HOSTNAME} ${KAFKA_PORT} ; then + break + elif [ $RETRY_COUNT -ne 200 ]; then + ((RETRY_COUNT++)) + sleep 1s + else + echo "Could not connect to Kafka even after retries..." + exit 1 + fi + done + echo "==> Waiting for consolidator" + if ! curl -I -s -o /dev/null -m 10 --retry 100 --retry-delay 10 --retry-all-errors "${CONSOLIDATOR_URL}${CONSOLIDATOR_HEALTH_ENDPOINT}"; then + echo "Failed connecting with consolidator after max retries..." + exit 1 + fi + java -jar ./hub.jar + +kafkaInstallationName: '{{ include "common.names.fullname" .Subcharts.kafka }}'