diff --git a/deployment/templates/cfg.yaml b/deployment/templates/cfg.yaml new file mode 100644 index 0000000..b80d13f --- /dev/null +++ b/deployment/templates/cfg.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + config.yaml: | + {{.Values.config}} + +kind: ConfigMap +metadata: + name: certconf \ No newline at end of file diff --git a/deployment/templates/deployment.yaml b/deployment/templates/deployment.yaml index e3b1bb0..caa3657 100644 --- a/deployment/templates/deployment.yaml +++ b/deployment/templates/deployment.yaml @@ -17,12 +17,16 @@ spec: containers: - name: pubgrade imagePullPolicy: IfNotPresent - image: akash7778/pubgrade:test_build + image: cerit.io/matej_hrachovec/pub_fix:debu ports: - containerPort: 8080 volumeMounts: - mountPath: {{ .Values.volumes.Pubgrade.pathToMountedDir }} name: pubgrade-storage + - name: certconf + mountPath: /etc/ssl/certs/cert.pem + subPath: cert.pem + readOnly: false env: - name: NAMESPACE value: {{ .Release.Namespace }} @@ -30,10 +34,17 @@ spec: value: {{ .Values.volumes.Pubgrade.name }} - name: BASE_DIR value: {{ .Values.volumes.Pubgrade.pathToMountedDir }} + securityContext: + runAsUser: 1000 + runAsGroup: 1000 volumes: + - name: certconf + configMap: + name: certconf - name: pubgrade-storage persistentVolumeClaim: claimName: {{ .Values.volumes.Pubgrade.name }} + #{{- if .Values.volumes.Pubgrade.deployLocalPv }} initContainers: - name: take-data-dir-ownership image: alpine:3 @@ -45,3 +56,4 @@ spec: volumeMounts: - name: pubgrade-storage mountPath: {{ .Values.volumes.Pubgrade.pathToMountedDir }} + #{{end}} diff --git a/deployment/templates/mongodb/mongodb-deployment.yaml b/deployment/templates/mongodb/mongodb-deployment.yaml index 15aa07a..0b65038 100644 --- a/deployment/templates/mongodb/mongodb-deployment.yaml +++ b/deployment/templates/mongodb/mongodb-deployment.yaml @@ -17,6 +17,9 @@ spec: containers: - name: mongodb image: mongo:3.6 + securityContext: + runAsUser: 1000 + runAsGroup: 1000 ports: - containerPort: 27017 name: db-container @@ -27,4 +30,4 @@ spec: - name: mongodb-storage persistentVolumeClaim: claimName: {{ .Values.volumes.mongodb.name }} - \ No newline at end of file + diff --git a/deployment/templates/mongodb/mongodb-service.yaml b/deployment/templates/mongodb/mongodb-service.yaml index ab3d421..e3895fd 100644 --- a/deployment/templates/mongodb/mongodb-service.yaml +++ b/deployment/templates/mongodb/mongodb-service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: mongodb + name: mongodb-{{ .Release.Name }} labels: app: db spec: @@ -11,4 +11,4 @@ spec: name: mongodb selector: app: db - type: NodePort \ No newline at end of file + type: ClusterIP diff --git a/deployment/templates/notify-completion-deployment.yaml b/deployment/templates/notify-completion-deployment.yaml index b972b90..2bd972c 100644 --- a/deployment/templates/notify-completion-deployment.yaml +++ b/deployment/templates/notify-completion-deployment.yaml @@ -6,18 +6,25 @@ spec: replicas: 1 selector: matchLabels: - app: pubgrade + app: {{ .Release.Name }} template: metadata: labels: - app: pubgrade + app: {{ .Release.Name }} spec: - serviceAccountName: pubgrade + serviceAccountName: {{ .Release.Name }} automountServiceAccountToken: true containers: - image: {{ .Values.imageNotifyCompletion }} name: notify-completion imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + resources: + limits: + cpu: 1 + memory: 512Mi env: - name: NAMESPACE value: {{ .Release.Namespace }} diff --git a/deployment/templates/role-binding.yaml b/deployment/templates/role-binding.yaml index dd2d15d..25edd8f 100644 --- a/deployment/templates/role-binding.yaml +++ b/deployment/templates/role-binding.yaml @@ -1,13 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: manage-pods + name: {{ .Release.Name }}-manage-pods namespace: {{ .Release.Namespace }} subjects: - kind: ServiceAccount - name: pubgrade + name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} roleRef: kind: Role - name: role-pubgrade - apiGroup: rbac.authorization.k8s.io + name: role-{{ .Release.Name }} + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/deployment/templates/role.yaml b/deployment/templates/role.yaml index 2c2c482..e5095ad 100644 --- a/deployment/templates/role.yaml +++ b/deployment/templates/role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: {{ .Release.Namespace }} - name: role-pubgrade + name: role-{{ .Release.Name }} rules: - apiGroups: [""] resources: ["pods", "services"] diff --git a/deployment/templates/service-account.yaml b/deployment/templates/service-account.yaml index bb11cbb..b01ceb2 100644 --- a/deployment/templates/service-account.yaml +++ b/deployment/templates/service-account.yaml @@ -1,5 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: pubgrade + name: {{ .Release.Name }} automountServiceAccountToken: true diff --git a/deployment/templates/services.yaml b/deployment/templates/services.yaml index 28d7d6b..e596fd6 100644 --- a/deployment/templates/services.yaml +++ b/deployment/templates/services.yaml @@ -1,12 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: pubgrade-service + name: {{ .Release.Name }}-service spec: - type: NodePort + type: ClusterIP selector: - app: pubgrade + app: {{ .Release.Name }} ports: - port: 8080 targetPort: 8080 - nodePort: 30008 diff --git a/deployment/values.yaml b/deployment/values.yaml index 5b4b17f..be2d4b2 100644 --- a/deployment/values.yaml +++ b/deployment/values.yaml @@ -3,26 +3,125 @@ pubgrade_URL: 'http://pubgrade-service.pubgrade' ingress: enabled: true - url: 'your.url.without.http.com' + url: 'pupgrade.dyn.cloud.e-infra.cz' https: enabled: true issuer: letsencrypt-prod - +name: mongodb #Persistent volumes and claims volumes: Pubgrade: # In case you are working with minikube or another single-worker solution # you can add a peristent volume from a local directory. For fully-distributed #clusters you should use a StorageClass already existing in your cluster, so set this to false. - deployLocalPv: true - pathToMountedDir: /pubgrade_temp_files + deployLocalPv: false + pathToMountedDir: /tmp/pubgrade_temp_files pathToLocalDir: /tmp/pubgrade-pv - name: pubgrade-pvc - storageClass: manual + name: pvc-pubgrade + storageClass: nfs-csi size: 2Gi mongodb: - deployLocalPv: true + deployLocalPv: false pathToLocalDir: /tmp/mongo-pv - name: mongo-pvc - storageClass: manual + name: pvc-mongo + storageClass: nfs-csi size: 2Gi + +config: + db: + host: mongodb-pubgrade + port: 27017 + dbs: + pubgradeStore: + collections: + repositories: + indexes: + - keys: + id: 1 + options: + 'unique': True + builds: + indexes: + - keys: + id: 1 + options: + 'unique': True + subscriptions: + indexes: + - keys: + id: 1 + options: + 'unique': True + users: + indexes: + - keys: + uid: 1 + options: + 'unique': True + admin_users: + indexes: + - keys: + uid: 1 + options: + 'unique': True + server: + host: '0.0.0.0' + port: 8080 + debug: True + environment: development + testing: True + use_reloader: True + api: + specs: + - path: + - api/pubgrade.yaml + append: null + add_operation_fields: + x-openapi-router-controller: pubgrade.modules.server + connexion: + strict_validation: True + validate_responses: True + options: + swagger_ui: True + serve_spec: True + exceptions: + required_members: [['msg'], ['status_code']] + status_member: ['status_code'] + exceptions: pubgrade.errors.exceptions.exceptions + log: + version: 1 + disable_existing_loggers: False + formatters: + standard: + class: logging.Formatter + style: "{" + format: "[{asctime}: {levelname:<8}] {message} [{name}]" + handlers: + console: + class: logging.StreamHandler + level: 20 + formatter: standard + stream: ext://sys.stderr + root: + level: 10 + handlers: [console] + endpoints: + repository: + id_charset: [string.ascii_lowercase, string.digits , '.' , '-'] + id_length: 6 + retries: 3 + user: + uid_charset: [string.ascii_lowercase, string.digits , '.' , '-'] + uid_length: 6 + retries: 3 + access_token: + charset: [ string.ascii_lowercase, string.digits , '.' , '-' ] + length: 32 + subscriptions: + admin_users: + - name: 'Akash' + uid: 'akash.saini' + user_access_token: 'c42a6d44e3d0' + - name: 'Alvaro' + uid: 'alvaro.gonzalez' + user_access_token: 'c42fhg44e3d0' diff --git a/pubgrade/config.yaml b/pubgrade/config.yaml index c28df4b..45b026e 100644 --- a/pubgrade/config.yaml +++ b/pubgrade/config.yaml @@ -8,7 +8,7 @@ server: use_reloader: True db: - host: mongodb.pubgrade + host: mongodb-pubgrade port: 27017 dbs: pubgradeStore: @@ -101,4 +101,4 @@ endpoints: user_access_token: 'c42a6d44e3d0' - name: 'Alvaro' uid: 'alvaro.gonzalez' - user_access_token: 'c42fhg44e3d0' \ No newline at end of file + user_access_token: 'c42fhg44e3d0'