elixir-cloud-aai · xhrach06 · Jun 29, 2022 · Jun 29, 2022 · Jul 14, 2022 · Jul 14, 2022
diff --git a/deployment/templates/cfg.yaml b/deployment/templates/cfg.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  config.yaml: |
+    {{.Values.config}}
+
+kind: ConfigMap
+metadata:
+  name: certconf
diff --git a/deployment/templates/deployment.yaml b/deployment/templates/deployment.yaml
@@ -17,23 +17,34 @@ spec:
      containers:
      - name: pubgrade
        imagePullPolicy: IfNotPresent
-       image: akash7778/pubgrade:test_build
+       image: cerit.io/matej_hrachovec/pub_fix:debu
        ports:
        - containerPort: 8080
        volumeMounts:
        - mountPath: {{ .Values.volumes.Pubgrade.pathToMountedDir }}
          name: pubgrade-storage
+       - name: certconf
+         mountPath: /etc/ssl/certs/cert.pem
+         subPath: cert.pem
+         readOnly: false
        env:
          - name: NAMESPACE
            value: {{ .Release.Namespace }}
          - name: PV_NAME
            value: {{ .Values.volumes.Pubgrade.name }}
          - name: BASE_DIR
            value: {{ .Values.volumes.Pubgrade.pathToMountedDir }}
+       securityContext:
+          runAsUser: 1000
+          runAsGroup: 1000
      volumes:
+       - name: certconf
+         configMap:
+               name: certconf
        - name: pubgrade-storage
          persistentVolumeClaim:
                claimName: {{ .Values.volumes.Pubgrade.name }}
+    #{{- if .Values.volumes.Pubgrade.deployLocalPv }}
      initContainers:
         - name: take-data-dir-ownership
           image: alpine:3
@@ -45,3 +56,4 @@ spec:
           volumeMounts:
           - name: pubgrade-storage
             mountPath: {{ .Values.volumes.Pubgrade.pathToMountedDir }}
+    #{{end}}
diff --git a/deployment/templates/mongodb/mongodb-deployment.yaml b/deployment/templates/mongodb/mongodb-deployment.yaml
@@ -17,6 +17,9 @@ spec:
       containers:
       - name: mongodb
         image: mongo:3.6
+        securityContext:
+           runAsUser: 1000
+           runAsGroup: 1000
         ports:
         - containerPort: 27017
           name: db-container
@@ -27,4 +30,4 @@ spec:
        - name: mongodb-storage
          persistentVolumeClaim:
                claimName: {{ .Values.volumes.mongodb.name }}
-
+
diff --git a/deployment/templates/mongodb/mongodb-service.yaml b/deployment/templates/mongodb/mongodb-service.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: mongodb
+  name: mongodb-{{ .Release.Name }}
   labels:
     app: db
 spec:
@@ -11,4 +11,4 @@ spec:
     name: mongodb
   selector:
     app: db
-  type: NodePort
+  type: ClusterIP
diff --git a/deployment/templates/notify-completion-deployment.yaml b/deployment/templates/notify-completion-deployment.yaml
@@ -6,18 +6,25 @@ spec:
  replicas: 1
  selector:
    matchLabels:
-     app: pubgrade
+     app: {{ .Release.Name }}
  template:
    metadata:
      labels:
-       app: pubgrade
+       app: {{ .Release.Name }}
    spec:
-          serviceAccountName: pubgrade
+          serviceAccountName: {{ .Release.Name }}
           automountServiceAccountToken: true
           containers:
           - image: {{ .Values.imageNotifyCompletion }}
             name: notify-completion
             imagePullPolicy: IfNotPresent
+            securityContext:
+              runAsUser: 1000
+              runAsGroup: 1000
+            resources:
+              limits:
+                cpu: 1
+                memory: 512Mi
             env:
               - name: NAMESPACE
                 value: {{ .Release.Namespace }}

diff --git a/deployment/templates/role-binding.yaml b/deployment/templates/role-binding.yaml
@@ -1,13 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: manage-pods
+  name: {{ .Release.Name }}-manage-pods
   namespace: {{ .Release.Namespace }}
 subjects:
 - kind: ServiceAccount
-  name: pubgrade
+  name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
 roleRef:
   kind: Role
-  name: role-pubgrade
-  apiGroup: rbac.authorization.k8s.io
+  name: role-{{ .Release.Name }}
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deployment/templates/role.yaml b/deployment/templates/role.yaml
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   namespace: {{ .Release.Namespace }}
-  name: role-pubgrade
+  name: role-{{ .Release.Name }}
 rules:
 - apiGroups: [""] 
   resources: ["pods", "services"]

diff --git a/deployment/templates/service-account.yaml b/deployment/templates/service-account.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: pubgrade
+  name: {{ .Release.Name }}
 automountServiceAccountToken: true
diff --git a/deployment/templates/services.yaml b/deployment/templates/services.yaml
@@ -1,12 +1,11 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: pubgrade-service
+  name: {{ .Release.Name }}-service
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
-    app: pubgrade
+    app: {{ .Release.Name }}
   ports:
     - port: 8080
       targetPort: 8080
-      nodePort: 30008
diff --git a/deployment/values.yaml b/deployment/values.yaml
@@ -3,26 +3,125 @@ pubgrade_URL: 'http://pubgrade-service.pubgrade'
 
 ingress:
   enabled: true
-  url: 'your.url.without.http.com'
+  url: 'pupgrade.dyn.cloud.e-infra.cz'
   https:
     enabled: true
     issuer: letsencrypt-prod
-
+name: mongodb
 #Persistent volumes and claims
 volumes:
   Pubgrade:
     # In case you are working with minikube or another single-worker solution
     # you can add a peristent volume from a local directory. For fully-distributed
     #clusters you should use a StorageClass already existing in your cluster, so set this to false.
-    deployLocalPv: true
-    pathToMountedDir: /pubgrade_temp_files
+    deployLocalPv: false
+    pathToMountedDir: /tmp/pubgrade_temp_files
     pathToLocalDir: /tmp/pubgrade-pv
-    name: pubgrade-pvc
-    storageClass: manual
+    name: pvc-pubgrade
+    storageClass: nfs-csi
     size: 2Gi
   mongodb:
-    deployLocalPv: true
+    deployLocalPv: false
     pathToLocalDir: /tmp/mongo-pv
-    name: mongo-pvc
-    storageClass: manual
+    name: pvc-mongo
+    storageClass: nfs-csi
     size: 2Gi
+
+config:
+  db:
+    host: mongodb-pubgrade
+    port: 27017
+    dbs:
+        pubgradeStore:
+            collections:
+                repositories:
+                    indexes:
+                        - keys:
+                              id: 1
+                          options: 
+                            'unique': True
+                builds:
+                    indexes:
+                        - keys:
+                              id: 1
+                          options: 
+                            'unique': True
+                subscriptions:
+                    indexes:
+                        - keys:
+                              id: 1
+                          options: 
+                            'unique': True
+                users:
+                    indexes:
+                        - keys:
+                              uid: 1
+                          options: 
+                            'unique': True
+                admin_users:
+                    indexes:
+                        - keys:
+                              uid: 1
+                          options: 
+                            'unique': True
+  server:
+    host: '0.0.0.0'
+    port: 8080
+    debug: True
+    environment: development
+    testing: True
+    use_reloader: True
+  api:
+    specs:
+        - path:
+            - api/pubgrade.yaml
+          append: null
+          add_operation_fields:
+              x-openapi-router-controller: pubgrade.modules.server
+          connexion:
+              strict_validation: True
+              validate_responses: True
+              options:
+                  swagger_ui: True
+                  serve_spec: True
+  exceptions:
+     required_members: [['msg'], ['status_code']]
+     status_member: ['status_code']
+     exceptions: pubgrade.errors.exceptions.exceptions
+  log:
+    version: 1
+    disable_existing_loggers: False
+    formatters:
+        standard:
+            class: logging.Formatter
+            style: "{"
+            format: "[{asctime}: {levelname:<8}] {message} [{name}]"
+    handlers:
+        console:
+            class: logging.StreamHandler
+            level: 20
+            formatter: standard
+            stream: ext://sys.stderr
+    root:
+        level: 10
+        handlers: [console]
+  endpoints:
+    repository:
+        id_charset: [string.ascii_lowercase, string.digits , '.' , '-']
+        id_length: 6
+        retries: 3
+    user:
+        uid_charset: [string.ascii_lowercase, string.digits , '.' , '-']
+        uid_length: 6
+        retries: 3
+    access_token:
+        charset: [ string.ascii_lowercase, string.digits , '.' , '-' ]
+        length: 32
+    subscriptions:
+      admin_users:
+        - name: 'Akash'
+          uid: 'akash.saini'
+          user_access_token: 'c42a6d44e3d0'
+        - name: 'Alvaro'
+          uid: 'alvaro.gonzalez'
+          user_access_token: 'c42fhg44e3d0'
diff --git a/pubgrade/config.yaml b/pubgrade/config.yaml
@@ -8,7 +8,7 @@ server:
     use_reloader: True
 
 db:
-    host: mongodb.pubgrade
+    host: mongodb-pubgrade
     port: 27017
     dbs:
         pubgradeStore:
@@ -101,4 +101,4 @@ endpoints:
           user_access_token: 'c42a6d44e3d0'
         - name: 'Alvaro'
           uid: 'alvaro.gonzalez'
-          user_access_token: 'c42fhg44e3d0'
+          user_access_token: 'c42fhg44e3d0'