diff --git a/charts/geohealthcheck/.editorconfig b/charts/geohealthcheck/.editorconfig new file mode 100644 index 0000000..8f5d808 --- /dev/null +++ b/charts/geohealthcheck/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = false +insert_final_newline = true diff --git a/charts/geohealthcheck/.helmignore b/charts/geohealthcheck/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/geohealthcheck/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/geohealthcheck/.yamllint b/charts/geohealthcheck/.yamllint new file mode 100644 index 0000000..1c3c68c --- /dev/null +++ b/charts/geohealthcheck/.yamllint @@ -0,0 +1,8 @@ +--- +extends: 'default' +ignore: [] +rules: + quoted-strings: + quote-type: 'single' + required: true + ignore: [] diff --git a/charts/geohealthcheck/Chart.yaml b/charts/geohealthcheck/Chart.yaml new file mode 100644 index 0000000..2fda507 --- /dev/null +++ b/charts/geohealthcheck/Chart.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: 'v2' +name: 'geohealthcheck' +description: 'A Helm chart for GeoHealthCheck' +type: 'application' +version: '1.0.0' +appVersion: '0.9.0' diff --git a/charts/geohealthcheck/README.md b/charts/geohealthcheck/README.md new file mode 100644 index 0000000..5b1ae97 --- /dev/null +++ b/charts/geohealthcheck/README.md @@ -0,0 +1,81 @@ +# geohealthcheck + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) + +A Helm chart for GeoHealthCheck + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalCertificates | object | `{}` | | +| affinity | object | `{}` | | +| fullnameOverride | string | `""` | This is to override the release name. | +| geohealthcheck.additionalConfigMaps | list | `[]` | additional configmaps additionalConfigMaps: - 'foo' - 'bar' | +| geohealthcheck.additionalEnv | object | `{}` | additional env variables additionalEnv: name1: 'value1' name2: 'value2' | +| geohealthcheck.additionalEnvSecrets | list | `[]` | additional envSecrets additionalEnvSecrets: - 'foo' - 'bar' | +| geohealthcheck.adminEmail | string | `"you@example.com"` | email address of administrator / contact- notification emails will come from this address | +| geohealthcheck.auth.secret | string | `"changeme"` | secret key to set when enabling authentication | +| geohealthcheck.basicAuthDisabled | bool | `false` | disable Basic Authentication to access GHC webapp and APIs (default: False), | +| geohealthcheck.databaseUri | string | `"sqlite:////data/data.db"` | database connection string for SQL-Alchemy valid examples are: SQLite: 'sqlite:///data.db' PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' | +| geohealthcheck.largeXml | bool | `false` | allows GeoHealthCheck to receive large XML files from the servers under test (default False). Note: setting this to True might pose a security risk | +| geohealthcheck.logLevel | string | `"30"` | logging level: 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL (default: 30, WARNING) | +| geohealthcheck.metadataCacheSecs | string | `"900"` | metadata, “Capabilities Docs”, cache expiry time, default 900 secs, -1 to disable | +| geohealthcheck.minimalRunFrequencyMins | int | `10` | minimal run frequency for Resource that can be set in web UI | +| geohealthcheck.notifications | bool | `false` | turn on email and webhook notifications | +| geohealthcheck.notificationsEmail | list | `[]` | list of email addresses that notifications should come to. Use a different address to GHC_ADMIN_EMAIL if you have trouble receiving notification emails. Also, you can set separate notification emails t specific resources. Failing resource will send notification to emails from GHC_NOTIFICATIONS_EMAIL value and emails configured for that specific resource altogether. notificationsEmail: - 'you2@example.com' - 'you3@example.com' | +| geohealthcheck.notificationsVerbosity | bool | `false` | receive additional email notifications than just Failing and Fixed (default True) | +| geohealthcheck.probeHttpTimeoutSecs | int | `30` | stop waiting for the first byte of a Probe response after the given number of seconds | +| geohealthcheck.requireWebappAuth | bool | `false` | require authentication (login or Basic Auth) to access GHC webapp and APIs (default: False) | +| geohealthcheck.retentionDays | int | `30` | the number of days to keep Run history | +| geohealthcheck.runnerInWebapp | bool | `true` | should the GHC Runner Daemon be run in webapp (default: True) | +| geohealthcheck.selfRegister | bool | `false` | allow registrations from users on the website | +| geohealthcheck.siteTitle | string | `"GeoHealthCheck Demonstration"` | title used for installation / deployment | +| geohealthcheck.siteUrl | string | `"http://host"` | full URL of the installation / deployment | +| geohealthcheck.smtpEnabled | bool | `false` | enable/disable smtp | +| geohealthcheck.smtpPassword | string | `nil` | SMTP server name or IP | +| geohealthcheck.smtpPort | string | `nil` | SMTP port | +| geohealthcheck.smtpServer | string | `nil` | SMTP server name or IP | +| geohealthcheck.smtpUseTls | string | `nil` | whether or not to use StartTLS with SMTP | +| geohealthcheck.smtpUsername | string | `nil` | SMTP server name or IP | +| geohealthcheck.verifySsl | bool | `true` | perform SSL verification for Probe HTTPS requests (default: True) | +| geohealthcheck.wwwLinkExceptionCheck | bool | `false` | turn on checking for OGC Exceptions in WWW:LINK Resource responses (default False) | +| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | +| image.repository | string | `"geopython/geohealthcheck"` | image for GeoHealthCheck | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | +| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ | +| ingress.annotations | object | `{}` | annotations for the ingress annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" | +| ingress.className | string | `""` | ingress class name | +| ingress.enabled | bool | `false` | enable/disable ingress | +| initContainer.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image of the init container | +| initContainer.repository | string | `"library/ubuntu"` | image for the init container | +| initContainer.resources | object | `{}` | resource definitions for the init container | +| initContainer.tag | string | `"jammy"` | tag for the init container | +| livenessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | +| nameOverride | string | `""` | This is to override the chart name. | +| networkPolicy.egressEnabled | bool | `true` | allow/deny external connections. This should be enabled if you want to monitor resources outside of this namespace | +| networkPolicy.enabled | bool | `true` | Enable/disable network policy generation | +| nodeSelector | object | `{}` | | +| persistence.enabled | bool | `true` | enable persistence when using an SQLite database | +| persistence.size | string | `"1Gi"` | size of the data partition | +| persistence.storageClassName | string | `""` | | +| podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: yamllint disable-line rule:line-length https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | +| podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | +| podSecurityContext | object | `{}` | | +| readinessProbe.httpGet.path | string | `"/"` | | +| readinessProbe.httpGet.port | string | `"http"` | | +| resources | object | `{}` | resources for the main container We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | +| securityContext | object | `{}` | | +| service | object | `{"type":"ClusterIP"}` | This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ | +| service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| tolerations | list | `[]` | | +| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true | +| volumes | list | `[]` | Additional volumes on the output Deployment definition. volumes: - name: foo secret: secretName: mysecret optional: false | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/geohealthcheck/templates/NOTES.txt b/charts/geohealthcheck/templates/NOTES.txt new file mode 100644 index 0000000..6d34af6 --- /dev/null +++ b/charts/geohealthcheck/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "geohealthcheck.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "geohealthcheck.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "geohealthcheck.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "geohealthcheck.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/charts/geohealthcheck/templates/_helpers.tpl b/charts/geohealthcheck/templates/_helpers.tpl new file mode 100644 index 0000000..e0b04d6 --- /dev/null +++ b/charts/geohealthcheck/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "geohealthcheck.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "geohealthcheck.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "geohealthcheck.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "geohealthcheck.labels" -}} +helm.sh/chart: {{ include "geohealthcheck.chart" . | squote }} +{{ include "geohealthcheck.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | squote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service | squote }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "geohealthcheck.selectorLabels" -}} +app.kubernetes.io/name: {{ include "geohealthcheck.name" . | squote }} +app.kubernetes.io/instance: {{ .Release.Name | squote }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "geohealthcheck.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "geohealthcheck.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Set the port to expose +*/}} +{{- define "geohealthcheck.containerPort" -}} +{{- "80" }} +{{- end }} diff --git a/charts/geohealthcheck/templates/cm-ca-certs.yaml b/charts/geohealthcheck/templates/cm-ca-certs.yaml new file mode 100644 index 0000000..46fa03b --- /dev/null +++ b/charts/geohealthcheck/templates/cm-ca-certs.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-certificates" (include "geohealthcheck.fullname" .) | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +data: + {{- range $filename, $certificate := .Values.additionalCertificates }} + {{ $filename -}}: | + {{- $certificate | nindent 4 }} + {{- end -}} diff --git a/charts/geohealthcheck/templates/cm-secrets-variables.yaml b/charts/geohealthcheck/templates/cm-secrets-variables.yaml new file mode 100644 index 0000000..d05ccad --- /dev/null +++ b/charts/geohealthcheck/templates/cm-secrets-variables.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: 'v1' +kind: 'Secret' +metadata: + name: {{ printf "%s-secrets" (include "geohealthcheck.fullname" .) | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +type: 'Opaque' +data: + SECRET_KEY: {{ .Values.geohealthcheck.auth.secret | b64enc | squote }} + {{- if and .Values.geohealthcheck.smtpPassword .Values.geohealthcheck.smtpEnabled }} + GHC_SMTP_PASSWORD: {{ .Values.geohealthcheck.smtpPassword | b64enc | squote }} + {{- end }} + SQLALCHEMY_DATABASE_URI: {{ .Values.geohealthcheck.databaseUri | b64enc | squote }} diff --git a/charts/geohealthcheck/templates/cm-variables.yaml b/charts/geohealthcheck/templates/cm-variables.yaml new file mode 100644 index 0000000..40a7b25 --- /dev/null +++ b/charts/geohealthcheck/templates/cm-variables.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-variables" (include "geohealthcheck.fullname" .) | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +data: + GHC_RETENTION_DAYS: {{ .Values.geohealthcheck.retentionDays | squote }} + GHC_PROBE_HTTP_TIMEOUT_SECS: {{ .Values.geohealthcheck.probeHttpTimeoutSecs | squote }} + GHC_MINIMAL_RUN_FREQUENCY_MINS: {{ .Values.geohealthcheck.minimalRunFrequencyMins | squote }} + GHC_SELF_REGISTER: {{ .Values.geohealthcheck.selfRegister | toString | squote }} + GHC_NOTIFICATIONS: {{ .Values.geohealthcheck.notifications | toString | squote }} + GHC_NOTIFICATIONS_VERBOSITY: {{ .Values.geohealthcheck.notificationsVerbosity | toString | squote }} + GHC_WWW_LINK_EXCEPTION_CHECK: {{ .Values.geohealthcheck.wwwLinkExceptionCheck | toString | squote }} + GHC_LARGE_XML: {{ .Values.geohealthcheck.largeXml | toString | squote }} + GHC_ADMIN_EMAIL: {{ .Values.geohealthcheck.adminEmail | squote }} + GHC_NOTIFICATIONS_EMAIL: {{- " " -}}{{- .Values.geohealthcheck.notificationsEmail | toJson | squote }} + GHC_SITE_TITLE: {{ .Values.geohealthcheck.siteTitle | squote }} + GHC_SITE_URL: {{ .Values.geohealthcheck.siteUrl | squote }} + GHC_RUNNER_IN_WEBAPP: {{ .Values.geohealthcheck.runnerInWebapp | toString | squote }} + GHC_REQUIRE_WEBAPP_AUTH: {{ .Values.geohealthcheck.requireWebappAuth | toString | squote }} + GHC_BASIC_AUTH_DISABLED: {{ .Values.geohealthcheck.basicAuthDisabled | toString | squote }} + GHC_VERIFY_SSL: {{ .Values.geohealthcheck.verifySsl | toString | squote }} + GHC_LOG_LEVEL: {{ .Values.geohealthcheck.logLevel | squote }} + GHC_METADATA_CACHE_SECS: {{ .Values.geohealthcheck.metadataCacheSecs | squote }} + {{- if .Values.geohealthcheck.smtpEnabled }} + GHC_SMTP_SERVER: {{ .Values.geohealthcheck.smtpServer | squote }} + GHC_SMTP_PORT: {{ .Values.geohealthcheck.smtpPort | squote }} + GHC_SMTP_TLS: {{ .Values.geohealthcheck.smtpUseTls | squote }} + GHC_SMTP_SSL: 'False' + GHC_SMTP_USERNAME: {{ .Values.geohealthcheck.smtpUsername | squote }} + {{- end }} diff --git a/charts/geohealthcheck/templates/deployment.yaml b/charts/geohealthcheck/templates/deployment.yaml new file mode 100644 index 0000000..9e6795f --- /dev/null +++ b/charts/geohealthcheck/templates/deployment.yaml @@ -0,0 +1,113 @@ +--- +apiVersion: 'apps/v1' +kind: 'Deployment' +metadata: + name: {{ include "geohealthcheck.fullname" . | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "geohealthcheck.selectorLabels" . | nindent 6 }} + strategy: + type: 'Recreate' + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "geohealthcheck.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "geohealthcheck.serviceAccountName" . | squote }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: update-ca-certificates + image: '{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}' + command: ['sh', '-c', 'apt-get update && apt-get install -y ca-certificates && update-ca-certificates -v'] + resources: + {{- toYaml .Values.initContainer.resources | nindent 12 }} + volumeMounts: + - name: 'custom-ca-cert' + mountPath: '/usr/local/share/ca-certificates' + - name: 'ca-bundle' + mountPath: '/etc/ssl/certs' + containers: + - name: {{ .Chart.Name | squote }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: '{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' + imagePullPolicy: {{ .Values.image.pullPolicy | squote }} + ports: + - name: 'http' + containerPort: {{ include "geohealthcheck.containerPort" . }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + envFrom: + - secretRef: + name: {{ printf "%s-secrets" (include "geohealthcheck.fullname" .) | squote }} + {{- range .Values.geohealthcheck.additionalEnvSecrets }} + - secretRef: + name: {{ . | squote }} + {{- end }} + - configMapRef: + name: {{ printf "%s-variables" (include "geohealthcheck.fullname" .) | squote }} + {{- range .Values.geohealthcheck.additionalConfigMaps }} + - configMapRef: + name: {{ . | squote }} + {{- end }} + volumeMounts: + - name: 'custom-ca-cert' + mountPath: '/usr/local/share/ca-certificates' + - name: 'ca-bundle' + mountPath: '/etc/ssl/certs' + - name: data + mountPath: /data + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: custom-ca-cert + configMap: + name: {{ printf "%s-certificates" (include "geohealthcheck.fullname" .) | squote }} + - name: ca-bundle + emptyDir: {} + - name: data + persistentVolumeClaim: + claimName: {{ include "geohealthcheck.fullname" . | squote }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.geohealthcheck.additionalEnv }} + env: + {{- range $key, $value := .Values.geohealthcheck.additionalEnv }} + - name: {{ $key | squote }} + value: {{ $value | squote }} + {{- end }} + {{- end }} diff --git a/charts/geohealthcheck/templates/ingress.yaml b/charts/geohealthcheck/templates/ingress.yaml new file mode 100644 index 0000000..8da61c3 --- /dev/null +++ b/charts/geohealthcheck/templates/ingress.yaml @@ -0,0 +1,44 @@ +--- +{{- if .Values.ingress.enabled -}} +apiVersion: 'networking.k8s.io/v1' +kind: 'Ingress' +metadata: + name: {{ include "geohealthcheck.fullname" . }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.ingress.className }} + ingressClassName: {{ . | squote }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | squote }} + {{- end }} + secretName: {{ .secretName | squote }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | squote }} + http: + paths: + {{- range .paths }} + - path: {{ .path | squote }} + {{- with .pathType }} + pathType: {{ . | squote }} + {{- end }} + backend: + service: + name: {{ include "geohealthcheck.fullname" $ }} + port: + name: 'http' + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/geohealthcheck/templates/networkpolicies.yaml b/charts/geohealthcheck/templates/networkpolicies.yaml new file mode 100644 index 0000000..0844e5e --- /dev/null +++ b/charts/geohealthcheck/templates/networkpolicies.yaml @@ -0,0 +1,39 @@ +--- +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "geohealthcheck.fullname" . }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "geohealthcheck.labels" . | nindent 6 }} + policyTypes: + - 'Ingress' + - Egress + ingress: + - from: + - namespaceSelector: {} + ports: + - protocol: 'TCP' + port: {{ include "geohealthcheck.containerPort" . }} + - from: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - protocol: 'TCP' + port: {{ include "geohealthcheck.containerPort" . }} + egress: + - to: + - namespaceSelector: {} + ports: + - port: 53 + protocol: 'UDP' + {{- if .Values.networkPolicy.egressEnabled }} + - to: + - ipBlock: + cidr: 0.0.0.0/0 + {{- end }} +{{- end }} diff --git a/charts/geohealthcheck/templates/pvc.yaml b/charts/geohealthcheck/templates/pvc.yaml new file mode 100644 index 0000000..bb238cc --- /dev/null +++ b/charts/geohealthcheck/templates/pvc.yaml @@ -0,0 +1,18 @@ +--- +{{- if .Values.persistence.enabled }} +apiVersion: 'v1' +kind: 'PersistentVolumeClaim' +metadata: + name: {{ include "geohealthcheck.fullname" . | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: {{ .Values.persistence.size | squote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName | squote }} + {{- end }} +{{- end }} diff --git a/charts/geohealthcheck/templates/service.yaml b/charts/geohealthcheck/templates/service.yaml new file mode 100644 index 0000000..8fd5485 --- /dev/null +++ b/charts/geohealthcheck/templates/service.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: 'v1' +kind: 'Service' +metadata: + name: {{ include "geohealthcheck.fullname" . | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type | squote }} + ports: + - port: {{ include "geohealthcheck.containerPort" . }} + targetPort: 'http' + protocol: 'TCP' + name: 'http' + selector: + {{- include "geohealthcheck.selectorLabels" . | nindent 4 }} diff --git a/charts/geohealthcheck/templates/serviceaccount.yaml b/charts/geohealthcheck/templates/serviceaccount.yaml new file mode 100644 index 0000000..cc91d2b --- /dev/null +++ b/charts/geohealthcheck/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +{{- if .Values.serviceAccount.create -}} +apiVersion: 'v1' +kind: 'ServiceAccount' +metadata: + name: {{ include "geohealthcheck.serviceAccountName" . | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/geohealthcheck/values.yaml b/charts/geohealthcheck/values.yaml new file mode 100644 index 0000000..2f931f7 --- /dev/null +++ b/charts/geohealthcheck/values.yaml @@ -0,0 +1,250 @@ +--- +# This sets the container image more information can be found here: +# https://kubernetes.io/docs/concepts/containers/images/ +image: + # -- image for GeoHealthCheck + repository: 'geopython/geohealthcheck' + # -- Pull policy for the image + pullPolicy: 'IfNotPresent' + # -- Overrides the image tag whose default is the chart appVersion. + tag: '' + +# -- This is for the secretes for pulling an image from a private repository +# more information can be found here: +# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# -- This is to override the chart name. +nameOverride: '' +# -- This is to override the release name. +fullnameOverride: '' + +# This section builds out the service account more information can be found +# here: https://kubernetes.io/docs/concepts/security/service-accounts/ +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Automatically mount a ServiceAccount's API credentials? + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname + # template + name: '' + +# -- This is for setting Kubernetes Annotations to a Pod. +# For more information checkout: +# yamllint disable-line rule:line-length +# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} + +# -- This is for setting Kubernetes Labels to a Pod. +# For more information checkout: +# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +# Definitions for the init container +initContainer: + # -- resource definitions for the init container + resources: {} + # -- image for the init container + repository: 'library/ubuntu' + # -- tag for the init container + tag: 'jammy' + # -- Pull policy for the image of the init container + pullPolicy: 'IfNotPresent' + +geohealthcheck: + # -- additional env variables + # additionalEnv: + # name1: 'value1' + # name2: 'value2' + additionalEnv: {} + # -- additional configmaps + # additionalConfigMaps: + # - 'foo' + # - 'bar' + additionalConfigMaps: [] + # -- additional envSecrets + # additionalEnvSecrets: + # - 'foo' + # - 'bar' + additionalEnvSecrets: [] + # -- database connection string for SQL-Alchemy + # valid examples are: + # SQLite: 'sqlite:///data.db' + # PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' + databaseUri: 'sqlite:////data/data.db' + auth: + # -- secret key to set when enabling authentication + secret: 'changeme' + # -- the number of days to keep Run history + retentionDays: 30 + # -- stop waiting for the first byte of a Probe response after the given + # number of seconds + probeHttpTimeoutSecs: 30 + # -- minimal run frequency for Resource that can be set in web UI + minimalRunFrequencyMins: 10 + # -- allow registrations from users on the website + selfRegister: false + # -- turn on email and webhook notifications + notifications: false + # -- receive additional email notifications than just Failing and Fixed + # (default True) + notificationsVerbosity: false + # -- turn on checking for OGC Exceptions in WWW:LINK Resource responses + # (default False) + wwwLinkExceptionCheck: false + # -- allows GeoHealthCheck to receive large XML files from the servers under + # test (default False). Note: setting this to True might pose a security risk + largeXml: false + # -- email address of administrator / contact- notification emails will come + # from this address + adminEmail: 'you@example.com' + # -- list of email addresses that notifications should come to. Use a + # different address to GHC_ADMIN_EMAIL if you have trouble receiving + # notification emails. Also, you can set separate notification emails t + # specific resources. Failing resource will send notification to emails from + # GHC_NOTIFICATIONS_EMAIL value and emails configured for that specific + # resource altogether. + # notificationsEmail: + # - 'you2@example.com' + # - 'you3@example.com' + notificationsEmail: [] + # -- title used for installation / deployment + siteTitle: 'GeoHealthCheck Demonstration' + # -- full URL of the installation / deployment + siteUrl: 'http://host' + # -- should the GHC Runner Daemon be run in webapp (default: True) + runnerInWebapp: true + # -- require authentication (login or Basic Auth) to access GHC webapp and + # APIs (default: False) + requireWebappAuth: false + # -- disable Basic Authentication to access GHC webapp and APIs + # (default: False), + basicAuthDisabled: false + # -- perform SSL verification for Probe HTTPS requests (default: True) + verifySsl: true + # -- logging level: 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL + # (default: 30, WARNING) + logLevel: '30' + # -- metadata, “Capabilities Docs”, cache expiry time, default 900 secs, -1 + # to disable + metadataCacheSecs: '900' + # SMTP configuration + # -- enable/disable smtp + smtpEnabled: false + # -- SMTP server name or IP + smtpServer: + # -- SMTP port + smtpPort: + # -- whether or not to use StartTLS with SMTP + smtpUseTls: + # -- SMTP server name or IP + smtpUsername: + # -- SMTP server name or IP + smtpPassword: +# -- This is for setting up a service more information can be found here: +# https://kubernetes.io/docs/concepts/services-networking/service/ +service: + # -- This sets the service type more information can be found here: + # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: 'ClusterIP' + +additionalCertificates: {} + +# -- This block is for setting up the ingress for more information can be found +# here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + # -- enable/disable ingress + enabled: false + # -- ingress class name + className: '' + # -- annotations for the ingress + # annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + annotations: {} + hosts: + - host: 'chart-example.local' + paths: + - path: '/' + pathType: 'ImplementationSpecific' + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# -- resources for the main container +# We usually recommend not to specify default resources and to leave this as +# a conscious choice for the user. This also increases chances charts run on +# environments with little resources, such as Minikube. If you do want to +# specify resources, uncomment the following lines, adjust them as necessary, +# and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +resources: {} + +# -- This is to setup the liveness and readiness probes more information can be +# found here: +# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +livenessProbe: + httpGet: + path: '/' + port: 'http' +readinessProbe: + httpGet: + path: '/' + port: 'http' + +persistence: + # -- enable persistence when using an SQLite database + enabled: true + # -- size of the data partition + size: '1Gi' + # storage class name. Leave empty for the default class + storageClassName: '' + +# -- Additional volumes on the output Deployment definition. +# volumes: +# - name: foo +# secret: +# secretName: mysecret +# optional: false +volumes: [] + +# -- Additional volumeMounts on the output Deployment definition. +# volumeMounts: +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true +volumeMounts: [] + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# Network Policy definition +networkPolicy: + # -- Enable/disable network policy generation + enabled: true + # -- allow/deny external connections. This should be enabled if you want to + # monitor resources outside of this namespace + egressEnabled: true