From 6db0219d91aba8b0695dbc8e5d3f3f674c3f60f8 Mon Sep 17 00:00:00 2001 From: Cristian Balas Date: Mon, 6 Dec 2021 14:42:26 +0200 Subject: [PATCH] Helm chart --- .circleci/build.sh | 9 +- .circleci/config.yml | 44 +++-- .circleci/deploy.sh | 7 +- .circleci/deploy_in_new_setup.sh | 5 +- .circleci/get_version.sh | 14 ++ .circleci/publish_helm_chart.sh | 25 +++ utils/helm/speckle-server/.helmignore | 23 +++ utils/helm/speckle-server/Chart.yaml | 19 ++ .../templates/configmap-db-certificate.yml | 12 ++ .../templates/deployment-backend.yml | 185 ++++++++++++++++++ .../deployment-fileimport-service.yml | 78 ++++++++ .../templates/deployment-frontend.yml | 32 +++ .../templates/deployment-preview-service.yml | 62 ++++++ .../templates/deployment-webhook-service.yml | 62 ++++++ .../helm/speckle-server/templates/ingress.yml | 34 ++++ .../templates/servicemonitor.yml | 18 ++ .../speckle-server/templates/services.yml | 35 ++++ utils/helm/speckle-server/values.yaml | 99 ++++++++++ 18 files changed, 730 insertions(+), 33 deletions(-) create mode 100755 .circleci/get_version.sh create mode 100755 .circleci/publish_helm_chart.sh create mode 100644 utils/helm/speckle-server/.helmignore create mode 100644 utils/helm/speckle-server/Chart.yaml create mode 100644 utils/helm/speckle-server/templates/configmap-db-certificate.yml create mode 100644 utils/helm/speckle-server/templates/deployment-backend.yml create mode 100644 utils/helm/speckle-server/templates/deployment-fileimport-service.yml create mode 100644 utils/helm/speckle-server/templates/deployment-frontend.yml create mode 100644 utils/helm/speckle-server/templates/deployment-preview-service.yml create mode 100644 utils/helm/speckle-server/templates/deployment-webhook-service.yml create mode 100644 utils/helm/speckle-server/templates/ingress.yml create mode 100644 utils/helm/speckle-server/templates/servicemonitor.yml create mode 100644 utils/helm/speckle-server/templates/services.yml create mode 100644 utils/helm/speckle-server/values.yaml diff --git a/.circleci/build.sh b/.circleci/build.sh index 9ebe82eeb..9ea3f0bb6 100755 --- a/.circleci/build.sh +++ b/.circleci/build.sh @@ -3,12 +3,7 @@ set -e DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG-$SPECKLE_SERVER_PACKAGE - -IMAGE_VERSION_TAG=$CIRCLE_SHA1 - -if [[ "$CIRCLE_TAG" =~ ^v.* ]]; then - IMAGE_VERSION_TAG=$CIRCLE_TAG -fi +IMAGE_VERSION_TAG=$(./.circleci/get_version.sh) docker build --build-arg SPECKLE_SERVER_VERSION=$IMAGE_VERSION_TAG -t $DOCKER_IMAGE_TAG:latest . -f packages/$SPECKLE_SERVER_PACKAGE/Dockerfile docker tag $DOCKER_IMAGE_TAG:latest $DOCKER_IMAGE_TAG:$IMAGE_VERSION_TAG @@ -17,7 +12,7 @@ echo "$DOCKER_REG_PASS" | docker login -u "$DOCKER_REG_USER" --password-stdin $D docker push $DOCKER_IMAGE_TAG:latest docker push $DOCKER_IMAGE_TAG:$IMAGE_VERSION_TAG -if [[ "$CIRCLE_TAG" =~ ^v.* ]]; then +if [[ "$IMAGE_VERSION_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then docker tag $DOCKER_IMAGE_TAG:latest $DOCKER_IMAGE_TAG:2 docker push $DOCKER_IMAGE_TAG:2 fi diff --git a/.circleci/config.yml b/.circleci/config.yml index 9601f6a87..cdeaecc0d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -33,39 +33,39 @@ workflows: context: main-builds filters: branches: - only: ci/fileimport - + only: cristi/nonexistent + jobs: test_server: docker: - - image: 'cimg/node:14.18' - - image: 'circleci/redis:6' - - image: 'cimg/postgres:12.8' + - image: "cimg/node:14.18" + - image: "circleci/redis:6" + - image: "cimg/postgres:12.8" environment: POSTGRES_DB: speckle2_test POSTGRES_PASSWORD: speckle POSTGRES_USER: speckle environment: NODE_ENV: test - DATABASE_URL: 'postgres://speckle:speckle@localhost:5432/speckle2_test' + DATABASE_URL: "postgres://speckle:speckle@localhost:5432/speckle2_test" PGDATABASE: speckle2_test PGUSER: speckle - SESSION_SECRET: 'keyboard cat' + SESSION_SECRET: "keyboard cat" STRATEGY_LOCAL: true - CANONICAL_URL: 'http://localhost:3000' + CANONICAL_URL: "http://localhost:3000" # Note: some of these commands need to be run in the server package folder. steps: - checkout - run: - command: 'npm install' - working_directory: 'packages/server' - - run: 'dockerize -wait tcp://localhost:5432 -timeout 1m' + command: "npm install" + working_directory: "packages/server" + - run: "dockerize -wait tcp://localhost:5432 -timeout 1m" - run: - command: 'npm run test:report' - working_directory: 'packages/server' + command: "npm run test:report" + working_directory: "packages/server" - run: - command: 'bash <(curl -s https://codecov.io/bash)' - working_directory: 'packages/server' + command: "bash <(curl -s https://codecov.io/bash)" + working_directory: "packages/server" - store_test_results: path: packages/server/reports @@ -100,11 +100,20 @@ jobs: - run: name: Build FileImport Service command: env SPECKLE_SERVER_PACKAGE=fileimport-service ./.circleci/build.sh + + - add_ssh_keys: + fingerprints: + - "18:74:c4:b9:dc:66:b2:66:1d:81:56:0d:0a:87:9b:b1" + - run: + name: Publish Helm Chart + command: ./.circleci/publish_helm_chart.sh + - run: name: Deploy command: | ./.circleci/deploy.sh - if [[ "$CIRCLE_TAG" =~ ^v.* ]]; then + RELEASE_VERSION=$(./.circleci/get_version.sh) + if [[ "$RELEASE_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then env K8S_CLUSTER=TOR1 K8S_NAMESPACE=${K8S_NAMESPACE_TOR1_1_RELEASE} ./.circleci/deploy_in_new_setup.sh env K8S_CLUSTER=LON1 K8S_NAMESPACE=${K8S_NAMESPACE_LON1_1_RELEASE} ./.circleci/deploy_in_new_setup.sh env K8S_CLUSTER=LON1 K8S_NAMESPACE=${K8S_NAMESPACE_LON1_2_RELEASE} ./.circleci/deploy_in_new_setup.sh @@ -120,7 +129,8 @@ jobs: name: Test deployment command: | ./utils/test-deployment/install_prerequisites.sh - if [[ "$CIRCLE_TAG" =~ ^v.* ]]; then + RELEASE_VERSION=$(./.circleci/get_version.sh) + if [[ "$RELEASE_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then ./utils/test-deployment/run_tests.py https://speckle.xyz ./utils/test-deployment/run_tests.py ${SPECKLE_URL_TOR1_1_RELEASE} else diff --git a/.circleci/deploy.sh b/.circleci/deploy.sh index bc10c64e0..bf6839020 100755 --- a/.circleci/deploy.sh +++ b/.circleci/deploy.sh @@ -4,12 +4,9 @@ set -e TARGET_SPECKLE_DEPLOYMENT=$SPECKLE_K8S_DEPLOYMENT -IMAGE_VERSION_TAG=$CIRCLE_SHA1 -if [[ "$CIRCLE_TAG" =~ ^v.* ]]; then - TARGET_SPECKLE_DEPLOYMENT=$SPECKLE_K8S_DEPLOYMENT_PROD - IMAGE_VERSION_TAG=$CIRCLE_TAG -fi +IMAGE_VERSION_TAG=$(./.circleci/get_version.sh) + echo "$K8S_CLUSTER_CERTIFICATE" | base64 --decode > k8s_cert.crt diff --git a/.circleci/deploy_in_new_setup.sh b/.circleci/deploy_in_new_setup.sh index bb20f60cd..f7f1d5861 100755 --- a/.circleci/deploy_in_new_setup.sh +++ b/.circleci/deploy_in_new_setup.sh @@ -13,11 +13,8 @@ K8S_SERVER=${!K8S_SERVER_VARIABLE} # K8S_NAMESPACE -IMAGE_VERSION_TAG=$CIRCLE_SHA1 +IMAGE_VERSION_TAG=$(./.circleci/get_version.sh) -if [[ "$CIRCLE_TAG" =~ ^v.* ]]; then - IMAGE_VERSION_TAG=$CIRCLE_TAG -fi echo "$K8S_CLUSTER_CERTIFICATE" | base64 --decode > k8s_cert.crt diff --git a/.circleci/get_version.sh b/.circleci/get_version.sh new file mode 100755 index 000000000..6b90b026d --- /dev/null +++ b/.circleci/get_version.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +LAST_RELEASE=$(git describe --always --tags `git rev-list --tags` | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | head -n 1) +NEXT_RELEASE=$(echo ${LAST_RELEASE} | python -c "parts = input().split('.'); parts[-1] = str(int(parts[-1])+1); print('.'.join(parts))") + +if [[ "$CIRCLE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo $CIRCLE_TAG + exit 0 +fi + +echo "$NEXT_RELEASE-alpha.$CIRCLE_BUILD_NUM" +exit 0 diff --git a/.circleci/publish_helm_chart.sh b/.circleci/publish_helm_chart.sh new file mode 100755 index 000000000..84eeb3557 --- /dev/null +++ b/.circleci/publish_helm_chart.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +set -e + +RELEASE_VERSION=$(./.circleci/get_version.sh) + +echo "Releasing Helm Chart version $RELEASE_VERSION" + +git config --global user.email "devops+circleci@speckle.systems" +git config --global user.name "CI" + +git clone git@github.com:specklesystems/helm.git ~/helm +rm -rf ~/helm/charts/speckle-server +cp -r utils/helm/speckle-server ~/helm/charts/speckle-server + +echo 'version: '$RELEASE_VERSION >> ~/helm/charts/speckle-server/Chart.yaml +echo 'appVersion: "'$RELEASE_VERSION'"' >> ~/helm/charts/speckle-server/Chart.yaml + +sed -i 's/docker_image_tag: [^\s]*/docker_image_tag: '$RELEASE_VERSION'/g' ~/helm/charts/speckle-server/values.yaml + +cd ~/helm + +git add . +git commit -m "CircleCI commit" +git push diff --git a/utils/helm/speckle-server/.helmignore b/utils/helm/speckle-server/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/utils/helm/speckle-server/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/utils/helm/speckle-server/Chart.yaml b/utils/helm/speckle-server/Chart.yaml new file mode 100644 index 000000000..ba4561c1d --- /dev/null +++ b/utils/helm/speckle-server/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: speckle-server +description: Speckle Server + +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) + +# Set by the build process to the corect value +# version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. + +# Set by the build process to the corect value +# appVersion: "2.3.3" diff --git a/utils/helm/speckle-server/templates/configmap-db-certificate.yml b/utils/helm/speckle-server/templates/configmap-db-certificate.yml new file mode 100644 index 000000000..d9e8a8b85 --- /dev/null +++ b/utils/helm/speckle-server/templates/configmap-db-certificate.yml @@ -0,0 +1,12 @@ +{{ if .Values.db.useCertificate }} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-certificate + namespace: {{ .Values.namespace }} +data: + ca-certificate.crt: | +{{ .Values.db.certificate | indent 4 }} + +{{ end }} diff --git a/utils/helm/speckle-server/templates/deployment-backend.yml b/utils/helm/speckle-server/templates/deployment-backend.yml new file mode 100644 index 000000000..138d92920 --- /dev/null +++ b/utils/helm/speckle-server/templates/deployment-backend.yml @@ -0,0 +1,185 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: speckle-server + namespace: {{ .Values.namespace }} + labels: + app: speckle-server + project: speckle-server +spec: + replicas: {{ .Values.server.replicas }} + selector: + matchLabels: + app: speckle-server + project: speckle-server + template: + metadata: + labels: + app: speckle-server + project: speckle-server + spec: + priorityClassName: high-priority + + {{- if .Values.db.useCertificate }} + volumes: + - name: postgres-certificate + configMap: + name: postgres-certificate + {{- end }} + + containers: + - name: main + image: speckle/speckle-server:{{ .Values.docker_image_tag }} + + resources: + requests: + cpu: {{ .Values.server.requests.cpu }} + memory: {{ .Values.server.requests.memory }} + limits: + cpu: {{ .Values.server.limits.cpu }} + memory: {{ .Values.server.limits.memory }} + + {{- if .Values.db.useCertificate }} + volumeMounts: + - name: postgres-certificate + mountPath: /postgres-certificate + {{- end }} + + env: + - name: CANONICAL_URL + value: https://{{ .Values.domain }} + + - name: PORT + value: "3000" + - name: DEBUG + value: "speckle:*" + + - name: SESSION_SECRET + valueFrom: + secretKeyRef: + name: "{{ .Values.secretName }}" + key: session_secret + + # *** Redis *** + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: redis_url + + # *** PostgreSQL Database *** + - name: POSTGRES_URL + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: postgres_url + + - name: PGSSLMODE + value: "{{ .Values.db.PGSSLMODE }}" + + {{- if .Values.db.useCertificate }} + - name: NODE_EXTRA_CA_CERTS + value: "/postgres-certificate/ca-certificate.crt" + {{- end }} + + # *** S3 Object Storage *** + {{- if .Values.s3.endpoint }} + - name: S3_ENDPOINT + value: {{ .Values.s3.endpoint }} + - name: S3_ACCESS_KEY + value: {{ .Values.s3.access_key }} + - name: S3_BUCKET + value: {{ .Values.s3.bucket }} + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: s3_secret_key + {{- end }} + + # *** Authentication *** + + # Local Auth + {{- if .Values.server.auth.local.enabled }} + - name: STRATEGY_LOCAL + value: "true" + {{- else }} + - name: STRATEGY_LOCAL + value: "false" + {{- end }} + + # Google Auth + {{- if .Values.server.auth.google.enabled }} + - name: STRATEGY_GOOGLE + value: "true" + - name: GOOGLE_CLIENT_ID + value: {{ .Values.server.auth.google.client_id }} + - name: GOOGLE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: google_client_secret + {{- end }} + + # Github Auth + {{- if .Values.server.auth.github.enabled }} + - name: STRATEGY_GITHUB + value: "true" + - name: GITHUB_CLIENT_ID + value: {{ .Values.server.auth.github.client_id }} + - name: GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: github_client_secret + {{- end }} + + # AzureAD Auth + {{- if .Values.server.auth.azure_ad.enabled }} + - name: STRATEGY_AZURE_AD + value: "true" + - name: AZURE_AD_ORG_NAME + value: {{ .Values.server.auth.azure_ad.org_name }} + - name: AZURE_AD_IDENTITY_METADATA + value: {{ .Values.server.auth.azure_ad.identity_metadata }} + - name: AZURE_AD_ISSUER + value: {{ .Values.server.auth.azure_ad.issuer }} + - name: AZURE_AD_CLIENT_ID + value: {{ .Values.server.auth.azure_ad.client_id }} + - name: AZURE_AD_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: azure_ad_client_secret + {{- end }} + + + # *** Email *** + + {{- if .Values.server.email.enabled }} + - name: EMAIL + value: "true" + - name: EMAIL_HOST + value: "{{ .Values.server.email.host }}" + - name: EMAIL_PORT + value: "{{ .Values.server.email.port }}" + - name: EMAIL_USERNAME + value: "{{ .Values.server.email.username }}" + - name: EMAIL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: email_password + {{- end }} + + # *** Tracking / Tracing *** + - name: SENTRY_DSN + value: {{ .Values.server.sentry_dns }} + {{- if .Values.server.disable_tracing }} + - name: DISABLE_TRACING + value: "true" + {{- end }} + {{- if .Values.server.disable_tracking }} + - name: DISABLE_TRACKING + value: "true" + {{- end }} diff --git a/utils/helm/speckle-server/templates/deployment-fileimport-service.yml b/utils/helm/speckle-server/templates/deployment-fileimport-service.yml new file mode 100644 index 000000000..5d1a830b4 --- /dev/null +++ b/utils/helm/speckle-server/templates/deployment-fileimport-service.yml @@ -0,0 +1,78 @@ +{{- if .Values.s3.endpoint }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: speckle-fileimport-service + namespace: {{ .Values.namespace }} + labels: + app: speckle-fileimport-service + project: speckle-server +spec: + replicas: {{ .Values.fileimport_service.replicas }} + selector: + matchLabels: + app: speckle-fileimport-service + project: speckle-server + template: + metadata: + labels: + app: speckle-fileimport-service + project: speckle-server + spec: + priorityClassName: low-priority + + {{- if .Values.db.useCertificate }} + volumes: + - name: postgres-certificate + configMap: + name: postgres-certificate + {{- end }} + + containers: + - name: main + image: speckle/speckle-fileimport-service:{{ .Values.docker_image_tag }} + + resources: + requests: + cpu: {{ .Values.fileimport_service.requests.cpu }} + memory: {{ .Values.fileimport_service.requests.memory }} + limits: + cpu: {{ .Values.fileimport_service.limits.cpu }} + memory: {{ .Values.fileimport_service.limits.memory }} + + {{- if .Values.db.useCertificate }} + volumeMounts: + - name: postgres-certificate + mountPath: /postgres-certificate + {{- end }} + + env: + - name: PG_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: postgres_url + + - name: DEBUG + value: "fileimport-service:*" + + {{- if .Values.db.useCertificate }} + - name: NODE_EXTRA_CA_CERTS + value: "/postgres-certificate/ca-certificate.crt" + {{- end }} + + + - name: S3_ENDPOINT + value: {{ .Values.s3.endpoint }} + - name: S3_ACCESS_KEY + value: {{ .Values.s3.access_key }} + - name: S3_BUCKET + value: {{ .Values.s3.bucket }} + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: s3_secret_key + +{{- end }} diff --git a/utils/helm/speckle-server/templates/deployment-frontend.yml b/utils/helm/speckle-server/templates/deployment-frontend.yml new file mode 100644 index 000000000..4b1e371f7 --- /dev/null +++ b/utils/helm/speckle-server/templates/deployment-frontend.yml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: speckle-frontend + namespace: {{ .Values.namespace }} + labels: + app: speckle-frontend + project: speckle-server +spec: + replicas: {{ .Values.frontend.replicas }} + selector: + matchLabels: + app: speckle-frontend + project: speckle-server + template: + metadata: + labels: + app: speckle-frontend + project: speckle-server + spec: + priorityClassName: high-priority + + containers: + - name: main + image: speckle/speckle-frontend:{{ .Values.docker_image_tag }} + resources: + requests: + cpu: {{ .Values.frontend.requests.cpu }} + memory: {{ .Values.frontend.requests.memory }} + limits: + cpu: {{ .Values.frontend.limits.cpu }} + memory: {{ .Values.frontend.limits.memory }} diff --git a/utils/helm/speckle-server/templates/deployment-preview-service.yml b/utils/helm/speckle-server/templates/deployment-preview-service.yml new file mode 100644 index 000000000..09d205769 --- /dev/null +++ b/utils/helm/speckle-server/templates/deployment-preview-service.yml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: speckle-preview-service + namespace: {{ .Values.namespace }} + labels: + app: speckle-preview-service + project: speckle-server +spec: + replicas: {{ .Values.preview_service.replicas }} + selector: + matchLabels: + app: speckle-preview-service + project: speckle-server + template: + metadata: + labels: + app: speckle-preview-service + project: speckle-server + spec: + priorityClassName: low-priority + + {{- if .Values.db.useCertificate }} + volumes: + - name: postgres-certificate + configMap: + name: postgres-certificate + {{- end }} + + containers: + - name: main + image: speckle/speckle-preview-service:{{ .Values.docker_image_tag }} + + resources: + requests: + cpu: {{ .Values.preview_service.requests.cpu }} + memory: {{ .Values.preview_service.requests.memory }} + limits: + cpu: {{ .Values.preview_service.limits.cpu }} + memory: {{ .Values.preview_service.limits.memory }} + + {{- if .Values.db.useCertificate }} + volumeMounts: + - name: postgres-certificate + mountPath: /postgres-certificate + {{- end }} + + env: + - name: PG_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: postgres_url + + - name: DEBUG + value: "preview-service:*" + + {{- if .Values.db.useCertificate }} + - name: NODE_EXTRA_CA_CERTS + value: "/postgres-certificate/ca-certificate.crt" + {{- end }} + diff --git a/utils/helm/speckle-server/templates/deployment-webhook-service.yml b/utils/helm/speckle-server/templates/deployment-webhook-service.yml new file mode 100644 index 000000000..49408b406 --- /dev/null +++ b/utils/helm/speckle-server/templates/deployment-webhook-service.yml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: speckle-webhook-service + namespace: {{ .Values.namespace }} + labels: + app: speckle-webhook-service + project: speckle-server +spec: + replicas: {{ .Values.webhook_service.replicas }} + selector: + matchLabels: + app: speckle-webhook-service + project: speckle-server + template: + metadata: + labels: + app: speckle-webhook-service + project: speckle-server + spec: + priorityClassName: low-priority + + {{- if .Values.db.useCertificate }} + volumes: + - name: postgres-certificate + configMap: + name: postgres-certificate + {{- end }} + + containers: + - name: main + image: speckle/speckle-webhook-service:{{ .Values.docker_image_tag }} + + resources: + requests: + cpu: {{ .Values.webhook_service.requests.cpu }} + memory: {{ .Values.webhook_service.requests.memory }} + limits: + cpu: {{ .Values.webhook_service.limits.cpu }} + memory: {{ .Values.webhook_service.limits.memory }} + + {{- if .Values.db.useCertificate }} + volumeMounts: + - name: postgres-certificate + mountPath: /postgres-certificate + {{- end }} + + env: + - name: PG_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: postgres_url + + - name: DEBUG + value: "webhook-service:*" + + {{- if .Values.db.useCertificate }} + - name: NODE_EXTRA_CA_CERTS + value: "/postgres-certificate/ca-certificate.crt" + {{- end }} + diff --git a/utils/helm/speckle-server/templates/ingress.yml b/utils/helm/speckle-server/templates/ingress.yml new file mode 100644 index 000000000..baadb5bf3 --- /dev/null +++ b/utils/helm/speckle-server/templates/ingress.yml @@ -0,0 +1,34 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: speckle-server + namespace: {{ .Values.namespace }} + annotations: + cert-manager.io/cluster-issuer: {{ .Values.cert_manager_issuer }} + nginx.ingress.kubernetes.io/proxy-body-size: "100m" + nginx.org/client-max-body-size: "100m" + nginx.ingress.kubernetes.io/use-regex: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - {{ .Values.domain }} + secretName: server-tls + rules: + - host: {{ .Values.domain }} + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: speckle-frontend + port: + number: 80 + - pathType: Exact + path: "/(graphql|explorer|(auth/.*)|(objects/.*)|(preview/.*)|(api/.*))" + backend: + service: + name: speckle-server + port: + number: 3000 diff --git a/utils/helm/speckle-server/templates/servicemonitor.yml b/utils/helm/speckle-server/templates/servicemonitor.yml new file mode 100644 index 000000000..4d2ec826d --- /dev/null +++ b/utils/helm/speckle-server/templates/servicemonitor.yml @@ -0,0 +1,18 @@ +{{ if .Values.enable_prometheus_monitoring }} + +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: speckle-server + namespace: {{ .Values.namespace }} + labels: + app: speckle-server + release: kube-prometheus-stack +spec: + selector: + matchLabels: + project: speckle-server + endpoints: + - port: web + +{{ end }} diff --git a/utils/helm/speckle-server/templates/services.yml b/utils/helm/speckle-server/templates/services.yml new file mode 100644 index 000000000..0ef12ae92 --- /dev/null +++ b/utils/helm/speckle-server/templates/services.yml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Service +metadata: + name: speckle-server + namespace: {{ .Values.namespace }} + labels: + app: speckle-server + project: speckle-server +spec: + selector: + app: speckle-server + project: speckle-server + ports: + - protocol: TCP + name: web + port: 3000 + targetPort: 3000 +--- +apiVersion: v1 +kind: Service +metadata: + name: speckle-frontend + namespace: {{ .Values.namespace }} + labels: + app: speckle-frontend + project: speckle-server +spec: + selector: + app: speckle-frontend + project: speckle-server + ports: + - protocol: TCP + name: www + port: 80 + targetPort: 80 diff --git a/utils/helm/speckle-server/values.yaml b/utils/helm/speckle-server/values.yaml new file mode 100644 index 000000000..05b542039 --- /dev/null +++ b/utils/helm/speckle-server/values.yaml @@ -0,0 +1,99 @@ +namespace: speckle-test + +domain: localhost + +docker_image_tag: v2.3.3 + +db: + # postgres_url: secret -> postgres_url + useCertificate: false + certificate: "" # Multi-line string with the contents of `ca-certificate.crt` + PGSSLMODE: require + +s3: + endpoint: "" + bucket: "" + access_key: "" + # secret_key: secret -> s3_secret_key + +#redis: +# redis_url: secret -> redis_url + +server: + replicas: 1 + # session_secret: secret -> `session_secret` + auth: + local: + enabled: true + google: + enabled: false + client_id: "" + # client_secret: secret -> `google_client_secret` + github: + enabled: false + client_id: "" + # client_secret: secret -> `github_client_secret` + azure_ad: + enabled: false + org_name: "" + identity_metadata: "" + issuer: "" + client_id: "" + # client_secret: secret -> `azure_ad_client_secret` + email: + enabled: false + host: "" + port: "" + username: "" + # password: secret -> `email_password` + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: 1000m + memory: 3Gi + + sentry_dns: "" + disable_tracking: false + disable_tracing: false + +frontend: + replicas: 1 + requests: + cpu: 250m + memory: 256Mi + limits: + cpu: 1000m + memory: 512Mi + +preview_service: + replicas: 1 + requests: + cpu: 500m + memory: 2Gi + limits: + cpu: 1000m + memory: 4Gi + +webhook_service: + replicas: 1 + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 200m + memory: 512Mi + +fileimport_service: + replicas: 1 + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 1000m + memory: 2Gi + +secretName: server-vars + +enable_prometheus_monitoring: false +cert_manager_issuer: letsencrypt-staging