diff --git a/applications/cms/charts/strapi/.helmignore b/applications/cms/charts/strapi/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/applications/cms/charts/strapi/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/applications/cms/charts/strapi/Chart.lock b/applications/cms/charts/strapi/Chart.lock new file mode 100644 index 00000000..15795f00 --- /dev/null +++ b/applications/cms/charts/strapi/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: replicated + repository: oci://registry.replicated.com/library + version: 1.2.0 +digest: sha256:2dc1a4c90d9297812b800e35913980fccdf3e5d0d31dd08f1df32e7e4da86ec6 +generated: "2025-03-31T14:34:59.348191+13:00" diff --git a/applications/cms/charts/strapi/Chart.yaml b/applications/cms/charts/strapi/Chart.yaml new file mode 100644 index 00000000..5ce774bd --- /dev/null +++ b/applications/cms/charts/strapi/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: strapi +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "3.6.8" +dependencies: +- name: replicated + version: "~1.2.0" + repository: "oci://registry.replicated.com/library" + condition: replicated.enabled diff --git a/applications/cms/charts/strapi/templates/NOTES.txt b/applications/cms/charts/strapi/templates/NOTES.txt new file mode 100644 index 00000000..2b699821 --- /dev/null +++ b/applications/cms/charts/strapi/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "strapi.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "strapi.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "strapi.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "strapi.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/applications/cms/charts/strapi/templates/_helpers.tpl b/applications/cms/charts/strapi/templates/_helpers.tpl new file mode 100644 index 00000000..822867e2 --- /dev/null +++ b/applications/cms/charts/strapi/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "strapi.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "strapi.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "strapi.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "strapi.labels" -}} +helm.sh/chart: {{ include "strapi.chart" . }} +{{ include "strapi.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "strapi.selectorLabels" -}} +app.kubernetes.io/name: {{ include "strapi.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "strapi.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "strapi.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/applications/cms/charts/strapi/templates/claim.yaml b/applications/cms/charts/strapi/templates/claim.yaml new file mode 100644 index 00000000..e6408ffa --- /dev/null +++ b/applications/cms/charts/strapi/templates/claim.yaml @@ -0,0 +1,18 @@ +{{- if .Values.storage.claim.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "strapi.fullname" . }}-pvc + annotations: + "helm.sh/resource-policy": keep + labels: + {{- include "strapi.labels" . | nindent 4 }} +spec: + accessModes: {{ .Values.storage.accessModes }} + {{- if .Values.storage.storageClassName }} + storageClassName: {{ .Values.storage.storageClassName }} + {{- end }} + resources: + requests: + storage: {{ .Values.storage.capacity }} +{{- end }} diff --git a/applications/cms/charts/strapi/templates/configmap.yaml b/applications/cms/charts/strapi/templates/configmap.yaml new file mode 100644 index 00000000..e6a43b91 --- /dev/null +++ b/applications/cms/charts/strapi/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.configMap.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "strapi.fullname" . }} +data: + {{- range $key, $value := .Values.configMap.data }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} diff --git a/applications/cms/charts/strapi/templates/deployment.yaml b/applications/cms/charts/strapi/templates/deployment.yaml new file mode 100644 index 00000000..75ab7674 --- /dev/null +++ b/applications/cms/charts/strapi/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "strapi.fullname" . }} + labels: + {{- include "strapi.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "strapi.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "strapi.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "strapi.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.storage.claim.enabled }} + volumeMounts: + - name: {{ include "strapi.fullname" . }}-storage + mountPath: {{ .Values.storage.mountPath }} + {{- end }} + {{- if or .Values.configMap.enabled .Values.secret.enabled }} + envFrom: + {{- if .Values.configMap.enabled }} + - configMapRef: + name: {{ include "strapi.fullname" . }} + {{- end }} + {{- if .Values.secret.enabled }} + - secretRef: + name: {{ include "strapi.fullname" . }} + {{- end }} + {{- end }} + {{- if .Values.storage.claim.enabled }} + volumes: + - name: {{ include "strapi.fullname" . }}-storage + persistentVolumeClaim: + claimName: {{ include "strapi.fullname" . }}-pvc + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/applications/cms/charts/strapi/templates/postgres-db.yaml b/applications/cms/charts/strapi/templates/postgres-db.yaml new file mode 100644 index 00000000..85a3e2e7 --- /dev/null +++ b/applications/cms/charts/strapi/templates/postgres-db.yaml @@ -0,0 +1,67 @@ +{{- if .Values.postgres.embedded.enabled -}} +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: postgres + {{- with .Values.postgres.embedded.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded + {{- end }} + labels: + {{- with .Values.postgres.embedded.additionalLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} +spec: + bootstrap: + initdb: + database: {{ .Values.postgres.embedded.initdb.database | quote }} + owner: {{ .Values.postgres.embedded.initdb.owner | quote }} + secret: + name: {{ .Values.postgres.embedded.initdb.secret.name }} + instances: 1 + imageName: "{{ .Values.postgres.embedded.image.repository }}:{{ .Values.postgres.embedded.image.tag }}" + imagePullPolicy: {{ .Values.postgres.embedded.imagePullPolicy }} + {{- with .Values.postgres.embedded.imagePullSecrets}} + imagePullSecrets: + {{- . | toYaml | nindent 4 }} + {{- end }} + postgresUID: {{ .Values.postgres.embedded.postgresUID }} + postgresGID: {{ .Values.postgres.embedded.postgresGID }} + storage: + size: {{ .Values.postgres.embedded.storage.size }} + storageClass: {{ .Values.postgres.embedded.storage.storageClass }} + {{- with .Values.postgres.embedded.resources }} + resources: + {{- toYaml . | nindent 4 }} + {{ end }} + {{- with .Values.postgres.embedded.affinity }} + affinity: + {{- toYaml . | nindent 4 }} + {{- end }} + priorityClassName: {{ .Values.postgres.embedded.priorityClassName }} + primaryUpdateMethod: {{ .Values.postgres.embedded.primaryUpdateMethod }} + primaryUpdateStrategy: {{ .Values.postgres.embedded.primaryUpdateStrategy }} + logLevel: {{ .Values.postgres.embedded.logLevel }} + {{- with .Values.postgres.embedded.certificates }} + certificates: + {{- toYaml . | nindent 4 }} + {{ end }} + enableSuperuserAccess: {{ .Values.postgres.embedded.enableSuperuserAccess }} + {{- with .Values.postgres.embedded.superuserSecret }} + superuserSecret: + name: {{ . }} + {{ end }} + postgresql: + {{- with .Values.postgres.embedded.postgresql }} + parameters: + {{- toYaml . | nindent 6 }} + {{ end }} + managed: + {{- with .Values.postgres.embedded.roles }} + roles: + {{- toYaml . | nindent 6 }} + {{ end }} +{{- end -}} diff --git a/applications/cms/charts/strapi/templates/postgres-secret.yaml b/applications/cms/charts/strapi/templates/postgres-secret.yaml new file mode 100644 index 00000000..42dc67a2 --- /dev/null +++ b/applications/cms/charts/strapi/templates/postgres-secret.yaml @@ -0,0 +1,21 @@ +{{- if .Values.postgres.embedded.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: postgres-initdb-secret + {{- with .Values.postgres.embedded.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded + {{- end }} + labels: + {{- with .Values.postgres.embedded.additionalLabels }} + {{ toYaml . | nindent 4 }} + {{- end }} +type: kubernetes.io/basic-auth +stringData: + username: {{ .Values.postgres.auth.username }} + password: {{ .Values.postgres.auth.password }} +{{- end -}} diff --git a/applications/cms/charts/strapi/templates/postgres-service.yaml b/applications/cms/charts/strapi/templates/postgres-service.yaml new file mode 100644 index 00000000..95c2f32d --- /dev/null +++ b/applications/cms/charts/strapi/templates/postgres-service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.postgres.embedded.service.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: postgres-nodeport + labels: + app.kubernetes.io/name: postgres + app.kubernetes.io/instance: postgres + app.kubernetes.io/component: primary + cnpg.io/cluster: postgres + cnpg.io/instanceRole: primary +spec: + type: {{ .Values.postgres.embedded.service.type | default "ClusterIP" }} + ports: + - name: postgres + port: {{ .Values.postgres.embedded.service.port | default 5432 }} + targetPort: {{ .Values.postgres.embedded.service.targetPort | default 5432 }} + {{- if eq .Values.postgres.embedded.service.type "NodePort" }} + nodePort: {{ .Values.postgres.embedded.service.nodePort | default 5432 }} + {{- end }} + selector: + cnpg.io/cluster: postgres + cnpg.io/instanceRole: primary +{{- end -}} diff --git a/applications/cms/charts/strapi/templates/secret.yaml b/applications/cms/charts/strapi/templates/secret.yaml new file mode 100644 index 00000000..ec401647 --- /dev/null +++ b/applications/cms/charts/strapi/templates/secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.secret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "strapi.fullname" . }} +type: Opaque +data: + {{- range $key, $value := .Values.secret.data }} + {{ $key }}: {{ $value | b64enc }} + {{- end }} +{{- end }} diff --git a/applications/cms/charts/strapi/templates/service.yaml b/applications/cms/charts/strapi/templates/service.yaml new file mode 100644 index 00000000..c4f91a3c --- /dev/null +++ b/applications/cms/charts/strapi/templates/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "strapi.fullname" . }} + labels: + {{- include "strapi.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.containerPort }} + protocol: TCP + name: {{ .Values.service.portName }} + {{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + {{- include "strapi.selectorLabels" . | nindent 4 }} diff --git a/applications/cms/charts/strapi/templates/serviceaccount.yaml b/applications/cms/charts/strapi/templates/serviceaccount.yaml new file mode 100644 index 00000000..2d697244 --- /dev/null +++ b/applications/cms/charts/strapi/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "strapi.serviceAccountName" . }} + labels: + {{- include "strapi.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/applications/cms/charts/strapi/templates/tests/test-connection.yaml b/applications/cms/charts/strapi/templates/tests/test-connection.yaml new file mode 100644 index 00000000..c4472b3f --- /dev/null +++ b/applications/cms/charts/strapi/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "strapi.fullname" . }}-test-connection" + labels: + {{- include "strapi.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "strapi.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/applications/cms/charts/strapi/values.yaml b/applications/cms/charts/strapi/values.yaml new file mode 100644 index 00000000..e88b3bb3 --- /dev/null +++ b/applications/cms/charts/strapi/values.yaml @@ -0,0 +1,213 @@ +# Default values for strapi. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +storage: + claim: + enabled: true + accessModes: + - "ReadWriteOnce" + mountPath: "/srv/app" + capacity: 5Gi + +image: + repository: strapi/strapi + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "3.6.8" + +configMap: + enabled: true + data: + HOST: 0.0.0.0 + PORT: "1337" + NODE_ENV: production + DATABASE_HOST: postgres-nodeport + DATABASE_PORT: "5432" + DATABASE_USERNAME: strapi + DATABASE_NAME: strapi + DATABASE_CLIENT: postgres + +secret: + enabled: true + data: + APP_KEYS: "toBeModified1,toBeModified2" + API_TOKEN_SALT: tobemodified + ADMIN_JWT_SECRET: tobemodified + TRANSFER_TOKEN_SALT: tobemodified + JWT_SECRET: tobemodified + DATABASE_USERNAME: strapi + DATABASE_PASSWORD: strapi + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort + port: 1337 + containerPort: 1337 + nodePort: 31337 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 600 +readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 600 +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Embedded Postgres configuration +# Deploys a cluster using the CloudnativePG Operator +# [[ref]](https://github.com/cloudnative-pg/cloudnative-pg) +postgres: + # -- Postgres credentials secret configuration + auth: + username: strapi + password: strapi + + embedded: + # -- Specifies whether to enable the Embedded Postgres cluster + enabled: true + # -- Postgres cluster annotations + annotations: {} + # -- Addtional labels for Postgres cluster + additionalLabels: {} + # -- Number of Postgres instances to deploy + instances: 1 + image: + # -- Image registry + repository: ghcr.io/cloudnative-pg/postgresql + # -- Image tag + tag: '15.2' + # -- Image pull policy + imagePullPolicy: IfNotPresent + # -- Image pull secrets + imagePullSecrets: [] + # -- Postgres InitDB configuration + initdb: + # -- Postgres database name to be initilized + database: strapi + # -- Postgres username name to be initilized + owner: strapi + # -- Postgres secret name + secret: + name: 'postgres-initdb-secret' + # -- Postgres init application SQL + postInitApplicationSQL: [] + # -- Postgres UID + postgresUID: 26 + # -- Postgres GID + postgresGID: 26 + service: + enabled: true + type: ClusterIP + # -- Postgres storage configuration + storage: + size: 10Gi + storageClass: '' + # -- Postgres resources + resources: {} + # -- Postgres priority class name + priorityClassName: '' + # -- Postgres primary update method + primaryUpdateMethod: switchover + # -- Postgres primary update strategy + primaryUpdateStrategy: unsupervised + # -- Postgres log level + logLevel: 'info' + # -- Affinity/Anti-affinity rules for Pods. + # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-AffinityConfiguration + affinity: + topologyKey: topology.kubernetes.io/zone + # -- The configuration for the CA and related certificates. + # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-CertificatesConfiguration + certificates: {} + # -- When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password. + # If the secret is not present, the operator will automatically create one. + # When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, + # and then blank the password of the postgres user by setting it to NULL. + enableSuperuserAccess: true + superuserSecret: '' + + # -- This feature enables declarative management of existing roles, as well as the creation of new roles if they are not + # already present in the database. + # See: https://cloudnative-pg.io/documentation/current/declarative_role_management/ + roles: + [] + # - name: dante + # ensure: present + # comment: Dante Alighieri + # login: true + # superuser: false + # inRoles: + # - pg_monitor + # - pg_signal_backend + + # -- Configuration of the PostgreSQL server. + # See: https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PostgresConfiguration + postgresql: + {} diff --git a/applications/cms/taskfile.yaml b/applications/cms/taskfile.yaml new file mode 100644 index 00000000..ba959eec --- /dev/null +++ b/applications/cms/taskfile.yaml @@ -0,0 +1,98 @@ +version: "3" + +includes: + utils: ./taskfiles/utils.yml + +vars: + # Application configuration + APP_NAME: '{{.APP_NAME | default "cms"}}' + + + # Cluster configuration + CLUSTER_NAME: '{{.CLUSTER_NAME | default (printf "%s-test-cluster" .APP_NAME)}}' + K8S_VERSION: '{{.K8S_VERSION | default "1.32.2"}}' + DISK_SIZE: '{{.DISK_SIZE | default "100"}}' + INSTANCE_TYPE: '{{.INSTANCE_TYPE | default "r1.small"}}' + DISTRIBUTION: '{{.DISTRIBUTION | default "k3s"}}' + KUBECONFIG_FILE: './{{.CLUSTER_NAME}}.kubeconfig' + +tasks: + default: + desc: Show available tasks + cmds: + - task -s --list + + create-cluster: + desc: Create a test cluster using Replicated Compatibility Matrix (use EMBEDDED=true for embedded clusters) + run: once + silent: false + vars: + EMBEDDED: '{{.EMBEDDED | default "false"}}' + LICENSE_ID: '{{if eq .EMBEDDED "true"}}{{.LICENSE_ID | default "2cmqT1dBVHZ3aSH21kPxWtgoYGr"}}{{end}}' + TIMEOUT: '{{if eq .EMBEDDED "true"}}420{{else}}300{{end}}' + status: + - replicated cluster ls --output json | jq -e '.[] | select(.name == "{{.CLUSTER_NAME}}")' > /dev/null + cmds: + - | + if [ "{{.EMBEDDED}}" = "true" ]; then + echo "Creating embedded cluster {{.CLUSTER_NAME}} with license ID {{.LICENSE_ID}}..." + replicated cluster create --distribution embedded-cluster --name {{.CLUSTER_NAME}} --license-id {{.LICENSE_ID}} + else + echo "Creating cluster {{.CLUSTER_NAME}} with distribution {{.DISTRIBUTION}}..." + replicated cluster create --name {{.CLUSTER_NAME}} --distribution {{.DISTRIBUTION}} --version {{.K8S_VERSION}} --disk {{.DISK_SIZE}} --instance-type {{.INSTANCE_TYPE}} + fi + - task: utils:wait-for-cluster + vars: + TIMEOUT: "{{.TIMEOUT}}" + + verify-kubeconfig: + desc: Verify kubeconfig + silent: false + run: once + cmds: + - | + if [ -f {{.KUBECONFIG_FILE}} ]; then + echo "Getting Cluster ID From Replicated Cluster list" + CLUSTER_ID=$(replicated cluster ls --output json | jq -r '.[] | select(.name == "{{.CLUSTER_NAME}}") | .id') + echo "Getting Cluster ID From Kubeconfig" + CLUSTER_ID_KUBECONFIG=$(grep "current-context:" {{.KUBECONFIG_FILE}} | cut -d'-' -f3) + if [ "$CLUSTER_ID" != "$CLUSTER_ID_KUBECONFIG" ]; then + echo "{{.CLUSTER_NAME}} Cluster ID between Replicated ($CLUSTER_ID) and Kubeconfig ($CLUSTER_ID_KUBECONFIG) mismatch" + echo "Removing old kubeconfig file" + rm -f {{.KUBECONFIG_FILE}} + fi + fi + + setup-kubeconfig: + desc: Get kubeconfig and prepare cluster for application deployment + silent: false + run: once + cmds: + - task: utils:get-kubeconfig + - task: utils:remove-k3s-traefik + status: + - | + # Check if kubeconfig exists + test -f {{.KUBECONFIG_FILE}} && \ + # For k3s, also check if traefik is removed + if [ "{{.DISTRIBUTION}}" = "k3s" ]; then + KUBECONFIG={{.KUBECONFIG_FILE}} helm list -n kube-system -o json | \ + jq -e 'map(select(.name == "traefik" or .name == "traefik-crd")) | length == 0' >/dev/null + else + true + fi + deps: + - create-cluster + - verify-kubeconfig + + export-kubeconfig: + desc: Export kubeconfig to environment variable + cmds: + - | + FULL_PATH=$(realpath {{.KUBECONFIG_FILE}}) + echo -e "\033[31mRun this command in your terminal to set KUBECONFIG:\033[0m" + echo -e "\033[31mexport KUBECONFIG=$FULL_PATH\033[0m" + deps: + - setup-kubeconfig + + diff --git a/applications/cms/taskfiles/utils.yml b/applications/cms/taskfiles/utils.yml new file mode 100644 index 00000000..10190ee5 --- /dev/null +++ b/applications/cms/taskfiles/utils.yml @@ -0,0 +1,88 @@ +version: "3" + +tasks: + get-kubeconfig: + desc: Get kubeconfig for the test cluster (internal) + internal: true + silent: false + run: once + cmds: + - | + echo "Getting kubeconfig for cluster {{.CLUSTER_NAME}}..." + replicated cluster kubeconfig --name {{.CLUSTER_NAME}} --output-path {{.KUBECONFIG_FILE}} + status: + - test -f {{.KUBECONFIG_FILE}} + + remove-k3s-traefik: + desc: Remove pre-installed Traefik from k3s clusters (internal) + internal: true + silent: false + run: once + status: + - | + # Only check if we need to run this for k3s distributions + if [ "{{.DISTRIBUTION}}" != "k3s" ]; then + exit 0 # Not a k3s cluster, so we're "done" + fi + + # Check if traefik is already removed by looking for the helm releases + KUBECONFIG={{.KUBECONFIG_FILE}} helm list -n kube-system -o json | \ + jq -e 'map(select(.name == "traefik" or .name == "traefik-crd")) | length == 0' >/dev/null + cmds: + - | + # Only run for k3s distributions + if [ "{{.DISTRIBUTION}}" = "k3s" ]; then + echo "Checking for pre-installed Traefik in k3s cluster..." + + # Check if traefik is installed in kube-system namespace + TRAEFIK_CHARTS=$(KUBECONFIG={{.KUBECONFIG_FILE}} helm list -n kube-system -o json | jq -r '.[] | select(.name == "traefik" or .name == "traefik-crd") | .name') + + if [ -n "$TRAEFIK_CHARTS" ]; then + echo "Found pre-installed Traefik charts in kube-system namespace. Removing..." + + for chart in $TRAEFIK_CHARTS; do + echo "Uninstalling chart: $chart" + KUBECONFIG={{.KUBECONFIG_FILE}} helm uninstall $chart -n kube-system --wait + done + + echo "Pre-installed Traefik removed successfully!" + else + echo "No pre-installed Traefik charts found in kube-system namespace." + fi + else + echo "Not a k3s cluster, skipping Traefik removal." + fi + deps: + - get-kubeconfig + + wait-for-cluster: + desc: Wait for cluster to be in running state + internal: true + silent: true + vars: + CLUSTER_NAME: '{{.CLUSTER_NAME}}' + TIMEOUT: '{{.TIMEOUT | default "300"}}' + cmds: + - | + echo "Waiting for cluster {{.CLUSTER_NAME}} (timeout {{.TIMEOUT}}s)..." + start=$(date +%s) + attempt=1 + while true; do + CLUSTER_STATUS=$(replicated cluster ls --output json | jq -r '.[] | select(.name == "{{.CLUSTER_NAME}}") | .status') + + if [ "$CLUSTER_STATUS" = "running" ]; then + elapsed=$(($(date +%s) - start)) + echo "Cluster {{.CLUSTER_NAME}} is ready! (took $elapsed seconds)" + break + fi + + elapsed=$(($(date +%s) - start)) + if [ $elapsed -ge {{.TIMEOUT}} ]; then + echo "Timeout after {{.TIMEOUT}} seconds waiting for cluster to be ready" + exit 1 + fi + + printf "\rWaiting... %ds elapsed (attempt %d) - Current status: %s " "$elapsed" "$attempt" "$CLUSTER_STATUS" + sleep 5 + attempt=$((attempt+1)) + done