diff --git a/charts/retraced/.helmignore b/charts/retraced/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/retraced/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/retraced/Chart.yaml b/charts/retraced/Chart.yaml new file mode 100644 index 0000000..0e0cc77 --- /dev/null +++ b/charts/retraced/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: retraced +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/charts/retraced/templates/NOTES.txt b/charts/retraced/templates/NOTES.txt new file mode 100644 index 0000000..cbed19f --- /dev/null +++ b/charts/retraced/templates/NOTES.txt @@ -0,0 +1,8 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/retraced/templates/_helpers.tpl b/charts/retraced/templates/_helpers.tpl new file mode 100644 index 0000000..730d185 --- /dev/null +++ b/charts/retraced/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "retraced.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "retraced.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "retraced.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "retraced.labels" -}} +helm.sh/chart: {{ include "retraced.chart" . }} +{{ include "retraced.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "retraced.selectorLabels" -}} +app.kubernetes.io/name: {{ include "retraced.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "retraced.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "retraced.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/retraced/templates/retraced-admin-portal-deployment.yaml b/charts/retraced/templates/retraced-admin-portal-deployment.yaml new file mode 100644 index 0000000..b476577 --- /dev/null +++ b/charts/retraced/templates/retraced-admin-portal-deployment.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "retraced.fullname" . }}-admin-portal + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + replicas: 1 + selector: + matchLabels: + retraceddev: "1" + tier: admin-portal + template: + metadata: + labels: + app: auditlog + retraceddev: "1" + tier: admin-portal + spec: + containers: + - envFrom: + - secretRef: + name: {{ include "retraced.fullname" . }}-admin-portal + image: boxyhq/jackson:1.12.0 + imagePullPolicy: IfNotPresent + name: admin-portal + ports: + - containerPort: 5225 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 5 + httpGet: + path: /api/health + port: 5225 + periodSeconds: 30 + successThreshold: 2 + timeoutSeconds: 10 + resources: + limits: + cpu: 1000m + requests: + cpu: 100m + startupProbe: + failureThreshold: 5 + httpGet: + path: /api/health + port: 5225 + periodSeconds: 10 + timeoutSeconds: 10 diff --git a/charts/retraced/templates/retraced-admin-portal-ingress.yaml b/charts/retraced/templates/retraced-admin-portal-ingress.yaml new file mode 100644 index 0000000..52d1ba6 --- /dev/null +++ b/charts/retraced/templates/retraced-admin-portal-ingress.yaml @@ -0,0 +1,60 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "retraced.fullname" . -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }}-admin-portal + labels: + {{- include "retraced.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }}-admin-portal + port: + number: 5225 + {{- else }} + serviceName: {{ $fullName }}-admin-portal + servicePort: 5225 + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/retraced/templates/retraced-admin-portal-secret.yaml b/charts/retraced/templates/retraced-admin-portal-secret.yaml new file mode 100644 index 0000000..bd42946 --- /dev/null +++ b/charts/retraced/templates/retraced-admin-portal-secret.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "retraced.fullname" . }}-admin-portal + labels: + {{- include "retraced.labels" . | nindent 4 }} + app: adminportal + retraceddev: "1" +stringData: + BOXYHQ_LICENSE_KEY: {{ .Values.adminPortal.secret.BOXYHQ_LICENSE_KEY }} + DB_CLEANUP_LIMIT: {{ .Values.adminPortal.secret.DB_CLEANUP_LIMIT }} + DB_ENCRYPTION_KEY: {{ .Values.adminPortal.secret.DB_ENCRYPTION_KEY }} + DB_TTL: {{ .Values.adminPortal.secret.DB_TTL }} + DB_TYPE: {{ .Values.adminPortal.secret.DB_TYPE }} + DB_URL: {{ .Values.adminPortal.secret.DB_URL }} + JACKSON_API_KEYS: {{ .Values.adminPortal.secret.JACKSON_API_KEYS }} + NEXTAUTH_ACL: {{ .Values.adminPortal.secret.NEXTAUTH_ACL }} + NEXTAUTH_JWT_SIGNING_PRIVATE_KEY: {{ .Values.adminPortal.secret.NEXTAUTH_JWT_SIGNING_PRIVATE_KEY }} + NEXTAUTH_SECRET: {{ .Values.adminPortal.secret.NEXTAUTH_SECRET }} + NEXTAUTH_URL: {{ .Values.adminPortal.secret.NEXTAUTH_URL }} + RETRACED_ADMIN_ROOT_TOKEN: {{ .Values.adminPortal.secret.RETRACED_ADMIN_ROOT_TOKEN }} + RETRACED_EXTERNAL_URL: http://{{ include "retraced.fullname" . }}-api:3000/auditlog + RETRACED_HOST_URL: http://{{ include "retraced.fullname" . }}-api:3000/auditlog + SAML_AUDIENCE: {{ .Values.adminPortal.secret.SAML_AUDIENCE }} + SMTP_FROM: {{ .Values.adminPortal.secret.SMTP_FROM }} + SMTP_HOST: {{ .Values.adminPortal.secret.SMTP_HOST }} + SMTP_PASSWORD: {{ .Values.adminPortal.secret.SMTP_PASSWORD }} + SMTP_PORT: {{ .Values.adminPortal.secret.SMTP_PORT }} + SMTP_USER: {{ .Values.adminPortal.secret.SMTP_USER }} diff --git a/charts/retraced/templates/retraced-admin-portal-service.yaml b/charts/retraced/templates/retraced-admin-portal-service.yaml new file mode 100644 index 0000000..bb8e27b --- /dev/null +++ b/charts/retraced/templates/retraced-admin-portal-service.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "retraced.fullname" . }}-admin-portal + labels: + {{- include "retraced.labels" . | nindent 4 }} + app: auditlog + retraceddev: "1" + tier: admin-portal +spec: + ports: + - name: http + port: 5225 + targetPort: 5225 + selector: + app: auditlog + retraceddev: "1" + tier: admin-portal + type: ClusterIP diff --git a/charts/retraced/templates/retraced-api-bootstrap-secret.yaml b/charts/retraced/templates/retraced-api-bootstrap-secret.yaml new file mode 100644 index 0000000..2d4cf5c --- /dev/null +++ b/charts/retraced/templates/retraced-api-bootstrap-secret.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "retraced.fullname" . }}-bootstrap + labels: + {{- include "retraced.labels" . | nindent 4 }} + app: bootstrap + retraceddev: "1" +stringData: + BOOTSTRAP_API_TOKEN: {{ .Values.api.secret.BOOTSTRAP_API_TOKEN }} + BOOTSTRAP_ENVIRONMENT_ID: {{ .Values.api.secret.BOOTSTRAP_ENVIRONMENT_ID }} + BOOTSTRAP_PROJECT_ID: {{ .Values.api.secret.BOOTSTRAP_PROJECT_ID }} + BOOTSTRAP_PROJECT_NAME: {{ .Values.api.secret.BOOTSTRAP_PROJECT_NAME }} diff --git a/charts/retraced/templates/retraced-api-deployment.yaml b/charts/retraced/templates/retraced-api-deployment.yaml new file mode 100644 index 0000000..96db5f3 --- /dev/null +++ b/charts/retraced/templates/retraced-api-deployment.yaml @@ -0,0 +1,95 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "retraced.fullname" . }}-api + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + replicas: 1 + selector: + matchLabels: + retraceddev: "1" + tier: api + template: + metadata: + labels: + app: auditlog + retraceddev: "1" + tier: api + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - auditlog + - key: tier + operator: In + values: + - api + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - command: + - node + - --inspect=0.0.0.0 + - build/src/index.js + env: + - name: BUGSNAG_TOKEN + valueFrom: + secretKeyRef: + key: API_TOKEN + name: {{ include "retraced.fullname" . }}-api + - name: EXPORT_PAGE_SIZE_INTERNAL + value: "2" + envFrom: + - secretRef: + name: {{ include "retraced.fullname" . }}-api + image: retracedhq/retraced:1.8.0 + imagePullPolicy: IfNotPresent + name: api + ports: + - containerPort: 3000 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 3000 + periodSeconds: 30 + successThreshold: 2 + timeoutSeconds: 10 + resources: + limits: + cpu: 1000m + requests: + cpu: 100m + startupProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 3000 + periodSeconds: 10 + timeoutSeconds: 10 + initContainers: + - args: + - -c + - ./build/src/retracedctl bootstrap --projectName "$BOOTSTRAP_PROJECT_NAME" + --projectId "$BOOTSTRAP_PROJECT_ID" --environmentId "$BOOTSTRAP_ENVIRONMENT_ID" + --apiKey "$BOOTSTRAP_API_TOKEN" + command: + - /bin/sh + envFrom: + - secretRef: + name: {{ include "retraced.fullname" . }}-api + - secretRef: + name: {{ include "retraced.fullname" . }}-bootstrap + image: retracedhq/retraced:1.8.0 + name: bootstrap diff --git a/charts/retraced/templates/retraced-api-internal-service.yaml b/charts/retraced/templates/retraced-api-internal-service.yaml new file mode 100644 index 0000000..755bb6b --- /dev/null +++ b/charts/retraced/templates/retraced-api-internal-service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "retraced.fullname" . }}-api-internal + labels: + {{- include "retraced.labels" . | nindent 4 }} + app: auditlog-internal + retraceddev: "1" + tier: api +spec: + ports: + - name: http + port: 3000 + targetPort: 3000 + selector: + app: auditlog + retraceddev: "1" + tier: api diff --git a/charts/retraced/templates/retraced-api-secret.yaml b/charts/retraced/templates/retraced-api-secret.yaml new file mode 100644 index 0000000..33c3d4b --- /dev/null +++ b/charts/retraced/templates/retraced-api-secret.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "retraced.fullname" . }}-api + labels: + {{- include "retraced.labels" . | nindent 4 }} + app: auditlog + retraceddev: "1" +stringData: + ADMIN_ROOT_TOKEN: {{ .Values.api.secret.ADMIN_ROOT_TOKEN }} + API_BASE_URL_PATH: /auditlog + API_TOKEN: "" + DB_TOKEN: "" + GEOIPUPDATE_ACCOUNT_ID: "" + GEOIPUPDATE_DB_DIR: /etc/mmdb + GEOIPUPDATE_EDITION_IDS: GeoLite2-City + GEOIPUPDATE_FREQUENCY: "168" + GEOIPUPDATE_LICENSE_KEY: "" + GEOIPUPDATE_USE_MMDB: "" + GEOIPUPDATE_VERBOSE: "1" + HMAC_SECRET_ADMIN: "" + HMAC_SECRET_VIEWER: "" + LOG_LEVEL: info + MANDRILL_KEY: "" + NSQD_HOST: {{ include "retraced.fullname" . }}-nsqd + NSQD_HTTP_PORT: "4151" + NSQD_TCP_PORT: "4150" + POSTGRES_DATABASE: {{ .Values.api.secret.POSTGRES_DATABASE }} + POSTGRES_HOST: {{ .Values.api.secret.POSTGRES_HOST }} + POSTGRES_PASSWORD: {{ .Values.api.secret.POSTGRES_PASSWORD }} + POSTGRES_POOL_SIZE: "10" + POSTGRES_PORT: "5432" + POSTGRES_USER: {{ .Values.api.secret.POSTGRES_USER }} + PG_SEARCH: {{ quote .Values.api.secret.PG_SEARCH }} + PROCESSOR_TOKEN: "" + RETRACED_API_BASE: http://localhost:3000/auditlog + RETRACED_DISABLE_GEOSYNC: "" + STAGE: "" + STATSD_HOST: "" + STATSD_PORT: "" diff --git a/charts/retraced/templates/retraced-api-service.yaml b/charts/retraced/templates/retraced-api-service.yaml new file mode 100644 index 0000000..736972e --- /dev/null +++ b/charts/retraced/templates/retraced-api-service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "retraced.fullname" . }}-api + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" + tier: api +spec: + ports: + - name: http + port: 3000 + targetPort: 3000 + selector: + app: auditlog + retraceddev: "1" + tier: api + type: ClusterIP diff --git a/charts/retraced/templates/retraced-cron-deployment.yaml b/charts/retraced/templates/retraced-cron-deployment.yaml new file mode 100644 index 0000000..a456912 --- /dev/null +++ b/charts/retraced/templates/retraced-cron-deployment.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "retraced.fullname" . }}-cron + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + replicas: 1 + selector: + matchLabels: + retraceddev: "1" + tier: cron + template: + metadata: + labels: + app: auditlog + dest: nsq + retraceddev: "1" + source: cron + tier: cron + spec: + containers: + - command: + - /bin/sh + - -c + - /usr/local/bin/retraced-auditlog-cron /crontab 2>&1 | grep ERRO + env: + - name: NSQD_HOST + valueFrom: + secretKeyRef: + key: NSQD_HOST + name: {{ include "retraced.fullname" . }}-api + - name: NSQD_HTTP_PORT + valueFrom: + secretKeyRef: + key: NSQD_HTTP_PORT + name: {{ include "retraced.fullname" . }}-api + - name: RETRACED_DISABLE_GEOSYNC + valueFrom: + secretKeyRef: + key: RETRACED_DISABLE_GEOSYNC + name: {{ include "retraced.fullname" . }}-api + image: retracedhq/retraced:1.8.0 + imagePullPolicy: IfNotPresent + name: cron + resources: + limits: + cpu: 100m + requests: + cpu: 10m diff --git a/charts/retraced/templates/retraced-dbutil-deployment.yaml b/charts/retraced/templates/retraced-dbutil-deployment.yaml new file mode 100644 index 0000000..7b8844a --- /dev/null +++ b/charts/retraced/templates/retraced-dbutil-deployment.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "retraced.fullname" . }}-dbutil + labels: + {{- include "retraced.labels" . | nindent 4 }} + app: retraced + retraceddev: "1" + tier: dbutil +spec: + replicas: 1 + selector: + matchLabels: + app: retraced + retraceddev: "1" + tier: dbutil + template: + metadata: + labels: + app: retraced + retraceddev: "1" + tier: dbutil + spec: + containers: + - command: + - /bin/sleep + - infinity + envFrom: + - secretRef: + name: {{ include "retraced.fullname" . }}-api + image: retracedhq/retraced:1.8.0 + name: dbutil diff --git a/charts/retraced/templates/retraced-geoipupdate-job.yaml b/charts/retraced/templates/retraced-geoipupdate-job.yaml new file mode 100644 index 0000000..94b64ba --- /dev/null +++ b/charts/retraced/templates/retraced-geoipupdate-job.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "retraced.fullname" . }}-geoipupdate + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + template: + metadata: + labels: + retraceddev: "1" + spec: + containers: + - args: + - | + if [ -z "$GEOIPUPDATE_USE_MMDB" ]; then + echo "Skipping the job..." + else + echo "Running the job..." + source /usr/bin/entry.sh + fi + command: + - /bin/sh + - -c + env: + - name: GEOIPUPDATE_EDITION_IDS + valueFrom: + secretKeyRef: + key: GEOIPUPDATE_EDITION_IDS + name: {{ include "retraced.fullname" . }}-api + - name: GEOIPUPDATE_FREQUENCY + valueFrom: + secretKeyRef: + key: GEOIPUPDATE_FREQUENCY + name: {{ include "retraced.fullname" . }}-api + - name: GEOIPUPDATE_USE_MMDB + valueFrom: + secretKeyRef: + key: GEOIPUPDATE_USE_MMDB + name: {{ include "retraced.fullname" . }}-api + - name: GEOIPUPDATE_VERBOSE + valueFrom: + secretKeyRef: + key: GEOIPUPDATE_VERBOSE + name: {{ include "retraced.fullname" . }}-api + - name: GEOIPUPDATE_ACCOUNT_ID + valueFrom: + secretKeyRef: + key: GEOIPUPDATE_ACCOUNT_ID + name: {{ include "retraced.fullname" . }}-api + - name: GEOIPUPDATE_LICENSE_KEY + valueFrom: + secretKeyRef: + key: GEOIPUPDATE_LICENSE_KEY + name: {{ include "retraced.fullname" . }}-api + - name: GEOIPUPDATE_DB_DIR + valueFrom: + secretKeyRef: + key: GEOIPUPDATE_DB_DIR + name: {{ include "retraced.fullname" . }}-api + envFrom: + - secretRef: + name: {{ include "retraced.fullname" . }}-api + image: maxmindinc/geoipupdate:v5.1 + imagePullPolicy: IfNotPresent + name: geoipupdate + volumeMounts: + - mountPath: /etc/mmdb + name: {{ include "retraced.fullname" . }}-mmdbdir + restartPolicy: OnFailure + volumes: + - name: {{ include "retraced.fullname" . }}-mmdbdir + persistentVolumeClaim: + claimName: {{ include "retraced.fullname" . }}-mmdbdir + ttlSecondsAfterFinished: 0 diff --git a/charts/retraced/templates/retraced-migrate-es-job.yaml b/charts/retraced/templates/retraced-migrate-es-job.yaml new file mode 100644 index 0000000..5f375d0 --- /dev/null +++ b/charts/retraced/templates/retraced-migrate-es-job.yaml @@ -0,0 +1,37 @@ +{{- if ne .Values.api.secret.PG_SEARCH "true" -}} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "retraced.fullname" . }}-migrate-es + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + template: + metadata: + labels: + retraceddev: "1" + spec: + containers: + - command: + - node + - --inspect=0.0.0.0 + - build/src/_db/runner-lite.js + - es + env: + - name: BUGSNAG_TOKEN + valueFrom: + secretKeyRef: + key: DB_TOKEN + name: {{ include "retraced.fullname" . }}-api + - name: SCHEMA_PATH + value: /app/build/migrations/es + envFrom: + - secretRef: + name: {{ include "retraced.fullname" . }}-api + image: retracedhq/retraced:1.8.0 + name: db + restartPolicy: OnFailure + ttlSecondsAfterFinished: 0 +{{- end -}} \ No newline at end of file diff --git a/charts/retraced/templates/retraced-migrate-pg-job.yaml b/charts/retraced/templates/retraced-migrate-pg-job.yaml new file mode 100644 index 0000000..98d28ad --- /dev/null +++ b/charts/retraced/templates/retraced-migrate-pg-job.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "retraced.fullname" . }}-migrate-pg + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + template: + metadata: + labels: + retraceddev: "1" + spec: + containers: + - command: + - node + - --inspect=0.0.0.0 + - build/src/_db/runner-lite.js + - pg + env: + - name: BUGSNAG_TOKEN + valueFrom: + secretKeyRef: + key: DB_TOKEN + name: {{ include "retraced.fullname" . }}-api + - name: SCHEMA_PATH + value: /app/build/migrations/pg/* + envFrom: + - secretRef: + name: {{ include "retraced.fullname" . }}-api + image: retracedhq/retraced:1.8.0 + name: db + restartPolicy: OnFailure + ttlSecondsAfterFinished: 0 diff --git a/charts/retraced/templates/retraced-mmdbdir-pvc.yaml b/charts/retraced/templates/retraced-mmdbdir-pvc.yaml new file mode 100644 index 0000000..963fd83 --- /dev/null +++ b/charts/retraced/templates/retraced-mmdbdir-pvc.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "retraced.fullname" . }}-mmdbdir + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/charts/retraced/templates/retraced-nsqd-deployment.yaml b/charts/retraced/templates/retraced-nsqd-deployment.yaml new file mode 100644 index 0000000..a038aec --- /dev/null +++ b/charts/retraced/templates/retraced-nsqd-deployment.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "retraced.fullname" . }}-nsqd + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + replicas: 1 + selector: + matchLabels: + retraceddev: "1" + tier: nsq + template: + metadata: + labels: + app: auditlog + retraceddev: "1" + tier: nsq + spec: + containers: + - args: + - -c + - nsqd -statsd-address ${STATSD_HOST}:${STATSD_PORT} -statsd-prefix "nsqd." + command: + - /bin/sh + env: + - name: STATSD_HOST + valueFrom: + secretKeyRef: + key: STATSD_HOST + name: {{ include "retraced.fullname" . }}-api + - name: STATSD_PORT + valueFrom: + secretKeyRef: + key: STATSD_PORT + name: {{ include "retraced.fullname" . }}-api + image: nsqio/nsq:v1.2.1 + name: nsqd + ports: + - containerPort: 4150 + - containerPort: 4151 + resources: + limits: + cpu: 1000m + requests: + cpu: 100m diff --git a/charts/retraced/templates/retraced-nsqd-service.yaml b/charts/retraced/templates/retraced-nsqd-service.yaml new file mode 100644 index 0000000..bb65634 --- /dev/null +++ b/charts/retraced/templates/retraced-nsqd-service.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "retraced.fullname" . }}-nsqd + labels: + {{- include "retraced.labels" . | nindent 4 }} + app: auditlog + retraceddev: "1" + tier: nsq +spec: + ports: + - name: tcp + port: 4150 + targetPort: 4150 + - name: http + port: 4151 + targetPort: 4151 + selector: + app: auditlog + retraceddev: "1" + tier: nsq + type: ClusterIP diff --git a/charts/retraced/templates/retraced-processor-deployment.yaml b/charts/retraced/templates/retraced-processor-deployment.yaml new file mode 100644 index 0000000..3fbc259 --- /dev/null +++ b/charts/retraced/templates/retraced-processor-deployment.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "retraced.fullname" . }}-processor + labels: + {{- include "retraced.labels" . | nindent 4 }} + retraceddev: "1" +spec: + replicas: 1 + selector: + matchLabels: + retraceddev: "1" + tier: processor + template: + metadata: + labels: + app: auditlog + retraceddev: "1" + tier: processor + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - auditlog + - key: tier + operator: In + values: + - processor + topologyKey: kubernetes.io/hostname + weight: 2 + containers: + - command: + - node + - --inspect=0.0.0.0 + - build/src/_processor/index.js + env: + - name: TMPDIR + value: /tmp + - name: BUGSNAG_TOKEN + valueFrom: + secretKeyRef: + key: PROCESSOR_TOKEN + name: {{ include "retraced.fullname" . }}-api + - name: PG_SEARCH + valueFrom: + secretKeyRef: + key: PG_SEARCH + name: {{ include "retraced.fullname" . }}-api + envFrom: + - secretRef: + name: {{ include "retraced.fullname" . }}-api + image: retracedhq/retraced:1.8.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /livez + port: 3000 + periodSeconds: 60 + name: processor + ports: + - containerPort: 3000 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 3000 + periodSeconds: 30 + successThreshold: 2 + timeoutSeconds: 10 + resources: + limits: + cpu: 1000m + requests: + cpu: 100m + startupProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 3000 + periodSeconds: 10 + timeoutSeconds: 10 + volumeMounts: + - mountPath: /tmp + name: tmpdir + volumes: + - name: {{ include "retraced.fullname" . }}-mmdbdir + persistentVolumeClaim: + claimName: {{ include "retraced.fullname" . }}-mmdbdir + - emptyDir: {} + name: tmpdir diff --git a/charts/retraced/values.yaml b/charts/retraced/values.yaml new file mode 100644 index 0000000..5f7f2d1 --- /dev/null +++ b/charts/retraced/values.yaml @@ -0,0 +1,82 @@ +replicaCount: 1 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + create: true + annotations: {} + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: audit.ci.cinaq.com + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +adminPortal: + secret: + BOXYHQ_LICENSE_KEY: "" + DB_CLEANUP_LIMIT: "" + DB_ENCRYPTION_KEY: "" + DB_TTL: "" + DB_TYPE: "" + DB_URL: postgres://postgres:postgres@audit-postgresql-cluster:5432/postgres + JACKSON_API_KEYS: secret + RETRACED_ADMIN_ROOT_TOKEN: dev + NEXTAUTH_ACL: "" + NEXTAUTH_JWT_SIGNING_PRIVATE_KEY: "" + NEXTAUTH_SECRET: "" + NEXTAUTH_URL: "" + SAML_AUDIENCE: "" + SMTP_FROM: "" + SMTP_HOST: "" + SMTP_PASSWORD: "" + SMTP_PORT: "" + SMTP_USER: "" + +api: + secret: + ADMIN_ROOT_TOKEN: dev + POSTGRES_HOST: audit-postgresql-cluster + POSTGRES_DATABASE: audit + POSTGRES_USER: audit + POSTGRES_PASSWORD: postgres + PG_SEARCH: "true" + BOOTSTRAP_API_TOKEN: dev + BOOTSTRAP_ENVIRONMENT_ID: dev + BOOTSTRAP_PROJECT_ID: dev + BOOTSTRAP_PROJECT_NAME: dev \ No newline at end of file