stack_car 0.9.0 → 0.12.0

data/templates/chart/bin/deploy

@@ -0,0 +1,14 @@
+#!/bin/bash
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR/../../chart
+
+REPO=$(basename $(git config --get remote.origin.url))
+NAMESPACE=${REPO%.git} 
+
+if [ -z "$1" ] || [ -z "$2" ]
+then
+    echo './chart/bin/deploy ENVIRONMENT TAG'
+    exit 1
+fi
+
+helm upgrade --install --namespace $1-$NAMESPACE $1 . -f $1-values.yaml --set rails.image.tag=$2

data/templates/chart/bin/encrypt

@@ -0,0 +1,15 @@
+#!/bin/bash
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR/../../chart
+
+REPO=$(basename $(git config --get remote.origin.url))
+NAMESPACE=${REPO%.git} 
+
+if [ -z "$1" ] || [ -z "$2" ]
+then
+    echo './chart/bin/encrypt ENVIRONMENT TEAM'
+    exit 1
+fi
+
+keybase encrypt -i $1-values.yaml -o $1-values.yaml.enc --team $2
+

data/templates/chart/bin/remove

@@ -0,0 +1,15 @@
+#!/bin/bash
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR/../../chart
+
+REPO=$(basename $(git config --get remote.origin.url))
+NAMESPACE=${REPO%.git} 
+
+if [ -z "$1" ] || [ -z "$2" ]
+then
+    echo './chart/bin/remove ENVIRONMENT TAG'
+    exit 1
+fi
+
+raise 'refusing to remove production' if $1 == 'production'
+helm uninstall --namespace $1-$NAMESPACE $1 . -f $1-values.yaml --set rails.image.tag=$2

data/templates/chart/sample-values.yaml.tt

@@ -0,0 +1,138 @@
+# Customize the following values as needed
+
+<% if options[:solr] %>
+solr:
+  image:
+   repository: solr
+   tag: 7.4
+  replicaCount: 1
+  volumeClaimTemplates:
+    storageSize: 1Gi
+
+zookeeper:
+  replicaCount: 1
+  persistence:
+    enabled: true
+    accessMode: ReadWriteOnce
+    size: 1Gi
+<% end %>
+
+postgresql:
+  enabled: true
+<% if options[:fedora] %>
+  # Use fcrepo; the web app can create it's own db with db:create
+  postgresqlDatabase: fcrepo
+<% else %>
+  postgresqlDatabase: <%= @project_name %>
+<% end %>
+  postgresqlUsername: postgres
+  # Only used when internal PG is disabled
+  # postgresqlHost: postgres
+  postgresqlPassword: passwordabc
+  # postgresqlPort: 5432
+  persistence:
+    enabled: true
+    size: 1Gi
+<% if options[:mysql] %>
+externalDatabase:
+  host: host_name
+  user: <%= @project_name %>
+  password: 05cb2c6a26ce76
+  database: <%= @project_name %>
+  port: '3306'
+
+mariadb:
+  enabled: false
+  replication:
+    enabled: false
+  db:
+    name: <%= @project_name %>
+    user: <%= @project_name %>
+    ## If the password is not specified, mariadb will generates a random password
+    # password:
+  # rootUser:
+  #   password:
+  master:
+    persistence:
+      enabled: true
+      # storageClass: "-"
+      accessMode: ReadWriteOnce
+      size: 8Gi
+<% end %>
+<% if options[:redis] %>
+redis:
+  enabled: true
+  usePassword: false
+  # Only used when internal redis is disabled
+  # host: redis
+  # Just omit the password field if your redis cluster doesn't use password
+  # password: redis
+  # port: 6379
+  master:
+    persistence:
+      enabled: true
+      size: 1Gi
+  slave:
+    persistence:
+      enabled: true
+      size: 1Gi
+<% end %>
+<% if options[:fcrepo] %>
+fcrepo:
+  image:
+    repository: ualbertalib/docker-fcrepo4
+    tag: 4.7
+  storage:
+    size: 1Gi
+<% end %>
+web:
+  replicas: 2
+<% if options[:sidekiq] %>
+sidekiq:
+  replicas: 1
+  timeout: 3600
+<% end %>
+rails:
+  image:
+    repository: <%= @project_name %>
+    tag: latest
+  # If using a private registry setup access via secrets
+  # imagePullSecrets:
+  #   - name: gitlab
+  shared:
+    storage:
+      size: 1Gi
+      className: nfs
+
+ingress:
+  tlsSecretName: <%= @project_name %>_tls
+  # helm upgrade release-name . --set ingress.localhost
+  host: <%= @project_name %>.com
+
+env:
+  configmap:
+    NAME: <%= @project_name %>
+    DATABASE_ADAPTER: postgresql
+    DATABASE_USER: postgres
+    <% if options[:fcrepo] %>
+    FC_DATABASE_NAME: fcrepo
+    LD_LIBRARY_PATH: /opt/fits-latest/tools/mediainfo/linux
+    SETTINGS__ACTIVE_JOB__QUEUE_ADAPTER: sidekiq
+    SETTINGS__CONTACT_EMAIL: admin@example.org
+    SETTINGS__DEVISE__INVITATION_FROM_EMAIL: admin@example.org
+    SETTINGS__FITS_PATH: /opt/fits/fits.sh
+    SETTINGS__MULTITENANCY__ADMIN_HOST: app.docker
+    SETTINGS__MULTITENANCY__ADMIN_ONLY_TENANT_CREATION: "true"
+    SETTINGS__MULTITENANCY__DEFAULT_HOST: "%{tenant}.app.docker"
+    SETTINGS__MULTITENANCY__ENABLED: "true"
+    <% end %>
+    DATABASE_NAME: <%= @project_name %>
+    IN_DOCKER: "true"
+    PASSENGER_APP_ENV: production
+    RAILS_ENV: production
+    RAILS_LOG_TO_STDOUT: "true"
+    RAILS_SERVE_STATIC_FILES: "true"
+
+  secret:
+    SECRET_KEY_BASE: secretabc
+    DATABASE_PASSWORD: passwordabc

data/templates/chart/templates/_helpers.tpl.tt

@@ -0,0 +1,85 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "app.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Shorthand for component names
+*/}}
+<%- if options[:postgres] %>
+{{- define "app.postgres.name" -}}
+{{- .Release.Name -}}-postgresql
+{{- end -}}
+{{- define "app.postgres-env.name" -}}
+{{- include "app.fullname" . -}}-postgres-env
+{{- end -}}
+<%- end %>
+<%- if options[:redis] %>
+{{- define "app.redis.name" -}}
+{{- .Release.Name -}}-redis-master
+{{- end -}}
+<%- end %>
+<%- if options[:sidekiq] %>
+{{- define "app.sidekiq.name" -}}
+{{- include "app.fullname" . -}}-sidekiq
+{{- end -}}
+<%- end %>
+{{- define "app.web.name" -}}
+{{- include "app.fullname" . -}}-web
+{{- end -}}
+{{- define "app.rails-env.name" -}}
+{{- include "app.fullname" . -}}-rails-env
+{{- end -}}
+{{- define "app.setup.name" -}}
+{{- include "app.fullname" . -}}-setup
+{{- end -}}
+<%- if options[:solr] %>
+{{- define "app.zookeeper.name" -}}
+{{- include "solr.zookeeper-service-name" . -}}
+{{- end -}}
+{{- define "app.zookeeper-env.name" -}}
+{{- include "app.fullname" . -}}-zookeeper-env
+{{- end -}}
+{{- define "app.solr.name" -}}
+{{- .Release.Name -}}-solr-svc
+{{- end -}}
+{{- define "app.solr.collection" -}}
+{{- if eq .Values.env.configmap.SETTINGS__MULTITENANCY__ENABLED false }}single{{- end -}}
+{{- end -}}
+<%- end %>
+<%- if options[:fcrepo] %>
+{{- define "app.fcrepo.name" -}}
+{{- include "app.fullname" . -}}-fcrepo
+{{- end -}}
+{{- define "app.fcrepo-env.name" -}}
+{{- include "app.fullname" . -}}-fcrepo-env
+{{- end -}}
+<%- end %>

data/templates/chart/templates/rails-env-cm.yaml.tt

@@ -0,0 +1,47 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "app.rails-env.name" . }}
+data:
+<% if options[:postgres] %>
+  DATABASE_HOST: {{ template "app.postgres.name" . }}
+<% end %>
+<% if options[:fcrepo] %>
+  FEDORA_URL: http://{{ template "app.fcrepo.name" . }}:8080/fcrepo/rest
+<% end %>
+<% if options[:redis] %>
+  RAILS_CACHE_STORE_URL: redis://{{ template "app.redis.name" . }}:6379/1 
+  REDIS_HOST: {{ template "app.redis.name" . }}
+  REDIS_URL: redis://{{ template "app.redis.name" . }}:6379/1
+<% end %>
+<% if options[:sidekiq]  %>
+  SIDEKIQ_TIMEOUT: {{ .Values.sidekiq.timeout | quote }}
+<% end -%>
+<% if options[:solr] %>
+  SOLR_URL: http://{{ template "app.solr.name" . }}:8983/solr/
+  SETTINGS__SOLR__URL: http://{{ template "app.solr.name" . }}:8983/solr/
+  SETTINGS__ZOOKEEPER__CONNECTION_STR: {{ template "app.zookeeper.name" . }}:2181/configs
+<% end %>
+<% if options[:hyku] %>
+  {{- if hasKey $.Values.env.configmap "SETTINGS__MULTITENANCY__ENABLED"}}
+  {{- if eq $.Values.env.configmap.SETTINGS__MULTITENANCY__ENABLED false }}
+    SETTINGS__MULTITENANCY__ROOT_HOST: {{ .Values.ingress.host }}
+  {{- end -}}
+  {{- end -}}
+<% end %>
+{{- range $key, $value := .Values.env.configmap }}
+  <% if options[:hyku] %>
+    {{- if hasKey $.Values.env.configmap "SETTINGS__MULTITENANCY__ENABLED"}}
+    {{- if eq $.Values.env.configmap.SETTINGS__MULTITENANCY__ENABLED false }}
+    {{- if and (ne $key "SETTINGS__MULTITENANCY__ADMIN_HOST") (ne $key "SETTINGS__MULTITENANCY__DEFAULT_HOST") }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- else }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+    {{- end }}
+  <% else %>
+    {{ $key }}: {{ $value | quote }}
+  <% end %>
+{{- end }}

data/templates/chart/templates/rails-env-secret.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "app.rails-env.name" . }}
+data:
+{{- range $key, $value := .Values.env.secret }}
+  {{ $key }}: {{ $value |b64enc }}
+{{- end }}
+

data/templates/chart/templates/rails-pvc-shared.yml

@@ -0,0 +1,20 @@
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ template "app.rails-env.name" . }}-shared
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    component: rails
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.rails.shared.storage.size }}
+  {{- if .Values.rails.shared.storage.className }}
+  storageClassName: "{{ .Values.rails.shared.storage.className }}"
+  {{- end }}

data/templates/chart/templates/setup-job.yaml

@@ -0,0 +1,73 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "app.setup.name" . }}
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": post-install,pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  backoffLimit: 4
+  template:
+    metadata:
+      labels:
+        app: {{ template "app.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      restartPolicy: Never
+      {{- if .Values.rails.imagePullSecrets }}
+      imagePullSecrets:
+        {{ toYaml .Values.rails.imagePullSecrets }}
+      {{- end }}
+      volumes:
+        - name: shared
+          persistentVolumeClaim:
+            claimName: {{ template "app.rails-env.name" . }}-shared
+<% if options[:solr] %>
+      initContainers:
+        - name: check-solr-ready
+          image: {{ .Values.rails.image.repository }}:{{ .Values.rails.image.tag }}
+          command: ["/bin/bash"]
+          args:
+            - "-l"
+            - "-c"
+            - "response=0 && until [ $response == 200 ]; do response=$(curl --write-out %{http_code} --silent --output /dev/null $(echo $SETTINGS__SOLR__URL)admin/collections?action=LIST); echo Response is $response; sleep 5; done;"
+          envFrom:
+            - configMapRef:
+                name: {{ template "app.rails-env.name" . }}
+<% end %>
+      containers:
+        - name: setup
+          image: {{ .Values.rails.image.repository }}:{{ .Values.rails.image.tag }}
+          volumeMounts:
+            - mountPath: /home/app/webapp/public/assets
+              name: shared
+              subPath: assets
+            - mountPath: /home/app/webapp/public/packs
+              name: shared
+              subPath: packs
+            - mountPath: /home/app/webapp/public/system
+              name: shared
+              subPath: system
+          command: ["/bin/bash"]
+          args:
+            - "-l"
+            - "-c"
+<% if options[:solr] %>
+            - "(bundle check || bundle install) && bundle exec rails db:create zookeeper:upload db:migrate db:seed && RAILS_ENV=production bundle exec rails assets:precompile DATABASE_ADAPTER=nulldb && echo SETUP COMPLETE"
+<% else %>
+            - "(bundle check || bundle install) && bundle exec rails db:create db:migrate db:seed && RAILS_ENV=production bundle exec rails assets:precompile DATABASE_ADAPTER=nulldb && echo SETUP COMPLETE"
+<% end %>
+          envFrom:
+            - configMapRef:
+                name: {{ template "app.rails-env.name" . }}
+            - secretRef:
+                name: {{ template "app.rails-env.name" . }}

data/templates/chart/templates/web-deploy.yaml

@@ -0,0 +1,67 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "app.web.name" . }}
+  labels:
+    app: {{ template "app.name" . }}
+    chart: {{ template "app.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    component: web
+spec:
+  replicas: {{ .Values.web.replicas }}
+  selector:
+    matchLabels:
+      app: {{ template "app.name" . }}
+      release: {{ .Release.Name }}
+      component: web
+  template:
+    metadata:
+      labels:
+        app: {{ template "app.name" . }}
+        release: {{ .Release.Name }}
+        component: web
+      annotations:
+        checksum/rails-env-cm: {{ include (print $.Template.BasePath "/rails-env-cm.yaml") . | sha256sum }}
+        checksum/rails-env-secret: {{ include (print $.Template.BasePath "/rails-env-secret.yaml") . | sha256sum }}
+    spec:
+      restartPolicy: Always
+      {{- if .Values.rails.imagePullSecrets }}
+      imagePullSecrets:
+        {{ toYaml .Values.rails.imagePullSecrets }}
+      {{- end }}
+      volumes:
+        - name: shared
+          persistentVolumeClaim:
+            claimName: {{ template "app.rails-env.name" . }}-shared
+      containers:
+        - name: web
+          image: {{ .Values.rails.image.repository }}:{{ .Values.rails.image.tag }}
+          imagePullPolicy: IfNotPresent
+          # Use sub-path for individual folders
+          volumeMounts:
+            - mountPath: /home/app/webapp/public/assets
+              name: shared
+              subPath: assets
+            - mountPath: /home/app/webapp/public/packs
+              name: shared
+              subPath: packs
+            - mountPath: /home/app/webapp/public/system
+              name: shared
+              subPath: system
+          readinessProbe:
+            tcpSocket:
+              port: 80
+            initialDelaySeconds: 30
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 80
+            initialDelaySeconds: 60
+            periodSeconds: 120
+          envFrom:
+            - configMapRef:
+                name: {{ template "app.rails-env.name" . }}
+            - secretRef:
+                name: {{ template "app.rails-env.name" . }}