Merge branch 'include-helm' into 'main'

integrate helm in project See merge request eclipse/xfsc/tsa/task!6

Merge branch 'include-helm' into 'main'
integrate helm in project See merge request eclipse/xfsc/tsa/task!6
366f204a · Kalin Canov · 89e3a8b6 · 70083285 · 366f204a · 366f204a
Commit 366f204a authored 1 year ago by Kalin Canov
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 variables:
  HELPERS_FILE: docker-build.yml
+  HELM_HELPERS_FILE: helm.yml
  APP_HELM_NAME: task
  DOCKER_FILE: deployment/ci/Dockerfile

@@ -7,13 +8,15 @@ stages:
  - compile
  - test
  - build
-  - manifest
+  - helm
  - deploy

 include:
  - project: '${HELPERS_PATH}'
    file: '${HELPERS_FILE}'
  - template: 'Workflows/Branch-Pipelines.gitlab-ci.yml'
+  - project: "$HELM_HELPERS_PATH}"
+    file: "${HELM_HELPERS_FILE}"

 lint:
  image: golangci/golangci-lint:v1.50.1
@@ -56,14 +59,8 @@ amd64:
  tags:
    - amd64-docker

-manifest:
-  extends: .manifest-amd64
-  stage: manifest
-
-cloud:
-  extends: .manifest-cloud
-  stage: manifest
-
-release:
-  extends: .manifest-release
-  stage: manifest
+helm-lint:
+  extends: .helm-lint
+  stage: helm
+  tags:
+    - amd64-docker
--- a/deployment/helm/Chart.yaml
+++ b/deployment/helm/Chart.yaml
+apiVersion: v1
+appVersion: v1.0.1-rc
+description: task deployment
+name: task
+version: 1.0.1
+icon: "https://www.vereign.com/wp-content/themes/vereign2020/images/vereign-logo.svg"
--- a/deployment/helm/LICENSE
+++ b/deployment/helm/LICENSE
+Deployment recipe for TSA task service
+
+
+Copyright 2022 Vereign AG
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
--- a/deployment/helm/README.md
+++ b/deployment/helm/README.md
+# task
+
+![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: v1.0.1-rc](https://img.shields.io/badge/AppVersion-v1.0.1--rc-informational?style=flat-square)
+
+task deployment
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| addresses.cache | string | `"http://cache:8080"` |  |
+| addresses.policy | string | `"http://policy:8080"` |  |
+| autoscaling.enabled | bool | `false` | Enable autoscaling |
+| autoscaling.maxReplicas | int | `3` | Maximum replicas |
+| autoscaling.minReplicas | int | `1` | Minimum replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `70` | CPU target for autoscaling trigger |
+| autoscaling.targetMemoryUtilizationPercentage | int | `70` | Memory target for autoscaling trigger |
+| image.name | string | `"gaiax/task"` | Image name |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.pullSecrets | string | `"deployment-key-light"` | Image pull secret when internal image is used |
+| image.repository | string | `"eu.gcr.io/vrgn-infra-prj"` |  |
+| image.sha | string | `""` | Image sha, usually generated by the CI Uses image.tag if empty |
+| image.tag | string | `""` | Image tag Uses .Chart.AppVersion if empty |
+| ingress.annotations."cert-manager.io/cluster-issuer" | string | `"letsencrypt-production-http"` |  |
+| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` |  |
+| ingress.annotations."kubernetes.io/ingress.global-static-ip-name" | string | `"dev-light-public"` |  |
+| ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` |  |
+| ingress.enabled | bool | `true` |  |
+| ingress.frontendDomain | string | `"gaiax.vereign.com"` |  |
+| ingress.frontendTlsSecretName | string | `"cert-manager-tls"` |  |
+| ingress.tlsEnabled | bool | `true` |  |
+| log.encoding | string | `"json"` |  |
+| log.level | string | `"debug"` |  |
+| metrics.enabled | bool | `true` | Enable prometheus metrics |
+| metrics.port | int | `2112` | Port for prometheus metrics |
+| mongo.addr | string | `"mongodb://mongodb-mongodb-replicaset.infra:27017/task?replicaSet=rs0&authSource=admin"` |  |
+| mongo.dbname | string | `"task"` |  |
+| mongo.pass | string | `""` |  |
+| mongo.user | string | `""` |  |
+| name | string | `"task"` | Application name |
+| nameOverride | string | `""` | Ovverwrites application name |
+| podAnnotations | object | `{}` |  |
+| replicaCount | int | `1` | Default number of instances to start  |
+| resources.limits.cpu | string | `"150m"` |  |
+| resources.limits.memory | string | `"128Mi"` |  |
+| resources.requests.cpu | string | `"25m"` |  |
+| resources.requests.memory | string | `"64Mi"` |  |
+| security.runAsGid | int | `0` | Group used by the apps |
+| security.runAsNonRoot | bool | `false` | by default, apps run as non-root |
+| security.runAsUid | int | `0` | User used by the apps |
+| service.port | int | `8080` |  |
+| task.http.host | string | `""` |  |
+| task.http.port | int | `8080` |  |
+| task.http.timeout.idle | string | `"120s"` |  |
+| task.http.timeout.read | string | `"10s"` |  |
+| task.http.timeout.write | string | `"10s"` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
--- a/deployment/helm/templates/_helpers.tpl
+++ b/deployment/helm/templates/_helpers.tpl
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "app.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "app.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" $name .Release.Namespace | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create instance name based on app version and short image sha.
+*/}}
+{{- define "app.revision" -}}
+{{- default .Release.Name .Values.appRel | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "app.labels" -}}
+helm.sh/chart: {{ include "app.chart" . }}
+{{ include "app.selectorLabels" . }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "app.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/component: {{ include "app.fullname" . }}
+{{- end -}}
+
+{{/*
+Metrics Annotations
+*/}}
+{{- define "app.metricsAnnotations" -}}
+{{- if .Values.metrics.enabled -}}
+prometheus.io/scrape: "true"
+prometheus.io/port: "{{ .Values.metrics.port }}"
+prometheus.io/path: {{ .Values.metrics.path | default "/metrics" | quote }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Image string
+*/}}
+{{- define "app.image" -}}
+{{- if .Values.image.sha -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}@{{ .Values.image.sha }}
+{{- else -}}
+{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Security context
+*/}}
+{{- define "app.securitycontext" -}}
+runAsNonRoot: {{ .Values.security.runAsNonRoot | default false }}
+runAsGroup: {{ .Values.security.runAsGid | default 0 }}
+runAsUser: {{ .Values.security.runAsUid | default 0 }}
+fsGroup: {{ .Values.security.runAsGid | default 0 }}
+{{- end -}}
+
+{{/*
+PostgreSQL Connection  string URI
+*/}}
+{{- define "app.postgresql.connectionstring" -}}
+postgresql://{{ .Values.connectionManager.database.user }}:{{ .Values.connectionManager.database.password }}@{{ .Values.connectionManager.database.host }}:{{ .Values.connectionManager.database.port }}/{{ .Release.Namespace }}_{{ include "app.name" . | replace "-" "_" }}?schema={{ .Values.connectionManager.database.schema }}
+{{- end -}}
+
--- a/deployment/helm/templates/deployment.yaml
+++ b/deployment/helm/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ template "app.name" . }}"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "app.labels" . | nindent 4 }}
+    app.kubernetes.io/instance: {{ include "app.revision" . }}
+    app.kubernetes.io/part-of: rse
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      {{- include "app.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "app.labels" . | nindent 8 }}
+      annotations:
+        {{- include "app.metricsAnnotations" . | nindent 8 }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+    spec:
+      securityContext:
+{{- include "app.securitycontext" . | nindent 8 }}
+      imagePullSecrets:
+        - name: {{ .Values.image.pullSecrets }}
+      containers:
+      - name: {{ template "app.name" . }}
+        image: "{{ .Values.image.repository }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+        env:
+          - name: LOG_LEVEL
+            value: {{ .Values.log.level | default "INFO" }}
+          - name: LOG_ENCODING
+            value: {{ .Values.log.encoding | default "json" }}
+          - name: HTTP_HOST
+            value: {{ .Values.task.http.host | quote }}
+          - name: HTTP_PORT
+            value: {{ .Values.task.http.port | quote }}
+          - name: HTTP_IDLE_TIMEOUT
+            value: {{ .Values.task.http.timeout.idle | quote }}
+          - name: HTTP_READ_TIMEOUT
+            value: {{ .Values.task.http.timeout.read | quote }}
+          - name: HTTP_WRITE_TIMEOUT
+            value: {{ .Values.task.http.timeout.write | quote }}
+          - name: MONGO_ADDR
+            value: {{ .Values.mongo.addr | quote }}
+          - name: MONGO_USER
+            value: {{ .Values.mongo.user | quote }}
+          - name: MONGO_PASS
+            value: {{ .Values.mongo.pass | quote }}
+          - name: MONGO_DB
+            value: {{ .Values.mongo.dbname | quote }}
+          - name: CACHE_ADDR
+            value: {{ .Values.addresses.cache | quote }}
+          - name: POLICY_ADDR
+            value: {{ .Values.addresses.policy | quote }}
+          {{- if .Values.extraVars }}
+          {{- toYaml .Values.extraVars | indent 10 }}
+          {{- end }}
+        ports:
+        {{- if .Values.metrics.enabled }}
+        - name: monitoring
+          containerPort: {{ .Values.metrics.port }}
+        {{- end }}
+        - name: http
+          containerPort: {{ .Values.task.http.port }}
+        readinessProbe:
+          httpGet:
+            path: /readiness
+            port: {{ .Values.task.http.port }}
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 2
+          failureThreshold: 2
+          timeoutSeconds: 5
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
--- a/deployment/helm/templates/hpa.yaml
+++ b/deployment/helm/templates/hpa.yaml
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  labels:
+    {{- include "app.labels" . | nindent 4 }}
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "app.name" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+{{- with .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+{{- end }}
+{{- with .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+{{- end }}
+{{- end }}
\ No newline at end of file
--- a/deployment/helm/templates/ingress.yaml
+++ b/deployment/helm/templates/ingress.yaml
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+{{ toYaml .Values.ingress.annotations | indent 4 }}
+  labels:
+    {{- include "app.labels" . | nindent 4 }}
+spec:
+{{- if .Values.ingress.tlsEnabled }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.frontendDomain }}
+      secretName: {{ .Values.ingress.frontendTlsSecretName }}
+{{- end }}
+  rules:
+    - host: {{ .Values.ingress.frontendDomain }}
+      http:
+        paths:
+          - path: /{{ .Release.Namespace }}/{{ template "app.name" . }}(/|$)(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ template "app.name" . }}
+                port:
+                  number: {{ .Values.service.port }}
+{{- end }}
\ No newline at end of file
--- a/deployment/helm/templates/service.yaml
+++ b/deployment/helm/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "app.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "app.labels" . | nindent 4 }}
+spec:
+  clusterIP: None
+  ports:
+  - name: http
+    targetPort: {{ .Values.service.port }}
+    port: {{ .Values.task.http.port }}
+  selector:
+    {{- include "app.selectorLabels" . | nindent 4 }}
--- a/deployment/helm/values-override.yaml
+++ b/deployment/helm/values-override.yaml
+image:
+    repository: registry.gitlab.com/gaia-x/data-infrastructure-federation-services/tsa
+    # -- Image name
+    name: task
+mongo:
+    addr: mongodb+srv://vereign-mongodb-mongodb-svc.gxfs-vereign.svc.cluster.local/policy?ssl=false
+    user: ENC[AES256_GCM,data:Ax6AHW8=,iv:ExIEokXncj8lY9IR8KTLTNsQ1kzvCT4MStgHoKdshAg=,tag:iY7Btv4DBaceH17Y7mv6ww==,type:str]
+    pass: ENC[AES256_GCM,data:QCcDftpod8xivG4PFalDHvIOzosnPHo=,iv:Fpc/cHYwZzvpErpMpD54Lhe8q9Qt8PDxk3IbWrza/08=,tag:Rs9F5JNt2swm91joMHN5ug==,type:str]
+ingress:
+    frontendDomain: tsa.gxfs.dev
+    frontendTlsSecretName: wildcard-gxfs-dev
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1nrk70nevtmrcgzjunsed43ar6dk3e06qt7tryqqprj9axv4e0djqa0n0cg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbGxYckE3amlRQ1lqYkJ0
+            cU9ja0QwOGprdFIxdlREYzV1VjNxc1Z0alhJCnZTenhmSnhjVnh4TG5hK2ROTHpU
+            ZGNXQ0JBaTlLRFdlRWpiSFVmTHh1aXcKLS0tIGNRUWFYNlNNeGNVMFNZazhKL1JR
+            dE5CNGpJNXRFaUlQZ0ZxcjVNY1A2T2cKHwckI0mmC/WgP+393YOXerwVCMY5G0mi
+            mjcwATZFOnCwafIbVq5JhuDCylNw3chuLinXw7OHIzBbDrTKCoyBnQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-08-08T15:40:04Z"
+    mac: ENC[AES256_GCM,data:dlZq3RItOFZR9FFH0BpTkT6Eux/DTgpR/9PH3vZWVfcGGDngxov1g067RDd+9qQ1YP13r45c93q7atNX1a/GPWnfW5RvLC8JT8r57SiVydicThNiNgNColFnKTs+E1z7mj4OgKcD8hTk9hK127QEmn1xfMPuRXmPLw80ds0NELk=,iv:VQqow9C9C3mj5am4mBFFb1LrUZhuL3z1S47wdn1nOuM=,tag:QRA73FQqANyaWta19T0QHQ==,type:str]
+    pgp: []
+    encrypted_regex: ^(user|pass)$
+    version: 3.7.3
--- a/deployment/helm/values.yaml
+++ b/deployment/helm/values.yaml
+# -- Default number of instances to start 
+replicaCount: 1
+# -- Application name
+name: task
+# -- Ovverwrites application name
+nameOverride: ""
+
+image:
+  repository: eu.gcr.io/vrgn-infra-prj
+  # -- Image name
+  name: gaiax/task
+  # -- Image tag
+  # Uses .Chart.AppVersion if empty
+  tag: ""
+  # -- Image sha, usually generated by the CI
+  # Uses image.tag if empty
+  sha: ""
+  # -- Image pull policy
+  pullPolicy: IfNotPresent
+  # -- Image pull secret when internal image is used
+  pullSecrets: deployment-key-light
+
+
+podAnnotations: {}
+##
+## Pass extra environment variables to the container.
+##
+# extraVars:
+# - name: EXTRA_VAR_1
+#   value: extra-var-value-1
+# - name: EXTRA_VAR_2
+#   value: extra-var-value-2
+##
+## Create new service when true, and use the specified uner name when set to the name specified
+##
+
+resources:
+  requests:
+    cpu: 25m
+    memory: 64Mi
+  limits:
+    cpu: 150m
+    memory: 128Mi
+
+## Configure pod autoscaling
+##
+
+autoscaling:
+  # -- Enable autoscaling
+  enabled: false
+  # -- Minimum replicas
+  minReplicas: 1
+  # -- Maximum replicas
+  maxReplicas: 3
+  # -- CPU target for autoscaling trigger
+  targetCPUUtilizationPercentage: 70
+  # -- Memory target for autoscaling trigger
+  targetMemoryUtilizationPercentage: 70
+##
+## Prometheus Exporter / Metrics
+##
+
+metrics:
+  # -- Enable prometheus metrics
+  enabled: true
+  # -- Port for prometheus metrics
+  port: 2112
+
+log:
+  level: "debug"
+  encoding: json
+
+##
+## Kubernetes [SecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) object.
+##
+
+security:
+  # -- by default, apps run as non-root
+  runAsNonRoot: false
+  # -- User used by the apps
+  runAsUid: 0
+  # -- Group used by the apps
+  runAsGid: 0
+##
+##
+service:
+  port: 8080
+
+task:
+  http:
+    host: ""
+    port: 8080
+    timeout:
+      idle: 120s
+      read: 10s
+      write: 10s
+
+mongo:
+  addr: "mongodb://mongodb-mongodb-replicaset.infra:27017/task?replicaSet=rs0&authSource=admin"
+  user: ""
+  pass: ""
+  dbname: task
+
+addresses:
+  policy: http://policy:8080
+  cache: http://cache:8080
+
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+  tlsEnabled: true
+  frontendDomain: gaiax.vereign.com
+  frontendTlsSecretName: cert-manager-tls
+