From 3ad0f97328a01dce500fa9b06e58b501ce385198 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Mon, 8 Jul 2024 13:11:28 +0000 Subject: [PATCH] helm packages added --- helm/sunbird-c-charts/.helmignore | 23 ++ helm/sunbird-c-charts/Chart.yaml | 24 ++ .../charts/config/.helmignore | 23 ++ .../sunbird-c-charts/charts/config/Chart.yaml | 24 ++ .../charts/config/templates/configmap.yaml | 104 +++++++++ .../charts/config/values.yaml | 1 + .../credential-schema-service/.helmignore | 23 ++ .../credential-schema-service/Chart.yaml | 24 ++ .../templates/NOTES.txt | 22 ++ .../templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 77 +++++++ .../templates/hpa.yaml | 33 +++ .../templates/ingress.yaml | 62 ++++++ .../templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../credential-schema-service/values.yaml | 74 +++++++ .../charts/credentials-service/.helmignore | 23 ++ .../charts/credentials-service/Chart.yaml | 24 ++ .../credentials-service/templates/NOTES.txt | 22 ++ .../templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 77 +++++++ .../credentials-service/templates/hpa.yaml | 33 +++ .../templates/ingress.yaml | 62 ++++++ .../templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/credentials-service/values.yaml | 74 +++++++ .../charts/identity-service/.helmignore | 23 ++ .../charts/identity-service/Chart.yaml | 24 ++ .../identity-service/templates/NOTES.txt | 22 ++ .../identity-service/templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 82 +++++++ .../identity-service/templates/hpa.yaml | 33 +++ .../identity-service/templates/ingress.yaml | 62 ++++++ .../identity-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/identity-service/values.yaml | 74 +++++++ .../charts/secrets/.helmignore | 23 ++ .../charts/secrets/Chart.yaml | 24 ++ .../charts/secrets/templates/secrets.yaml | 15 ++ .../charts/secrets/values.yaml | 82 +++++++ helm/sunbird-c-charts/values.yaml | 123 +++++++++++ helm/sunbird-r-charts/.helmignore | 23 ++ helm/sunbird-r-charts/Chart.yaml | 24 ++ .../charts/certificate-api/.helmignore | 23 ++ .../charts/certificate-api/Chart.yaml | 24 ++ .../certificate-api/templates/NOTES.txt | 22 ++ .../certificate-api/templates/_helpers.tpl | 62 ++++++ .../certificate-api/templates/deployment.yaml | 74 +++++++ .../charts/certificate-api/templates/hpa.yaml | 33 +++ .../certificate-api/templates/ingress.yaml | 62 ++++++ .../certificate-api/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/certificate-api/values.yaml | 71 ++++++ .../charts/certificate-signer/.helmignore | 23 ++ .../charts/certificate-signer/Chart.yaml | 24 ++ .../certificate-signer/keys/config.json | 11 + .../certificate-signer/templates/NOTES.txt | 22 ++ .../certificate-signer/templates/_helpers.tpl | 62 ++++++ .../templates/configmap.yaml | 10 + .../templates/deployment.yaml | 81 +++++++ .../certificate-signer/templates/hpa.yaml | 33 +++ .../certificate-signer/templates/ingress.yaml | 62 ++++++ .../certificate-signer/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/certificate-signer/values.yaml | 71 ++++++ .../charts/claim-ms/.helmignore | 23 ++ .../charts/claim-ms/Chart.yaml | 24 ++ .../charts/claim-ms/templates/NOTES.txt | 22 ++ .../charts/claim-ms/templates/_helpers.tpl | 62 ++++++ .../charts/claim-ms/templates/deployment.yaml | 77 +++++++ .../charts/claim-ms/templates/hpa.yaml | 33 +++ .../charts/claim-ms/templates/ingress.yaml | 62 ++++++ .../charts/claim-ms/templates/service.yaml | 16 ++ .../claim-ms/templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 16 ++ .../charts/claim-ms/values.yaml | 75 +++++++ .../charts/config/.helmignore | 23 ++ .../sunbird-r-charts/charts/config/Chart.yaml | 24 ++ .../charts/config/templates/configmap.yaml | 104 +++++++++ .../charts/config/values.yaml | 1 + .../charts/context-proxy-service/.helmignore | 23 ++ .../charts/context-proxy-service/Chart.yaml | 24 ++ .../context-proxy-service/templates/NOTES.txt | 22 ++ .../templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 71 ++++++ .../context-proxy-service/templates/hpa.yaml | 33 +++ .../templates/ingress.yaml | 62 ++++++ .../templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/context-proxy-service/values.yaml | 75 +++++++ .../charts/encryption-service/.helmignore | 23 ++ .../charts/encryption-service/Chart.yaml | 24 ++ .../encryption-service/templates/NOTES.txt | 22 ++ .../encryption-service/templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 87 ++++++++ .../encryption-service/templates/hpa.yaml | 33 +++ .../encryption-service/templates/ingress.yaml | 62 ++++++ .../encryption-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 16 ++ .../charts/encryption-service/values.yaml | 79 +++++++ .../charts/id-gen-service/.helmignore | 23 ++ .../charts/id-gen-service/Chart.yaml | 24 ++ .../charts/id-gen-service/templates/NOTES.txt | 22 ++ .../id-gen-service/templates/_helpers.tpl | 62 ++++++ .../id-gen-service/templates/deployment.yaml | 84 +++++++ .../charts/id-gen-service/templates/hpa.yaml | 33 +++ .../id-gen-service/templates/ingress.yaml | 62 ++++++ .../id-gen-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 16 ++ .../charts/id-gen-service/values.yaml | 80 +++++++ .../charts/keycloak-service/.helmignore | 23 ++ .../charts/keycloak-service/Chart.yaml | 24 ++ .../keycloak-service/templates/NOTES.txt | 22 ++ .../keycloak-service/templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 82 +++++++ .../keycloak-service/templates/hpa.yaml | 33 +++ .../keycloak-service/templates/ingress.yaml | 62 ++++++ .../keycloak-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../charts/keycloak-service/values.yaml | 74 +++++++ .../charts/notification-ms/.helmignore | 23 ++ .../charts/notification-ms/Chart.yaml | 24 ++ .../notification-ms/templates/NOTES.txt | 22 ++ .../notification-ms/templates/_helpers.tpl | 62 ++++++ .../notification-ms/templates/deployment.yaml | 71 ++++++ .../charts/notification-ms/templates/hpa.yaml | 33 +++ .../notification-ms/templates/ingress.yaml | 62 ++++++ .../notification-ms/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/notification-ms/values.yaml | 74 +++++++ .../charts/public-key-service/.helmignore | 23 ++ .../charts/public-key-service/Chart.yaml | 24 ++ .../public-key-service/keys/config.json | 10 + .../public-key-service/templates/NOTES.txt | 22 ++ .../public-key-service/templates/_helpers.tpl | 62 ++++++ .../templates/configmap.yaml | 10 + .../templates/deployment.yaml | 81 +++++++ .../public-key-service/templates/hpa.yaml | 33 +++ .../public-key-service/templates/ingress.yaml | 62 ++++++ .../public-key-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/public-key-service/values.yaml | 74 +++++++ .../charts/registry/.helmignore | 23 ++ .../charts/registry/Chart.yaml | 24 ++ .../charts/registry/schemas/Insurance.json | 208 ++++++++++++++++++ .../charts/registry/schemas/Official.json | 71 ++++++ .../charts/registry/schemas/Student.json | 79 +++++++ .../charts/registry/templates/NOTES.txt | 22 ++ .../charts/registry/templates/_helpers.tpl | 62 ++++++ .../charts/registry/templates/configmap.yaml | 10 + .../charts/registry/templates/deployment.yaml | 104 +++++++++ .../charts/registry/templates/hpa.yaml | 33 +++ .../charts/registry/templates/ingress.yaml | 62 ++++++ .../charts/registry/templates/service.yaml | 16 ++ .../registry/templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/registry/values.yaml | 75 +++++++ .../charts/secrets/.helmignore | 23 ++ .../charts/secrets/Chart.yaml | 24 ++ .../charts/secrets/templates/secrets.yaml | 15 ++ .../charts/secrets/values.yaml | 82 +++++++ helm/sunbird-r-charts/values.yaml | 123 +++++++++++ helm/sunbird-rc-charts/.helmignore | 23 ++ helm/sunbird-rc-charts/Chart.yaml | 24 ++ .../charts/certificate-api/.helmignore | 23 ++ .../charts/certificate-api/Chart.yaml | 24 ++ .../certificate-api/templates/NOTES.txt | 22 ++ .../certificate-api/templates/_helpers.tpl | 62 ++++++ .../certificate-api/templates/deployment.yaml | 74 +++++++ .../charts/certificate-api/templates/hpa.yaml | 33 +++ .../certificate-api/templates/ingress.yaml | 62 ++++++ .../certificate-api/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/certificate-api/values.yaml | 71 ++++++ .../charts/certificate-signer/.helmignore | 23 ++ .../charts/certificate-signer/Chart.yaml | 24 ++ .../certificate-signer/keys/config.json | 11 + .../certificate-signer/templates/NOTES.txt | 22 ++ .../certificate-signer/templates/_helpers.tpl | 62 ++++++ .../templates/configmap.yaml | 10 + .../templates/deployment.yaml | 81 +++++++ .../certificate-signer/templates/hpa.yaml | 33 +++ .../certificate-signer/templates/ingress.yaml | 62 ++++++ .../certificate-signer/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/certificate-signer/values.yaml | 71 ++++++ .../charts/claim-ms/.helmignore | 23 ++ .../charts/claim-ms/Chart.yaml | 24 ++ .../charts/claim-ms/templates/NOTES.txt | 22 ++ .../charts/claim-ms/templates/_helpers.tpl | 62 ++++++ .../charts/claim-ms/templates/deployment.yaml | 77 +++++++ .../charts/claim-ms/templates/hpa.yaml | 33 +++ .../charts/claim-ms/templates/ingress.yaml | 62 ++++++ .../charts/claim-ms/templates/service.yaml | 16 ++ .../claim-ms/templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 16 ++ .../charts/claim-ms/values.yaml | 75 +++++++ .../charts/config/.helmignore | 23 ++ .../charts/config/Chart.yaml | 24 ++ .../charts/config/templates/configmap.yaml | 104 +++++++++ .../charts/config/values.yaml | 1 + .../charts/context-proxy-service/.helmignore | 23 ++ .../charts/context-proxy-service/Chart.yaml | 24 ++ .../context-proxy-service/templates/NOTES.txt | 22 ++ .../templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 71 ++++++ .../context-proxy-service/templates/hpa.yaml | 33 +++ .../templates/ingress.yaml | 62 ++++++ .../templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/context-proxy-service/values.yaml | 75 +++++++ .../credential-schema-service/.helmignore | 23 ++ .../credential-schema-service/Chart.yaml | 24 ++ .../templates/NOTES.txt | 22 ++ .../templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 77 +++++++ .../templates/hpa.yaml | 33 +++ .../templates/ingress.yaml | 62 ++++++ .../templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../credential-schema-service/values.yaml | 74 +++++++ .../charts/credentials-service/.helmignore | 23 ++ .../charts/credentials-service/Chart.yaml | 24 ++ .../credentials-service/templates/NOTES.txt | 22 ++ .../templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 77 +++++++ .../credentials-service/templates/hpa.yaml | 33 +++ .../templates/ingress.yaml | 62 ++++++ .../templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/credentials-service/values.yaml | 74 +++++++ .../charts/encryption-service/.helmignore | 23 ++ .../charts/encryption-service/Chart.yaml | 24 ++ .../encryption-service/templates/NOTES.txt | 22 ++ .../encryption-service/templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 87 ++++++++ .../encryption-service/templates/hpa.yaml | 33 +++ .../encryption-service/templates/ingress.yaml | 62 ++++++ .../encryption-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 16 ++ .../charts/encryption-service/values.yaml | 79 +++++++ .../charts/id-gen-service/.helmignore | 23 ++ .../charts/id-gen-service/Chart.yaml | 24 ++ .../charts/id-gen-service/templates/NOTES.txt | 22 ++ .../id-gen-service/templates/_helpers.tpl | 62 ++++++ .../id-gen-service/templates/deployment.yaml | 84 +++++++ .../charts/id-gen-service/templates/hpa.yaml | 33 +++ .../id-gen-service/templates/ingress.yaml | 62 ++++++ .../id-gen-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 16 ++ .../charts/id-gen-service/values.yaml | 80 +++++++ .../charts/identity-service/.helmignore | 23 ++ .../charts/identity-service/Chart.yaml | 24 ++ .../identity-service/templates/NOTES.txt | 22 ++ .../identity-service/templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 82 +++++++ .../identity-service/templates/hpa.yaml | 33 +++ .../identity-service/templates/ingress.yaml | 62 ++++++ .../identity-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/identity-service/values.yaml | 74 +++++++ .../charts/keycloak-service/.helmignore | 23 ++ .../charts/keycloak-service/Chart.yaml | 24 ++ .../keycloak-service/templates/NOTES.txt | 22 ++ .../keycloak-service/templates/_helpers.tpl | 62 ++++++ .../templates/deployment.yaml | 82 +++++++ .../keycloak-service/templates/hpa.yaml | 33 +++ .../keycloak-service/templates/ingress.yaml | 62 ++++++ .../keycloak-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../charts/keycloak-service/values.yaml | 74 +++++++ .../charts/notification-ms/.helmignore | 23 ++ .../charts/notification-ms/Chart.yaml | 24 ++ .../notification-ms/templates/NOTES.txt | 22 ++ .../notification-ms/templates/_helpers.tpl | 62 ++++++ .../notification-ms/templates/deployment.yaml | 71 ++++++ .../charts/notification-ms/templates/hpa.yaml | 33 +++ .../notification-ms/templates/ingress.yaml | 62 ++++++ .../notification-ms/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/notification-ms/values.yaml | 74 +++++++ .../charts/public-key-service/.helmignore | 23 ++ .../charts/public-key-service/Chart.yaml | 24 ++ .../public-key-service/keys/config.json | 10 + .../public-key-service/templates/NOTES.txt | 22 ++ .../public-key-service/templates/_helpers.tpl | 62 ++++++ .../templates/configmap.yaml | 10 + .../templates/deployment.yaml | 81 +++++++ .../public-key-service/templates/hpa.yaml | 33 +++ .../public-key-service/templates/ingress.yaml | 62 ++++++ .../public-key-service/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/public-key-service/values.yaml | 74 +++++++ .../charts/registry/.helmignore | 23 ++ .../charts/registry/Chart.yaml | 24 ++ .../charts/registry/schemas/Insurance.json | 208 ++++++++++++++++++ .../charts/registry/schemas/Official.json | 71 ++++++ .../charts/registry/schemas/Student.json | 79 +++++++ .../charts/registry/templates/NOTES.txt | 22 ++ .../charts/registry/templates/_helpers.tpl | 62 ++++++ .../charts/registry/templates/configmap.yaml | 10 + .../charts/registry/templates/deployment.yaml | 104 +++++++++ .../charts/registry/templates/hpa.yaml | 33 +++ .../charts/registry/templates/ingress.yaml | 62 ++++++ .../charts/registry/templates/service.yaml | 16 ++ .../registry/templates/serviceaccount.yaml | 13 ++ .../templates/tests/test-connection.yaml | 15 ++ .../charts/registry/values.yaml | 75 +++++++ .../charts/secrets/.helmignore | 23 ++ .../charts/secrets/Chart.yaml | 24 ++ .../charts/secrets/templates/secrets.yaml | 15 ++ .../charts/secrets/values.yaml | 82 +++++++ helm/sunbird-rc-charts/values.yaml | 123 +++++++++++ helm/vault-init/.helmignore | 23 ++ helm/vault-init/Chart.yaml | 24 ++ helm/vault-init/templates/NOTES.txt | 22 ++ helm/vault-init/templates/_helpers.tpl | 62 ++++++ .../templates/init-sa-role-binding.yaml | 15 ++ helm/vault-init/templates/init-sa-role.yaml | 19 ++ helm/vault-init/templates/service.yaml | 15 ++ helm/vault-init/templates/serviceaccount.yaml | 13 ++ helm/vault-init/templates/vault-init-job.yaml | 36 +++ helm/vault-init/values.yaml | 110 +++++++++ lib/config.ts | 4 +- packages/index.yaml | 47 ++++ packages/sunbird-c-charts-0.0.1.tgz | Bin 0 -> 8484 bytes packages/sunbird-r-charts-0.0.1.tgz | Bin 0 -> 21203 bytes packages/sunbird_rc_charts-0.0.1.tgz | Bin 0 -> 22335 bytes packages/vault-init-0.1.0.tgz | Bin 0 -> 3469 bytes 349 files changed, 13636 insertions(+), 2 deletions(-) create mode 100644 helm/sunbird-c-charts/.helmignore create mode 100644 helm/sunbird-c-charts/Chart.yaml create mode 100644 helm/sunbird-c-charts/charts/config/.helmignore create mode 100644 helm/sunbird-c-charts/charts/config/Chart.yaml create mode 100644 helm/sunbird-c-charts/charts/config/templates/configmap.yaml create mode 100644 helm/sunbird-c-charts/charts/config/values.yaml create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/.helmignore create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/Chart.yaml create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/templates/NOTES.txt create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/templates/_helpers.tpl create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/templates/deployment.yaml create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/templates/hpa.yaml create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/templates/ingress.yaml create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/templates/service.yaml create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-c-charts/charts/credential-schema-service/values.yaml create mode 100644 helm/sunbird-c-charts/charts/credentials-service/.helmignore create mode 100644 helm/sunbird-c-charts/charts/credentials-service/Chart.yaml create mode 100644 helm/sunbird-c-charts/charts/credentials-service/templates/NOTES.txt create mode 100644 helm/sunbird-c-charts/charts/credentials-service/templates/_helpers.tpl create mode 100644 helm/sunbird-c-charts/charts/credentials-service/templates/deployment.yaml create mode 100644 helm/sunbird-c-charts/charts/credentials-service/templates/hpa.yaml create mode 100644 helm/sunbird-c-charts/charts/credentials-service/templates/ingress.yaml create mode 100644 helm/sunbird-c-charts/charts/credentials-service/templates/service.yaml create mode 100644 helm/sunbird-c-charts/charts/credentials-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-c-charts/charts/credentials-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-c-charts/charts/credentials-service/values.yaml create mode 100644 helm/sunbird-c-charts/charts/identity-service/.helmignore create mode 100644 helm/sunbird-c-charts/charts/identity-service/Chart.yaml create mode 100644 helm/sunbird-c-charts/charts/identity-service/templates/NOTES.txt create mode 100644 helm/sunbird-c-charts/charts/identity-service/templates/_helpers.tpl create mode 100644 helm/sunbird-c-charts/charts/identity-service/templates/deployment.yaml create mode 100644 helm/sunbird-c-charts/charts/identity-service/templates/hpa.yaml create mode 100644 helm/sunbird-c-charts/charts/identity-service/templates/ingress.yaml create mode 100644 helm/sunbird-c-charts/charts/identity-service/templates/service.yaml create mode 100644 helm/sunbird-c-charts/charts/identity-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-c-charts/charts/identity-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-c-charts/charts/identity-service/values.yaml create mode 100644 helm/sunbird-c-charts/charts/secrets/.helmignore create mode 100644 helm/sunbird-c-charts/charts/secrets/Chart.yaml create mode 100644 helm/sunbird-c-charts/charts/secrets/templates/secrets.yaml create mode 100644 helm/sunbird-c-charts/charts/secrets/values.yaml create mode 100644 helm/sunbird-c-charts/values.yaml create mode 100644 helm/sunbird-r-charts/.helmignore create mode 100644 helm/sunbird-r-charts/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-api/.helmignore create mode 100644 helm/sunbird-r-charts/charts/certificate-api/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-api/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/certificate-api/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/certificate-api/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-api/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-api/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-api/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-api/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-api/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-api/values.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/.helmignore create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/keys/config.json create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/configmap.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/certificate-signer/values.yaml create mode 100644 helm/sunbird-r-charts/charts/claim-ms/.helmignore create mode 100644 helm/sunbird-r-charts/charts/claim-ms/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/claim-ms/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/claim-ms/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/claim-ms/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/claim-ms/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/claim-ms/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/claim-ms/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/claim-ms/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/claim-ms/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/claim-ms/values.yaml create mode 100644 helm/sunbird-r-charts/charts/config/.helmignore create mode 100644 helm/sunbird-r-charts/charts/config/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/config/templates/configmap.yaml create mode 100644 helm/sunbird-r-charts/charts/config/values.yaml create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/.helmignore create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/context-proxy-service/values.yaml create mode 100644 helm/sunbird-r-charts/charts/encryption-service/.helmignore create mode 100644 helm/sunbird-r-charts/charts/encryption-service/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/encryption-service/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/encryption-service/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/encryption-service/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/encryption-service/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/encryption-service/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/encryption-service/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/encryption-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/encryption-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/encryption-service/values.yaml create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/.helmignore create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/id-gen-service/values.yaml create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/.helmignore create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/keycloak-service/values.yaml create mode 100644 helm/sunbird-r-charts/charts/notification-ms/.helmignore create mode 100644 helm/sunbird-r-charts/charts/notification-ms/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/notification-ms/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/notification-ms/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/notification-ms/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/notification-ms/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/notification-ms/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/notification-ms/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/notification-ms/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/notification-ms/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/notification-ms/values.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/.helmignore create mode 100644 helm/sunbird-r-charts/charts/public-key-service/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/keys/config.json create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/configmap.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/public-key-service/values.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/.helmignore create mode 100644 helm/sunbird-r-charts/charts/registry/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/schemas/Insurance.json create mode 100644 helm/sunbird-r-charts/charts/registry/schemas/Official.json create mode 100644 helm/sunbird-r-charts/charts/registry/schemas/Student.json create mode 100644 helm/sunbird-r-charts/charts/registry/templates/NOTES.txt create mode 100644 helm/sunbird-r-charts/charts/registry/templates/_helpers.tpl create mode 100644 helm/sunbird-r-charts/charts/registry/templates/configmap.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/templates/deployment.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/templates/hpa.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/templates/ingress.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/templates/service.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/templates/serviceaccount.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-r-charts/charts/registry/values.yaml create mode 100644 helm/sunbird-r-charts/charts/secrets/.helmignore create mode 100644 helm/sunbird-r-charts/charts/secrets/Chart.yaml create mode 100644 helm/sunbird-r-charts/charts/secrets/templates/secrets.yaml create mode 100644 helm/sunbird-r-charts/charts/secrets/values.yaml create mode 100644 helm/sunbird-r-charts/values.yaml create mode 100644 helm/sunbird-rc-charts/.helmignore create mode 100644 helm/sunbird-rc-charts/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-api/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/keys/config.json create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/configmap.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/certificate-signer/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/claim-ms/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/config/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/config/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/config/templates/configmap.yaml create mode 100644 helm/sunbird-rc-charts/charts/config/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/context-proxy-service/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/credential-schema-service/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/credentials-service/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/encryption-service/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/id-gen-service/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/identity-service/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/identity-service/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/identity-service/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/identity-service/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/identity-service/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/identity-service/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/identity-service/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/identity-service/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/identity-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/identity-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/identity-service/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/keycloak-service/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/notification-ms/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/keys/config.json create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/configmap.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/public-key-service/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/registry/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/schemas/Insurance.json create mode 100644 helm/sunbird-rc-charts/charts/registry/schemas/Official.json create mode 100644 helm/sunbird-rc-charts/charts/registry/schemas/Student.json create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/NOTES.txt create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/_helpers.tpl create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/configmap.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/deployment.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/hpa.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/ingress.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/service.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/serviceaccount.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/templates/tests/test-connection.yaml create mode 100644 helm/sunbird-rc-charts/charts/registry/values.yaml create mode 100644 helm/sunbird-rc-charts/charts/secrets/.helmignore create mode 100644 helm/sunbird-rc-charts/charts/secrets/Chart.yaml create mode 100644 helm/sunbird-rc-charts/charts/secrets/templates/secrets.yaml create mode 100644 helm/sunbird-rc-charts/charts/secrets/values.yaml create mode 100644 helm/sunbird-rc-charts/values.yaml create mode 100644 helm/vault-init/.helmignore create mode 100644 helm/vault-init/Chart.yaml create mode 100644 helm/vault-init/templates/NOTES.txt create mode 100644 helm/vault-init/templates/_helpers.tpl create mode 100644 helm/vault-init/templates/init-sa-role-binding.yaml create mode 100644 helm/vault-init/templates/init-sa-role.yaml create mode 100644 helm/vault-init/templates/service.yaml create mode 100644 helm/vault-init/templates/serviceaccount.yaml create mode 100644 helm/vault-init/templates/vault-init-job.yaml create mode 100644 helm/vault-init/values.yaml create mode 100644 packages/index.yaml create mode 100644 packages/sunbird-c-charts-0.0.1.tgz create mode 100644 packages/sunbird-r-charts-0.0.1.tgz create mode 100644 packages/sunbird_rc_charts-0.0.1.tgz create mode 100644 packages/vault-init-0.1.0.tgz diff --git a/helm/sunbird-c-charts/.helmignore b/helm/sunbird-c-charts/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-c-charts/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-c-charts/Chart.yaml b/helm/sunbird-c-charts/Chart.yaml new file mode 100644 index 0000000..255849c --- /dev/null +++ b/helm/sunbird-c-charts/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: sunbird-c-charts +description: A Helm chart for Sunbird RC + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.13" diff --git a/helm/sunbird-c-charts/charts/config/.helmignore b/helm/sunbird-c-charts/charts/config/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-c-charts/charts/config/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-c-charts/charts/config/Chart.yaml b/helm/sunbird-c-charts/charts/config/Chart.yaml new file mode 100644 index 0000000..399a479 --- /dev/null +++ b/helm/sunbird-c-charts/charts/config/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: config +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-c-charts/charts/config/templates/configmap.yaml b/helm/sunbird-c-charts/charts/config/templates/configmap.yaml new file mode 100644 index 0000000..4d37f2f --- /dev/null +++ b/helm/sunbird-c-charts/charts/config/templates/configmap.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-config + namespace: {{ .Release.Namespace }} +data: + DB_ADDR: {{.Values.global.database.host | quote}} + DB_DATABASE: {{.Values.global.keycloak.database | quote}} + DB_PORT: {{.Values.global.database.port | quote}} + DB_USER: {{.Values.global.database.user | quote}} + DB_VENDOR: {{.Values.global.database.vendor | quote}} + KEYCLOAK_USER: {{.Values.global.keycloak.admin.username | quote}} + PROXY_ADDRESS_FORWARDING: {{.Values.global.keycloak.proxy_forwarding | quote}} + connectionInfo_uri: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + connectionInfo_username: {{.Values.global.database.user | quote}} + elastic_search_connection_url: {{.Values.global.elastic_search.url | quote}} + elastic_search_auth_enabled: {{.Values.global.elastic_search.auth_enabled | quote}} + elastic_search_username: {{.Values.global.elastic_search.username | quote}} + search_providerName: {{.Values.global.registry.search_provider | quote}} + sunbird_sso_realm: {{.Values.global.registry.sso.realm | quote}} + sunbird_sso_url: http://{{ .Release.Name }}-keycloak-service:8080/auth + sunbird_sso_admin_client_id: {{.Values.global.registry.sso.admin_client_id | quote}} + sunbird_sso_client_id: {{.Values.global.registry.sso.client_id | quote}} + idgen_health_check_url: http://{{ .Release.Name }}-id-gen-service:8088/health + idgen_generate_url: http://{{ .Release.Name }}-id-gen-service:8088/id/_generate + idgen_id_format_url: http://{{ .Release.Name }}-id-gen-service:8088/id/_format/add + encryption_health_check_url: http://{{ .Release.Name }}-encryption-service:8013/health + encryption_uri: http://{{ .Release.Name }}-encryption-service:8013/crypto/v1/_encrypt + encryption_batch_uri: http://{{ .Release.Name }}-encryption-service:8013/crypto/v1/_encrypt + claims_url: http://{{ .Release.Name }}-claim-ms:8082 + sign_url: http://{{ .Release.Name }}-certificate-signer:8079/sign + verify_url: http://{{ .Release.Name }}-certificate-signer:8079/verify + sign_health_check_url: http://{{ .Release.Name }}-certificate-signer:8079/health + signature_enabled: {{.Values.global.registry.signature_enabled | quote}} + pdf_url: http://{{ .Release.Name }}-certificate-api:8078/api/v1/certificatePDF + certificate_health_check_url: http://{{ .Release.Name }}-certificate-api:8078/health + template_base_url: http://{{ .Release.Name }}-registry:8081/api/v1/templates/ #Looks for certificate templates for pdf copy of the signed certificate + sunbird_keycloak_user_set_password: {{.Values.global.registry.keycloak_user_set_password | quote}} + filestorage_connection_url: {{.Values.global.minio.url | quote}} + filestorage_access_key: {{.Values.global.minio.access_key | quote}} + filestorage_bucket_key: {{.Values.global.minio.bucket_key | quote}} + registry_base_apis_enable: {{.Values.global.registry.base_apis_enabled | quote}} + logging.level.root: {{.Values.global.registry.log_level | quote}} + enable_external_templates: {{.Values.global.registry.enable_external_templates | quote}} + async_enabled: {{.Values.global.registry.enable_async | quote}} + authentication_enabled: {{.Values.global.registry.enable_authentication | quote}} + kafka_bootstrap_address: {{.Values.global.kafka.url | quote}} + webhook_enabled: {{.Values.global.registry.enable_webhook | quote}} + webhook_url: {{.Values.global.registry.webhook_url | quote}} + redis_host: {{.Values.global.redis.host | quote}} + redis_port: {{.Values.global.redis.port | quote}} + manager_type: {{.Values.global.registry.manager_type | quote}} + sunbirdrc_url: http://{{ .Release.Name }}-registry:8081 + opa_allow_key_name: {{.Values.global.registry.opa_allow_key_name | quote}} + opa_enabled: {{.Values.global.registry.opa_enabled | quote}} + swagger_enabled: {{.Values.global.registry.swagger_enabled| quote}} + swagger_title: {{.Values.global.registry.swagger_title| quote}} + claims_enabled: {{.Values.global.registry.claims_enabled | quote}} + certificate_enabled: {{.Values.global.registry.certificate_enabled | quote}} + encryption_enabled: {{.Values.global.registry.encryption_enabled | quote}} + idgen_enabled: {{.Values.global.registry.idgen_enabled | quote}} + spring.datasource.url: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + spring.flyway.url: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + spring.flyway.baseline-on-migrate: {{.Values.global.registry.migrationEnabled | quote}} + autocreate.new.seq: {{.Values.global.registry.autoCreateNewSeq | quote}} + idformat.from.mdms: {{.Values.global.registry.idformatFromMdms | quote}} + #egov.mdms.provider: {{.Values.global.registry.mdmsProvider | quote}} + #encryption_port: {{.Values.global.registry.encryption_port }} + server.servlet.context-path: {{.Values.global.registry.context_path | quote}} + management.endpoints.web.base-path: {{.Values.global.registry.context_path | quote}} + spring.datasource.username: {{.Values.global.database.user | quote}} + IDENTITY_BASE_URL: http://{{ .Release.Name }}-identity-service:3332 + SCHEMA_BASE_URL: http://{{ .Release.Name }}-credential-schema-service:3333 + CREDENTIAL_SERVICE_BASE_URL: http://{{ .Release.Name }}-credentials-service:3000 + OAUTH2_RESOURCES_0_URI: http://{{ .Release.Name }}-keycloak-service:8080/auth/realms/sunbird-rc + JWKS_URI: {{.Values.global.sunbird.jwks_uri | quote}} + ENABLE_AUTH: {{.Values.global.sunbird.enable_auth | quote}} + VAULT_ADDR: {{.Values.global.vault.address | quote}} + VAULT_BASE_URL: {{.Values.global.vault.base_url | quote}} + VAULT_ROOT_PATH: {{.Values.global.vault.root_path | quote}} + VAULT_TIMEOUT: {{.Values.global.vault.vault_timeout | quote}} + VAULT_PROXY: {{.Values.global.vault.vault_proxy | quote}} + #VAULT_TOKEN: {{ .Values.global.vault.vault_token | quote}} + SIGNING_ALGORITHM: {{.Values.global.sunbird.signing_algo | quote}} + did_enabled: {{.Values.global.registry.did_enabled | quote}} + did_health_check_url: http://{{ .Release.Name }}-identity-service:3332/health + did_generate_url: http://{{ .Release.Name }}-identity-service:3332/did/generate + did_resolve_url: http://{{ .Release.Name }}-identity-service:3332/did/resolve/{id} + signature_provider: {{.Values.global.registry.signature_provider | quote}} + signature_v2_credential_did_method: {{.Values.global.registry.credential_did_method | quote}} + signature_v2_issuer_did_method: {{.Values.global.registry.issuer_did_method | quote}} + signature_v2_schema_author: {{.Values.global.registry.schema_author | quote}} + signature_v2_schema_author_did_method: {{.Values.global.registry.schema_author_did_method | quote}} + signature_v2_health_check_url: http://{{ .Release.Name }}-credentials-service:3000/health + signature_v2_issue_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/issue + signature_v2_get_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id} + signature_v2_delete_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id} + signature_v2_verify_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id}/verify + signature_v2_revocation_list_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/revocation-list?issuerId={issuerDid}&page={page}&limit={limit} + signature_v2_schema_health_check_url: http://{{ .Release.Name }}-credential-schema-service:3333/health + signature_v2_schema_create_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema + signature_v2_schema_update_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema/{id}/{version} + signature_v2_schema_get_by_id_and_version_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema/{id}/{version} + signature_v2_schema_search_by_tags_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema?tags={tags} diff --git a/helm/sunbird-c-charts/charts/config/values.yaml b/helm/sunbird-c-charts/charts/config/values.yaml new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/helm/sunbird-c-charts/charts/config/values.yaml @@ -0,0 +1 @@ + diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/.helmignore b/helm/sunbird-c-charts/charts/credential-schema-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/Chart.yaml b/helm/sunbird-c-charts/charts/credential-schema-service/Chart.yaml new file mode 100644 index 0000000..1f92f17 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: credential-schema-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/templates/NOTES.txt b/helm/sunbird-c-charts/charts/credential-schema-service/templates/NOTES.txt new file mode 100644 index 0000000..710eade --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "credential-schema-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "credential-schema-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "credential-schema-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "credential-schema-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/templates/_helpers.tpl b/helm/sunbird-c-charts/charts/credential-schema-service/templates/_helpers.tpl new file mode 100644 index 0000000..520b299 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "credential-schema-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "credential-schema-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "credential-schema-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "credential-schema-service.labels" -}} +helm.sh/chart: {{ include "credential-schema-service.chart" . }} +{{ include "credential-schema-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "credential-schema-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "credential-schema-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "credential-schema-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "credential-schema-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/templates/deployment.yaml b/helm/sunbird-c-charts/charts/credential-schema-service/templates/deployment.yaml new file mode 100644 index 0000000..927b4dd --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "credential-schema-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "credential-schema-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "credential-schema-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "credential-schema-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: rc-secret + key: DATABASE_URL + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/templates/hpa.yaml b/helm/sunbird-c-charts/charts/credential-schema-service/templates/hpa.yaml new file mode 100644 index 0000000..f67a51b --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "credential-schema-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "credential-schema-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/templates/ingress.yaml b/helm/sunbird-c-charts/charts/credential-schema-service/templates/ingress.yaml new file mode 100644 index 0000000..9c7033f --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "credential-schema-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/templates/service.yaml b/helm/sunbird-c-charts/charts/credential-schema-service/templates/service.yaml new file mode 100644 index 0000000..f5ac453 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "credential-schema-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "credential-schema-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/templates/serviceaccount.yaml b/helm/sunbird-c-charts/charts/credential-schema-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..649a82f --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "credential-schema-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/templates/tests/test-connection.yaml b/helm/sunbird-c-charts/charts/credential-schema-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..a7f1cc1 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "credential-schema-service.fullname" . }}-test-connection" + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "credential-schema-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-c-charts/charts/credential-schema-service/values.yaml b/helm/sunbird-c-charts/charts/credential-schema-service/values.yaml new file mode 100644 index 0000000..ac2f21e --- /dev/null +++ b/helm/sunbird-c-charts/charts/credential-schema-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for credential-schema-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-credential-schema + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.0.0-beta1" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 3333 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /credential-schema-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-c-charts/charts/credentials-service/.helmignore b/helm/sunbird-c-charts/charts/credentials-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-c-charts/charts/credentials-service/Chart.yaml b/helm/sunbird-c-charts/charts/credentials-service/Chart.yaml new file mode 100644 index 0000000..5c2fec0 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: credentials-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-c-charts/charts/credentials-service/templates/NOTES.txt b/helm/sunbird-c-charts/charts/credentials-service/templates/NOTES.txt new file mode 100644 index 0000000..b125da6 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "credentials-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "credentials-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "credentials-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "credentials-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credentials-service/templates/_helpers.tpl b/helm/sunbird-c-charts/charts/credentials-service/templates/_helpers.tpl new file mode 100644 index 0000000..00234e7 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "credentials-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "credentials-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "credentials-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "credentials-service.labels" -}} +helm.sh/chart: {{ include "credentials-service.chart" . }} +{{ include "credentials-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "credentials-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "credentials-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "credentials-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "credentials-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credentials-service/templates/deployment.yaml b/helm/sunbird-c-charts/charts/credentials-service/templates/deployment.yaml new file mode 100644 index 0000000..78d78bc --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "credentials-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "credentials-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "credentials-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "credentials-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: rc-secret + key: DATABASE_URL + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-c-charts/charts/credentials-service/templates/hpa.yaml b/helm/sunbird-c-charts/charts/credentials-service/templates/hpa.yaml new file mode 100644 index 0000000..242776e --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "credentials-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "credentials-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credentials-service/templates/ingress.yaml b/helm/sunbird-c-charts/charts/credentials-service/templates/ingress.yaml new file mode 100644 index 0000000..fcd7d49 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "credentials-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credentials-service/templates/service.yaml b/helm/sunbird-c-charts/charts/credentials-service/templates/service.yaml new file mode 100644 index 0000000..dd7d619 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "credentials-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "credentials-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-c-charts/charts/credentials-service/templates/serviceaccount.yaml b/helm/sunbird-c-charts/charts/credentials-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..e61c90a --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "credentials-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/credentials-service/templates/tests/test-connection.yaml b/helm/sunbird-c-charts/charts/credentials-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..5a8be20 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "credentials-service.fullname" . }}-test-connection" + labels: + {{- include "credentials-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "credentials-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-c-charts/charts/credentials-service/values.yaml b/helm/sunbird-c-charts/charts/credentials-service/values.yaml new file mode 100644 index 0000000..c1aea48 --- /dev/null +++ b/helm/sunbird-c-charts/charts/credentials-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for credentials-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-credentials-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.0.0-beta2" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 3000 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /credentials-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-c-charts/charts/identity-service/.helmignore b/helm/sunbird-c-charts/charts/identity-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-c-charts/charts/identity-service/Chart.yaml b/helm/sunbird-c-charts/charts/identity-service/Chart.yaml new file mode 100644 index 0000000..6afee19 --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: identity-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-c-charts/charts/identity-service/templates/NOTES.txt b/helm/sunbird-c-charts/charts/identity-service/templates/NOTES.txt new file mode 100644 index 0000000..e8db314 --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "identity-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "identity-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "identity-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "identity-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-c-charts/charts/identity-service/templates/_helpers.tpl b/helm/sunbird-c-charts/charts/identity-service/templates/_helpers.tpl new file mode 100644 index 0000000..dee9a4e --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "identity-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "identity-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "identity-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "identity-service.labels" -}} +helm.sh/chart: {{ include "identity-service.chart" . }} +{{ include "identity-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "identity-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "identity-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "identity-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "identity-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/identity-service/templates/deployment.yaml b/helm/sunbird-c-charts/charts/identity-service/templates/deployment.yaml new file mode 100644 index 0000000..ffefbd3 --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/templates/deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "identity-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "identity-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "identity-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "identity-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: VAULT_TOKEN + valueFrom: + secretKeyRef: + name: vault-cluster-token + key: ROOT_TOKEN + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: rc-secret + key: DATABASE_URL + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-c-charts/charts/identity-service/templates/hpa.yaml b/helm/sunbird-c-charts/charts/identity-service/templates/hpa.yaml new file mode 100644 index 0000000..9811318 --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "identity-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "identity-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/identity-service/templates/ingress.yaml b/helm/sunbird-c-charts/charts/identity-service/templates/ingress.yaml new file mode 100644 index 0000000..51c0736 --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "identity-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/identity-service/templates/service.yaml b/helm/sunbird-c-charts/charts/identity-service/templates/service.yaml new file mode 100644 index 0000000..3ea0fea --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "identity-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "identity-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-c-charts/charts/identity-service/templates/serviceaccount.yaml b/helm/sunbird-c-charts/charts/identity-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..0c1dd81 --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "identity-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-c-charts/charts/identity-service/templates/tests/test-connection.yaml b/helm/sunbird-c-charts/charts/identity-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..c69c977 --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "identity-service.fullname" . }}-test-connection" + labels: + {{- include "identity-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "identity-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-c-charts/charts/identity-service/values.yaml b/helm/sunbird-c-charts/charts/identity-service/values.yaml new file mode 100644 index 0000000..daa48f1 --- /dev/null +++ b/helm/sunbird-c-charts/charts/identity-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for identity-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-identity-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.0.0-beta2" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 3332 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /identity-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-c-charts/charts/secrets/.helmignore b/helm/sunbird-c-charts/charts/secrets/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-c-charts/charts/secrets/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-c-charts/charts/secrets/Chart.yaml b/helm/sunbird-c-charts/charts/secrets/Chart.yaml new file mode 100644 index 0000000..28bc2fc --- /dev/null +++ b/helm/sunbird-c-charts/charts/secrets/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: secrets +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/sunbird-c-charts/charts/secrets/templates/secrets.yaml b/helm/sunbird-c-charts/charts/secrets/templates/secrets.yaml new file mode 100644 index 0000000..1b17168 --- /dev/null +++ b/helm/sunbird-c-charts/charts/secrets/templates/secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + DB_PASSWORD: {{.Values.global.secrets.DB_PASSWORD | quote}} + ELASTIC_SEARCH_PASSWORD: {{.Values.global.secrets.ELASTIC_SEARCH_PASSWORD | quote}} + KEYCLOAK_ADMIN_CLIENT_SECRET: {{.Values.global.secrets.KEYCLOAK_ADMIN_CLIENT_SECRET | quote}} + KEYCLOAK_ADMIN_PASSWORD: {{.Values.global.secrets.KEYCLOAK_ADMIN_PASSWORD | quote}} + KEYCLOAK_DEFAULT_USER_PASSWORD: {{.Values.global.secrets.KEYCLOAK_DEFAULT_USER_PASSWORD | quote}} + MINIO_SECRET_KEY: {{.Values.global.secrets.MINIO_SECRET_KEY | quote}} + VAULT_SECRET_TOKEN: {{.Values.global.secrets.VAULT_SECRET_TOKEN | quote}} + DATABASE_URL: {{.Values.global.secrets.DB_URL | quote}} +kind: Secret +metadata: + name: rc-secret + namespace: {{ .Release.Namespace }} +type: Opaque diff --git a/helm/sunbird-c-charts/charts/secrets/values.yaml b/helm/sunbird-c-charts/charts/secrets/values.yaml new file mode 100644 index 0000000..877c0af --- /dev/null +++ b/helm/sunbird-c-charts/charts/secrets/values.yaml @@ -0,0 +1,82 @@ +# Default values for secrets. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-c-charts/values.yaml b/helm/sunbird-c-charts/values.yaml new file mode 100644 index 0000000..92bfe5b --- /dev/null +++ b/helm/sunbird-c-charts/values.yaml @@ -0,0 +1,123 @@ +global: + host: "registry.demodpgs.net" + database: + host: "" + user: "postgres" + port: "5432" + vendor: "postgres" + keycloak: + database: "registry" + admin: + username: "admin" + proxy_forwarding: true + registry: + database: "registry" + search_provider: "dev.sunbirdrc.registry.service.NativeSearchService" + signature_provider: "dev.sunbirdrc.registry.service.impl.SignatureV2ServiceImpl" + sso: + realm: "sunbird-rc" + admin_client_id: "admin-api" + client_id: "registry-frontend" + signature_enabled: true + keycloak_user_set_password: false + base_apis_enabled: false + log_level: DEBUG + enable_external_templates: true + enable_async: false + enable_authentication: true + enable_webhook: false + webhook_url: http://localhost:5001/api/v1/callback + manager_type: DefinitionsManager + swagger_enabled: true + swagger_title: SUNBIRD-RC + authentication_enabled: true + claims_enabled: true + certificate_enabled: true + encryption_enabled: false + idgen_enabled: false + opa_enabled: false + opa_allow_key_name: authorized + encryption_port : 8013 + context_path : / + idformatFromMdms: false + mdmsProvider: org.egov.id.masterdata.provider.DBMasterDataProvider + autoCreateNewSeq: true + migrationEnabled: true + did_enabled: true + credential_did_method: rcw + issuer_did_method : issuer + schema_author: Registry + schema_author_did_method: author + envVars: + egov_mdms_provider: org.egov.id.masterdata.provider.DBMasterDataProvider + minio: + url: + access_key: admin + bucket_key: sunbird-rc + elastic_search: + url: + auth_enabled: false + username: "" + kafka: + url: + redis: + host: + port: 6379 + vault: + address: http://vaultkv:8200 + base_url: http://vaultkv:8200/v1 + root_path: http://vaultkv:8200/v1/kv + vault_timeout: 5000 + vault_proxy: false + vault_token: + sunbird: + enable_auth: false + signing_algo: Ed25519 + jwks_uri: "" + secrets: + DB_PASSWORD: "" + ELASTIC_SEARCH_PASSWORD: "" + KEYCLOAK_ADMIN_CLIENT_SECRET: YjJiMGNhYjEtMjQzZC00ZTZlLTkzZTctOTAxNWZmNjZkZjJi + KEYCLOAK_ADMIN_PASSWORD: YWRtaW4xMjM= + KEYCLOAK_DEFAULT_USER_PASSWORD: YWRtaW5AMTIz + MINIO_SECRET_KEY: Kgo= + VAULT_SECRET_TOKEN: "" + DB_URL: "" +encryption-service: + envVars: + egov_mdms_provider: org.egov.enc.masterdata.provider.DBMasterDataProvider +id-gen-service: + envVars: + egov_mdms_provider: org.egov.id.masterdata.provider.DBMasterDataProvider +registry: + ingress: + enabled: true + className: "alb" + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]' + alb.ingress.kubernetes.io/group.name: sbrc-lb + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600 + ingress.kubernetes.io/rewrite-target: / # Added rewrite annotation here for / to /selfservice + #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:370803901956:certificate/59fa4298-f8da-4d53-9314-8b7266416460 + hosts: + - paths: + - path: / + pathType: Prefix +keycloak-service: + ingress: + enabled: true + className: "alb" + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]' + alb.ingress.kubernetes.io/group.name: sbrc-lb + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600 + ingress.kubernetes.io/rewrite-target: / # Added rewrite annotation here for / to /selfservice + #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:370803901956:certificate/59fa4298-f8da-4d53-9314-8b7266416460 + hosts: + - paths: + - path: /auth + pathType: Prefix diff --git a/helm/sunbird-r-charts/.helmignore b/helm/sunbird-r-charts/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/Chart.yaml b/helm/sunbird-r-charts/Chart.yaml new file mode 100644 index 0000000..a2e397a --- /dev/null +++ b/helm/sunbird-r-charts/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: sunbird-r-charts +description: A Helm chart for Sunbird RC + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.13" diff --git a/helm/sunbird-r-charts/charts/certificate-api/.helmignore b/helm/sunbird-r-charts/charts/certificate-api/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/certificate-api/Chart.yaml b/helm/sunbird-r-charts/charts/certificate-api/Chart.yaml new file mode 100644 index 0000000..219e197 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: certificate-api +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/certificate-api/templates/NOTES.txt b/helm/sunbird-r-charts/charts/certificate-api/templates/NOTES.txt new file mode 100644 index 0000000..d6ffacc --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "certificate-api.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "certificate-api.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "certificate-api.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "certificate-api.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-api/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/certificate-api/templates/_helpers.tpl new file mode 100644 index 0000000..8ef354b --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "certificate-api.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "certificate-api.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "certificate-api.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "certificate-api.labels" -}} +helm.sh/chart: {{ include "certificate-api.chart" . }} +{{ include "certificate-api.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "certificate-api.selectorLabels" -}} +app.kubernetes.io/name: {{ include "certificate-api.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "certificate-api.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "certificate-api.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-api/templates/deployment.yaml b/helm/sunbird-r-charts/charts/certificate-api/templates/deployment.yaml new file mode 100644 index 0000000..f1be93f --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/templates/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "certificate-api.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "certificate-api.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "certificate-api.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "certificate-api.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: PORT + value: {{ .Values.service.port | quote}} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-api/templates/hpa.yaml b/helm/sunbird-r-charts/charts/certificate-api/templates/hpa.yaml new file mode 100644 index 0000000..712e7e5 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "certificate-api.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "certificate-api.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-api/templates/ingress.yaml b/helm/sunbird-r-charts/charts/certificate-api/templates/ingress.yaml new file mode 100644 index 0000000..ade2e69 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "certificate-api.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-api/templates/service.yaml b/helm/sunbird-r-charts/charts/certificate-api/templates/service.yaml new file mode 100644 index 0000000..24d6c32 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "certificate-api.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "certificate-api.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/certificate-api/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/certificate-api/templates/serviceaccount.yaml new file mode 100644 index 0000000..58e047d --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "certificate-api.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-api/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/certificate-api/templates/tests/test-connection.yaml new file mode 100644 index 0000000..c1262b2 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "certificate-api.fullname" . }}-test-connection" + labels: + {{- include "certificate-api.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "certificate-api.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-r-charts/charts/certificate-api/values.yaml b/helm/sunbird-r-charts/charts/certificate-api/values.yaml new file mode 100644 index 0000000..79f5145 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-api/values.yaml @@ -0,0 +1,71 @@ +# Default values for certificate-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-certificate-api + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8078 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/charts/certificate-signer/.helmignore b/helm/sunbird-r-charts/charts/certificate-signer/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/certificate-signer/Chart.yaml b/helm/sunbird-r-charts/charts/certificate-signer/Chart.yaml new file mode 100644 index 0000000..799549f --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: certificate-signer +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/certificate-signer/keys/config.json b/helm/sunbird-r-charts/charts/certificate-signer/keys/config.json new file mode 100644 index 0000000..5151928 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/keys/config.json @@ -0,0 +1,11 @@ +{ + "issuers": { + "default": { + "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXQalrgztecTpc+INjRQ8s73FSE1kU5QSlwBdICCVJBUKiuQUt7s+Z5epgCvLVAOCbP1mm5lV7bfgV/iYWDio7lzX4MlJwDedWLiufr3Ajq+79CQiqPaIbZTo0i13zijKtX7wgxQ78wT/HkJRLkFpmGeK3za21tEfttytkhmJYlwaDTEc+Kx3RJqVhVh/dfwJGeuV4Xc/e2NH++ht0ENGuTk44KpQ+pwQVqtW7lmbDZQJoOJ7HYmmoKGJ0qt2hrj15uwcD1WEYfY5N7N0ArTzPgctExtZFDmituLGzuAZfv2AZZ9/7Y+igshzfB0reIFdUKw3cdVTzfv5FNrIqN5pwIDAQAB\n-----END PUBLIC KEY-----\n", + "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAnXQalrgztecTpc+INjRQ8s73FSE1kU5QSlwBdICCVJBUKiuQUt7s+Z5epgCvLVAOCbP1mm5lV7bfgV/iYWDio7lzX4MlJwDedWLiufr3Ajq+79CQiqPaIbZTo0i13zijKtX7wgxQ78wT/HkJRLkFpmGeK3za21tEfttytkhmJYlwaDTEc+Kx3RJqVhVh/dfwJGeuV4Xc/e2NH++ht0ENGuTk44KpQ+pwQVqtW7lmbDZQJoOJ7HYmmoKGJ0qt2hrj15uwcD1WEYfY5N7N0ArTzPgctExtZFDmituLGzuAZfv2AZZ9/7Y+igshzfB0reIFdUKw3cdVTzfv5FNrIqN5pwIDAQABAoIBAHPILMUoLt5UTd5f/YnebqgeCRNAmGOBcwk7HtbMqQoGF93qqvZFd30XOAJZ/ncTpz77Vl95ToxxrWk1WQLCe+ZpOK3Dgk5sFSm8zXx1T64UBNPUSnWoh37C1D39+b9rppCZScgnxlyPdSLy3h3q8Hyoy+auqUEkm/ms5W2lT3fJscyN1IAyHrhsOBWjl3Ilq5GxBo5tbYv/Fb1pQiP/p2SIHA1+2ASXNYQP100F5Vn0V6SFtBXTCQnwcvbP083NvlGxs9+xRs3MCUcxCkKepWuzYwOZDmu/2yCz1/EsP6wlsYEHmCZLdIb0tQt0caqzB/RoxfBpNRIlhOtqHvBzUgECgYEAzIRn5Y7lqO3N+V29wXXtVZjYWvBh7xUfOxAwVYv0rKI0y9kHJHhIrU+wOVOKGISxBKmzqBQRPvXtXW8E0/14Zz82g60rRwtNjvW0UoZAY3KPouwruUIjAe2UnKZcQ//MBTrvds8QGpL6nxvPsBqU0y2K+ySAOxBtNtGEjzv8nxUCgYEAxRbMWukIbgVOuQjangkfJEfA1UaRFQqQ8jUmT9aiq2nREnd4mYP8kNKzJa9L7zj6Un6yLH5DbGspZ2gGODeRw3uVFN8XSzRdLvllNEyiG/waiysUtXfG2DPOR6xD8tXXDMm/tl9gTa8cbkvqYy10XT9MpfOAsusEZVmc0/DBBMsCgYAYdAxoKjnThPuHwWma5BrIjUnxNaTADWp6iWj+EYnjylE9vmlYNvmZn1mWwSJV5Ce2QwQ0KJIXURhcf5W4MypeTfSase3mxLc1TLOO2naAbYY3GL3xnLLK3DlUsZ9+kes3BOD097UZOFG3DIA8sjDxPxTLCoY6ibBFSa/r4GRIMQKBgQCranDCgPu79RHLDVBXM0fKnj2xQXbd/hqjDmcL+Xnx7E7S6OYTXyBENX1qwVQh9ESDi34cBJVPrsSME4WVT3+PreS0CnSQDDMfr/m9ywkTnejYMdgJHOvtDuHSpJlUk3g+vxnm3H0+E5d+trhdGiOjFnLrwyWkd5OTMqWcEEFQkQKBgFfXObDz/7KqeSaAxI8RzXWbI3Fa492b4qQUhbKYVpGn98CCVEFJr11vuB/8AXYCa92OtbwgMw6Ah5JOGzRScJKdipoxo7oc2LJ9sSjjw3RB/aWl35ChvnCJhmfSL8Usbj0nWVTrPwRLjMC2bIxkLtnm9qYXPumW1EjEbusjVMpN\n-----END RSA PRIVATE KEY-----\n", + "signatureType": "RSA", + "verificationMethod": "did:india", + "$comment": "The above are test keys and it needs to be replaced before going to production" + } + } +} \ No newline at end of file diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/NOTES.txt b/helm/sunbird-r-charts/charts/certificate-signer/templates/NOTES.txt new file mode 100644 index 0000000..a118ca4 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "certificate-signer.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "certificate-signer.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "certificate-signer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "certificate-signer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/certificate-signer/templates/_helpers.tpl new file mode 100644 index 0000000..240a806 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "certificate-signer.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "certificate-signer.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "certificate-signer.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "certificate-signer.labels" -}} +helm.sh/chart: {{ include "certificate-signer.chart" . }} +{{ include "certificate-signer.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "certificate-signer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "certificate-signer.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "certificate-signer.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "certificate-signer.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/configmap.yaml b/helm/sunbird-r-charts/charts/certificate-signer/templates/configmap.yaml new file mode 100644 index 0000000..14f772b --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- $keys := .Files.Glob "keys/*" }} +{{ if $keys }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-keys + namespace: {{ .Values.namespace }} +data: +{{ (.Files.Glob "keys/*").AsConfig | indent 2 }} +{{ end }} diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/deployment.yaml b/helm/sunbird-r-charts/charts/certificate-signer/templates/deployment.yaml new file mode 100644 index 0000000..e88ba4d --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "certificate-signer.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "certificate-signer.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "certificate-signer.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "certificate-signer.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: PORT + value: {{ .Values.service.port | quote}} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: {{ .Chart.Name }}-keys + mountPath: /etc/signer + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ .Chart.Name }}-keys + configMap: + name: {{ .Chart.Name }}-keys diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/hpa.yaml b/helm/sunbird-r-charts/charts/certificate-signer/templates/hpa.yaml new file mode 100644 index 0000000..edce588 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "certificate-signer.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "certificate-signer.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/ingress.yaml b/helm/sunbird-r-charts/charts/certificate-signer/templates/ingress.yaml new file mode 100644 index 0000000..0703a1f --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "certificate-signer.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/service.yaml b/helm/sunbird-r-charts/charts/certificate-signer/templates/service.yaml new file mode 100644 index 0000000..66cebcb --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "certificate-signer.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "certificate-signer.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/certificate-signer/templates/serviceaccount.yaml new file mode 100644 index 0000000..8ac2138 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "certificate-signer.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/certificate-signer/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/certificate-signer/templates/tests/test-connection.yaml new file mode 100644 index 0000000..725cfb0 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "certificate-signer.fullname" . }}-test-connection" + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "certificate-signer.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-r-charts/charts/certificate-signer/values.yaml b/helm/sunbird-r-charts/charts/certificate-signer/values.yaml new file mode 100644 index 0000000..a0be483 --- /dev/null +++ b/helm/sunbird-r-charts/charts/certificate-signer/values.yaml @@ -0,0 +1,71 @@ +# Default values for certificate-signer. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-certificate-signer + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8079 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/charts/claim-ms/.helmignore b/helm/sunbird-r-charts/charts/claim-ms/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/claim-ms/Chart.yaml b/helm/sunbird-r-charts/charts/claim-ms/Chart.yaml new file mode 100644 index 0000000..408dc0d --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: claim-ms +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/claim-ms/templates/NOTES.txt b/helm/sunbird-r-charts/charts/claim-ms/templates/NOTES.txt new file mode 100644 index 0000000..f272fab --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "claim-ms.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "claim-ms.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "claim-ms.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "claim-ms.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/claim-ms/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/claim-ms/templates/_helpers.tpl new file mode 100644 index 0000000..0090544 --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "claim-ms.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "claim-ms.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "claim-ms.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "claim-ms.labels" -}} +helm.sh/chart: {{ include "claim-ms.chart" . }} +{{ include "claim-ms.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "claim-ms.selectorLabels" -}} +app.kubernetes.io/name: {{ include "claim-ms.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "claim-ms.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "claim-ms.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/claim-ms/templates/deployment.yaml b/helm/sunbird-r-charts/charts/claim-ms/templates/deployment.yaml new file mode 100644 index 0000000..8878454 --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "claim-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "claim-ms.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "claim-ms.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "claim-ms.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: connectionInfo_password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-r-charts/charts/claim-ms/templates/hpa.yaml b/helm/sunbird-r-charts/charts/claim-ms/templates/hpa.yaml new file mode 100644 index 0000000..70087b9 --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "claim-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "claim-ms.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/claim-ms/templates/ingress.yaml b/helm/sunbird-r-charts/charts/claim-ms/templates/ingress.yaml new file mode 100644 index 0000000..7c80a3e --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "claim-ms.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/claim-ms/templates/service.yaml b/helm/sunbird-r-charts/charts/claim-ms/templates/service.yaml new file mode 100644 index 0000000..efd9d61 --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "claim-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "claim-ms.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/claim-ms/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/claim-ms/templates/serviceaccount.yaml new file mode 100644 index 0000000..d48c1b2 --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "claim-ms.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/claim-ms/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/claim-ms/templates/tests/test-connection.yaml new file mode 100644 index 0000000..cff7451 --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/templates/tests/test-connection.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "claim-ms.fullname" . }}-test-connection" + labels: + {{- include "claim-ms.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "claim-ms.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never + diff --git a/helm/sunbird-r-charts/charts/claim-ms/values.yaml b/helm/sunbird-r-charts/charts/claim-ms/values.yaml new file mode 100644 index 0000000..2248c14 --- /dev/null +++ b/helm/sunbird-r-charts/charts/claim-ms/values.yaml @@ -0,0 +1,75 @@ +# Default values for claim-ms. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-claim-ms + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8082 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /claim-ms(/|$)(.*) + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/charts/config/.helmignore b/helm/sunbird-r-charts/charts/config/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/config/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/config/Chart.yaml b/helm/sunbird-r-charts/charts/config/Chart.yaml new file mode 100644 index 0000000..399a479 --- /dev/null +++ b/helm/sunbird-r-charts/charts/config/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: config +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/config/templates/configmap.yaml b/helm/sunbird-r-charts/charts/config/templates/configmap.yaml new file mode 100644 index 0000000..4d37f2f --- /dev/null +++ b/helm/sunbird-r-charts/charts/config/templates/configmap.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-config + namespace: {{ .Release.Namespace }} +data: + DB_ADDR: {{.Values.global.database.host | quote}} + DB_DATABASE: {{.Values.global.keycloak.database | quote}} + DB_PORT: {{.Values.global.database.port | quote}} + DB_USER: {{.Values.global.database.user | quote}} + DB_VENDOR: {{.Values.global.database.vendor | quote}} + KEYCLOAK_USER: {{.Values.global.keycloak.admin.username | quote}} + PROXY_ADDRESS_FORWARDING: {{.Values.global.keycloak.proxy_forwarding | quote}} + connectionInfo_uri: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + connectionInfo_username: {{.Values.global.database.user | quote}} + elastic_search_connection_url: {{.Values.global.elastic_search.url | quote}} + elastic_search_auth_enabled: {{.Values.global.elastic_search.auth_enabled | quote}} + elastic_search_username: {{.Values.global.elastic_search.username | quote}} + search_providerName: {{.Values.global.registry.search_provider | quote}} + sunbird_sso_realm: {{.Values.global.registry.sso.realm | quote}} + sunbird_sso_url: http://{{ .Release.Name }}-keycloak-service:8080/auth + sunbird_sso_admin_client_id: {{.Values.global.registry.sso.admin_client_id | quote}} + sunbird_sso_client_id: {{.Values.global.registry.sso.client_id | quote}} + idgen_health_check_url: http://{{ .Release.Name }}-id-gen-service:8088/health + idgen_generate_url: http://{{ .Release.Name }}-id-gen-service:8088/id/_generate + idgen_id_format_url: http://{{ .Release.Name }}-id-gen-service:8088/id/_format/add + encryption_health_check_url: http://{{ .Release.Name }}-encryption-service:8013/health + encryption_uri: http://{{ .Release.Name }}-encryption-service:8013/crypto/v1/_encrypt + encryption_batch_uri: http://{{ .Release.Name }}-encryption-service:8013/crypto/v1/_encrypt + claims_url: http://{{ .Release.Name }}-claim-ms:8082 + sign_url: http://{{ .Release.Name }}-certificate-signer:8079/sign + verify_url: http://{{ .Release.Name }}-certificate-signer:8079/verify + sign_health_check_url: http://{{ .Release.Name }}-certificate-signer:8079/health + signature_enabled: {{.Values.global.registry.signature_enabled | quote}} + pdf_url: http://{{ .Release.Name }}-certificate-api:8078/api/v1/certificatePDF + certificate_health_check_url: http://{{ .Release.Name }}-certificate-api:8078/health + template_base_url: http://{{ .Release.Name }}-registry:8081/api/v1/templates/ #Looks for certificate templates for pdf copy of the signed certificate + sunbird_keycloak_user_set_password: {{.Values.global.registry.keycloak_user_set_password | quote}} + filestorage_connection_url: {{.Values.global.minio.url | quote}} + filestorage_access_key: {{.Values.global.minio.access_key | quote}} + filestorage_bucket_key: {{.Values.global.minio.bucket_key | quote}} + registry_base_apis_enable: {{.Values.global.registry.base_apis_enabled | quote}} + logging.level.root: {{.Values.global.registry.log_level | quote}} + enable_external_templates: {{.Values.global.registry.enable_external_templates | quote}} + async_enabled: {{.Values.global.registry.enable_async | quote}} + authentication_enabled: {{.Values.global.registry.enable_authentication | quote}} + kafka_bootstrap_address: {{.Values.global.kafka.url | quote}} + webhook_enabled: {{.Values.global.registry.enable_webhook | quote}} + webhook_url: {{.Values.global.registry.webhook_url | quote}} + redis_host: {{.Values.global.redis.host | quote}} + redis_port: {{.Values.global.redis.port | quote}} + manager_type: {{.Values.global.registry.manager_type | quote}} + sunbirdrc_url: http://{{ .Release.Name }}-registry:8081 + opa_allow_key_name: {{.Values.global.registry.opa_allow_key_name | quote}} + opa_enabled: {{.Values.global.registry.opa_enabled | quote}} + swagger_enabled: {{.Values.global.registry.swagger_enabled| quote}} + swagger_title: {{.Values.global.registry.swagger_title| quote}} + claims_enabled: {{.Values.global.registry.claims_enabled | quote}} + certificate_enabled: {{.Values.global.registry.certificate_enabled | quote}} + encryption_enabled: {{.Values.global.registry.encryption_enabled | quote}} + idgen_enabled: {{.Values.global.registry.idgen_enabled | quote}} + spring.datasource.url: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + spring.flyway.url: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + spring.flyway.baseline-on-migrate: {{.Values.global.registry.migrationEnabled | quote}} + autocreate.new.seq: {{.Values.global.registry.autoCreateNewSeq | quote}} + idformat.from.mdms: {{.Values.global.registry.idformatFromMdms | quote}} + #egov.mdms.provider: {{.Values.global.registry.mdmsProvider | quote}} + #encryption_port: {{.Values.global.registry.encryption_port }} + server.servlet.context-path: {{.Values.global.registry.context_path | quote}} + management.endpoints.web.base-path: {{.Values.global.registry.context_path | quote}} + spring.datasource.username: {{.Values.global.database.user | quote}} + IDENTITY_BASE_URL: http://{{ .Release.Name }}-identity-service:3332 + SCHEMA_BASE_URL: http://{{ .Release.Name }}-credential-schema-service:3333 + CREDENTIAL_SERVICE_BASE_URL: http://{{ .Release.Name }}-credentials-service:3000 + OAUTH2_RESOURCES_0_URI: http://{{ .Release.Name }}-keycloak-service:8080/auth/realms/sunbird-rc + JWKS_URI: {{.Values.global.sunbird.jwks_uri | quote}} + ENABLE_AUTH: {{.Values.global.sunbird.enable_auth | quote}} + VAULT_ADDR: {{.Values.global.vault.address | quote}} + VAULT_BASE_URL: {{.Values.global.vault.base_url | quote}} + VAULT_ROOT_PATH: {{.Values.global.vault.root_path | quote}} + VAULT_TIMEOUT: {{.Values.global.vault.vault_timeout | quote}} + VAULT_PROXY: {{.Values.global.vault.vault_proxy | quote}} + #VAULT_TOKEN: {{ .Values.global.vault.vault_token | quote}} + SIGNING_ALGORITHM: {{.Values.global.sunbird.signing_algo | quote}} + did_enabled: {{.Values.global.registry.did_enabled | quote}} + did_health_check_url: http://{{ .Release.Name }}-identity-service:3332/health + did_generate_url: http://{{ .Release.Name }}-identity-service:3332/did/generate + did_resolve_url: http://{{ .Release.Name }}-identity-service:3332/did/resolve/{id} + signature_provider: {{.Values.global.registry.signature_provider | quote}} + signature_v2_credential_did_method: {{.Values.global.registry.credential_did_method | quote}} + signature_v2_issuer_did_method: {{.Values.global.registry.issuer_did_method | quote}} + signature_v2_schema_author: {{.Values.global.registry.schema_author | quote}} + signature_v2_schema_author_did_method: {{.Values.global.registry.schema_author_did_method | quote}} + signature_v2_health_check_url: http://{{ .Release.Name }}-credentials-service:3000/health + signature_v2_issue_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/issue + signature_v2_get_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id} + signature_v2_delete_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id} + signature_v2_verify_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id}/verify + signature_v2_revocation_list_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/revocation-list?issuerId={issuerDid}&page={page}&limit={limit} + signature_v2_schema_health_check_url: http://{{ .Release.Name }}-credential-schema-service:3333/health + signature_v2_schema_create_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema + signature_v2_schema_update_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema/{id}/{version} + signature_v2_schema_get_by_id_and_version_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema/{id}/{version} + signature_v2_schema_search_by_tags_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema?tags={tags} diff --git a/helm/sunbird-r-charts/charts/config/values.yaml b/helm/sunbird-r-charts/charts/config/values.yaml new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/helm/sunbird-r-charts/charts/config/values.yaml @@ -0,0 +1 @@ + diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/.helmignore b/helm/sunbird-r-charts/charts/context-proxy-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/Chart.yaml b/helm/sunbird-r-charts/charts/context-proxy-service/Chart.yaml new file mode 100644 index 0000000..9b6e1b5 --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: context-proxy-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/templates/NOTES.txt b/helm/sunbird-r-charts/charts/context-proxy-service/templates/NOTES.txt new file mode 100644 index 0000000..59747c2 --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "context-proxy-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "context-proxy-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "context-proxy-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "context-proxy-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/context-proxy-service/templates/_helpers.tpl new file mode 100644 index 0000000..6c04b1e --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "context-proxy-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "context-proxy-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "context-proxy-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "context-proxy-service.labels" -}} +helm.sh/chart: {{ include "context-proxy-service.chart" . }} +{{ include "context-proxy-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "context-proxy-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "context-proxy-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "context-proxy-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "context-proxy-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/templates/deployment.yaml b/helm/sunbird-r-charts/charts/context-proxy-service/templates/deployment.yaml new file mode 100644 index 0000000..94ff721 --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/templates/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "context-proxy-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "context-proxy-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "context-proxy-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "context-proxy-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/templates/hpa.yaml b/helm/sunbird-r-charts/charts/context-proxy-service/templates/hpa.yaml new file mode 100644 index 0000000..54f4196 --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "context-proxy-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "context-proxy-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/templates/ingress.yaml b/helm/sunbird-r-charts/charts/context-proxy-service/templates/ingress.yaml new file mode 100644 index 0000000..9929db0 --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "context-proxy-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/templates/service.yaml b/helm/sunbird-r-charts/charts/context-proxy-service/templates/service.yaml new file mode 100644 index 0000000..7c81ae7 --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "context-proxy-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "context-proxy-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/context-proxy-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..160bc26 --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "context-proxy-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/context-proxy-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..713364d --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "context-proxy-service.fullname" . }}-test-connection" + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "context-proxy-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-r-charts/charts/context-proxy-service/values.yaml b/helm/sunbird-r-charts/charts/context-proxy-service/values.yaml new file mode 100644 index 0000000..8289a59 --- /dev/null +++ b/helm/sunbird-r-charts/charts/context-proxy-service/values.yaml @@ -0,0 +1,75 @@ +# Default values for notification-ms. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-context-proxy-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 4400 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /proxy(/|$)(.*) + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/charts/encryption-service/.helmignore b/helm/sunbird-r-charts/charts/encryption-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/encryption-service/Chart.yaml b/helm/sunbird-r-charts/charts/encryption-service/Chart.yaml new file mode 100644 index 0000000..b7377fc --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: encryption-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/encryption-service/templates/NOTES.txt b/helm/sunbird-r-charts/charts/encryption-service/templates/NOTES.txt new file mode 100644 index 0000000..347fbe1 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "encryption-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "encryption-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "encryption-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "encryption-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/encryption-service/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/encryption-service/templates/_helpers.tpl new file mode 100644 index 0000000..7c98ed2 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "encryption-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "encryption-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "encryption-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "encryption-service.labels" -}} +helm.sh/chart: {{ include "encryption-service.chart" . }} +{{ include "encryption-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "encryption-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "encryption-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "encryption-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "encryption-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/encryption-service/templates/deployment.yaml b/helm/sunbird-r-charts/charts/encryption-service/templates/deployment.yaml new file mode 100644 index 0000000..b74efb0 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/templates/deployment.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "encryption-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "encryption-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "encryption-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "encryption-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: spring.datasource.password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: spring.flyway.password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: egov.mdms.provider + value: {{ .Values.envVars.egov_mdms_provider }} + - name: server.port + value: "8013" + + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-r-charts/charts/encryption-service/templates/hpa.yaml b/helm/sunbird-r-charts/charts/encryption-service/templates/hpa.yaml new file mode 100644 index 0000000..763b190 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "encryption-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "encryption-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/encryption-service/templates/ingress.yaml b/helm/sunbird-r-charts/charts/encryption-service/templates/ingress.yaml new file mode 100644 index 0000000..8bbc1f2 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "encryption-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/encryption-service/templates/service.yaml b/helm/sunbird-r-charts/charts/encryption-service/templates/service.yaml new file mode 100644 index 0000000..ea0a102 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "encryption-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "encryption-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/encryption-service/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/encryption-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..6c382d5 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "encryption-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/encryption-service/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/encryption-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..9bf23b2 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/templates/tests/test-connection.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "encryption-service.fullname" . }}-test-connection" + labels: + {{- include "encryption-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "encryption-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never + diff --git a/helm/sunbird-r-charts/charts/encryption-service/values.yaml b/helm/sunbird-r-charts/charts/encryption-service/values.yaml new file mode 100644 index 0000000..8f69883 --- /dev/null +++ b/helm/sunbird-r-charts/charts/encryption-service/values.yaml @@ -0,0 +1,79 @@ +# Default values for encryption-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/encryption-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8013 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /encryption-service(/|$)(.*) + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +envVars: + # egov_mdms_provider: 'org.egov.enc.masterdata.provider.DBMasterDataProvider' + egov_mdms_provider: '' diff --git a/helm/sunbird-r-charts/charts/id-gen-service/.helmignore b/helm/sunbird-r-charts/charts/id-gen-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/id-gen-service/Chart.yaml b/helm/sunbird-r-charts/charts/id-gen-service/Chart.yaml new file mode 100644 index 0000000..200c6fb --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: id-gen-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/id-gen-service/templates/NOTES.txt b/helm/sunbird-r-charts/charts/id-gen-service/templates/NOTES.txt new file mode 100644 index 0000000..b1b848d --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "id-gen-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "id-gen-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "id-gen-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "id-gen-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/id-gen-service/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/id-gen-service/templates/_helpers.tpl new file mode 100644 index 0000000..9f5e10c --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "id-gen-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "id-gen-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "id-gen-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "id-gen-service.labels" -}} +helm.sh/chart: {{ include "id-gen-service.chart" . }} +{{ include "id-gen-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "id-gen-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "id-gen-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "id-gen-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "id-gen-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/id-gen-service/templates/deployment.yaml b/helm/sunbird-r-charts/charts/id-gen-service/templates/deployment.yaml new file mode 100644 index 0000000..0a15206 --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/templates/deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "id-gen-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "id-gen-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "id-gen-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "id-gen-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: spring.datasource.password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: spring.flyway.password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: egov.mdms.provider + value: {{ .Values.envVars.egov_mdms_provider }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-r-charts/charts/id-gen-service/templates/hpa.yaml b/helm/sunbird-r-charts/charts/id-gen-service/templates/hpa.yaml new file mode 100644 index 0000000..69e551a --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "id-gen-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "id-gen-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/id-gen-service/templates/ingress.yaml b/helm/sunbird-r-charts/charts/id-gen-service/templates/ingress.yaml new file mode 100644 index 0000000..7d1a920 --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "id-gen-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/id-gen-service/templates/service.yaml b/helm/sunbird-r-charts/charts/id-gen-service/templates/service.yaml new file mode 100644 index 0000000..f516b13 --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "id-gen-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "id-gen-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/id-gen-service/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/id-gen-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..381b859 --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "id-gen-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/id-gen-service/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/id-gen-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..b13f091 --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/templates/tests/test-connection.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "id-gen-service.fullname" . }}-test-connection" + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "id-gen-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never + diff --git a/helm/sunbird-r-charts/charts/id-gen-service/values.yaml b/helm/sunbird-r-charts/charts/id-gen-service/values.yaml new file mode 100644 index 0000000..4686ada --- /dev/null +++ b/helm/sunbird-r-charts/charts/id-gen-service/values.yaml @@ -0,0 +1,80 @@ +# Default values for id-gen-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/id-gen-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8088 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /id-gen-service(/|$)(.*) + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +envVars: + # egov_mdms_provider: 'org.egov.id.masterdata.provider.DBMasterDataProvider' + egov_mdms_provider: '' + diff --git a/helm/sunbird-r-charts/charts/keycloak-service/.helmignore b/helm/sunbird-r-charts/charts/keycloak-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/keycloak-service/Chart.yaml b/helm/sunbird-r-charts/charts/keycloak-service/Chart.yaml new file mode 100644 index 0000000..65d6a3a --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: keycloak-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "latest" diff --git a/helm/sunbird-r-charts/charts/keycloak-service/templates/NOTES.txt b/helm/sunbird-r-charts/charts/keycloak-service/templates/NOTES.txt new file mode 100644 index 0000000..033284e --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "keycloak-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "keycloak-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "keycloak-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "keycloak-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/keycloak-service/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/keycloak-service/templates/_helpers.tpl new file mode 100644 index 0000000..9fe2687 --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "keycloak-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "keycloak-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "keycloak-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "keycloak-service.labels" -}} +helm.sh/chart: {{ include "keycloak-service.chart" . }} +{{ include "keycloak-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "keycloak-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "keycloak-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "keycloak-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "keycloak-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/keycloak-service/templates/deployment.yaml b/helm/sunbird-r-charts/charts/keycloak-service/templates/deployment.yaml new file mode 100644 index 0000000..5d27ce6 --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/templates/deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "keycloak-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "keycloak-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "keycloak-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "keycloak-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: + name: rc-secret + key: KEYCLOAK_ADMIN_PASSWORD + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /auth/ + port: {{ .Values.service.port }} + failureThreshold: 10 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 10 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-r-charts/charts/keycloak-service/templates/hpa.yaml b/helm/sunbird-r-charts/charts/keycloak-service/templates/hpa.yaml new file mode 100644 index 0000000..2252b7c --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "keycloak-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "keycloak-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/keycloak-service/templates/ingress.yaml b/helm/sunbird-r-charts/charts/keycloak-service/templates/ingress.yaml new file mode 100644 index 0000000..dcc1e22 --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "keycloak-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/keycloak-service/templates/service.yaml b/helm/sunbird-r-charts/charts/keycloak-service/templates/service.yaml new file mode 100644 index 0000000..7f96752 --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "keycloak-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "keycloak-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/keycloak-service/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/keycloak-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..57bd52b --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "keycloak-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/keycloak-service/values.yaml b/helm/sunbird-r-charts/charts/keycloak-service/values.yaml new file mode 100644 index 0000000..f288120 --- /dev/null +++ b/helm/sunbird-r-charts/charts/keycloak-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for keycloak-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-keycloak + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: true + className: "" + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /auth/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/charts/notification-ms/.helmignore b/helm/sunbird-r-charts/charts/notification-ms/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/notification-ms/Chart.yaml b/helm/sunbird-r-charts/charts/notification-ms/Chart.yaml new file mode 100644 index 0000000..d208bb0 --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: notification-ms +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/notification-ms/templates/NOTES.txt b/helm/sunbird-r-charts/charts/notification-ms/templates/NOTES.txt new file mode 100644 index 0000000..e98aef4 --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "notification-ms.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "notification-ms.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "notification-ms.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "notification-ms.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/notification-ms/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/notification-ms/templates/_helpers.tpl new file mode 100644 index 0000000..60e809f --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "notification-ms.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "notification-ms.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "notification-ms.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "notification-ms.labels" -}} +helm.sh/chart: {{ include "notification-ms.chart" . }} +{{ include "notification-ms.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "notification-ms.selectorLabels" -}} +app.kubernetes.io/name: {{ include "notification-ms.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "notification-ms.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "notification-ms.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/notification-ms/templates/deployment.yaml b/helm/sunbird-r-charts/charts/notification-ms/templates/deployment.yaml new file mode 100644 index 0000000..add80dd --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/templates/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "notification-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "notification-ms.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "notification-ms.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "notification-ms.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /notification-service/v1/health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-r-charts/charts/notification-ms/templates/hpa.yaml b/helm/sunbird-r-charts/charts/notification-ms/templates/hpa.yaml new file mode 100644 index 0000000..74b34b4 --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "notification-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "notification-ms.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/notification-ms/templates/ingress.yaml b/helm/sunbird-r-charts/charts/notification-ms/templates/ingress.yaml new file mode 100644 index 0000000..9eb02c8 --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "notification-ms.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/notification-ms/templates/service.yaml b/helm/sunbird-r-charts/charts/notification-ms/templates/service.yaml new file mode 100644 index 0000000..407aac0 --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "notification-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "notification-ms.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/notification-ms/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/notification-ms/templates/serviceaccount.yaml new file mode 100644 index 0000000..d683f10 --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "notification-ms.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/notification-ms/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/notification-ms/templates/tests/test-connection.yaml new file mode 100644 index 0000000..b225638 --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "notification-ms.fullname" . }}-test-connection" + labels: + {{- include "notification-ms.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "notification-ms.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-r-charts/charts/notification-ms/values.yaml b/helm/sunbird-r-charts/charts/notification-ms/values.yaml new file mode 100644 index 0000000..9e4b500 --- /dev/null +++ b/helm/sunbird-r-charts/charts/notification-ms/values.yaml @@ -0,0 +1,74 @@ +# Default values for notification-ms. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-notification-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 8765 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /notification-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/charts/public-key-service/.helmignore b/helm/sunbird-r-charts/charts/public-key-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/public-key-service/Chart.yaml b/helm/sunbird-r-charts/charts/public-key-service/Chart.yaml new file mode 100644 index 0000000..8768559 --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: public-key-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/public-key-service/keys/config.json b/helm/sunbird-r-charts/charts/public-key-service/keys/config.json new file mode 100644 index 0000000..23cc3e7 --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/keys/config.json @@ -0,0 +1,10 @@ +{ + "issuers": { + "default": { + "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXQalrgztecTpc+INjRQ8s73FSE1kU5QSlwBdICCVJBUKiuQUt7s+Z5epgCvLVAOCbP1mm5lV7bfgV/iYWDio7lzX4MlJwDedWLiufr3Ajq+79CQiqPaIbZTo0i13zijKtX7wgxQ78wT/HkJRLkFpmGeK3za21tEfttytkhmJYlwaDTEc+Kx3RJqVhVh/dfwJGeuV4Xc/e2NH++ht0ENGuTk44KpQ+pwQVqtW7lmbDZQJoOJ7HYmmoKGJ0qt2hrj15uwcD1WEYfY5N7N0ArTzPgctExtZFDmituLGzuAZfv2AZZ9/7Y+igshzfB0reIFdUKw3cdVTzfv5FNrIqN5pwIDAQAB\n-----END PUBLIC KEY-----\n", + "signatureType": "RSA", + "verificationMethod": "did:india", + "$comment": "The above are test keys and it needs to be replaced before going to production" + } + } +} diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/NOTES.txt b/helm/sunbird-r-charts/charts/public-key-service/templates/NOTES.txt new file mode 100644 index 0000000..f0fc565 --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "public-key-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "public-key-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "public-key-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "public-key-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/public-key-service/templates/_helpers.tpl new file mode 100644 index 0000000..67a7dc3 --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "public-key-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "public-key-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "public-key-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "public-key-service.labels" -}} +helm.sh/chart: {{ include "public-key-service.chart" . }} +{{ include "public-key-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "public-key-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "public-key-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "public-key-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "public-key-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/configmap.yaml b/helm/sunbird-r-charts/charts/public-key-service/templates/configmap.yaml new file mode 100644 index 0000000..14f772b --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- $keys := .Files.Glob "keys/*" }} +{{ if $keys }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-keys + namespace: {{ .Values.namespace }} +data: +{{ (.Files.Glob "keys/*").AsConfig | indent 2 }} +{{ end }} diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/deployment.yaml b/helm/sunbird-r-charts/charts/public-key-service/templates/deployment.yaml new file mode 100644 index 0000000..859b9c3 --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "public-key-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "public-key-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "public-key-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "public-key-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: CONFIG_BASE_PATH + value: "/etc/keys" + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /public-key-service/api/v1/health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: {{ .Chart.Name }}-keys + mountPath: /etc/keys + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ .Chart.Name }}-keys + configMap: + name: {{ .Chart.Name }}-keys diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/hpa.yaml b/helm/sunbird-r-charts/charts/public-key-service/templates/hpa.yaml new file mode 100644 index 0000000..52b10ad --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "public-key-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "public-key-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/ingress.yaml b/helm/sunbird-r-charts/charts/public-key-service/templates/ingress.yaml new file mode 100644 index 0000000..03c5321 --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "public-key-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/service.yaml b/helm/sunbird-r-charts/charts/public-key-service/templates/service.yaml new file mode 100644 index 0000000..90ac319 --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "public-key-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "public-key-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/public-key-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..6f5e37c --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "public-key-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/public-key-service/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/public-key-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..e62921a --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "public-key-service.fullname" . }}-test-connection" + labels: + {{- include "public-key-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "public-key-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-r-charts/charts/public-key-service/values.yaml b/helm/sunbird-r-charts/charts/public-key-service/values.yaml new file mode 100644 index 0000000..c2848fb --- /dev/null +++ b/helm/sunbird-r-charts/charts/public-key-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for public-key-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-public-key-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 3300 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /public-key-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/charts/registry/.helmignore b/helm/sunbird-r-charts/charts/registry/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/registry/Chart.yaml b/helm/sunbird-r-charts/charts/registry/Chart.yaml new file mode 100644 index 0000000..dcdbf9c --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: registry +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-r-charts/charts/registry/schemas/Insurance.json b/helm/sunbird-r-charts/charts/registry/schemas/Insurance.json new file mode 100644 index 0000000..49b9719 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/schemas/Insurance.json @@ -0,0 +1,208 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "Insurance": { + "$ref": "#/definitions/Insurance" + } + }, + "required": [ + "Insurance" + ], + "title":"Insurance", + "definitions": { + "Insurance": { + "$id": "#/properties/Insurance", + "type": "object", + "title": "Insurance", + "required": [ + "policyNumber", + "policyName", + "policyExpiresOn", + "policyIssuedOn", + "fullName", + "dob" + ], + "properties": { + "policyNumber": { + "type": "string" + }, + "policyName": { + "type": "string" + }, + "policyExpiresOn": { + "type": "string", + "format": "date-time" + }, + "policyIssuedOn": { + "type": "string", + "format": "date-time" + }, + "benefits": { + "type": "array", + "items": { + "type": "string" + } + }, + "fullName": { + "type": "string", + "title": "Full Name" + }, + "dob": { + "type": "string", + "format": "date" + }, + "gender": { + "type": "string", + "enum": [ + "Male", + "Female", + "Other" + ] + }, + "mobile": { + "type": "string", + "title": "Mobile number" + }, + "email": { + "type": "string", + "title": "Email ID" + } + } + } + }, + "_osConfig": { + "credentialTemplate": { + "@context": [ + "https://www.w3.org/2018/credentials/v1", + { + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "schema": "https://schema.org/", + "InsuranceCredential": { + "@id": "did:InsuranceCredential", + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "dob": "schema:birthDate", + "email": "schema:email", + "gender": "schema:gender", + "mobile": "schema:telephone", + "benefits": "schema:benefits", + "fullName": "schema:name", + "policyName": "schema:Text", + "policyNumber": "schema:Text" + } + } + } + }, + { + "HealthInsuranceCredential": { + "@id": "InsuranceCredential" + }, + "LifeInsuranceCredential": { + "@id": "HealthInsuranceCredential" + } + } + ], + "type": [ + "VerifiableCredential", + "LifeInsuranceCredential" + ], + "issuer": "Registry", + "issuanceDate": "{{policyIssuedOn}}", + "expirationDate": "{{policyExpiresOn}}", + "credentialSubject": { + "id": "did:{{osid}}", + "dob": "{{dob}}", + "type": "InsuranceCredential", + "email": "{{email}}", + "gender": "{{gender}}", + "mobile": "{{mobile}}", + "benefits": "{{benefits}}", + "fullName": "{{fullName}}", + "policyName": "{{policyName}}", + "policyNumber": "{{policyNumber}}" + } + }, + "certificateTemplates": { + "first": "minio://Insurance/1-68619c95-3f40-45b8-b6ba-56eba055dc11/email/documents/3165a481-8078-447c-8cc0-f310869cb40d-Insurancetemplate.html" + }, + "osComment": [], + "privateFields": [], + "systemFields": [ + "_osSignedData", + "_osCredentialId", + "_osAttestedData" + ], + "indexFields": [], + "uniqueIndexFields": [], + "roles": ["Official"], + "inviteRoles": ["Official"], + "attestationPolicies": [ + { + "name": "insuranceApprovalPolicy", + "attestationProperties": { + "policyExpiresOn": "$.policyExpiresOn", + "policyNumber": "$.policyNumber", + "policyName": "$.policyName" + }, + "type": "MANUAL", + "attestorPlugin": "did:internal:ClaimPluginActor?entity=Official", + "conditions": "(ATTESTOR#$.Gender#.equalsIgnoreCase('male'))", + "credentialTemplate": { + "@context": [ + "https://www.w3.org/2018/credentials/v1", + { + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "schema": "https://schema.org/", + "InsuranceCredential": { + "@id": "did:InsuranceCredential", + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "policyExpiresOn": "schema:expires", + "policyName": "schema:Text", + "policyNumber": "schema:Text" + } + } + } + } + ], + "type": [ + "VerifiableCredential", + "InsuranceCredential" + ], + "issuer": "Registry", + "expirationDate": "{{policyExpiresOn}}", + "credentialSubject": { + "id": "did:{{policyName}}:{{policyNumber}}", + "type": "InsuranceCredential", + "policyName": "{{policyName}}", + "policyNumber": "{{policyNumber}}", + "policyExpiresOn": "{{policyExpiresOn}}" + } + } + } + ], + "ownershipAttributes": [ + { + "userId": "$.email", + "email": "$.email", + "mobile": "$.mobile" + } + ] + } +} + diff --git a/helm/sunbird-r-charts/charts/registry/schemas/Official.json b/helm/sunbird-r-charts/charts/registry/schemas/Official.json new file mode 100644 index 0000000..f47198e --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/schemas/Official.json @@ -0,0 +1,71 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "Official": { + "$ref": "#/definitions/Official" + } + }, + "required": [ + "Official" + ], + "title": "Official", + "definitions": { + "Official": { + "$id": "#/properties/Official", + "type": "object", + "title": "The Official Schema", + "required": [ + "Name", + "Phone", + "email", + "State", + "Category" + ], + "properties": { + "Name": { + "type": "string" + }, + "Gender": { + "type": "string" + }, + "Phone": { + "type": "string" + }, + "email": { + "type": "string" + }, + "State": { + "type": "string" + }, + "Category": { + "type": "string" + }, + "Designation": { + "type": "string" + }, + "Department": { + "type": "string" + } + } + } + }, + "_osConfig": { + "systemFields": [ + "osCreatedAt", + "osUpdatedAt", + "osCreatedBy", + "osUpdatedBy" + ], + "roles": ["admin"], + "inviteRoles": ["admin"], + "ownershipAttributes": [ + { + "email": "/email", + "mobile": "/Phone", + "userId": "/Phone" + } + ] + } +} + diff --git a/helm/sunbird-r-charts/charts/registry/schemas/Student.json b/helm/sunbird-r-charts/charts/registry/schemas/Student.json new file mode 100644 index 0000000..47d20d6 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/schemas/Student.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "Student": { + "$ref": "#/definitions/Student" + } + }, + "required": [ + "Student" + ], + "title":"Student", + "definitions": { + "Student": { + "$id": "#/properties/Student", + "type": "object", + "title": "The Student Schema", + "required": [ + + ], + "properties": { + "name": { + "type": "string" + } + } + } + }, + "_osConfig": { + "osComment": ["This section contains the OpenSABER specific configuration information", + "privateFields: Optional; list of field names to be encrypted and stored in database", + "signedFields: Optional; list of field names that must be pre-signed", + "indexFields: Optional; list of field names used for creating index. Enclose within braces to indicate it is a composite index. In this definition, (serialNum, studentCode) is a composite index and studentName is a single column index.", + "uniqueIndexFields: Optional; list of field names used for creating unique index. Field names must be different from index field name", + "systemFields: Optional; list of fields names used for system standard information like created, updated timestamps and userid"], + + "privateFields": [ + "$.identityDetails.dob", + "$.identityDetails.identityType", + "$.identityDetails.identityValue", + "$.contactDetails.email", + "$.contactDetails.mobile", + "$.contactDetails.address.plot", + "$.contactDetails.address.street", + "$.contactDetails.address.landmark", + "$.contactDetails.address.locality" + ], + "indexFields": ["studentName"], + "uniqueIndexFields": ["identityValue"], + "systemFields": [ + "osCreatedAt", + "osUpdatedAt", + "osCreatedBy", + "osUpdatedBy" + ], + "attestationPolicies": [ + { + "name": "studentInstituteAttest", + "additionalInput": { + "enrollmentNumber": {"type": "string"} + }, + "attestationProperties": { + "name": "$.identityDetails.fullName", + "educationDetails": "$.educationDetails" + }, + "type": "MANUAL", + "conditions": "(ATTESTOR#$.experience.[*].instituteOSID#.contains(REQUESTER#$.educationDetails.*.instituteOSID#))", + "attestorPlugin": "did:internal:ClaimPluginActor?entity=Teacher" + } + ], + "inviteRoles":["Teacher"], + "ownershipAttributes": [ + { + "email": "/contactDetails/email", + "mobile": "/contactDetails/mobile", + "userId": "/contactDetails/mobile" + } + ] + } +} diff --git a/helm/sunbird-r-charts/charts/registry/templates/NOTES.txt b/helm/sunbird-r-charts/charts/registry/templates/NOTES.txt new file mode 100644 index 0000000..0cbca65 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "registry.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "registry.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "registry.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "registry.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-r-charts/charts/registry/templates/_helpers.tpl b/helm/sunbird-r-charts/charts/registry/templates/_helpers.tpl new file mode 100644 index 0000000..0ed5df4 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "registry.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "registry.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "registry.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "registry.labels" -}} +helm.sh/chart: {{ include "registry.chart" . }} +{{ include "registry.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "registry.selectorLabels" -}} +app.kubernetes.io/name: {{ include "registry.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "registry.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "registry.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/registry/templates/configmap.yaml b/helm/sunbird-r-charts/charts/registry/templates/configmap.yaml new file mode 100644 index 0000000..8d2ae78 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- $schemas := .Files.Glob "schemas/*" }} +{{ if $schemas }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-schemas + namespace: {{ .Values.namespace }} +data: +{{ (.Files.Glob "schemas/*").AsConfig | indent 2 }} +{{ end }} diff --git a/helm/sunbird-r-charts/charts/registry/templates/deployment.yaml b/helm/sunbird-r-charts/charts/registry/templates/deployment.yaml new file mode 100644 index 0000000..78fbaf3 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "registry.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "registry.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "registry.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "registry.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: connectionInfo_password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: sunbird_keycloak_user_password + valueFrom: + secretKeyRef: + name: rc-secret + key: KEYCLOAK_DEFAULT_USER_PASSWORD + - name: filestorage_secret_key + valueFrom: + secretKeyRef: + name: rc-secret + key: MINIO_SECRET_KEY + - name: elastic_search_password + valueFrom: + secretKeyRef: + name: rc-secret + key: ELASTIC_SEARCH_PASSWORD + - name: sunbird_sso_admin_client_secret + valueFrom: + secretKeyRef: + name: rc-secret + key: KEYCLOAK_ADMIN_CLIENT_SECRET + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /api/docs/swagger.json + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: {{ .Chart.Name }}-schemas + mountPath: /home/sunbirdrc/config/public/_schemas + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ .Chart.Name }}-schemas + configMap: + name: {{ .Chart.Name }}-schemas diff --git a/helm/sunbird-r-charts/charts/registry/templates/hpa.yaml b/helm/sunbird-r-charts/charts/registry/templates/hpa.yaml new file mode 100644 index 0000000..98d0adc --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "registry.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "registry.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/registry/templates/ingress.yaml b/helm/sunbird-r-charts/charts/registry/templates/ingress.yaml new file mode 100644 index 0000000..daa59f2 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "registry.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/registry/templates/service.yaml b/helm/sunbird-r-charts/charts/registry/templates/service.yaml new file mode 100644 index 0000000..31a1170 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "registry.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "registry.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-r-charts/charts/registry/templates/serviceaccount.yaml b/helm/sunbird-r-charts/charts/registry/templates/serviceaccount.yaml new file mode 100644 index 0000000..17b75ff --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "registry.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-r-charts/charts/registry/templates/tests/test-connection.yaml b/helm/sunbird-r-charts/charts/registry/templates/tests/test-connection.yaml new file mode 100644 index 0000000..96c7430 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "registry.fullname" . }}-test-connection" + labels: + {{- include "registry.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "registry.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-r-charts/charts/registry/values.yaml b/helm/sunbird-r-charts/charts/registry/values.yaml new file mode 100644 index 0000000..0c23241 --- /dev/null +++ b/helm/sunbird-r-charts/charts/registry/values.yaml @@ -0,0 +1,75 @@ +# Default values for registry. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-core + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.0.0-rc3" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8081 + +ingress: + enabled: true + className: "" + #annotations: + #kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + #hosts: + #- paths: + # - path: /registry(/|$)(.*) + # pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/charts/secrets/.helmignore b/helm/sunbird-r-charts/charts/secrets/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-r-charts/charts/secrets/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-r-charts/charts/secrets/Chart.yaml b/helm/sunbird-r-charts/charts/secrets/Chart.yaml new file mode 100644 index 0000000..28bc2fc --- /dev/null +++ b/helm/sunbird-r-charts/charts/secrets/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: secrets +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/sunbird-r-charts/charts/secrets/templates/secrets.yaml b/helm/sunbird-r-charts/charts/secrets/templates/secrets.yaml new file mode 100644 index 0000000..1b17168 --- /dev/null +++ b/helm/sunbird-r-charts/charts/secrets/templates/secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + DB_PASSWORD: {{.Values.global.secrets.DB_PASSWORD | quote}} + ELASTIC_SEARCH_PASSWORD: {{.Values.global.secrets.ELASTIC_SEARCH_PASSWORD | quote}} + KEYCLOAK_ADMIN_CLIENT_SECRET: {{.Values.global.secrets.KEYCLOAK_ADMIN_CLIENT_SECRET | quote}} + KEYCLOAK_ADMIN_PASSWORD: {{.Values.global.secrets.KEYCLOAK_ADMIN_PASSWORD | quote}} + KEYCLOAK_DEFAULT_USER_PASSWORD: {{.Values.global.secrets.KEYCLOAK_DEFAULT_USER_PASSWORD | quote}} + MINIO_SECRET_KEY: {{.Values.global.secrets.MINIO_SECRET_KEY | quote}} + VAULT_SECRET_TOKEN: {{.Values.global.secrets.VAULT_SECRET_TOKEN | quote}} + DATABASE_URL: {{.Values.global.secrets.DB_URL | quote}} +kind: Secret +metadata: + name: rc-secret + namespace: {{ .Release.Namespace }} +type: Opaque diff --git a/helm/sunbird-r-charts/charts/secrets/values.yaml b/helm/sunbird-r-charts/charts/secrets/values.yaml new file mode 100644 index 0000000..877c0af --- /dev/null +++ b/helm/sunbird-r-charts/charts/secrets/values.yaml @@ -0,0 +1,82 @@ +# Default values for secrets. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-r-charts/values.yaml b/helm/sunbird-r-charts/values.yaml new file mode 100644 index 0000000..92bfe5b --- /dev/null +++ b/helm/sunbird-r-charts/values.yaml @@ -0,0 +1,123 @@ +global: + host: "registry.demodpgs.net" + database: + host: "" + user: "postgres" + port: "5432" + vendor: "postgres" + keycloak: + database: "registry" + admin: + username: "admin" + proxy_forwarding: true + registry: + database: "registry" + search_provider: "dev.sunbirdrc.registry.service.NativeSearchService" + signature_provider: "dev.sunbirdrc.registry.service.impl.SignatureV2ServiceImpl" + sso: + realm: "sunbird-rc" + admin_client_id: "admin-api" + client_id: "registry-frontend" + signature_enabled: true + keycloak_user_set_password: false + base_apis_enabled: false + log_level: DEBUG + enable_external_templates: true + enable_async: false + enable_authentication: true + enable_webhook: false + webhook_url: http://localhost:5001/api/v1/callback + manager_type: DefinitionsManager + swagger_enabled: true + swagger_title: SUNBIRD-RC + authentication_enabled: true + claims_enabled: true + certificate_enabled: true + encryption_enabled: false + idgen_enabled: false + opa_enabled: false + opa_allow_key_name: authorized + encryption_port : 8013 + context_path : / + idformatFromMdms: false + mdmsProvider: org.egov.id.masterdata.provider.DBMasterDataProvider + autoCreateNewSeq: true + migrationEnabled: true + did_enabled: true + credential_did_method: rcw + issuer_did_method : issuer + schema_author: Registry + schema_author_did_method: author + envVars: + egov_mdms_provider: org.egov.id.masterdata.provider.DBMasterDataProvider + minio: + url: + access_key: admin + bucket_key: sunbird-rc + elastic_search: + url: + auth_enabled: false + username: "" + kafka: + url: + redis: + host: + port: 6379 + vault: + address: http://vaultkv:8200 + base_url: http://vaultkv:8200/v1 + root_path: http://vaultkv:8200/v1/kv + vault_timeout: 5000 + vault_proxy: false + vault_token: + sunbird: + enable_auth: false + signing_algo: Ed25519 + jwks_uri: "" + secrets: + DB_PASSWORD: "" + ELASTIC_SEARCH_PASSWORD: "" + KEYCLOAK_ADMIN_CLIENT_SECRET: YjJiMGNhYjEtMjQzZC00ZTZlLTkzZTctOTAxNWZmNjZkZjJi + KEYCLOAK_ADMIN_PASSWORD: YWRtaW4xMjM= + KEYCLOAK_DEFAULT_USER_PASSWORD: YWRtaW5AMTIz + MINIO_SECRET_KEY: Kgo= + VAULT_SECRET_TOKEN: "" + DB_URL: "" +encryption-service: + envVars: + egov_mdms_provider: org.egov.enc.masterdata.provider.DBMasterDataProvider +id-gen-service: + envVars: + egov_mdms_provider: org.egov.id.masterdata.provider.DBMasterDataProvider +registry: + ingress: + enabled: true + className: "alb" + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]' + alb.ingress.kubernetes.io/group.name: sbrc-lb + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600 + ingress.kubernetes.io/rewrite-target: / # Added rewrite annotation here for / to /selfservice + #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:370803901956:certificate/59fa4298-f8da-4d53-9314-8b7266416460 + hosts: + - paths: + - path: / + pathType: Prefix +keycloak-service: + ingress: + enabled: true + className: "alb" + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]' + alb.ingress.kubernetes.io/group.name: sbrc-lb + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600 + ingress.kubernetes.io/rewrite-target: / # Added rewrite annotation here for / to /selfservice + #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:370803901956:certificate/59fa4298-f8da-4d53-9314-8b7266416460 + hosts: + - paths: + - path: /auth + pathType: Prefix diff --git a/helm/sunbird-rc-charts/.helmignore b/helm/sunbird-rc-charts/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/Chart.yaml b/helm/sunbird-rc-charts/Chart.yaml new file mode 100644 index 0000000..d0aaab5 --- /dev/null +++ b/helm/sunbird-rc-charts/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: sunbird_rc_charts +description: A Helm chart for Sunbird RC + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.13" diff --git a/helm/sunbird-rc-charts/charts/certificate-api/.helmignore b/helm/sunbird-rc-charts/charts/certificate-api/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/certificate-api/Chart.yaml b/helm/sunbird-rc-charts/charts/certificate-api/Chart.yaml new file mode 100644 index 0000000..219e197 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: certificate-api +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/certificate-api/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/certificate-api/templates/NOTES.txt new file mode 100644 index 0000000..d6ffacc --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "certificate-api.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "certificate-api.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "certificate-api.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "certificate-api.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-api/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/certificate-api/templates/_helpers.tpl new file mode 100644 index 0000000..8ef354b --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "certificate-api.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "certificate-api.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "certificate-api.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "certificate-api.labels" -}} +helm.sh/chart: {{ include "certificate-api.chart" . }} +{{ include "certificate-api.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "certificate-api.selectorLabels" -}} +app.kubernetes.io/name: {{ include "certificate-api.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "certificate-api.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "certificate-api.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-api/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/certificate-api/templates/deployment.yaml new file mode 100644 index 0000000..f1be93f --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/templates/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "certificate-api.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "certificate-api.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "certificate-api.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "certificate-api.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: PORT + value: {{ .Values.service.port | quote}} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-api/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/certificate-api/templates/hpa.yaml new file mode 100644 index 0000000..712e7e5 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "certificate-api.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "certificate-api.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-api/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/certificate-api/templates/ingress.yaml new file mode 100644 index 0000000..ade2e69 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "certificate-api.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-api/templates/service.yaml b/helm/sunbird-rc-charts/charts/certificate-api/templates/service.yaml new file mode 100644 index 0000000..24d6c32 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "certificate-api.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "certificate-api.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/certificate-api/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/certificate-api/templates/serviceaccount.yaml new file mode 100644 index 0000000..58e047d --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "certificate-api.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-api.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-api/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/certificate-api/templates/tests/test-connection.yaml new file mode 100644 index 0000000..c1262b2 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "certificate-api.fullname" . }}-test-connection" + labels: + {{- include "certificate-api.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "certificate-api.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/certificate-api/values.yaml b/helm/sunbird-rc-charts/charts/certificate-api/values.yaml new file mode 100644 index 0000000..79f5145 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-api/values.yaml @@ -0,0 +1,71 @@ +# Default values for certificate-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-certificate-api + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8078 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/.helmignore b/helm/sunbird-rc-charts/charts/certificate-signer/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/Chart.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/Chart.yaml new file mode 100644 index 0000000..799549f --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: certificate-signer +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/keys/config.json b/helm/sunbird-rc-charts/charts/certificate-signer/keys/config.json new file mode 100644 index 0000000..5151928 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/keys/config.json @@ -0,0 +1,11 @@ +{ + "issuers": { + "default": { + "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXQalrgztecTpc+INjRQ8s73FSE1kU5QSlwBdICCVJBUKiuQUt7s+Z5epgCvLVAOCbP1mm5lV7bfgV/iYWDio7lzX4MlJwDedWLiufr3Ajq+79CQiqPaIbZTo0i13zijKtX7wgxQ78wT/HkJRLkFpmGeK3za21tEfttytkhmJYlwaDTEc+Kx3RJqVhVh/dfwJGeuV4Xc/e2NH++ht0ENGuTk44KpQ+pwQVqtW7lmbDZQJoOJ7HYmmoKGJ0qt2hrj15uwcD1WEYfY5N7N0ArTzPgctExtZFDmituLGzuAZfv2AZZ9/7Y+igshzfB0reIFdUKw3cdVTzfv5FNrIqN5pwIDAQAB\n-----END PUBLIC KEY-----\n", + "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAnXQalrgztecTpc+INjRQ8s73FSE1kU5QSlwBdICCVJBUKiuQUt7s+Z5epgCvLVAOCbP1mm5lV7bfgV/iYWDio7lzX4MlJwDedWLiufr3Ajq+79CQiqPaIbZTo0i13zijKtX7wgxQ78wT/HkJRLkFpmGeK3za21tEfttytkhmJYlwaDTEc+Kx3RJqVhVh/dfwJGeuV4Xc/e2NH++ht0ENGuTk44KpQ+pwQVqtW7lmbDZQJoOJ7HYmmoKGJ0qt2hrj15uwcD1WEYfY5N7N0ArTzPgctExtZFDmituLGzuAZfv2AZZ9/7Y+igshzfB0reIFdUKw3cdVTzfv5FNrIqN5pwIDAQABAoIBAHPILMUoLt5UTd5f/YnebqgeCRNAmGOBcwk7HtbMqQoGF93qqvZFd30XOAJZ/ncTpz77Vl95ToxxrWk1WQLCe+ZpOK3Dgk5sFSm8zXx1T64UBNPUSnWoh37C1D39+b9rppCZScgnxlyPdSLy3h3q8Hyoy+auqUEkm/ms5W2lT3fJscyN1IAyHrhsOBWjl3Ilq5GxBo5tbYv/Fb1pQiP/p2SIHA1+2ASXNYQP100F5Vn0V6SFtBXTCQnwcvbP083NvlGxs9+xRs3MCUcxCkKepWuzYwOZDmu/2yCz1/EsP6wlsYEHmCZLdIb0tQt0caqzB/RoxfBpNRIlhOtqHvBzUgECgYEAzIRn5Y7lqO3N+V29wXXtVZjYWvBh7xUfOxAwVYv0rKI0y9kHJHhIrU+wOVOKGISxBKmzqBQRPvXtXW8E0/14Zz82g60rRwtNjvW0UoZAY3KPouwruUIjAe2UnKZcQ//MBTrvds8QGpL6nxvPsBqU0y2K+ySAOxBtNtGEjzv8nxUCgYEAxRbMWukIbgVOuQjangkfJEfA1UaRFQqQ8jUmT9aiq2nREnd4mYP8kNKzJa9L7zj6Un6yLH5DbGspZ2gGODeRw3uVFN8XSzRdLvllNEyiG/waiysUtXfG2DPOR6xD8tXXDMm/tl9gTa8cbkvqYy10XT9MpfOAsusEZVmc0/DBBMsCgYAYdAxoKjnThPuHwWma5BrIjUnxNaTADWp6iWj+EYnjylE9vmlYNvmZn1mWwSJV5Ce2QwQ0KJIXURhcf5W4MypeTfSase3mxLc1TLOO2naAbYY3GL3xnLLK3DlUsZ9+kes3BOD097UZOFG3DIA8sjDxPxTLCoY6ibBFSa/r4GRIMQKBgQCranDCgPu79RHLDVBXM0fKnj2xQXbd/hqjDmcL+Xnx7E7S6OYTXyBENX1qwVQh9ESDi34cBJVPrsSME4WVT3+PreS0CnSQDDMfr/m9ywkTnejYMdgJHOvtDuHSpJlUk3g+vxnm3H0+E5d+trhdGiOjFnLrwyWkd5OTMqWcEEFQkQKBgFfXObDz/7KqeSaAxI8RzXWbI3Fa492b4qQUhbKYVpGn98CCVEFJr11vuB/8AXYCa92OtbwgMw6Ah5JOGzRScJKdipoxo7oc2LJ9sSjjw3RB/aWl35ChvnCJhmfSL8Usbj0nWVTrPwRLjMC2bIxkLtnm9qYXPumW1EjEbusjVMpN\n-----END RSA PRIVATE KEY-----\n", + "signatureType": "RSA", + "verificationMethod": "did:india", + "$comment": "The above are test keys and it needs to be replaced before going to production" + } + } +} \ No newline at end of file diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/certificate-signer/templates/NOTES.txt new file mode 100644 index 0000000..a118ca4 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "certificate-signer.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "certificate-signer.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "certificate-signer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "certificate-signer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/certificate-signer/templates/_helpers.tpl new file mode 100644 index 0000000..240a806 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "certificate-signer.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "certificate-signer.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "certificate-signer.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "certificate-signer.labels" -}} +helm.sh/chart: {{ include "certificate-signer.chart" . }} +{{ include "certificate-signer.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "certificate-signer.selectorLabels" -}} +app.kubernetes.io/name: {{ include "certificate-signer.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "certificate-signer.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "certificate-signer.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/configmap.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/templates/configmap.yaml new file mode 100644 index 0000000..14f772b --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- $keys := .Files.Glob "keys/*" }} +{{ if $keys }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-keys + namespace: {{ .Values.namespace }} +data: +{{ (.Files.Glob "keys/*").AsConfig | indent 2 }} +{{ end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/templates/deployment.yaml new file mode 100644 index 0000000..e88ba4d --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "certificate-signer.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "certificate-signer.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "certificate-signer.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "certificate-signer.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: PORT + value: {{ .Values.service.port | quote}} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: {{ .Chart.Name }}-keys + mountPath: /etc/signer + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ .Chart.Name }}-keys + configMap: + name: {{ .Chart.Name }}-keys diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/templates/hpa.yaml new file mode 100644 index 0000000..edce588 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "certificate-signer.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "certificate-signer.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/templates/ingress.yaml new file mode 100644 index 0000000..0703a1f --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "certificate-signer.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/service.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/templates/service.yaml new file mode 100644 index 0000000..66cebcb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "certificate-signer.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "certificate-signer.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/templates/serviceaccount.yaml new file mode 100644 index 0000000..8ac2138 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "certificate-signer.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/templates/tests/test-connection.yaml new file mode 100644 index 0000000..725cfb0 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "certificate-signer.fullname" . }}-test-connection" + labels: + {{- include "certificate-signer.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "certificate-signer.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/certificate-signer/values.yaml b/helm/sunbird-rc-charts/charts/certificate-signer/values.yaml new file mode 100644 index 0000000..a0be483 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/certificate-signer/values.yaml @@ -0,0 +1,71 @@ +# Default values for certificate-signer. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-certificate-signer + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8079 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/claim-ms/.helmignore b/helm/sunbird-rc-charts/charts/claim-ms/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/claim-ms/Chart.yaml b/helm/sunbird-rc-charts/charts/claim-ms/Chart.yaml new file mode 100644 index 0000000..408dc0d --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: claim-ms +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/claim-ms/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/claim-ms/templates/NOTES.txt new file mode 100644 index 0000000..f272fab --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "claim-ms.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "claim-ms.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "claim-ms.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "claim-ms.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/claim-ms/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/claim-ms/templates/_helpers.tpl new file mode 100644 index 0000000..0090544 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "claim-ms.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "claim-ms.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "claim-ms.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "claim-ms.labels" -}} +helm.sh/chart: {{ include "claim-ms.chart" . }} +{{ include "claim-ms.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "claim-ms.selectorLabels" -}} +app.kubernetes.io/name: {{ include "claim-ms.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "claim-ms.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "claim-ms.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/claim-ms/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/claim-ms/templates/deployment.yaml new file mode 100644 index 0000000..8878454 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "claim-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "claim-ms.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "claim-ms.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "claim-ms.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: connectionInfo_password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/claim-ms/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/claim-ms/templates/hpa.yaml new file mode 100644 index 0000000..70087b9 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "claim-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "claim-ms.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/claim-ms/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/claim-ms/templates/ingress.yaml new file mode 100644 index 0000000..7c80a3e --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "claim-ms.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/claim-ms/templates/service.yaml b/helm/sunbird-rc-charts/charts/claim-ms/templates/service.yaml new file mode 100644 index 0000000..efd9d61 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "claim-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "claim-ms.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/claim-ms/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/claim-ms/templates/serviceaccount.yaml new file mode 100644 index 0000000..d48c1b2 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "claim-ms.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "claim-ms.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/claim-ms/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/claim-ms/templates/tests/test-connection.yaml new file mode 100644 index 0000000..cff7451 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/templates/tests/test-connection.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "claim-ms.fullname" . }}-test-connection" + labels: + {{- include "claim-ms.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "claim-ms.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never + diff --git a/helm/sunbird-rc-charts/charts/claim-ms/values.yaml b/helm/sunbird-rc-charts/charts/claim-ms/values.yaml new file mode 100644 index 0000000..2248c14 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/claim-ms/values.yaml @@ -0,0 +1,75 @@ +# Default values for claim-ms. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-claim-ms + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8082 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /claim-ms(/|$)(.*) + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/config/.helmignore b/helm/sunbird-rc-charts/charts/config/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/config/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/config/Chart.yaml b/helm/sunbird-rc-charts/charts/config/Chart.yaml new file mode 100644 index 0000000..399a479 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/config/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: config +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/config/templates/configmap.yaml b/helm/sunbird-rc-charts/charts/config/templates/configmap.yaml new file mode 100644 index 0000000..4d37f2f --- /dev/null +++ b/helm/sunbird-rc-charts/charts/config/templates/configmap.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-config + namespace: {{ .Release.Namespace }} +data: + DB_ADDR: {{.Values.global.database.host | quote}} + DB_DATABASE: {{.Values.global.keycloak.database | quote}} + DB_PORT: {{.Values.global.database.port | quote}} + DB_USER: {{.Values.global.database.user | quote}} + DB_VENDOR: {{.Values.global.database.vendor | quote}} + KEYCLOAK_USER: {{.Values.global.keycloak.admin.username | quote}} + PROXY_ADDRESS_FORWARDING: {{.Values.global.keycloak.proxy_forwarding | quote}} + connectionInfo_uri: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + connectionInfo_username: {{.Values.global.database.user | quote}} + elastic_search_connection_url: {{.Values.global.elastic_search.url | quote}} + elastic_search_auth_enabled: {{.Values.global.elastic_search.auth_enabled | quote}} + elastic_search_username: {{.Values.global.elastic_search.username | quote}} + search_providerName: {{.Values.global.registry.search_provider | quote}} + sunbird_sso_realm: {{.Values.global.registry.sso.realm | quote}} + sunbird_sso_url: http://{{ .Release.Name }}-keycloak-service:8080/auth + sunbird_sso_admin_client_id: {{.Values.global.registry.sso.admin_client_id | quote}} + sunbird_sso_client_id: {{.Values.global.registry.sso.client_id | quote}} + idgen_health_check_url: http://{{ .Release.Name }}-id-gen-service:8088/health + idgen_generate_url: http://{{ .Release.Name }}-id-gen-service:8088/id/_generate + idgen_id_format_url: http://{{ .Release.Name }}-id-gen-service:8088/id/_format/add + encryption_health_check_url: http://{{ .Release.Name }}-encryption-service:8013/health + encryption_uri: http://{{ .Release.Name }}-encryption-service:8013/crypto/v1/_encrypt + encryption_batch_uri: http://{{ .Release.Name }}-encryption-service:8013/crypto/v1/_encrypt + claims_url: http://{{ .Release.Name }}-claim-ms:8082 + sign_url: http://{{ .Release.Name }}-certificate-signer:8079/sign + verify_url: http://{{ .Release.Name }}-certificate-signer:8079/verify + sign_health_check_url: http://{{ .Release.Name }}-certificate-signer:8079/health + signature_enabled: {{.Values.global.registry.signature_enabled | quote}} + pdf_url: http://{{ .Release.Name }}-certificate-api:8078/api/v1/certificatePDF + certificate_health_check_url: http://{{ .Release.Name }}-certificate-api:8078/health + template_base_url: http://{{ .Release.Name }}-registry:8081/api/v1/templates/ #Looks for certificate templates for pdf copy of the signed certificate + sunbird_keycloak_user_set_password: {{.Values.global.registry.keycloak_user_set_password | quote}} + filestorage_connection_url: {{.Values.global.minio.url | quote}} + filestorage_access_key: {{.Values.global.minio.access_key | quote}} + filestorage_bucket_key: {{.Values.global.minio.bucket_key | quote}} + registry_base_apis_enable: {{.Values.global.registry.base_apis_enabled | quote}} + logging.level.root: {{.Values.global.registry.log_level | quote}} + enable_external_templates: {{.Values.global.registry.enable_external_templates | quote}} + async_enabled: {{.Values.global.registry.enable_async | quote}} + authentication_enabled: {{.Values.global.registry.enable_authentication | quote}} + kafka_bootstrap_address: {{.Values.global.kafka.url | quote}} + webhook_enabled: {{.Values.global.registry.enable_webhook | quote}} + webhook_url: {{.Values.global.registry.webhook_url | quote}} + redis_host: {{.Values.global.redis.host | quote}} + redis_port: {{.Values.global.redis.port | quote}} + manager_type: {{.Values.global.registry.manager_type | quote}} + sunbirdrc_url: http://{{ .Release.Name }}-registry:8081 + opa_allow_key_name: {{.Values.global.registry.opa_allow_key_name | quote}} + opa_enabled: {{.Values.global.registry.opa_enabled | quote}} + swagger_enabled: {{.Values.global.registry.swagger_enabled| quote}} + swagger_title: {{.Values.global.registry.swagger_title| quote}} + claims_enabled: {{.Values.global.registry.claims_enabled | quote}} + certificate_enabled: {{.Values.global.registry.certificate_enabled | quote}} + encryption_enabled: {{.Values.global.registry.encryption_enabled | quote}} + idgen_enabled: {{.Values.global.registry.idgen_enabled | quote}} + spring.datasource.url: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + spring.flyway.url: jdbc:postgresql://{{.Values.global.database.host}}:{{.Values.global.database.port}}/{{.Values.global.registry.database}} + spring.flyway.baseline-on-migrate: {{.Values.global.registry.migrationEnabled | quote}} + autocreate.new.seq: {{.Values.global.registry.autoCreateNewSeq | quote}} + idformat.from.mdms: {{.Values.global.registry.idformatFromMdms | quote}} + #egov.mdms.provider: {{.Values.global.registry.mdmsProvider | quote}} + #encryption_port: {{.Values.global.registry.encryption_port }} + server.servlet.context-path: {{.Values.global.registry.context_path | quote}} + management.endpoints.web.base-path: {{.Values.global.registry.context_path | quote}} + spring.datasource.username: {{.Values.global.database.user | quote}} + IDENTITY_BASE_URL: http://{{ .Release.Name }}-identity-service:3332 + SCHEMA_BASE_URL: http://{{ .Release.Name }}-credential-schema-service:3333 + CREDENTIAL_SERVICE_BASE_URL: http://{{ .Release.Name }}-credentials-service:3000 + OAUTH2_RESOURCES_0_URI: http://{{ .Release.Name }}-keycloak-service:8080/auth/realms/sunbird-rc + JWKS_URI: {{.Values.global.sunbird.jwks_uri | quote}} + ENABLE_AUTH: {{.Values.global.sunbird.enable_auth | quote}} + VAULT_ADDR: {{.Values.global.vault.address | quote}} + VAULT_BASE_URL: {{.Values.global.vault.base_url | quote}} + VAULT_ROOT_PATH: {{.Values.global.vault.root_path | quote}} + VAULT_TIMEOUT: {{.Values.global.vault.vault_timeout | quote}} + VAULT_PROXY: {{.Values.global.vault.vault_proxy | quote}} + #VAULT_TOKEN: {{ .Values.global.vault.vault_token | quote}} + SIGNING_ALGORITHM: {{.Values.global.sunbird.signing_algo | quote}} + did_enabled: {{.Values.global.registry.did_enabled | quote}} + did_health_check_url: http://{{ .Release.Name }}-identity-service:3332/health + did_generate_url: http://{{ .Release.Name }}-identity-service:3332/did/generate + did_resolve_url: http://{{ .Release.Name }}-identity-service:3332/did/resolve/{id} + signature_provider: {{.Values.global.registry.signature_provider | quote}} + signature_v2_credential_did_method: {{.Values.global.registry.credential_did_method | quote}} + signature_v2_issuer_did_method: {{.Values.global.registry.issuer_did_method | quote}} + signature_v2_schema_author: {{.Values.global.registry.schema_author | quote}} + signature_v2_schema_author_did_method: {{.Values.global.registry.schema_author_did_method | quote}} + signature_v2_health_check_url: http://{{ .Release.Name }}-credentials-service:3000/health + signature_v2_issue_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/issue + signature_v2_get_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id} + signature_v2_delete_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id} + signature_v2_verify_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/{id}/verify + signature_v2_revocation_list_url: http://{{ .Release.Name }}-credentials-service:3000/credentials/revocation-list?issuerId={issuerDid}&page={page}&limit={limit} + signature_v2_schema_health_check_url: http://{{ .Release.Name }}-credential-schema-service:3333/health + signature_v2_schema_create_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema + signature_v2_schema_update_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema/{id}/{version} + signature_v2_schema_get_by_id_and_version_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema/{id}/{version} + signature_v2_schema_search_by_tags_url: http://{{ .Release.Name }}-credential-schema-service:3333/credential-schema?tags={tags} diff --git a/helm/sunbird-rc-charts/charts/config/values.yaml b/helm/sunbird-rc-charts/charts/config/values.yaml new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/config/values.yaml @@ -0,0 +1 @@ + diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/.helmignore b/helm/sunbird-rc-charts/charts/context-proxy-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/Chart.yaml b/helm/sunbird-rc-charts/charts/context-proxy-service/Chart.yaml new file mode 100644 index 0000000..9b6e1b5 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: context-proxy-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/NOTES.txt new file mode 100644 index 0000000..59747c2 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "context-proxy-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "context-proxy-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "context-proxy-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "context-proxy-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/_helpers.tpl new file mode 100644 index 0000000..6c04b1e --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "context-proxy-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "context-proxy-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "context-proxy-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "context-proxy-service.labels" -}} +helm.sh/chart: {{ include "context-proxy-service.chart" . }} +{{ include "context-proxy-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "context-proxy-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "context-proxy-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "context-proxy-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "context-proxy-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/deployment.yaml new file mode 100644 index 0000000..94ff721 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "context-proxy-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "context-proxy-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "context-proxy-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "context-proxy-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/hpa.yaml new file mode 100644 index 0000000..54f4196 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "context-proxy-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "context-proxy-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/ingress.yaml new file mode 100644 index 0000000..9929db0 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "context-proxy-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/templates/service.yaml b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/service.yaml new file mode 100644 index 0000000..7c81ae7 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "context-proxy-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "context-proxy-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..160bc26 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "context-proxy-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..713364d --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "context-proxy-service.fullname" . }}-test-connection" + labels: + {{- include "context-proxy-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "context-proxy-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/context-proxy-service/values.yaml b/helm/sunbird-rc-charts/charts/context-proxy-service/values.yaml new file mode 100644 index 0000000..8289a59 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/context-proxy-service/values.yaml @@ -0,0 +1,75 @@ +# Default values for notification-ms. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-context-proxy-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 4400 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /proxy(/|$)(.*) + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/.helmignore b/helm/sunbird-rc-charts/charts/credential-schema-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/Chart.yaml b/helm/sunbird-rc-charts/charts/credential-schema-service/Chart.yaml new file mode 100644 index 0000000..1f92f17 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: credential-schema-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/NOTES.txt new file mode 100644 index 0000000..710eade --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "credential-schema-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "credential-schema-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "credential-schema-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "credential-schema-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/_helpers.tpl new file mode 100644 index 0000000..520b299 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "credential-schema-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "credential-schema-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "credential-schema-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "credential-schema-service.labels" -}} +helm.sh/chart: {{ include "credential-schema-service.chart" . }} +{{ include "credential-schema-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "credential-schema-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "credential-schema-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "credential-schema-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "credential-schema-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/deployment.yaml new file mode 100644 index 0000000..927b4dd --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "credential-schema-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "credential-schema-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "credential-schema-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "credential-schema-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: rc-secret + key: DATABASE_URL + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/hpa.yaml new file mode 100644 index 0000000..f67a51b --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "credential-schema-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "credential-schema-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/ingress.yaml new file mode 100644 index 0000000..9c7033f --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "credential-schema-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/templates/service.yaml b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/service.yaml new file mode 100644 index 0000000..f5ac453 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "credential-schema-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "credential-schema-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..649a82f --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "credential-schema-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..a7f1cc1 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "credential-schema-service.fullname" . }}-test-connection" + labels: + {{- include "credential-schema-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "credential-schema-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/credential-schema-service/values.yaml b/helm/sunbird-rc-charts/charts/credential-schema-service/values.yaml new file mode 100644 index 0000000..ac2f21e --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credential-schema-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for credential-schema-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-credential-schema + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.0.0-beta1" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 3333 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /credential-schema-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/credentials-service/.helmignore b/helm/sunbird-rc-charts/charts/credentials-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/credentials-service/Chart.yaml b/helm/sunbird-rc-charts/charts/credentials-service/Chart.yaml new file mode 100644 index 0000000..5c2fec0 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: credentials-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/credentials-service/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/credentials-service/templates/NOTES.txt new file mode 100644 index 0000000..b125da6 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "credentials-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "credentials-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "credentials-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "credentials-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credentials-service/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/credentials-service/templates/_helpers.tpl new file mode 100644 index 0000000..00234e7 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "credentials-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "credentials-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "credentials-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "credentials-service.labels" -}} +helm.sh/chart: {{ include "credentials-service.chart" . }} +{{ include "credentials-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "credentials-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "credentials-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "credentials-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "credentials-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credentials-service/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/credentials-service/templates/deployment.yaml new file mode 100644 index 0000000..78d78bc --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "credentials-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "credentials-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "credentials-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "credentials-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: rc-secret + key: DATABASE_URL + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/credentials-service/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/credentials-service/templates/hpa.yaml new file mode 100644 index 0000000..242776e --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "credentials-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "credentials-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credentials-service/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/credentials-service/templates/ingress.yaml new file mode 100644 index 0000000..fcd7d49 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "credentials-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credentials-service/templates/service.yaml b/helm/sunbird-rc-charts/charts/credentials-service/templates/service.yaml new file mode 100644 index 0000000..dd7d619 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "credentials-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "credentials-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/credentials-service/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/credentials-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..e61c90a --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "credentials-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "credentials-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/credentials-service/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/credentials-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..5a8be20 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "credentials-service.fullname" . }}-test-connection" + labels: + {{- include "credentials-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "credentials-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/credentials-service/values.yaml b/helm/sunbird-rc-charts/charts/credentials-service/values.yaml new file mode 100644 index 0000000..c1aea48 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/credentials-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for credentials-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-credentials-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.0.0-beta2" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 3000 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /credentials-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/encryption-service/.helmignore b/helm/sunbird-rc-charts/charts/encryption-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/encryption-service/Chart.yaml b/helm/sunbird-rc-charts/charts/encryption-service/Chart.yaml new file mode 100644 index 0000000..b7377fc --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: encryption-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/encryption-service/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/encryption-service/templates/NOTES.txt new file mode 100644 index 0000000..347fbe1 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "encryption-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "encryption-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "encryption-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "encryption-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/encryption-service/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/encryption-service/templates/_helpers.tpl new file mode 100644 index 0000000..7c98ed2 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "encryption-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "encryption-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "encryption-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "encryption-service.labels" -}} +helm.sh/chart: {{ include "encryption-service.chart" . }} +{{ include "encryption-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "encryption-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "encryption-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "encryption-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "encryption-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/encryption-service/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/encryption-service/templates/deployment.yaml new file mode 100644 index 0000000..b74efb0 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/templates/deployment.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "encryption-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "encryption-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "encryption-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "encryption-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: spring.datasource.password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: spring.flyway.password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: egov.mdms.provider + value: {{ .Values.envVars.egov_mdms_provider }} + - name: server.port + value: "8013" + + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/encryption-service/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/encryption-service/templates/hpa.yaml new file mode 100644 index 0000000..763b190 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "encryption-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "encryption-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/encryption-service/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/encryption-service/templates/ingress.yaml new file mode 100644 index 0000000..8bbc1f2 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "encryption-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/encryption-service/templates/service.yaml b/helm/sunbird-rc-charts/charts/encryption-service/templates/service.yaml new file mode 100644 index 0000000..ea0a102 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "encryption-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "encryption-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/encryption-service/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/encryption-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..6c382d5 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "encryption-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "encryption-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/encryption-service/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/encryption-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..9bf23b2 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/templates/tests/test-connection.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "encryption-service.fullname" . }}-test-connection" + labels: + {{- include "encryption-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "encryption-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never + diff --git a/helm/sunbird-rc-charts/charts/encryption-service/values.yaml b/helm/sunbird-rc-charts/charts/encryption-service/values.yaml new file mode 100644 index 0000000..8f69883 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/encryption-service/values.yaml @@ -0,0 +1,79 @@ +# Default values for encryption-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/encryption-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8013 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /encryption-service(/|$)(.*) + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +envVars: + # egov_mdms_provider: 'org.egov.enc.masterdata.provider.DBMasterDataProvider' + egov_mdms_provider: '' diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/.helmignore b/helm/sunbird-rc-charts/charts/id-gen-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/Chart.yaml b/helm/sunbird-rc-charts/charts/id-gen-service/Chart.yaml new file mode 100644 index 0000000..200c6fb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: id-gen-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/id-gen-service/templates/NOTES.txt new file mode 100644 index 0000000..b1b848d --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "id-gen-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "id-gen-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "id-gen-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "id-gen-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/id-gen-service/templates/_helpers.tpl new file mode 100644 index 0000000..9f5e10c --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "id-gen-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "id-gen-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "id-gen-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "id-gen-service.labels" -}} +helm.sh/chart: {{ include "id-gen-service.chart" . }} +{{ include "id-gen-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "id-gen-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "id-gen-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "id-gen-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "id-gen-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/id-gen-service/templates/deployment.yaml new file mode 100644 index 0000000..0a15206 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/templates/deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "id-gen-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "id-gen-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "id-gen-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "id-gen-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: spring.datasource.password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: spring.flyway.password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: egov.mdms.provider + value: {{ .Values.envVars.egov_mdms_provider }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/id-gen-service/templates/hpa.yaml new file mode 100644 index 0000000..69e551a --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "id-gen-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "id-gen-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/id-gen-service/templates/ingress.yaml new file mode 100644 index 0000000..7d1a920 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "id-gen-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/templates/service.yaml b/helm/sunbird-rc-charts/charts/id-gen-service/templates/service.yaml new file mode 100644 index 0000000..f516b13 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "id-gen-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "id-gen-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/id-gen-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..381b859 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "id-gen-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/id-gen-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..b13f091 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/templates/tests/test-connection.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "id-gen-service.fullname" . }}-test-connection" + labels: + {{- include "id-gen-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "id-gen-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never + diff --git a/helm/sunbird-rc-charts/charts/id-gen-service/values.yaml b/helm/sunbird-rc-charts/charts/id-gen-service/values.yaml new file mode 100644 index 0000000..4686ada --- /dev/null +++ b/helm/sunbird-rc-charts/charts/id-gen-service/values.yaml @@ -0,0 +1,80 @@ +# Default values for id-gen-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/id-gen-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8088 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /id-gen-service(/|$)(.*) + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +envVars: + # egov_mdms_provider: 'org.egov.id.masterdata.provider.DBMasterDataProvider' + egov_mdms_provider: '' + diff --git a/helm/sunbird-rc-charts/charts/identity-service/.helmignore b/helm/sunbird-rc-charts/charts/identity-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/identity-service/Chart.yaml b/helm/sunbird-rc-charts/charts/identity-service/Chart.yaml new file mode 100644 index 0000000..6afee19 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: identity-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/identity-service/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/identity-service/templates/NOTES.txt new file mode 100644 index 0000000..e8db314 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "identity-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "identity-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "identity-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "identity-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/identity-service/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/identity-service/templates/_helpers.tpl new file mode 100644 index 0000000..dee9a4e --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "identity-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "identity-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "identity-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "identity-service.labels" -}} +helm.sh/chart: {{ include "identity-service.chart" . }} +{{ include "identity-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "identity-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "identity-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "identity-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "identity-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/identity-service/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/identity-service/templates/deployment.yaml new file mode 100644 index 0000000..ffefbd3 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/templates/deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "identity-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "identity-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "identity-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "identity-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: VAULT_TOKEN + valueFrom: + secretKeyRef: + name: vault-cluster-token + key: ROOT_TOKEN + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: rc-secret + key: DATABASE_URL + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/identity-service/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/identity-service/templates/hpa.yaml new file mode 100644 index 0000000..9811318 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "identity-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "identity-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/identity-service/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/identity-service/templates/ingress.yaml new file mode 100644 index 0000000..51c0736 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "identity-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/identity-service/templates/service.yaml b/helm/sunbird-rc-charts/charts/identity-service/templates/service.yaml new file mode 100644 index 0000000..3ea0fea --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "identity-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "identity-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/identity-service/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/identity-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..0c1dd81 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "identity-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "identity-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/identity-service/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/identity-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..c69c977 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "identity-service.fullname" . }}-test-connection" + labels: + {{- include "identity-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "identity-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/identity-service/values.yaml b/helm/sunbird-rc-charts/charts/identity-service/values.yaml new file mode 100644 index 0000000..daa48f1 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/identity-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for identity-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-identity-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.0.0-beta2" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 3332 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /identity-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/.helmignore b/helm/sunbird-rc-charts/charts/keycloak-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/Chart.yaml b/helm/sunbird-rc-charts/charts/keycloak-service/Chart.yaml new file mode 100644 index 0000000..65d6a3a --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: keycloak-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "latest" diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/keycloak-service/templates/NOTES.txt new file mode 100644 index 0000000..033284e --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "keycloak-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "keycloak-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "keycloak-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "keycloak-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/keycloak-service/templates/_helpers.tpl new file mode 100644 index 0000000..9fe2687 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "keycloak-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "keycloak-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "keycloak-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "keycloak-service.labels" -}} +helm.sh/chart: {{ include "keycloak-service.chart" . }} +{{ include "keycloak-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "keycloak-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "keycloak-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "keycloak-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "keycloak-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/keycloak-service/templates/deployment.yaml new file mode 100644 index 0000000..5d27ce6 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/templates/deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "keycloak-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "keycloak-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "keycloak-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "keycloak-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: + name: rc-secret + key: KEYCLOAK_ADMIN_PASSWORD + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /auth/ + port: {{ .Values.service.port }} + failureThreshold: 10 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 10 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/keycloak-service/templates/hpa.yaml new file mode 100644 index 0000000..2252b7c --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "keycloak-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "keycloak-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/keycloak-service/templates/ingress.yaml new file mode 100644 index 0000000..dcc1e22 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "keycloak-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/templates/service.yaml b/helm/sunbird-rc-charts/charts/keycloak-service/templates/service.yaml new file mode 100644 index 0000000..7f96752 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "keycloak-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "keycloak-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/keycloak-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..57bd52b --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "keycloak-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/keycloak-service/values.yaml b/helm/sunbird-rc-charts/charts/keycloak-service/values.yaml new file mode 100644 index 0000000..f288120 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/keycloak-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for keycloak-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-keycloak + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: true + className: "" + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /auth/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 2 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/notification-ms/.helmignore b/helm/sunbird-rc-charts/charts/notification-ms/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/notification-ms/Chart.yaml b/helm/sunbird-rc-charts/charts/notification-ms/Chart.yaml new file mode 100644 index 0000000..d208bb0 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: notification-ms +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/notification-ms/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/notification-ms/templates/NOTES.txt new file mode 100644 index 0000000..e98aef4 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "notification-ms.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "notification-ms.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "notification-ms.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "notification-ms.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/notification-ms/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/notification-ms/templates/_helpers.tpl new file mode 100644 index 0000000..60e809f --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "notification-ms.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "notification-ms.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "notification-ms.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "notification-ms.labels" -}} +helm.sh/chart: {{ include "notification-ms.chart" . }} +{{ include "notification-ms.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "notification-ms.selectorLabels" -}} +app.kubernetes.io/name: {{ include "notification-ms.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "notification-ms.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "notification-ms.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/notification-ms/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/notification-ms/templates/deployment.yaml new file mode 100644 index 0000000..add80dd --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/templates/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "notification-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "notification-ms.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "notification-ms.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "notification-ms.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /notification-service/v1/health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/sunbird-rc-charts/charts/notification-ms/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/notification-ms/templates/hpa.yaml new file mode 100644 index 0000000..74b34b4 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "notification-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "notification-ms.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/notification-ms/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/notification-ms/templates/ingress.yaml new file mode 100644 index 0000000..9eb02c8 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "notification-ms.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/notification-ms/templates/service.yaml b/helm/sunbird-rc-charts/charts/notification-ms/templates/service.yaml new file mode 100644 index 0000000..407aac0 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "notification-ms.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "notification-ms.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/notification-ms/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/notification-ms/templates/serviceaccount.yaml new file mode 100644 index 0000000..d683f10 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "notification-ms.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "notification-ms.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/notification-ms/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/notification-ms/templates/tests/test-connection.yaml new file mode 100644 index 0000000..b225638 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "notification-ms.fullname" . }}-test-connection" + labels: + {{- include "notification-ms.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "notification-ms.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/notification-ms/values.yaml b/helm/sunbird-rc-charts/charts/notification-ms/values.yaml new file mode 100644 index 0000000..9e4b500 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/notification-ms/values.yaml @@ -0,0 +1,74 @@ +# Default values for notification-ms. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-notification-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 8765 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /notification-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/.helmignore b/helm/sunbird-rc-charts/charts/public-key-service/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/public-key-service/Chart.yaml b/helm/sunbird-rc-charts/charts/public-key-service/Chart.yaml new file mode 100644 index 0000000..8768559 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: public-key-service +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/public-key-service/keys/config.json b/helm/sunbird-rc-charts/charts/public-key-service/keys/config.json new file mode 100644 index 0000000..23cc3e7 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/keys/config.json @@ -0,0 +1,10 @@ +{ + "issuers": { + "default": { + "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXQalrgztecTpc+INjRQ8s73FSE1kU5QSlwBdICCVJBUKiuQUt7s+Z5epgCvLVAOCbP1mm5lV7bfgV/iYWDio7lzX4MlJwDedWLiufr3Ajq+79CQiqPaIbZTo0i13zijKtX7wgxQ78wT/HkJRLkFpmGeK3za21tEfttytkhmJYlwaDTEc+Kx3RJqVhVh/dfwJGeuV4Xc/e2NH++ht0ENGuTk44KpQ+pwQVqtW7lmbDZQJoOJ7HYmmoKGJ0qt2hrj15uwcD1WEYfY5N7N0ArTzPgctExtZFDmituLGzuAZfv2AZZ9/7Y+igshzfB0reIFdUKw3cdVTzfv5FNrIqN5pwIDAQAB\n-----END PUBLIC KEY-----\n", + "signatureType": "RSA", + "verificationMethod": "did:india", + "$comment": "The above are test keys and it needs to be replaced before going to production" + } + } +} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/public-key-service/templates/NOTES.txt new file mode 100644 index 0000000..f0fc565 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "public-key-service.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "public-key-service.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "public-key-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "public-key-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/public-key-service/templates/_helpers.tpl new file mode 100644 index 0000000..67a7dc3 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "public-key-service.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "public-key-service.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "public-key-service.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "public-key-service.labels" -}} +helm.sh/chart: {{ include "public-key-service.chart" . }} +{{ include "public-key-service.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "public-key-service.selectorLabels" -}} +app.kubernetes.io/name: {{ include "public-key-service.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "public-key-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "public-key-service.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/configmap.yaml b/helm/sunbird-rc-charts/charts/public-key-service/templates/configmap.yaml new file mode 100644 index 0000000..14f772b --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- $keys := .Files.Glob "keys/*" }} +{{ if $keys }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-keys + namespace: {{ .Values.namespace }} +data: +{{ (.Files.Glob "keys/*").AsConfig | indent 2 }} +{{ end }} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/public-key-service/templates/deployment.yaml new file mode 100644 index 0000000..859b9c3 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "public-key-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "public-key-service.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "public-key-service.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "public-key-service.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: CONFIG_BASE_PATH + value: "/etc/keys" + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /public-key-service/api/v1/health + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: {{ .Chart.Name }}-keys + mountPath: /etc/keys + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ .Chart.Name }}-keys + configMap: + name: {{ .Chart.Name }}-keys diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/public-key-service/templates/hpa.yaml new file mode 100644 index 0000000..52b10ad --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "public-key-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "public-key-service.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/public-key-service/templates/ingress.yaml new file mode 100644 index 0000000..03c5321 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "public-key-service.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/service.yaml b/helm/sunbird-rc-charts/charts/public-key-service/templates/service.yaml new file mode 100644 index 0000000..90ac319 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "public-key-service.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "public-key-service.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/public-key-service/templates/serviceaccount.yaml new file mode 100644 index 0000000..6f5e37c --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "public-key-service.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "public-key-service.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/public-key-service/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/public-key-service/templates/tests/test-connection.yaml new file mode 100644 index 0000000..e62921a --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "public-key-service.fullname" . }}-test-connection" + labels: + {{- include "public-key-service.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "public-key-service.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/public-key-service/values.yaml b/helm/sunbird-rc-charts/charts/public-key-service/values.yaml new file mode 100644 index 0000000..c2848fb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/public-key-service/values.yaml @@ -0,0 +1,74 @@ +# Default values for public-key-service. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-public-key-service + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v1.0.0" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true +# runAsUser: 1000 + +service: + type: ClusterIP + port: 3300 + +ingress: + enabled: true + className: "" + annotations: + kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - paths: + - path: /public-key-service/ + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/registry/.helmignore b/helm/sunbird-rc-charts/charts/registry/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/registry/Chart.yaml b/helm/sunbird-rc-charts/charts/registry/Chart.yaml new file mode 100644 index 0000000..dcdbf9c --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: registry +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.0.14" diff --git a/helm/sunbird-rc-charts/charts/registry/schemas/Insurance.json b/helm/sunbird-rc-charts/charts/registry/schemas/Insurance.json new file mode 100644 index 0000000..49b9719 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/schemas/Insurance.json @@ -0,0 +1,208 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "Insurance": { + "$ref": "#/definitions/Insurance" + } + }, + "required": [ + "Insurance" + ], + "title":"Insurance", + "definitions": { + "Insurance": { + "$id": "#/properties/Insurance", + "type": "object", + "title": "Insurance", + "required": [ + "policyNumber", + "policyName", + "policyExpiresOn", + "policyIssuedOn", + "fullName", + "dob" + ], + "properties": { + "policyNumber": { + "type": "string" + }, + "policyName": { + "type": "string" + }, + "policyExpiresOn": { + "type": "string", + "format": "date-time" + }, + "policyIssuedOn": { + "type": "string", + "format": "date-time" + }, + "benefits": { + "type": "array", + "items": { + "type": "string" + } + }, + "fullName": { + "type": "string", + "title": "Full Name" + }, + "dob": { + "type": "string", + "format": "date" + }, + "gender": { + "type": "string", + "enum": [ + "Male", + "Female", + "Other" + ] + }, + "mobile": { + "type": "string", + "title": "Mobile number" + }, + "email": { + "type": "string", + "title": "Email ID" + } + } + } + }, + "_osConfig": { + "credentialTemplate": { + "@context": [ + "https://www.w3.org/2018/credentials/v1", + { + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "schema": "https://schema.org/", + "InsuranceCredential": { + "@id": "did:InsuranceCredential", + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "dob": "schema:birthDate", + "email": "schema:email", + "gender": "schema:gender", + "mobile": "schema:telephone", + "benefits": "schema:benefits", + "fullName": "schema:name", + "policyName": "schema:Text", + "policyNumber": "schema:Text" + } + } + } + }, + { + "HealthInsuranceCredential": { + "@id": "InsuranceCredential" + }, + "LifeInsuranceCredential": { + "@id": "HealthInsuranceCredential" + } + } + ], + "type": [ + "VerifiableCredential", + "LifeInsuranceCredential" + ], + "issuer": "Registry", + "issuanceDate": "{{policyIssuedOn}}", + "expirationDate": "{{policyExpiresOn}}", + "credentialSubject": { + "id": "did:{{osid}}", + "dob": "{{dob}}", + "type": "InsuranceCredential", + "email": "{{email}}", + "gender": "{{gender}}", + "mobile": "{{mobile}}", + "benefits": "{{benefits}}", + "fullName": "{{fullName}}", + "policyName": "{{policyName}}", + "policyNumber": "{{policyNumber}}" + } + }, + "certificateTemplates": { + "first": "minio://Insurance/1-68619c95-3f40-45b8-b6ba-56eba055dc11/email/documents/3165a481-8078-447c-8cc0-f310869cb40d-Insurancetemplate.html" + }, + "osComment": [], + "privateFields": [], + "systemFields": [ + "_osSignedData", + "_osCredentialId", + "_osAttestedData" + ], + "indexFields": [], + "uniqueIndexFields": [], + "roles": ["Official"], + "inviteRoles": ["Official"], + "attestationPolicies": [ + { + "name": "insuranceApprovalPolicy", + "attestationProperties": { + "policyExpiresOn": "$.policyExpiresOn", + "policyNumber": "$.policyNumber", + "policyName": "$.policyName" + }, + "type": "MANUAL", + "attestorPlugin": "did:internal:ClaimPluginActor?entity=Official", + "conditions": "(ATTESTOR#$.Gender#.equalsIgnoreCase('male'))", + "credentialTemplate": { + "@context": [ + "https://www.w3.org/2018/credentials/v1", + { + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "schema": "https://schema.org/", + "InsuranceCredential": { + "@id": "did:InsuranceCredential", + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "policyExpiresOn": "schema:expires", + "policyName": "schema:Text", + "policyNumber": "schema:Text" + } + } + } + } + ], + "type": [ + "VerifiableCredential", + "InsuranceCredential" + ], + "issuer": "Registry", + "expirationDate": "{{policyExpiresOn}}", + "credentialSubject": { + "id": "did:{{policyName}}:{{policyNumber}}", + "type": "InsuranceCredential", + "policyName": "{{policyName}}", + "policyNumber": "{{policyNumber}}", + "policyExpiresOn": "{{policyExpiresOn}}" + } + } + } + ], + "ownershipAttributes": [ + { + "userId": "$.email", + "email": "$.email", + "mobile": "$.mobile" + } + ] + } +} + diff --git a/helm/sunbird-rc-charts/charts/registry/schemas/Official.json b/helm/sunbird-rc-charts/charts/registry/schemas/Official.json new file mode 100644 index 0000000..f47198e --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/schemas/Official.json @@ -0,0 +1,71 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "Official": { + "$ref": "#/definitions/Official" + } + }, + "required": [ + "Official" + ], + "title": "Official", + "definitions": { + "Official": { + "$id": "#/properties/Official", + "type": "object", + "title": "The Official Schema", + "required": [ + "Name", + "Phone", + "email", + "State", + "Category" + ], + "properties": { + "Name": { + "type": "string" + }, + "Gender": { + "type": "string" + }, + "Phone": { + "type": "string" + }, + "email": { + "type": "string" + }, + "State": { + "type": "string" + }, + "Category": { + "type": "string" + }, + "Designation": { + "type": "string" + }, + "Department": { + "type": "string" + } + } + } + }, + "_osConfig": { + "systemFields": [ + "osCreatedAt", + "osUpdatedAt", + "osCreatedBy", + "osUpdatedBy" + ], + "roles": ["admin"], + "inviteRoles": ["admin"], + "ownershipAttributes": [ + { + "email": "/email", + "mobile": "/Phone", + "userId": "/Phone" + } + ] + } +} + diff --git a/helm/sunbird-rc-charts/charts/registry/schemas/Student.json b/helm/sunbird-rc-charts/charts/registry/schemas/Student.json new file mode 100644 index 0000000..47d20d6 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/schemas/Student.json @@ -0,0 +1,79 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "Student": { + "$ref": "#/definitions/Student" + } + }, + "required": [ + "Student" + ], + "title":"Student", + "definitions": { + "Student": { + "$id": "#/properties/Student", + "type": "object", + "title": "The Student Schema", + "required": [ + + ], + "properties": { + "name": { + "type": "string" + } + } + } + }, + "_osConfig": { + "osComment": ["This section contains the OpenSABER specific configuration information", + "privateFields: Optional; list of field names to be encrypted and stored in database", + "signedFields: Optional; list of field names that must be pre-signed", + "indexFields: Optional; list of field names used for creating index. Enclose within braces to indicate it is a composite index. In this definition, (serialNum, studentCode) is a composite index and studentName is a single column index.", + "uniqueIndexFields: Optional; list of field names used for creating unique index. Field names must be different from index field name", + "systemFields: Optional; list of fields names used for system standard information like created, updated timestamps and userid"], + + "privateFields": [ + "$.identityDetails.dob", + "$.identityDetails.identityType", + "$.identityDetails.identityValue", + "$.contactDetails.email", + "$.contactDetails.mobile", + "$.contactDetails.address.plot", + "$.contactDetails.address.street", + "$.contactDetails.address.landmark", + "$.contactDetails.address.locality" + ], + "indexFields": ["studentName"], + "uniqueIndexFields": ["identityValue"], + "systemFields": [ + "osCreatedAt", + "osUpdatedAt", + "osCreatedBy", + "osUpdatedBy" + ], + "attestationPolicies": [ + { + "name": "studentInstituteAttest", + "additionalInput": { + "enrollmentNumber": {"type": "string"} + }, + "attestationProperties": { + "name": "$.identityDetails.fullName", + "educationDetails": "$.educationDetails" + }, + "type": "MANUAL", + "conditions": "(ATTESTOR#$.experience.[*].instituteOSID#.contains(REQUESTER#$.educationDetails.*.instituteOSID#))", + "attestorPlugin": "did:internal:ClaimPluginActor?entity=Teacher" + } + ], + "inviteRoles":["Teacher"], + "ownershipAttributes": [ + { + "email": "/contactDetails/email", + "mobile": "/contactDetails/mobile", + "userId": "/contactDetails/mobile" + } + ] + } +} diff --git a/helm/sunbird-rc-charts/charts/registry/templates/NOTES.txt b/helm/sunbird-rc-charts/charts/registry/templates/NOTES.txt new file mode 100644 index 0000000..0cbca65 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "registry.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "registry.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "registry.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "registry.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/registry/templates/_helpers.tpl b/helm/sunbird-rc-charts/charts/registry/templates/_helpers.tpl new file mode 100644 index 0000000..0ed5df4 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "registry.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "registry.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "registry.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "registry.labels" -}} +helm.sh/chart: {{ include "registry.chart" . }} +{{ include "registry.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "registry.selectorLabels" -}} +app.kubernetes.io/name: {{ include "registry.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "registry.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "registry.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/registry/templates/configmap.yaml b/helm/sunbird-rc-charts/charts/registry/templates/configmap.yaml new file mode 100644 index 0000000..8d2ae78 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/configmap.yaml @@ -0,0 +1,10 @@ +{{- $schemas := .Files.Glob "schemas/*" }} +{{ if $schemas }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-schemas + namespace: {{ .Values.namespace }} +data: +{{ (.Files.Glob "schemas/*").AsConfig | indent 2 }} +{{ end }} diff --git a/helm/sunbird-rc-charts/charts/registry/templates/deployment.yaml b/helm/sunbird-rc-charts/charts/registry/templates/deployment.yaml new file mode 100644 index 0000000..78fbaf3 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/deployment.yaml @@ -0,0 +1,104 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "registry.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "registry.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "registry.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "registry.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: "{{ .Release.Name }}-config" + env: + - name: connectionInfo_password + valueFrom: + secretKeyRef: + name: rc-secret + key: DB_PASSWORD + - name: sunbird_keycloak_user_password + valueFrom: + secretKeyRef: + name: rc-secret + key: KEYCLOAK_DEFAULT_USER_PASSWORD + - name: filestorage_secret_key + valueFrom: + secretKeyRef: + name: rc-secret + key: MINIO_SECRET_KEY + - name: elastic_search_password + valueFrom: + secretKeyRef: + name: rc-secret + key: ELASTIC_SEARCH_PASSWORD + - name: sunbird_sso_admin_client_secret + valueFrom: + secretKeyRef: + name: rc-secret + key: KEYCLOAK_ADMIN_CLIENT_SECRET + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + readinessProbe: + httpGet: + path: /api/docs/swagger.json + port: {{ .Values.service.port }} + failureThreshold: 20 + periodSeconds: 30 + timeoutSeconds: 10 + initialDelaySeconds: 30 + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 30 + failureThreshold: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: {{ .Chart.Name }}-schemas + mountPath: /home/sunbirdrc/config/public/_schemas + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ .Chart.Name }}-schemas + configMap: + name: {{ .Chart.Name }}-schemas diff --git a/helm/sunbird-rc-charts/charts/registry/templates/hpa.yaml b/helm/sunbird-rc-charts/charts/registry/templates/hpa.yaml new file mode 100644 index 0000000..98d0adc --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/hpa.yaml @@ -0,0 +1,33 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "registry.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "registry.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/registry/templates/ingress.yaml b/helm/sunbird-rc-charts/charts/registry/templates/ingress.yaml new file mode 100644 index 0000000..daa59f2 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/ingress.yaml @@ -0,0 +1,62 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "registry.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.global.host | quote }} + {{- range .Values.ingress.hosts }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/registry/templates/service.yaml b/helm/sunbird-rc-charts/charts/registry/templates/service.yaml new file mode 100644 index 0000000..31a1170 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "registry.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "registry.selectorLabels" . | nindent 4 }} diff --git a/helm/sunbird-rc-charts/charts/registry/templates/serviceaccount.yaml b/helm/sunbird-rc-charts/charts/registry/templates/serviceaccount.yaml new file mode 100644 index 0000000..17b75ff --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "registry.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "registry.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/sunbird-rc-charts/charts/registry/templates/tests/test-connection.yaml b/helm/sunbird-rc-charts/charts/registry/templates/tests/test-connection.yaml new file mode 100644 index 0000000..96c7430 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "registry.fullname" . }}-test-connection" + labels: + {{- include "registry.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "registry.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/sunbird-rc-charts/charts/registry/values.yaml b/helm/sunbird-rc-charts/charts/registry/values.yaml new file mode 100644 index 0000000..0c23241 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/registry/values.yaml @@ -0,0 +1,75 @@ +# Default values for registry. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/sunbird-rc/sunbird-rc-core + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v2.0.0-rc3" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8081 + +ingress: + enabled: true + className: "" + #annotations: + #kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/rewrite-target: /$2 + # kubernetes.io/tls-acme: "true" + #hosts: + #- paths: + # - path: /registry(/|$)(.*) + # pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + requests: + cpu: 500m + memory: 2G + +autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/charts/secrets/.helmignore b/helm/sunbird-rc-charts/charts/secrets/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/sunbird-rc-charts/charts/secrets/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/sunbird-rc-charts/charts/secrets/Chart.yaml b/helm/sunbird-rc-charts/charts/secrets/Chart.yaml new file mode 100644 index 0000000..28bc2fc --- /dev/null +++ b/helm/sunbird-rc-charts/charts/secrets/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: secrets +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/sunbird-rc-charts/charts/secrets/templates/secrets.yaml b/helm/sunbird-rc-charts/charts/secrets/templates/secrets.yaml new file mode 100644 index 0000000..1b17168 --- /dev/null +++ b/helm/sunbird-rc-charts/charts/secrets/templates/secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + DB_PASSWORD: {{.Values.global.secrets.DB_PASSWORD | quote}} + ELASTIC_SEARCH_PASSWORD: {{.Values.global.secrets.ELASTIC_SEARCH_PASSWORD | quote}} + KEYCLOAK_ADMIN_CLIENT_SECRET: {{.Values.global.secrets.KEYCLOAK_ADMIN_CLIENT_SECRET | quote}} + KEYCLOAK_ADMIN_PASSWORD: {{.Values.global.secrets.KEYCLOAK_ADMIN_PASSWORD | quote}} + KEYCLOAK_DEFAULT_USER_PASSWORD: {{.Values.global.secrets.KEYCLOAK_DEFAULT_USER_PASSWORD | quote}} + MINIO_SECRET_KEY: {{.Values.global.secrets.MINIO_SECRET_KEY | quote}} + VAULT_SECRET_TOKEN: {{.Values.global.secrets.VAULT_SECRET_TOKEN | quote}} + DATABASE_URL: {{.Values.global.secrets.DB_URL | quote}} +kind: Secret +metadata: + name: rc-secret + namespace: {{ .Release.Namespace }} +type: Opaque diff --git a/helm/sunbird-rc-charts/charts/secrets/values.yaml b/helm/sunbird-rc-charts/charts/secrets/values.yaml new file mode 100644 index 0000000..877c0af --- /dev/null +++ b/helm/sunbird-rc-charts/charts/secrets/values.yaml @@ -0,0 +1,82 @@ +# Default values for secrets. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/sunbird-rc-charts/values.yaml b/helm/sunbird-rc-charts/values.yaml new file mode 100644 index 0000000..92bfe5b --- /dev/null +++ b/helm/sunbird-rc-charts/values.yaml @@ -0,0 +1,123 @@ +global: + host: "registry.demodpgs.net" + database: + host: "" + user: "postgres" + port: "5432" + vendor: "postgres" + keycloak: + database: "registry" + admin: + username: "admin" + proxy_forwarding: true + registry: + database: "registry" + search_provider: "dev.sunbirdrc.registry.service.NativeSearchService" + signature_provider: "dev.sunbirdrc.registry.service.impl.SignatureV2ServiceImpl" + sso: + realm: "sunbird-rc" + admin_client_id: "admin-api" + client_id: "registry-frontend" + signature_enabled: true + keycloak_user_set_password: false + base_apis_enabled: false + log_level: DEBUG + enable_external_templates: true + enable_async: false + enable_authentication: true + enable_webhook: false + webhook_url: http://localhost:5001/api/v1/callback + manager_type: DefinitionsManager + swagger_enabled: true + swagger_title: SUNBIRD-RC + authentication_enabled: true + claims_enabled: true + certificate_enabled: true + encryption_enabled: false + idgen_enabled: false + opa_enabled: false + opa_allow_key_name: authorized + encryption_port : 8013 + context_path : / + idformatFromMdms: false + mdmsProvider: org.egov.id.masterdata.provider.DBMasterDataProvider + autoCreateNewSeq: true + migrationEnabled: true + did_enabled: true + credential_did_method: rcw + issuer_did_method : issuer + schema_author: Registry + schema_author_did_method: author + envVars: + egov_mdms_provider: org.egov.id.masterdata.provider.DBMasterDataProvider + minio: + url: + access_key: admin + bucket_key: sunbird-rc + elastic_search: + url: + auth_enabled: false + username: "" + kafka: + url: + redis: + host: + port: 6379 + vault: + address: http://vaultkv:8200 + base_url: http://vaultkv:8200/v1 + root_path: http://vaultkv:8200/v1/kv + vault_timeout: 5000 + vault_proxy: false + vault_token: + sunbird: + enable_auth: false + signing_algo: Ed25519 + jwks_uri: "" + secrets: + DB_PASSWORD: "" + ELASTIC_SEARCH_PASSWORD: "" + KEYCLOAK_ADMIN_CLIENT_SECRET: YjJiMGNhYjEtMjQzZC00ZTZlLTkzZTctOTAxNWZmNjZkZjJi + KEYCLOAK_ADMIN_PASSWORD: YWRtaW4xMjM= + KEYCLOAK_DEFAULT_USER_PASSWORD: YWRtaW5AMTIz + MINIO_SECRET_KEY: Kgo= + VAULT_SECRET_TOKEN: "" + DB_URL: "" +encryption-service: + envVars: + egov_mdms_provider: org.egov.enc.masterdata.provider.DBMasterDataProvider +id-gen-service: + envVars: + egov_mdms_provider: org.egov.id.masterdata.provider.DBMasterDataProvider +registry: + ingress: + enabled: true + className: "alb" + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]' + alb.ingress.kubernetes.io/group.name: sbrc-lb + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600 + ingress.kubernetes.io/rewrite-target: / # Added rewrite annotation here for / to /selfservice + #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:370803901956:certificate/59fa4298-f8da-4d53-9314-8b7266416460 + hosts: + - paths: + - path: / + pathType: Prefix +keycloak-service: + ingress: + enabled: true + className: "alb" + annotations: + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS":443}]' + alb.ingress.kubernetes.io/group.name: sbrc-lb + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=3600 + ingress.kubernetes.io/rewrite-target: / # Added rewrite annotation here for / to /selfservice + #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:370803901956:certificate/59fa4298-f8da-4d53-9314-8b7266416460 + hosts: + - paths: + - path: /auth + pathType: Prefix diff --git a/helm/vault-init/.helmignore b/helm/vault-init/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/vault-init/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/vault-init/Chart.yaml b/helm/vault-init/Chart.yaml new file mode 100644 index 0000000..e282596 --- /dev/null +++ b/helm/vault-init/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: vault-init +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/vault-init/templates/NOTES.txt b/helm/vault-init/templates/NOTES.txt new file mode 100644 index 0000000..dd9741d --- /dev/null +++ b/helm/vault-init/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "vault-init.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "vault-init.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "vault-init.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "vault-init.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/vault-init/templates/_helpers.tpl b/helm/vault-init/templates/_helpers.tpl new file mode 100644 index 0000000..ad9595e --- /dev/null +++ b/helm/vault-init/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "vault-init.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "vault-init.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "vault-init.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "vault-init.labels" -}} +helm.sh/chart: {{ include "vault-init.chart" . }} +{{ include "vault-init.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "vault-init.selectorLabels" -}} +app.kubernetes.io/name: {{ include "vault-init.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "vault-init.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "vault-init.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/vault-init/templates/init-sa-role-binding.yaml b/helm/vault-init/templates/init-sa-role-binding.yaml new file mode 100644 index 0000000..b7ba662 --- /dev/null +++ b/helm/vault-init/templates/init-sa-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "vault-init.fullname" . }}-sa-rolebinding + labels: + app.kubernetes.io/name: {{ include "vault-init.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "vault-init.fullname" . }}-sa-role +subjects: +- kind: ServiceAccount + name: {{ include "vault-init.serviceAccountName" . }} diff --git a/helm/vault-init/templates/init-sa-role.yaml b/helm/vault-init/templates/init-sa-role.yaml new file mode 100644 index 0000000..cfb4831 --- /dev/null +++ b/helm/vault-init/templates/init-sa-role.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "vault-init.fullname" . }}-sa-role + labels: + app.kubernetes.io/name: {{ include "vault-init.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - secrets + verbs: + - create + - get + - list diff --git a/helm/vault-init/templates/service.yaml b/helm/vault-init/templates/service.yaml new file mode 100644 index 0000000..84d4549 --- /dev/null +++ b/helm/vault-init/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "vault-init.fullname" . }} + labels: + {{- include "vault-init.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "vault-init.selectorLabels" . | nindent 4 }} diff --git a/helm/vault-init/templates/serviceaccount.yaml b/helm/vault-init/templates/serviceaccount.yaml new file mode 100644 index 0000000..63e19ff --- /dev/null +++ b/helm/vault-init/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "vault-init.serviceAccountName" . }} + labels: + {{- include "vault-init.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/vault-init/templates/vault-init-job.yaml b/helm/vault-init/templates/vault-init-job.yaml new file mode 100644 index 0000000..f43e9f1 --- /dev/null +++ b/helm/vault-init/templates/vault-init-job.yaml @@ -0,0 +1,36 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: vault-init-job + labels: + {{- include "vault-init.labels" . | nindent 4 }} +spec: + backoffLimit: {{ .Values.backoffLimit }} + template: + metadata: + labels: + {{- include "vault-init.selectorLabels" . | nindent 8 }} + app.kubernetes.io/name: vault-init-job + sidecar.istio.io/inject: "false" + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "vault-init.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.jobSecurityContext | nindent 8 }} + restartPolicy: Never # This is one time job + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: NAMESPACE + value: {{ .Values.envVars.NAMESPACE }} + - name: VAULT_NAME + value: {{ .Values.envVars.VAULT_NAME }} diff --git a/helm/vault-init/values.yaml b/helm/vault-init/values.yaml new file mode 100644 index 0000000..d43b82b --- /dev/null +++ b/helm/vault-init/values.yaml @@ -0,0 +1,110 @@ +# Default values for vault-init. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: dpgonaws/vault-init + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "0.0.2" + envVars: + NAMESPACE: "" + VAULT_NAME: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: / + port: http +readinessProbe: + httpGet: + path: / + port: http + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/lib/config.ts b/lib/config.ts index 244f856..306dc87 100644 --- a/lib/config.ts +++ b/lib/config.ts @@ -32,7 +32,7 @@ export const getConfig = (): ConfigProps => ({ CIDR: process.env.CIDR || "", MAX_AZS: Number(process.env.MAZ_AZs) || 2, CHART: "sunbird_rc_charts", - REPOSITORY: "https://dpgonaws.github.io/dpg-helm", + REPOSITORY: "https://github.com/Sunbird-RC/aws-cdk/packages", NAMESPACE: "sbrc2", VAULT_RELEASE_NAME: "sbrc2", C_RELEASE_NAME: "sbrc2-c", @@ -45,4 +45,4 @@ export const getConfig = (): ConfigProps => ({ ROLE_ARN: process.env.ROLE_ARN || "", EKS_CLUSTER_NAME: process.env.EKS_CLUSTER_NAME || "ekscluster-sbrc2", SUNBIRD_RC_MODULES_CHOICE: process.env.SUNBIRD_RC_MODULES_CHOICE || "RC", -}); \ No newline at end of file +}); diff --git a/packages/index.yaml b/packages/index.yaml new file mode 100644 index 0000000..52aeec2 --- /dev/null +++ b/packages/index.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +entries: + sunbird-c-charts: + - apiVersion: v2 + appVersion: 0.0.13 + created: "2024-07-08T13:09:38.797079587Z" + description: A Helm chart for Sunbird RC + digest: 2cc3ee5409bdb8460c81fec0d45c1e4edd1d856e1845801a4d96cd043759c48d + name: sunbird-c-charts + type: application + urls: + - https://github.com/Sunbird-RC/aws-cdk/packages/sunbird-c-charts-0.0.1.tgz + version: 0.0.1 + sunbird-r-charts: + - apiVersion: v2 + appVersion: 0.0.13 + created: "2024-07-08T13:09:38.802018286Z" + description: A Helm chart for Sunbird RC + digest: 82b6308f64742685f05eeae16b4e2b9f2658119ae0139e1615d7f4f44f2234d0 + name: sunbird-r-charts + type: application + urls: + - https://github.com/Sunbird-RC/aws-cdk/packages/sunbird-r-charts-0.0.1.tgz + version: 0.0.1 + sunbird_rc_charts: + - apiVersion: v2 + appVersion: 0.0.13 + created: "2024-07-08T13:09:38.810262298Z" + description: A Helm chart for Sunbird RC + digest: 1084368a22ffecc8247ce26578ec77829c1e64c4bcd8654e82767edb1b491550 + name: sunbird_rc_charts + type: application + urls: + - https://github.com/Sunbird-RC/aws-cdk/packages/sunbird_rc_charts-0.0.1.tgz + version: 0.0.1 + vault-init: + - apiVersion: v2 + appVersion: 1.16.0 + created: "2024-07-08T13:09:38.810862019Z" + description: A Helm chart for Kubernetes + digest: cb5c5369546300413df0199a50cfdd11f2ece940c91ea4a599e88b8fab9c3d9d + name: vault-init + type: application + urls: + - https://github.com/Sunbird-RC/aws-cdk/packages/vault-init-0.1.0.tgz + version: 0.1.0 +generated: "2024-07-08T13:09:38.794582075Z" diff --git a/packages/sunbird-c-charts-0.0.1.tgz b/packages/sunbird-c-charts-0.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4838b35354109505c4da0522af250cdc6484a221 GIT binary patch literal 8484 zcmV+Dc zVQyr3R8em|NM&qo0PKDHciOo2@BGYPp-X$tJnmo&1d_5=?^!fqI-DjX7f5?Mvu1e- zTYws4c`QN7WOD!Z?~>&A0~?akWa|Ax0=BfZ_1Ig|*478QvZmNEYI;pyK!?%#DgUQz z;L`l=u}D=_wR3bN{;R4Q|F1UH)_0Ag&QbHY(`+^x->HqG)=}d-pgx)eTWCcYbiPv` zTvoht&xD|j-y?@&Vs*i~S%J3ge^nJ#X|yT^qPl}^CZ6@cugF{iF;>8gIAAQt4;Y~I#NRAYd66+O$q&9Lvw}bqZ)u5{Xgy;H{<%>X{x3E zAA;s4nL@K$0boHW>w>C-=9n^PqZnvO40}!$3$bbi00S~Og%t6$e(I|DvZBc8f~rj@ zn>&cghcSLg_;_8Q^D}KXJ3=gZo)a;N7~9UyI{eX-L2P6qC-;*@3yKo>d?mZb)&9B)0{&6Mr2z;3(k?F z$*JuO&9H@ene;-wkga$N=R8re4ZSxEGZS^e_p5iU&c=@N3|aykbCmjm*f8rcG);1=-Jp#owUJ9s9Q+qD;stVB0J`8rZM3AM ze7Jq)V}~t37t~!5X2e-S_KQQ77sir?i(48?dgUtCSo z&4qY+1{w5nd2LHh9RwK~qT4b0Gt@jwJa7}qYE7U zR@R2n6>>taK-YaH$AG>-OQ^{v>w=N1iOF{n=JJu-y6gAQp`K0P&7tvD3fY`Jn`wzH z?AjWx7qa1W9Z|~rx+{&0RP&X7gP4387^4aR$b^((U6VF7&TGXMX+tVx*2T;KXE!jC z)jakaEki6Ard)+$WfY= zs(!PUlN*1mF}y@%#k!!ax~0hHVr~l8)lE)rkkthh;I&>iZqLGbxLL;5T!ZGEbV1)} zw%d(Y;?1Yq8>+1w?6w?5x`UY8QfF_ptKNA0;c|55&)5C)-gq)N)yDna==9g*`*;11 zr{|ZwcUtf4VldQB&ju={NBv0`eEjrZeDQX;`1q;ME~hlkJpAz6a`@@Do8LbD7pJidiv0Lt#Ndac&ljIAUPn`&^?&JIpHH;waetJ^ z(C%GK27ieR7lYy8(v?no*ZUX$8T56lTbpihaZ)q3m%PzEQl&sjI*66m5 z)f2V#N^QJqcet=g+r z++wx>|LaEuTw3M^5KH9bA^{sYz{D0(D$3bd8#Cgd$_sExmP=xR_oriEV24(eIc9b7 zSBhUzrhhqg@z;B>nAiCq?<-wf^?(uI)~{?Z!zQAYpA>p)SAJ5a@TT&U!j}9qaqztI z)Bmr$0PmrL$%=x(S)W$;0_+pgSw+DHf_0hPA)hMBn(D+r_2=N(PUye)k61H2f1J~x zJpFGZ{J+QQ@o}mDhoCLzKWlM3bCh!c^v<72-2)&wa>`?$=RrC8|0t(HdHS!ajkx}| znn$JnAA(9X{I)4a|NUba_rVg{yBmY;`rkNicVh7$&8FIDmHK}Oip>9w$_=)RE;to^ zeF5#t5;15%Cj9VndcV5^$_SYVQlt#w5`p{snmgsoB-Dm_N;>fv+}~F`c4u$2-r3oR zr&Qj{X+|DKE8Y>U!gtHyZ}8`eFm!(}^PKf2y*IsaKP8{%3Gx}l^Ilz!Cfmvr$5gRA z*W>Rs;)|4*}9uW#?c`}^+pCcnQ=atOi@ z+?1)}_$Nj?^iT9`N()%Z!=MDGXnJMknA_Mz54ZA|g;Q_ix}~CV@zRDxEVN;m&M6d= z5J?_oCFcu`QlhzW2wNCYqKHJ9EW+n+X_h77+&xiGRL?mUW|WA0*e+Epd8T}Y8K$$6 zr|Js?O}5bV1=4SFYaBZtI#Ewf>XL!aZ;mYFK!*0>g^jw;z~_h!O`g5)%~EEsL&K;< zPX2eQd&)uFiP~rd^$#%?rf3gd;wh=G8+FZ166HIEj4Rw@a(4qZ@@g-V)s~buYO^BG zd-F4eT-Q7Ua=It#@vA!jTmfK>96a0X%|&MSWZ9`Nvsn6lnG$8RMaANYBWh+Fvz_FD zHs->d_`yBFyQ{NbD$z)qy=(24;#b*QO>2qRgEU_L3GRt{;>RHc3v%${oRAwToG_tc z{X*m$+n52J*c(7*fGv<{b!3Dyge=~+;I8bx$<7t&B;j9W#DQ~^Kk14Xl*C*cW)Y4^ z$;cig$>b7_V9DSTB#ChGs;|Xk-L^GVA}%h%(j@aaw&scmj#C^$*fw5%7+rMXkR3;t z%_=ifgtdsfE26C7IK3!`jL^1xR*{Smo+3<0n-an(bD*vHaX-lwFHe~mQ(g#QabesX zsa(=Wv(F)vEH;=7Of?x(o08kWG`Sa&d1UxgMxMleCK|YyEoV4g+SwZJ#+lDUB#i8?Vv(HLETSo+TeP&O&n=vi$zuj2 z878_-CE}@5*1rY#L=r~(%67O-2icx-KKAjl1ZGIPjMS&Hc1ZKEL?2^?VszzY!! z$C)TWkldC^hGK^koT4$x1&6w@tM1O)StCb8@tcS#Zd`Ls261dr!f^a^(m*ef#S~;2 zHo+F7eAW;hyFc3$CECYzGC1oGCxgjH?M-jom*JCJw~BnqW*dKp)M~Z(zGi&-YyYBG zj7Jb;U6WDKVP>rg0H>qA5UO{sjr*hbgVX-5jA_792JK$^mY|MEJ`aVzsiLa$Tu3#VvK zZs7!t8wa;|88*zjeM{-&21VDUN!TXfP%fLoG98zlG8F|^H1Cw**Z-ou9#%eH!DweDZ9B|GAw$U$H{By{h5Yd z)CH?J|2fKcrWWF!7}M*fW*`$4(7?U<7j+vJaHPH7QiD`?LjPd9eBp2KdEh6zcqqLQ6 ze2LOzpWnFwUs-L+HDtQcu%SWA(A>mdNf!6WYr4@GoELD_?&A{O|qKinz&% z|9F&W@ZICTk6UUP|9KE96ey#Qxu23IBnvR`F5L00GcO8`s(1Rr}B=QZi6 zXUGr}C{J*PbQ3xVtf7P9)I?%sG3B#5rN{u-Vgzi+$_XMBluE@x!YZ7SmBqTCQK{f1 zoFj?)U=xZNaW-8rU+9jwe(QTvLm!i?@(KX<$~3QtiSZt{g;>#VP>20GDgz zIN0D4E)WnU0tV;cc0nithTAY$zLq90Fpx?G@WfqET{jg~QEOAgV590vezh{qv5Uh1 ze*Z(*Mz1&lIxt(AX5wMRZReh@i-r(Vj%}pl8Ag<^%h&=r00K81fHEPV3$ii|-pXG2Qy$1 z1}I{D<>v|`+R|B}p8=GNFa@47&;TpSmz$ii*Es$V@xzaKBiY30#iZlU#zpH$PO*s@MpQOC0ERKvcN$W+q09e8-D+z zQh_r8NwpELx7z>R=l>uAZFo89j}`Wr<;*cT^MC886`%i)T1V}2{yzjY6z~=?VRS=6ZsqQ-2Jp;35c4dHcLa5RFH$(rnj`R1L@sq-CsGTQ zmB;8oYDE|q`E z(22z$wkW6$iGi+&!>Yc>-ttGpL&-3i&mst5czMc7^v0!t1y{2 zVL*+5Pn1|($k)|7h1y6L!5{Q@^$*2zg}ASJ(=6qju%(+T1A%Jx8qJ$Lt3Uzw_dmvj z9bCmkgSK6I5Z`cIYqXPfWQS!{bRhJsT0sqPwE1I@5iz?{{B^umFn$Rh(`xjdU3 zc71@q`Buu(L8m1?;^lZXo8ix(TC2tuY!xA|3^N7LFM-cd8}R1}ns|nh!L5a;iBkE1 zByW+P@e+8gD3~H0a^phD5`}!&vi>uSOoIaGARwXwkn1PG6#OvVh_*Q!j(J+X0N{4- zN2M~D0Y_RN$;6+Mq~l1sI~cgdrpebFE6U}he4Vl~O;_3-nmU-4z2*)r$m7l>uN5=j z7wG{$)w-WwirREv7w_UgM!#Jolla6Y<%~SsQ8?Sd7Mp?Uzi91Wv>M~}(kjX^eY21< z3`70Pwa7iw;C(Cl*c~u3l?kWF+^L^MzMzxil?%7K{Or0X!Qa3^w#lc!>i@2Ss#e`y z&E)y0keTixv&n1MJu5Z=Qd2wcir-L$>o-R z7{wP7i7alATCAaxTx0~dQJZd}7zi$)dul^_-kd#}I$rNus!%?3!%j=m6h_{XG!+LT zQ$yktOS<29w`zy|BhHO4&bqGu56dGdPy0e{{jld!oH)A9`;hk`d_b9S zDFWcx;ja4w5lmm4hpJJyBFT9ys8B~1OQRW2rZ z%xLGf#FluiJsU&Do*k+^3dny*hg3-irH9P_UNBbP8X(XA*XSH4&VSqG{C^P2iRANq z>M!}kG;|OBcAUq29(1i=i5~)eoxWcQIq;!nBxLfVoxu+lVc-XfmTTmklBEqD1gih% zbwg>K)YK|aPD8=m%DdGRc_I66F>^ou_+#M2bNzxpEFgV{Hi>dWjxtc)5>j0av3#lV zT2jRJ=ayanoPb6=18Gh3s%X==XGp;c$3pCuI5&LCxH*wWWsOMmRa$XJk6N6#TM?8Q z&w@TPWbuzQnpQT7T$K%EGo~*|gYo^9R-0-5&6E)%fw|(I+l;;8QNm9h^M>bW*~1h} z7Vfe=4Q?ugJ#&dNlaBQa10@51-OB=gBe*fdS!wx7EblA?tr{QhVU~Up-di z_y60?R=NH^2&Ml1iyN!-Pw?I`f6~aj3=lfyD3gC{!4Ep5n1NjV@5Fxpv8Afz?>`@gQq}s37%943-DmQz#fC@q(X}<9 zd{r;xd_l-fwF|fe{(2xDAms(O+|K<_88>2Sx}uvY`RoT)iM!8T@cZ{X>GywlVFAvZ z@`wAh&6dlJg1>|K*koQv(-5tZ^Vnu$cm3ZT5-?By6Zn74mfBWJ{XYbi_$pe17QAT6IhUA!|0K*m`mE6Y=>9l=iHdGP_@mz(wqJIQ zcSrS0TY5erJU@CcB)`!K5&lYqzY^iEMEENa{+{a+OM zPf}j|pW2Sc|FxROW&Hm^=!xL}J+Ym`7sdSBQr8mguSEMR(f&$09PKy%7e)S)l;{6z zv=jKhjpH)@?;!L@_$bSV^nnD*2EqR4-ea_9e69RKH7RZIMjgV4kA|FS0kJ(2$kY3ozQ z{L5;Or-1gCq+RrXcjP}wx$}Pl|F3a;+%EP15LDv-mH2;Y`j3V7v(1CS{|e#%9mVy( z(J1x*AoTe7fANu1g8w~bDy;weg8vo4|7*tY|1?^iGXC!%l#2fs@BF6?{+BQ~CGua1 z{P&EJ|5~l)b3*=0%oO3fCME3O(}ex=sqp;2FZf>p{FheZ_kWw6R*C<85GwKio+46`Jngam+YS7$2>xHf|I=zW%Jttt zXdnE)3`9JuA$=LK9gD_*Vk{c^&e;cYQw5CYSH}!&nIq#`|0IR;%gK^I2o$ z23aX-1@hnM^3oL|c#$e@iBDMK69y?td_qv-6Uy#>GWdigeOcOL|F;|XV-ftvqxk-> z*=aV*{of(ztKvUC!JXq5Kz_`xWeNLO!akO;k0pHt+GGCT4g9eP{^L>n{%5OQ#(y4$ z9)$n6b!IEUA4~AZZwvgf_-eC6ek_q6OXSBA`LRTPEa~gg9_#n*4i~pE2`R@e&xQn(vJ>-H_-Aw3z`>53agHS5|qucpk8}`w|syhUl;}b-1 z^q~d6Jpe~8$&-L^^dIjC;&`H_LpXY#^O z0e198!3P9ZbOlXw102M6@5nO5KxRZ-G{m!wZwrE}9|H7*029GAk~kj%nL{TQ)%iMK z4zLB`%HlzZttfI7X%?YL3BVTD5sC!hhovJI_=ECc1BeBXwZ;yycneXv)iE(+raQDe zQGNz=r7w8#7udqQI~A^q8?pih0k_bK)FhN`Wy#t~2)`LIO>&E^x!}&XPV{F0jZZ5o z-Ys9EL*V?nl(+s1AN$Bf!R|}Job_L$)lUBYN267) z{|-Sh|F7rqJ$s{F^~U25m!q>TxVwvmCwW65l*)@%5>DFwd2c)!oND8KZ*=-=5l$I7 zB3$3~Kc1dn_TFi|vx~t{J3SxthZAkwKOOZaTUc+)wvB%QsWWn1mHz*4+y7ruNhN)| S^gjUr0RR6;rFcUCRsjINDm>l* literal 0 HcmV?d00001 diff --git a/packages/sunbird-r-charts-0.0.1.tgz b/packages/sunbird-r-charts-0.0.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d9302177e9e2d4059ec6643f425057d147e41ca6 GIT binary patch literal 21203 zcmZU)Wl&sE)2@vKcMI+i+}+*XHAsLUAp{E=7$gwffqnyX(yUCeQP} z->Fk)e(aj6Eo;|Wy;pbNS2uMuDk0pzAHV{~X05EtZKJFqsO~Ew@Q%-r+g4A&(Ns@F zP|MIzP{YXC$=b!%S6}CogtDFUN4S&r58g|Ie}q~ruUVcFPMC&l;UX)0Og!$W5#1s_ zIwLl0kLL8@>mu^XcIzU($;qC8{&ZRWq}<)$ob;>yO=xk4zGX#aOY05WN0xYbgTZo< zz~ORbHvUWCirj@0GOvf%!>wL#{syoo>3;^53?@UPIgCd7OzVw*CIivdBgIaqV7O~r z3g`UdaN%2Uy3+ja$CVu1M%?PWipVH)l*)JEX6!$uGQ_{ztC7MxwXt&I`p&^w=JBK0 z{tBuo2dlLn+Pi=iM#K;-n)6IQTAnBrbuCS@#RqTP1*-nB;!U1(aZ{^99%B-+f^;RZ%YXn3~W(>{~ z9wwDxKjF}e1%@;w1-G-xKA~2lzqt1#;fzd|mG#du59|QLl*e-J z`Rv)Tux2k8wC@F)SFQy=uL=@!J;*{>Q;*tMK0eNEviL4-;o9%ESp+`_|w}{Y8 z>rZUIaE7P#X7qV#()QMtE&VZb0#|QLH!hL6Y|2(g&f$WZIjiPLvAF&GlFgc5$I&sI zduoBmiO?B~7+yH($mxVZoLhlevpIZ?(2`^u6Q;~y@(E!hLn8EoJ#8s$0X>dcNjo@W zH?<+3akLP0fie6KS56HT)P$t{7KPa%=juAfH4KRr%unoCY6j_5p1a}HIEljFhVf@* z!g!pfatT&THZR(y&Mk9qO;bBua`~S^H9ZzS3Hgn2LGK4nv-XBewtW^Het5O??5UKl zQer-zzOR-j3(Z=t-a6Fr_VZX)ENvu~>JTE`d){dENN!9m=DDr6LnY7G0&@ev z5LRR&MjaiHCTBRU7FT02L=WJIin7Y;yIrN%+j!+7i0S@escij*7rOxRvvdV_t6NS9; z=~E_D3J1j_^q6pWJry`Pw@R1{c7?y{yVWr$qFbE3FNpCVp?o1eTbH7oD4t3%O3pyN z?$$LDki)u)Vs`+gRP?)B$EK885dAX1>&mtOQNnimPttO@d2lh_ad?P&WwNyrTyRA} zA;`rwJexPBYhN2Dt>t%w4SpfM;55!1QAkyLL}!<`zZ&`NPyO)S@b z}|F87XpT9g}2iacRc z)M(SVZ6f`3xn9x1*Y!{|9O+EGz==I^L+J88WcmaM*q3@_N#5I%H`IUN7m&{d3{{EN zA93_b_N5#r$z8{3+rk}vZ`Tu znttR6#rkbFSg3A6NMkhly>j^D8}MHrg`lti;l;Zl@TC-3qwRT2`v#&l%K<1fbWdKd z>pP4++LNWB-W{Y-2>`xXrSC4-F#jqSy&axIcrO(n z;pqZD;|`~z_*ntVb)&@1FKHU*10G?-UN4$yLYgp92vKR2kCL={6rSOJCNff+k#47= zNkymV%7i^HD?_EMp2=_-_JX=%wg*8O^*slnhI~{@dFW8G(NM>Ts2yf{J}KO5H5E}K zhQ#$58T%E3$!2r`=0eOhvFxh6iYSD=59sjaC^Rkzb9xG)(%ernGnU6}+3i$&d~i&^ zLQkT`_`f5-GoP+XN z^x;urJcFhQ5I$D0Gs54qYK_-~VR8p9DusQL?pYhz;@Nlw58w!m=vnl)pCjQ&sX)63 z5k~p6`(>J4t<|vhRF=j`2GJ47Nf-5QH^FVBcF^J0d!3Ja4?a5N<{M=F2KT)Tur zt*GS&?MrX(e0?#bWwI))D`h_56T}fB3-LIn*~HRLbC)}2<<;B>_@ct8U=m7n>>xWI zrr}slTjn*+w}&R!Og*ER-syaocEo>0syn`o`N+=c<4zOQ&^WXu$Jk05l#aBX7*bz9V6SV%Sd&3vJU) zO0}gek!OU|e$DS5cWSK5AA5g{R)r6FZto&?D22^2#~iZBsG^t3T0McC*WJok=Y9I} zP9^Ss|0&l)mnZ*HIy2t$)ieIVF1Q!=<9;B4N zPvj48?`hHG(0}!oSY#;|5w}w`e6{cmeQCFTG{vd&Z#GV-1^ zHXvk9ee2mdc8A;19y#m?n*{LR##be*Jci;I*Gww;?pLou8hvJw zZoyy5hn!-j5v)qb3HtJ-e$dtV_;eDr-|i{kYZgj~!!d6^9ffuGgjx`>5Wl=UUgQzK zpU-0&^8u-n^?tsHiV@bClWwR)y)f6&nR~Zb7gBRIHxhc^Tbl1b=Y%sc;TH;C>li>! zQo>J{e&sIW+~ zcjBjGfMXMb&R%gboQzZdxWcUYyyFp>S}WYC4pjxal6`K~1EuC`ft) z3>(yJo$W7nyk4V;?)Q&>HFGQYy6?Q^I~Q2U4nHwuHAWj)u?#Nyu|Vd9+Sl5P_^Zk% z!HkK#-}{dHZn?culh2AlrP+-{S)Xrkca)LZmYS*-2PZtHgV+v!4bkI$W3ruW0<^J4eYcy6VN{U|`BD+t%M9 z(8}f-%c}@i@s;>PUoF+~NUFfhBAX6DqR5tWO)As3z+1$(bBwb0tVst6nzxM)B-<^t9&Px+{7yl779oX|D)+OfA5=TRQ+{`@^nw3g$o9 z%)d}72>@@{20MuEm*ZrhKaNr(*&w~%Fivi)auX4w6;T~IHd3?|;WKjB*CBZzK99Ad z(pTFl6+Y)0u(_nN^)QJqPNj`G>c|TE9za&tSW!HWIsec ztroG=$6=7|n=m#z3I4LC_=Y>4<+x5u2e+sDR!9;}?&YSp3*?FMGCby@Vo=>fC{l<$ zz@1KnyD#$H=02eOv*PQWrJwtX!&pLT<^t3Ui{@i}49!dTO|MOF)3=Eh=+22+$D+@# zAUs&t9|{LqsERtT#_?CvCW2QMd-j_DV!vOO^meoOX^L>jk6R^f=8LwegkcxX(V{jN zARs+QE3l)pcDD*A1)2+}#uI`E{2K8&)i{rc~DcWkZ$k_N6S*5B-p;n+zK;e*Mg()v5gaVdK= zXma0_vgS?`AQ#c(?ukgkFZUlAFa2yDtF)R9BpBpw4$i^w7;Evyem5te71Mg!22d?Y z*if`1%o6DjUA}icTtp1#IP~Z`Y>}2cMP+x3n(Wp~J|3Ov`+bkP^5auJtMVpMIX3c` z$AB1-JHq3`mbroAmH6E4M+upaDZZc2vwW z0diTCZMmMUOl4@&bJgW((QW2u@S9v?4_yq^l{ZbOD&}1YCG>$)Mh_;^+u!-Q6ObB` z@?!Dc?s$pUFk3}7=!Ub8ODY_BBG-IxHkYR=ln%Jf$YI2$@4XT5{p&};$>GIXnmgiB z-(F{uLv~sRWN|hzxOCz@gX#3{o`AF{_CAnmnD{;itr){R=ai=%M*jHD>28j?a%MqWVc5>J*MK>YCKuztz3S=n3R2 z2E|(0e2|^*mH3Irvp1)g_&jy{t42?VjL%;O*3{*YSd?IYEG6D8o4AZKlS#>v9vGQ? zGqAla;R6TXH=MMVUaW-6 zN6c?Cs8z2pH#mZR?TG)nojn8_qnRXmrhVETp{^vrtiJqRw?N}z?b75fB0l+f7|-H| z1^l>q4jbZgD1G)2RBW=v6Ozx#=n%kCOz$ZAr2K7XW_3X#`)lLEG~t%BBhPs#DcW6Q zqrZ$4fv5jut4Ef{(2MSekrm%8tE&ZD5W@Rf9@nRUZ&=Zq^l`Z|CKow(3LHr_!nf4@ zq8(=*dJC-EZ`_edJ)JwU67<9<7n${Wb+J6e9;VJL|5`(dNhnJ7C@GC%|Y}paswhd-rJO=lymqtXnzfOZ&o> z{B^AukCv49X81`;hP>F2R0!E$VC*uAU5=_0!xEY97EBCO8&?sPL$$&X`ku`35Nt)V zlppuSr|F+P{~i%^{CtG(*4KHzDB5XYb{91NVf?1wM2p>sp(plZ-Hagp?%GuYy=Cis z*ZR5ZUvD5i5c5dB2Z!LcKQ-P=rHi$98aD&m zUj{DTKV48GCP9}T;(5p@hyl0C#mB9O_+YF6?3aO4f3hgxp!COy6eaS9agMFG$cn2# z+OR@30IE?v2Xtu*mhD{&6A47!8xy6HlJN$&zJ*EE?y*V;CWSR42x+L-TX9(l2~*}6 zWv&m+TPqq%cKE5_;A{lodQ)FvX;hQGU|@1}6?9!uDX))AYhD4p57q3)J)kOXPaq9l z0v`HdM`mlg{jqT&*FOXx8);ho@G}3EV}jZ-Q7x*kPs=;}Cjg<&2XH>Iv-aL{Lv6+&1J&M>(N~#Ys9ysT7D_kGPbybzcPJtY1AfTd z;nLFbaQu?=!g9MVc?+!jViX0avKTC>08(Pm59Nkzx{zFC33Na}wo>QcxhMZk@S7Sz z7ARXEsQ96p5J-XD-CHcq_ws3<{ znGIhnQmaBy-sWbmi)G>jm2bsuzA-~tq$ugR(<#Lm=fcqv)o@+upv3`o%OzHS#rrjiomu6Ex)71WK{5;c!dp_Pge()@9E#Gh>*CwI3?sPl^Q8=}d zVE&R3aQb6Zl50=tqUk1-t+q@;(INEx^y56a<5)fNN9gutK>7XcnUkLY2kQ3iJbhCe zD`*?z_X6bVa+{Fn^lZwVn=LJ#n3$UQIJ#2I^X>P&!nynC>fy!trL?R^a}mj>;g$R? z{dPOH5rOr0)yqQLS*ne5c4S8z1CL*oPW^8n9v?Uhc88|o?Y5tN44l6J&~ok8M`q2s z!}v?u!tQbV%`2a`TVa)5@s|}>&6QqfEh&91(@y66*nrU+#J^_^FE+`LX$nJ)>_G}x zyz$#aTD-13uqUuJq(WGb#zd1glNCXeE<*NgGE(9nf{wm9{N&4+A?y-dS9&`nv^a!@ zKDbBsgzrc+bTo3z>4SOw_Qwb$U9fbPAS^GI#VVh*`)@5deCPZ1iP7T)UWhJX1N3;_ zWa%t#9XqNPSjgOewrntDoq|}h)*%5|V}EAFzY{{2(}kCLz>DH?3XcZb$uH-aPp5gP zk6Z>(l8@Ds50;18G|)z#2QI9qj|D`f!8;Iio;D8G!*!f)a*r!k>9(o?H0w4TS?M+n z^Sh7CYkngyxT{*>yH)-aNHXuqy)$Wz*T=c^Ezy2AieUVrHFi?dOcIn1d$N$HAs}Vh zLG*BItC>T1K2}8VD}_UIXDcgg!!sAONEEQpPZc$L(eLVhhcLt`P_}n#m-w9@DS|f@ z4-3CZDB~OQNmh6%mbNY2Zb}&|?-{Lz)KQZBR|XrWjGr%Pb&OJdv$;{V5#RXY72FEh zgY$v}m|9J@1{;!Nf245+MKQ2^(8)>o%c#?@BE0EUo_OzJ9*pT*=9t|=tK=>n=3!SX zCw8f3uoRRyoY+B1Ul!u+Wdt4}4;xqTk3o$St=ujHyU~>Y=?m4Hawv#xrTRfn7`RH9 zjr#IAd{OMxU0N~o^MvnVH93+N6%fW@@N&66JOeNhU9A8aLV;C1o4$qXV9De9qm9k3 z?Mx?4Bqi2qy%h7wdMz@DOsU98BYFE?nlNM7j%$kFN{3@kwm{ss*g3~iG3Ol5rPZ$A z>n?Xop&SaIMjEPKNX)2685Q0xaz&r*|KBH!B8lZ7G&&o`a?aL$!YYbQ|BoUVBV#%}s*_?Vp|P!b*ClJ|q7 zsg-f%Pq7G5lquldar0Sw>z@U&OhZ7d^5>vK$ftytYka10k87r8xClvr>v)KiOAbVh1=85U%|$wOO;K5 zW<->+d-qQTj}jgm?UO#if^h~)RBSy+rH&sIh{Wshh|#5@J42!+!?UE{gtle1^M_`& zOmnUKhPISmA~@=ITC%Xx#LnM0`2=vi17O1wC~Ke=dTbD z-5}`rQ;6(1w%@O?X3gQJkZN@_{sMqj*s(}x4e%LoLG2T(44h`5TA@^Uuwk;-PPKkE z8hh_g;BS5uV@v~@bk?1tk^t2{VxUI9;DNeaJL+2<#z}rv8W^wC{5&KR?VYdUtvc@Ba;wd zUNF|cMdo$5(?|~h%u8uaqao@x^BuAs8o&+_+)trguF@)fj^@s zv5HCjB5B)6lA@R1`PK>nQ7rWxvhHZ7kwWVdNTn05@C3}deG9M}u@X4}#WG@>z(g~a z*&DmUHQKqL8jXMo^@0l_jEtwd)M1c}>TMLNtAymf!sLdTQMnHoU@<5MK%zIb51?w_ z{R@i0pvxsSYXlZ`nlQAYWaQHd;Cm3f;t!xk5@Pvl=HL3=2)}@p0~EX9SV%TLAtR@c zE)@+15t1g*A?n&nM`0=-GCCMNOQDfieT7Wue^@&QMp9TMV4omWC~%*tb$*9R%6<9y zQLp=zq%PD3HW$O-37~a2)fl$fXlFivR4AD&zA)X9(;%L)0dPqI(A)f!X*0^8z@Gzj_Kl~viaT+eywfazP+pAX;5+H`+n{E+VHk+ zXob*(LF=;Ua^?plI~liqF_(3It#PseYXQ@$?XS(u-~F)E5nE%f*A^Se|5lv_f*u}! zdaoYTi>?-a>`SDCP6my1JxkaJ-)(CA+ggfQ=enx6w~qf?hv1DLY_TjDvNLI8mIk~W za>;}d=*S)QtC9}JO`$~gqo`(w%LkUpXzrHEwGM9TrXZ-gmrigQIGVYw;A?z)jcKcI zJwCIny82g}%U@=?o7pa(l}#teNvMgTaztWiRpIdIU76#sc33w5x@khmj!MBKopKtv zgSHG?w20am0W$)jLFeioO9X0PLYh2tVLr*sE$1)sA-Tusw^pt?1>C_`+CY=bpcbuE zv~vyf&Kqs7hWk#as210R{KRTGyAHE4k}+dcx3-e!TC=i*e=xx-gwWwi@>*;4IWMu? zLWBm}#&sQTlPE9dXmJB{wgztgq^1!{H&l!jy;RM2nKgF~)U^eE zw^(D_2RT84$^%$8)=A+EwTT9@eyC0T$!cRD8~IIFRnv0!Iz)lFCb6zmicX(qomEDl|DBSHt zsPwm0&A5OiInj+Ky@=UJ(I|t@MSMG)UO|RTx4Cb!GY6~I$4zxT+q7p2mbjy(^SHlC z#TU=2!lxJ#|E_{tpMQvWGQts&3F0c+=YgamTtD3Li8`c+^0yauKX{g4)W+&dE*_=8 zOPjdLX(lBLq!w96@O5(VQZ>$EmmjSF~E~ z{-*=gquiqgEoMPzzN)wgL&R0;{MXA}`7+$2!|dm$hC*^;cs(-d!fG@Y zZo%6)P0=bZ?@7`XOdN8^-9@c8evLsdE4j%U{jF~K*LwlTUfP`_y#;9-x(Z8n^7I2s zw#Rt4Dk)rMyP$Q28!tazFTv}diweA$-{CiYx`{mKQrs;;{)|}sS*7Of8L_Y*u!%wt z0VXNnqj}-Jv`d~H+dYY{E2n|qPF%$4c;13qmxaY0ad<#xwW7{%jLs_icZX3j*)XjR}h?buI8OaMZli+&vc7Q`g z+F|-ufY&@kTjuS?T_Gjr;vFhE=05vtG;f*n)H|-_$Jx|xH+RpuW6X|h7gC-!7J}WO zgzs;nDsg29ollz;E+`MbJQCzcA`Sj*5ANG#6b?XVRl^Mn*?vJwE0fhoG>m7NWX`{! zL6>@~gyD7*Dpl`)T4zxmCFj3L@@{+|S0m+g&rm!3;z~ioOjh9iVn^@h?ol+82|@Dd zk4<%wKW*tJ;k#(njEhrhgHcqTTef#MXJMiigvvT=S4`Yb+yaJ&9U|?l*htJ>B=}7p zk8bf;+o|W0%5@bwo2oqH2n;&@1<+cIu}xV(DJ?1PVm=gF$%rlmOoU{0f~hXRQUFe{ zFK`_E!sT3WE=&*_lbZ18pkGA35?|GQFIv>FE9(=tbi)JUrs(K?B2*i6;3Ev9Wx|l7 zzr?tFXYLy-DA%j;j$)R{b_?WM4wBdaSw4m0;3zzR#AR;oe{6x%RA&G_q5|mp3?QZq zUA=FMzebEt0t(KbwMx{t!KHFq=fG)>$PCWQXFc^tP%^d8*OxToT!2ZBO&2)VXXb{s z`d?UDKX^}&$%VE94P9$IOo!qAOlU9g>#*!ju7jEz1tlKikxFRqIT|^@TkV7`9(slb zoJ9gqHl&~lY2VL%U_xz@?XfgrF$a3m6m(G-7Z5 zQFvK5Wy87!%awt&;{TEW{Qbb1_Pb{;l?_m6!3o&C>LeEE)gPIGs)fQrcIu|JsZK!a z^@EhY+;jx+Onte|*HkSu1O7IZ&I1k2+Q&FMSGoJ3bQ|yByy6PYf4>(!aCt9qA%gJm z?c6MIVi2Mw7kLV12nMjCVCbihY&#klntWc@KS0|8K1pc%h{t$GP%V9r01~5Is^uU| z4yzV@5Apev4z9pDXOmR2QCB_$l53QSN|J*f86TUgW~G2H1`F0DH8c$*OPMg0Wu)0* z&i`5w3<{Y0@X==W!Te#i_7Lb6icpw8;dZILhJLWW7kB#_a5;AraquqbIDt(# zD1tl4=e27Hvz&&QQA#3{F$oN2JQW0yQW4JC)Bo~TX(IC|fcYV-3fYep%CeM%q~3J` zFpv?T`@bL~toR?ufK|ywX3vD+H==RM;u~=n9Y$E*5Cy)Td|<%Bv<jUAN~UG2(7G0p5IV8t1jP+Fh+77fkVo{qKgB;~2s4;kU=P&MzeF)i`P)p#A490U zTK$85(^s0}l>PXP11Ki<`EC&IGEG`}8+%_U}LX2VW(!UX8n;Q{A3I zBfP}luIAR;mo>+jNi9XU;1O8;0~u5$*hm%s56BRwQ9qo^S=e%Kwy{4rD|Eb7!i0iW zr!`b{l8u2ZDjziGAXJFu`;oPWYQ~a&ZJ6Mv;NzY-FX**!@MKw2mz6SwNq6cB_xa-{ z1+g5S^`RY-grFb<n>vS&%(h*xfNBcf>kw)PoS^F#|=Sy zHCq|}HeZHutB5{_6Ahh6gRSk}O8UyorsUSO;K^qfYJPg{6Q36YayqN?D?LCqRXXpt z5}P5wkYN14cQ7Mnl_}2KS++08AX`VpWZ<`}Sflam!MHzFRjmp1sSfHEwfd1;0>(eA ze4@V<_bFy6zQ&t{N_ z!K{g`YqW$0t!CQm>zw$S?w6BO3vPJiA34`&D|_a=;JGDU@3lAS;)090!5Pk&*^=wl zJq6Pd+xFV8+rCBUVA!&2LhRe(s-IT~8@ih!DLx`o=5y`SQ`U^m<#e2AriDxYYT@zW zPBK+m#+&th7PDegXvFhZj64PDfhB%GwALP9K;-}|zvKA%9QfnE5Q2EC=?MlQO#W)= z{DTluB%a{?7J1Ls$de-hoxn3jPoqa6a|9a>L|9r^?zamz=lmx~5RNcSw_aay5-MKV z9{0U2%}iU4^j!kJlGhqJ;WMU!UI`Qd#}Oys0MdvVK;it+vRD-iXny-&{y=W_U;e=V zU;aS*Km1|V6viJy$33rL{GpMdr}%&QLmRzi^Z(Bu&hY;62b=rufBYezwO0=(Bkn)^ z;pl*bXBW^B&P#k+j|NO^D+I^@0iuG3Tta|P8QPA=K@|!|#t10%M*{=3?6a_3<@Jl! zyYu{_i`=zHIe2MHfxc8gi6%&K5LDCea|&wEFV}t43Pre-Y7Yg_@uW|44KEnc5ml|F z?@5u9eJL=@h|Bp1QEtj#f#-dPn~R0WTVN4|(2R&)RISB=&CnP8<+d&ql12j0 zI}EKP40wRM2(SzjScELD@KheAM(`oK)HAjY?EQ$?=A-*u2gt}z>?E~ zhxlsO{Rd2vgsG|`<^)2dqylMOKlmjXfJre3md)EWoIs#|^z)&)hm(aD)QwJpQE)1F zG$5{5gAa3W`hto`5(p8K-bw3XDywp-i7fz;cr^4Upc2!|eh@8Z7fcHYrV0ig&|!%z z3Lr#Uz1DWVRL_nE8a}sStq%L@2pl;e*y8%yb%w9?cuG3E{^1JeZ-&l_gDA z0O~`d!;26#l+TR)?=x7R85bDid#EOdj`jUS6IIFI2sC4EGD3LONRMe=W$H_aX+BKi zD${+h%CotW;OZjZBpl@059d4(YIBc;!}$wlJTGRLFGAH2OZIt(mr_{53_fLnX3Z-W zUVM5+0U81@bFm;F{p$%|KB8O*eM-|k5sHE|5GSud)i8nAu|U6mJCvG{4B(@L0WA)n z8rW@G$iVAgc`Q%M&_b}U(*11+*jFSr67u@5H1$oE&}wz;%j?;trp`~BC414^9gkTL z6u&>2HEQddc zp2YvD`uF-4GaowSZdnF=$|h^Fp>Z0;p-#(`e>g3hM#SQ2Lg;CdD4V8pP-`STbPDud zSWZ1yN&>*UWxx{^d-)FIJ_R>I20Zy5oWRLnY#nWPIt zaRu&#q-~4H=S}pALr!eBT>$R_)VcxGz^LYT7}b=D0*Dy^*6au}U7>gcC?B&bbTN|& zDrQ!hd~lyzJ~_P&Wbl1M08SAVh5?%(0P|mAY7ZeyKdJotkXsJp47nmO(|m{@Xc1@3 z1Ha1|;uA^X()kTGLc04V;!ETTn%gc40*%6Fp>&B)ZgLek<@tQ%7o1 zm&!a;_c{0rprK%DEEr!IjuC=dCKg{xP3OP8pq5~xK??lByDHaCxP z>rg{NusyZRK;2ZBvN5mt8S~?NbKwCvkE=d63d&eNY`B5ERa6C+FQhO<`q0?e!zJ;C zS9lmG)W7Wqv86h`%zG*W@>#G(fYL-cQTNT1|Ik{p2@H_!*ld6^6ZSRQr%dAyU1u9E zlP%dgnd|$@*6)ou*Zr*j(OT53|Ik`$7_FV3D(Dg;dZ1CI0fvGtv0zK#RJ_*%s?dD_ zJP*(=Eak9?sR7b&6K_@tdgnPx&MoBH`<>=3tlL}!JXxBKKcSqV?;3E!L_rp{|67|D zg=y0WvBLkfX$`^uhPynWS)vY<*c0Rs=&eaL(O_x*_&2_$O~$Y+tTZxx%eYlosr~iN zPd9PrdMP1JE##h&z}Cigq+TponYB=`T)XQ^`izLwzp{K7DqH-3^ABlATjcjTD(`&z z*Y5JQK3-I$3nilbe(3sErZuhT8srO0{rht@XGW%)+bF>XY7zI04KLvDKB zWH+`jt^1uwl6(iZ=YDDWM10Q|uQ(eDGj^*7c7k3B!~%4m!!gTR2*`cIK9uebPzb+W z18V!|Vu2*|c4p``o3Mxva_|0yp-!1S`mK6?4of?oY98<%QHq=}9~g0-@`g^N9{&4Y z3NLaI1t^gMOFAdO#1|fQ^(uI|EL(gEUrHh-2ro1K9v8g2`_Cu^FF-|K0q`7;UJp#? zDQ!rBL#A6HGGF3$#je}5CxVmBp#*TS$1}pr`~C&2Z(RmhvL@3(Jt*ue(-tBj?;|E$ z{$mHZSW(G9CN`}R`uJp3F)2oTp^duZ0_&>zxCIO!2!YN$3v z4TSqM)(HoV2IzDy@7Sl?uWFDkz9(09w-%Sl(wd=w{ME+bF5<@%A{f%E#4HjA;?N7y z@sWNowUQ!vTQitQ_uTILL1@Sm2Ik?eJY`0MIYl7#f0rg|K5zOjby!BQ&Wzgvm2o8; zFsEokg(Q}XHaz%pvPm7?6O?~_eeh-b01d0W;N&5B%ih(@Yy4xQuRk70bp6n{@1d%b zHeGIu!lkn3sBORO-77oc*NLwUg-a_|`riu5gk2S_|8;Dsd-%}MFD3KmXXJ}7i%QTA zHaq!5;SYbdra`piutDEFR-)mNX0?jJX+6!5U!HKbQa!$%(|r746@RD!G+XCiG4hU$ z7UGO1v1&OR?|Vd;RK6**hJgg4*o zr{CC-C&|K;f9gHx#84MxU2Y5l7%Ci=x(OI*%0;5bdY{(e(KuLy^vG}!l1$z0-zaE@ zM3>W{xNjKSbHt4)!4FYJ7iO4y9jmgHtHowSqWEld6J&`_r>uNm3OIe@bCU2znl~TD@l&YYu2A^%Ype!zlWI5z@`IudQgB-)qQb{uney$z306 z-fX_@fg(P!)6bYHQWm(SWT!Z2QlE};^2m}&em!SPd3-FwNig!2C*==@fw>!M;G4Y9 z$V^mcP1f`ejB%l9X|YazCF3GmGR^i zSf41;^KpIg&!zFsB}IL-StRORH-YO{g4GmCoQ4iDp5?s+hQ)Nrg2n3CK3N09>`TUG z4=Rxn%(d%RXJWOVt~bel2OT=Txj#MoqPM0>>g14h6}WU@A*lHht25)_D1v9_A%JK1 z${^$WkwzrJ{!=S*JmD?q!l!V|(ojh(YKzF^cf-))eQa0WDs}elTH6?P;_Rjd)f$J0 z%5j2C-J8;``}5y2kh2~XBc5evRa_^dkRQ%!8#<9|SC*wJDZOW}E<#2l_t&s#c!eMlG1kBS zD|zc-7g$>-{Xs=f>p*R6N04`e%Dv#H7cY;bE^y%cyUnAJzXaMR&(zaa%7GAqM~HXx zPAo8H==hT6$sGGkJu(;52CdP3FWq|@&sThWHE_xLa>bNT7}QFgn?ezA%a<-|^&T;x zwNbfZLyhMAbhLTjmF?K9|9LO~F72Z`swUxQ0>IFI{yDu+c>g+B$W7vZ*S-;Csxnp^FZ=t%v$yz-LK_JHwc)P{dm_P{cp6LA?r$N&Nk4M4bj@R{o-xDizkvF6LSfzCu6OgdAS zDM82jB9;C(hifffH`rgR(vgy%V|%>frJJK{5`|oUr9PR!;o3oDsXvG+*-#8je|A;e z>i75yU@+*&Ns}H=8G0&#=&8t)eLw$^)~3nLa8lM$S#h9ojUac+?1@yQ-(TPv$#F*= zO(Uc0Dl*Lgjd zf{2?)C6Q&c_e!29(?qP6>Ro?MF(~AoOkY9sh;tu=ppmPlp%6rk5Y6ouU35g&l`4`K zc_kkbWK^_kE_hVCd?Hq=wdUTA`iCf&(s6A3b?+rfg)w%21+P$gJ;rCu(jE#lJNaw( zf_((CE!$u{q<#KZNy2|*Z2`2@76Vyn9D&|3VzNWNpMU~<7C9-9{5ezM({({!ZdxPF zmb}Uc#_-_#bzteme?z=sB`NM9T8sc6ekU5&DD*-I8;=(y-{Bo7Zu%?%b-kPMYO}-Qt^$G+wfWL;;2Z#*inXtm8LI zlbe&+EB3mmxA)wwK)Bfu8SU0iWu( zHJ0Gq+j@deO6@bn1VusiV|DQhhfT%K$NdA}XZ{#B3CVUjA_^&TeXP~>lSN+!MB3iC zugJ0=z?Fz~ffNG)J=?ZtsgnNWLns%PdjMcG>iXIVMEO%$c-~zxh^#sagEHVZe2287 zOK)q>TsoyXk4>Ibi@l~Iptz2QC}!tdJi#!(zmjw z71q*Io_Ow%aL?HceAdu`<^GY5UrYl1XYPzECkuV_IrCjgDUY>VmZPk` z$Ktk0J+h}Lk_>7>GuFD4T*G`v=M?ul=dK`q0xr7=yOvFGVkhHgR}G&9*28md44<$Q zrR^WmPs)Z@+}ny&WdzWtClidBPCxW1!U`X)^T_2gjg(@BjWvOW7E-I1iclUV$Ash^ zOv0~(ooI^2W|kDn6ZUf(n@mGe5kwNaT7SJf)fKSlYI_7->0P-h)E<~NVtks&(xpi& zZ1p;3V2!Tmf?@-iWOq#ai|YN9R}rphmjeqmO;jJ0Dr(JVWD>1OR{FYzd{7?J{+~X$ z?4iFUrOXlXKj_6YR>3M-zmv&LjS}4u&bQUDDn56T{WPAmZqclR6{e2jqM@jt(tPJ} zU2~O1{5DNxxE8)N@*WWdd%hjXp%!~5l6f8FjeJt-wvVo$3o@rA%1n=kDa!UVsJ)AF zN4}3fBq{WMv^e*xw6 ztn)IkzBV@+n%0&P5+vdc!DFQ9_k3?=v`Aw3sqnh}8CrN%GTi!%Y4~PIbKvgZ_M^uJ zS%Pnls4anIZkp9UGOf8v_sm|Dcu!#ct5tw-gdgfJ+Pl|y4mD-WER8 z&srrzz$jPgzYX~5gkl|#Q+~eUfN%5+f&WBGg@5_=^tri@c?>HOfztHl_`#)jx**K7n)OFSmCR7Ha=rA7|m! zWaIbY0V+zWAR>)L3I-h;@=%J>B_JcDq#PrZ8Xdxzihz_8adb(Cln))FLtwy0$3SXh zz_xcj&+m86d(L~#`#0S8xzBw**L8j0+zh**A(UFlkQz;QEi9AXQ&zL{2_-qW+l{%K zqx&M>Yen#K``HJ(58T9U2BLD8s)uJ?ZVIYM`k_@>aJcHMshdcYJ)3NMHp&;x-1A@& zfqeE805T1QWFJk~=1?X!D&Eb33>C2Nk`&TnHfk;b01K#mHl_3Z^{i^MEc9#%SRUyU z-4|08ubq_R&tyUWzQ1giDT=+2;h*Ui&g*#Lwca^5wq0Y)wlKck?A>42=WYpjcyvU} zDz$MpS9X=pZ$I}Aj`>(_+~zIlYrpjvpv#b?ytCsEj7Lcm@HT{ zBa|v3Bx)yTGW$gBwo%P6D&R(jGv;B=s0T6J>}%BZcDHq_$};-NTfEOM?Aw9PG-r}%0W#mxd58cX;N8S;-{Lq!ZcP5P%J`>p3QP!Rs#l8iw27OyESP)HssKDlk1nL!EMcv)^8TQ} zl^r^H`6mnrWj(BT6cFjw>M`7Uevi*4K*o`cUt}_%h}DZhFG}t5>U9X8fsY`Zn8UjM z-mDfeYR>>Ddn>q?hUU&cp8j^#zCet;rUN3V+1`14xkfRTgCWmO*-`A#x!U*q?h-EA z{VbLGP1?Fn^HI%+(VcU>3UMC7ymlaa_Tqt@aozx78^^r;^?*Z8PaU05opCCe16 zzJT5l2{>pV9M*6f>0t7`om>9eYmJ_6o>2{bO#@bk1gS?J>?O62&~p>8jD-X02a6Sp zYyU0BjFjlp6I-|k3gSj%pUK*BUmzZq5KzOdKhWy0l|V8T4mFG#$>^h}5}Pl3*c#Tl zak1qKYfLaPsNTwLgKoH-C$}ZTwp_VHNoWQ{d30vlT1X;<8}rKefl#CC%VVrh?SOaL z_47ayd{hH8P*GyCv$b2A7I0rn04+$i-NdWG;H&34&a#01JvI@+x# z^c~Ri6D<5y0L~T|PWGS!6l#s#_-iVGiLZ%09Cy9ZtDDd8Q`1zBZS7F^haw2V<+Ev= zqEXnu?p*$K!qK*+;HY?u_cXAi_RGX(N4+!;!?Q}perWKu{>rOp9(QJ4yh1z6@~ue0 zJ0GukRY4h4l{Z=TqXd`nCjsnSH548Q$L}(KM(q8SiaAR(f9+B8-j+m&Jj}r6ETf%B zj9RN^J62eQC)Q3fAf8$*4)wZXcH|`yS)Sy6;8RAIGWtL%WBa^0&LjNB<+w+si?vgi z2oX2Z0N%U37wmO>VAfcAQ=O8@~@>^J#WO?!#kA$`B#9IxTbo5>*mP@|#>03XhYLeTdQtU~EI+RD`0JCqBnsG6C5+uSvQ8OA)Ib?mWIHR!@?RbkW?h$=K(lILF_i zTzKO`QdSDBURt?!S6|>-&Gj!VZuPkhX8o$YO5!tEB1WW4GVv(k_cZM?7* zp1ogS~)zsZBUPB6!V*022OnIBK38(oD-A zN3i4m?2Dmgsh7K{=!>D3_Q1vW9l@u0;&AFmCQTf5J)#A4F|_l;UxolNrUiiC8al4>;IPwk>@$bYa6l}vvGi-v0n1BkrzcVBTEKcr(RPNSy-UOqoW zOOVd$dni$QEG+Fz81S^$IR0jZ=&wSBWHs)*vGoKyeULXVL zWjO!HxAJp2fO8Tp+*=Y;1DsS)=C@B3@R-5>_EU-{g51tN19f(f5Qd2L|%k@$- z#7=Oq@3#UdNlZ;Vr<3MY&>$zysqz#fAq%E6x?#3rsK?6d)X0nFv_HjuvmlzC9T!4P zW>URIaSJuexmeCgPasBx!Yky&m?SmBP@?6WXH&km{u>+VpQqzprka-A2c97RBuDy@ z)Z@1_e8h29F1o9|63_;u;Uo1{tsWSPW>M!EIjvD>&{p_#(nTaa6%$966D?QnfvKOL z(jkNQXkNZ$?vYo)knuvxIdN*1ux$?N&^M>`9HF!5Z1__ls`6j0S{pDB#Vz?W^^eg^ zYo0nk!uERL+t*WC#yJ)J_zj6LMoRSSlW3JwFsW)(acfqtAtvb;#^<&`u;qgocsyZM zYq9uOor22(ai9lM2^se6o|jU1ly$21PEhg)k+toygHtO?1`=nswko`bQzv57^M3s} z4tV`WQc7CN@af4>6aCesm5rrB$OKg}f^C9+F z!#Z)?Xpyk(fH&S(|Dn99l(WMSb?Mg#`!0byxTr*gc(pp>@XK#ULbd<>lOLZ1+ZIRI zOS``kxU*T)pRR(vzR6DVRFM!}MAY15W6}C}l~BSY7_qQdcnX(pwI}vub3VaK9Ala4 znjay!${|p_GfW&TsgF$&(FUc!cNR^*?~+gQ)bT4h3d6ae&X@!yWn@&}qHo;Q(sQ8B zqTbcg>H1AGu1&on$gsjGIE_W8ab^!;NYHn)FokpouL(}tw9uggvx+*u;00!DDz^FL zczgiJKmhOK)$-ltA5iarg3K?y%WC-v%<}j7Fi&kOCq4QRXg1PeG2tv+Z%685&LHx! zzkksVGV1a^zIgXA@Zkz$ykPZo@%Zb?t^*Wm3z_K=`P zXU6fpWjo?&g)~@V)TpGV<}nhO2rP)#+z&(|yNM$!)@w-j$D<>dwp4fpsr$~3)J)|Y zyHeBA_>nI%l)~K%sTo)I=6qxP*6(98ao=x^y~E^eqlY;err7=1=hm^SQJUZ9Nh7u( zE?%-1CLxjRXyYqRlg8ocU%m9aK;zfDB%heU5v zjpWBw`Blcs?OjCKY+lkdVrBznjmZousM6A&#s&V7Hp82IUEdtm2mUUh=7?k#-z=D! zi`9;j74fXnJ@5!JanC{?77|Ms4)9i+J~nD2c|D=Z3)+?An1N`=W>#R9RHrkmM?rN9 zc;HR$kdlhZczRMsCw!>RJke{p?I4Kc7_7P~9`kaQVAQ3smE^Gy@-_ zRHf_6W5!P#`_W~SEg;qOwG< zwSy1TSV>6?(eE9@;cSw)uAs^`tkJRgCdi^>OOmMNM=zDj1y z`}!G&?m~ahWEk7+9rpcVs!jnP$Cr&P7t4_98d6tL(*0e2nn$r?1+Q*?#)PEkj~%WA z+%`d<%k!TMY9y2Fqe)~Hil5v|vglaijxEw{)}Ji^)chQwgc`Ia8AD8(8|yL?6TM2g zwD?~bH0 zWEBOEZx~aSd^KrQFp^oiv@*FKGz(I!8`G*y2nv=p7@TZMni+M1jMXEvgx*lrw^wFJ z-XQ}uUNbo;zd+xHH6>2Na-;9nmuh7G*z&eCQ(O4(nDqqDRM_xHTzpSV!&tNR(HX=1 z_zEF!zn`_Qci0@=TV604pRapg5q@Tz@gXbS9>1~(vzmrlw833SA?w8}bO{UGUJ+)R0viNr*wWpxLAqnd zI-BSDJ?}Z!`xl%KhY#c8y7roL%{A9pV~qR0$7G1bBgeS=12{0atWZ%q}3uV-OHf=L8kmF#f%|6ilT$>mFom-4rH1kxbO}vKznjl= zRdc^ZTJry*|CeGM=-R2fd*alEf?b{6Z+2~qWA5Qb>J-b)Cqb1Z(i7I}eN2U;wp5IQK@w!O z(i^`Q+MZZBOOTzbQVg&|h^Vbha2%yuSr2NfvrnR+_>PdASR<{;KHA7y-Df4-O z;gDQnilI{i@-TTE>j>Vo?0#;^`lBNjl+DDC+`5lw_lu0(HgTflsSgiL0oC+ zfck>o2dnI9iMTFh6&7kg zebGSFca_GSr0O*3nn%PDEV$2o)JpxEacWIH^M1m>iw^2H)kq{hsTs#Fi}_7EN7am? ze_xmDQ^9b)%MHH%g}n*GYc}^mqI%Bq(5kBF!xfiA=lJt^^F_hhH*xr-68B3}xve#a zoib0Es^f)K`RZe=jZ4`}E6eAf7Jk3U{t#An=`BrFj1i1gSSls?r&r(J%*$tes+hZ5 z;wyFf7_)VNK?Gg3(Km*n=X$*QpY<@f(_8XD_F|e5F>lI*QM(>G(t~=F{&BUO9m0xl z*>n)3^stMQhGoQ19>Aj}E zA1&&pE5Yx8pyjq|OK&IGN0W`(sV9?sCL`~_f1Ia(js#IGf&$n0pz~kgk>C7p+>uDr zoPv%E2tFmU?`Y+=Vt#k#>w@pfw}VKx_?0Ie#}+zOU)mshWy9ttH>Yc-d;$H+XZ7#A z#uygQGtFlRi|1`27xWPKIj1HG|HJ#R5jdw9gNBJ&lNc7VBnZ|vCo(iEM!o3GcMO`j zXP}(>S!ZgF+@;W8F7ZLNrBoVqcRIe(n05J7cdT^^) zhtC3W{KJ2BY#Cq*?6KP6>Zxg-?|VWGI%7G5GN}c)`99xUA$zYB{^tJf4_zDxfJ{Oy z9$6NTy*Sy>I$&t`ZZP6TT*Iz9`+IAj=h|Kv>}cBw{o+5SPf6_49&sQO2NBXfVN0>n zH`tE!aw*DNJ4~b;qxHuD!v9`r4S89Ky=L7_j5K~*^-}mAPHj>@2bf~;*4?Txh1r~% z*VZDOng_|*kBPAyLenSra0g;+Li8e!=;TxiS08_qoIURRVM+1nC?xDLGgEi}8;U%D zU!!>N#{{R)5c{}Uj?Io!zC687xOI#SZ%R4(!HPFX^oAK2Y?W2$zHoRJ%WpT!QVOYb zt9O|3j&Hrm5bSfWbF;;uu^j&|&-WR?79>CJ#XGD? zg~jz3FJqE?7XE;OfmrAzx2(vHWry&c~cIY95%tyvaep+`aKjB=V|7a zE~+IAPZ3L(4EyBTgrWsXc*ca@@4gwXJb4(21qD0IR{=MHH7`hzTJj><0Qd3k3xQRP zoyBami+fL@pA{a4T!x%+?EYUX)Q)SppJ7l`vs60Z|d%Vwy0g(&z8uk*O_;+#XKe?}b1y0%v+@%(b9y9McUs|0euNvYZpokv$} zkMgAMIc{D&j&Z5#-0KHOLKYpifFPxOvGyqh*qPZuqZQ%WTNi%ioC^Qy~eFdXAfsy*P4Q$ek2^V5xLL6pl6}6IPLwclY_jW zV0W;yAcpMu)UOB0W4^5ox1A=LAy6WJ(L#cl<(Rz}?LvZY2s3}<203u+7PSmJnaf3J zc{!wp=Zu`BqVy#>LiMD$x1hQlc2(*GLwIdsmrhk2eD4|TZ9~9rfbM<4W*Cqxj zP~xWuw};Cu?@CtoZKv#o-+#tW2MCo~SJQ!5@9+wMj6{NPG%p7Cb*#t3x2=?~o8_(3 zOXHyg*cH!n1er?o_4xRxJL6?9UkTxU@=!cNt@aVq$=me^U>_x-LjGD-{W0RxF~XS6 zuX{iF=c}f^&*f<-ssB-+A%!;8))tN|NwML`mW4%qk$c-}Uwj%RPpuDu$)DsiEx8c( z2a{{m7W%TSJRZmDNmKP1wi~JUX_^|YSA}FI-ulvvbQzQ^0DDN>=MuGL7`@s!8AO?_ z$<*EQ!Gh!AST^M8u31`O1O_#}6nj#X;EmxeYx(fgtlzX;U_HP_Ntz5a-kV&Wm;OGH zVw(=zQ42Xt^TmP2rYoL-fu7pcT)Z}#ROgLts^JaU41yuQ>-Pl9M)tymb5ucf#iE!)X0S1OFvkpbQKELfNS=%R!uRHO0$5tf`ePSP9 zxH%{1`4lgd42Q1aOuE)hA4~^0J~UFs)=;)(%Ut?66kYK&)&lXQWh4cMP;jW9=LX)& z8ZdI`T7Ec|F7}t-FDg^4-zLt3p~%u=oR6=yHfUApq0GHPV!TuWk>?cJ3^lxVHS$hQ zX{fa^q3Pdc1#yxzbZLu*RxcGe!+I@zXgsNF4X%jgL=z{V`fm>afwo=*u7RL%Mn zqjo=kq@wE~Y5wX+iOoW3t2sY5c zhzc``x=6?|vL^MH-&EBRX73Bk5d*H{=l0k^Jqiy$(KVCLP0~-U_pTWvV{s;8MI_k% zku6l!bC`on56Z0PcX9+LGCsQIsFwc#2{Y`BTqBs#C|pvoO2iEA?Tnw(cgD7HWf^A@ zD0$|(r@C;d-IYX%ZR0gek*tL?$KfUS$BVW$b4IUDXX>%SVoR6JWZuz{l@r6urrVVx z54AFIxZASNlM#tACJ#+_6B$=xX1lk~&I%;3b^#qhps{ImZ{A)nq?2vQ z>JrrO$0UMHJKZiNTI7?y!fd9$Rh`MZPypE2H!vyZ56A7_77s=^Y1Z{lNY znDx9%+~fTbNhDvD52)=xbb9Wi?Zt>)-}xCMLLOFVIb6_io_f-&%3KMonFPL9UZv4{ zCkga50%BrhMN{N4T{Dp7`?M*Qy?PUxqOCl z0%HgJ>yh=tiyUXI8)fa4>Q}@1KZ*nEgGOGxVF|5_GNl}UG3X!+l^2H^&CGe^biCCQ zxjHBN_A}t6iLrChC9^6zv(Z95Dt2?uE~aBI5=JJq$}=1~>d-0VMki260d^qZTypi) zRfhq={!?ZI7Zjv#4k{m}LhPC8%?>x$3#D)k?RIc=T#P}a!P;iogX5DH>qKS!B%lr( zJ9DvGAVLxJ@$yHc;C$?KnY7peNuDPf#DGu7OX zfrPc=sXZ=Z8uN);p7J-Z=N{ME1H%KVir%cZu z-uTKBovn+51FybK)7ysDBkd6(tjy2zIxE@=A6?^|bF>bQ`jf(UbgtQP&WEwgW3+pN zIcw=L0I}82n(KLFb>sHW@h;pRDl?ibi}%mw{rRW)VxZgGWXP%v+x3Zp+9La#PsXwt)CxoK9ZC<= zy!u{{8IjTQzWH52bf9ajdqKhkz?+SgHm6uG5pIh;1XlO34}h_%8;GKwk|27`n4&jv zAFi$(lAQJ;!6e&4XCG|4EUfT`Etg|?hVFxyJ*yDuS6{nub#%LMaWpBlt28F4nH3UH z0IHzwTqi>Pqsx-#cgX-52KkL~6m|7qa1f$-xqss7KIjG27G0Iuu8GL7tbg~?-+I=; zt9$zDIAtf+XMEsJTje0^wz6$8m#H0l4QDQuu)n%V3}cfg?~CYj#~MwIECwhngQ=;P5#c2MsNhWr_z&UrmhW1IG z)dELaYV#A<56JdVpS01GZvoaz_OHizQGYG5(o^zQ=r0LlD+CtOt{R)TuM&g@R@+Rp zLMz?GMPg?dp5~=Z1DDTvT!91_)^kwmpZET$662kL^R{*>nh1@3c7hH&d%I;E+T#wN z_9`4#w?9Gg^QgwLv^YLdk@K7@5(%iubZ!{c+>U8A>Q*@RnL@;eFecdI1tATa!q#Lv zhx1KaA8*jTPv*xKMSC0=>wywswU-?N(XAFuPhJLWm(ep3`)hmgNjw#|{}51--+ya$ z#M+2-8+KV(0Q6hd5h#da$^goe=?xsUB6d4-#7}>EnB$~L)4_mkH2PQ2Dn7LSfXp?j zo^HpFzJE>=xj%#5D8=;DyQNC)!+^F|u7b!h{ zJDw7MH*-DCKcAO7m22FL_fDNfvq*m{$0&X~e{Xb1x3@BTi>hqe)W(26o2xwk+{L2y z*NT*3*9xRC4+2;(+9&i8_)|4#iUcl3ZKN{(jW6?P`2K)WJ7|cJsQ}d%dhh-&Bo;`6 zrg5Rs3dt{k83EEl`o8gLIwqtj0{jLCfV@~gPXI(R*9mmL`$|Ir!1hJM5KS|r7QhBP zoZt@-818upjBN>?0LfABPl0S#$O^jNX$rf!+7kq{HIs@_YZz}2b8p0$ZjPcP=93Vx zp0k@;z#?{|Z+I$tO0@gQ8k`OxgWJhR-Ua>hZ3GX3c=8m{m~?yw=00ag4ZeYBvr8TU z6b`?Dm&$m+k?akam-bU0@Q@fu`6tRv8A+&`h5@|60L*;Ujlf|SO;@CSsMugsH>nMf za+-Vw*NWK(o-un|gJqcM<$!jYTeoh+i&Ai;7Sc=j2!#ch89x}fJ>x1MJcAKjdy%2A zVrd^AHgzp7iqAj`6Wl`17wThfgdKy%SU)2vF_Dq1ohYucn}P`x7sbF8B)XsL7{C%C zYlQUgN#fGuUGVjg`~K;KsBTHJPg|Bo$Gt`ci4QZ7Q!Xb!dIwg^ruUY7S|6woT>FPh znsy?huIZ|zgzRiy+6kG+#y^U8-^y)FY&zTifGp6HTrqz*LN`g1R@rDM^DrfMM~V=4 zVS~&uREy{r+cT$GUW1`p|1aC)$TkZ<wk>slU{6>r2A`KBuQ3{AL!lx_?F>5dUjPn zg93&Ee^(v5`vkCW;&pf@_B~lI3AGvS+{QY8{rV*19k%d_)D{)55lo1NIN>p|z$@-VI4Bx#4MNWjjC3nAV>fp*cjAa_WC^Td z={+NFrXm-MH({j{`xUZa8f_0Kp?{nM7Z=0=I!|Gs0aZFw))AEoo_n=&@Pe2m+5N>e zp;alG_h1h9Cm9b0LeBWU#bU!q&S7?4;q2~4G>gi0UN9*!XlMrx$=kEc2>!K2QYdO7 zN=(o0@n3%a9Rx(%dkNs7i~>p&v7ra??!~M05`nde(qu)99SS9zC{^0Rb5-JPUy2`Z z|D?3JVa^K}P?M*?Gjo5(@w?qP3beNc6I-;v(#xu#l@VMXR^nfM_rU@0^(xhH|TsMF1?! zrY8*d?1bfmS+M&pV=<_I&$AGz{tEujF#Y`U{u2Bg%jOTV+H-CTXqP<%vof0=qo=<* zbf-!naeL8*kK@UOBvuP18V7WL-ypTV%YV55GbKF*1m;;Ym#TV#sPEfI{hy(GD(r~= zkr+UkeQTMo5eB6G@6bK|Z|L50{3mqds*N zCW0g_blDpAwjC>{zt2>~JMCQEUbk8Nd^_D!Jrnmd9#Wog0G-vUyi~ZlRsBw`8SwJ< zrSt^@ZxdjC2>FG5Jt#+G?Io&nIAML&P{oA!tkHKPW!cnccl1OD^fes9wSuKt^ zMmnG9Ue~(F9v+6~#&60WtnKP;H3yA=%mpgfnmQCuyw@ZF_o|>u?mp;DN}(<2>gGh_ zYW>7pMEWBv{OHBkS6R#k=HKJL?4|`+4LrYnc{y?8l@H(Aedj4T;8D1hCL{*o39|L# zUqK;uClre_59<7Y8Y8J(b8se4wOj7w&lrAskq&ckqJ$-9?oo-}E@GeXqG+4#^qzSp z-`xEVGi?k@Y4a%}24CPS)x8z-fv+GrBH!91AYyQt>JPL$rwwi^pS@DxS_q?zK!zM` zL6;m)QP>dH(9$I&{&Dd{Gp3j&-&`4 zIlE=ORVUFF*qS=38BeIC73)@F7IHiP{liTv*&J#=pxBd(F70;wtS<0Mb;aCra;?Oz zZqzSdAc&izq4cdv|Kvxk#y88o!nJkyPh~U`a1G=#ed%@@bN1{v!gc# z>EvHO%TyOlvDu-#Cjzs#zp3x?@|_bF@)7)Wny8%rTPLL>!RAXWpU*0lGWu1kC`qEt za#J(%d_NO1IC9!P4WmJFSnhprU9q$rBlj_BrTD(!d899WGhb~PtMN{tt>81kLAd*6 z1s&M`kTZPf_5s`sEEQSz^X3X}3p2HrfNmLH9C=rLH%mzi^;|(nRf2!6nkcBZzv4*s zyA4X(Q->CQG5)zg`i%Z!_iTL=KGJN=up;WbVrpLFZAtP~BK)#s0daD=XLxbB(2ZPL zx6$?Mp!WIdJhTAEVa;tSojTco@#V7d+-y(OdM${9oG-p=jh3wBYF7O;jII7V^Rw_- zN@46u2g6pMt@Dr>Q6o&Z@@{*EI8H2x?t|lJ zr}GCB((OU5GXBjOm+{mnG{Kj}WSG5dNiW?9g@CO-^Kq^)42r(-^Eqjmr25KH=XP^q zT!Q&?=ojL${=<30Rr`=RH+KG#*@=A%Yj<@r?Zw^>_e%3$?;+?X=8L_V-mT{)1brJa zUOf*PD7CJ*GH>TW9oe5Ggl(&yLzXm+IcLPgTlD{Kz~`k615!sBdQh8AC_g_@TXi7C=JsV#iSN*I+JY|qc6Hj!S~>N8ynh@P;RK8@_0ZB=!Y}drgQFutd&+S8llAqsKabufyY=Nh$=4OzeO|gT zIMOt_Yn(q;M$bX~304k6DVewOoppbic=F{-to_pT*2T@hbt|vXn?jk6OvBGVbNOhR z*evm zJYRo1t_fXyH(r7m*W2kcfADhV* zB6vBqBAITJp()TBTx*wjn)DujD!M2CDIL_nFL5Kor}N6;;GvQYqzF!im!4lAoc^~^ zUJ2(~@}2S~Ml}|R{OGFw-Xn^KL~D3FAA3pdEY)8>(^y~q4`*h&b(R-qK0Y~kW=NdbPCGvG@v_9vY7&)7lqOjHD-MN8 z+TRY{NRx+0@bga0x@FRcs*TKTDjcp{F@S7e z=+zrg)l6gq_An4Gzq|{C@ap3M93+e=hKEzYN2@}TYGT}-i>{w1%cCZ4|}S+yEMq*e3^Hn=fFyXEx;FO8fOnmL;lST_(yy&`q}pUKDa|CdS<${R`VSrkQaUpLaE*Dot*nE$wt;|bBPsUekXc#-F-!bd#LmVcr z8nDsz-~P~M#$&Y7QOp$P zCV%}b%#A64MQ0mum^^B@BSriufkN3tBt+3h64f;GLZx&i>=qfT1G!iE^4ION3b+4E zttIJiRJ=0MLL(Tdm2&1cgM|GVfo&E=oMHR# z+$q%ZDFb98s}?nwS7Ag{@q|X5m`$r#5k*)XG^pU6%3#3!lrK zkM$dp5+8>O4TIHfBaw#OTLZ{yMV7|^)Hj%!y>mtZ^KEuEKE*Lx9+rRo@soR4(w?-b z6g!sMq9T8o_q8-15$UY|;qUtN4R+WP`c>%zSVJ4;9R2#E9IRyg? z|7ijSRx}Hn01QxN@61DjS~uGOLvD)xe;v!RGh10Z7#rt0HXozVC@YLWwKVuYV`GS3 zc>F&L|L!^G3Vb;NCndUGgW;`cuhQ>~!riVW##__`&=T&)bBMmjGQc}QJ_abVsG%(D z3CSfbqLEDco$0p>=smrw_7S=2A;+LEXm^5iqTPvrKNIav6#PGA-e6*_v>};y!7s>P zuOg1tfh|Iub%2e85dr!IoJ|6Af$YaF+ay(uzk%>oK>PsQ`T_xd##{{rynN|Gfd$Lx z0zlvd+=YO&oxyXZa`?#5qO;Tu_zu}3a{Cg#JVM5g>Kezm19(?QQ_bM;?sb&k3$kgq zmw1gf0w95QlkcMj=H#z*ko zM?ec-;lty90GF@U=fH`_cQ<}B<_BImQt(cZ4CO#pX@b`5-o zXi;cHONhKfw9kM$M0>n)hiDf;cZl}V4UK5EfqxL~Bh~){(cS`lse_vcK9VjkII|hY z`^bm6t~O9?N4)VJtHbzu0rmLv*FlCMd-pYm;E#XgXhgK8taofU3os9Jb(p;1<6He` zcqn7%9Fr<|O}XQXedeD^EDL|fcXAFQMG2wVhvx^Uz{@ckWLi`k79ix#>;WG_(C$O; z<%1&x-xAZHsB6M-f1`*TJ4w%BsC-bnTH1vsyxvEo^ZjtS2~fAeY#&HjMldd3S}Shj zB<7IoHcTe1uUHZ}(m8y+82apZG?!pG+J+JTjH6BQW3HCrMZ;~Spc09h<5Hit2xK7m zsl0X3w+6j*>h3wI?O;2%{MH+tFKmLqtHf?H0Avnm<8dChbsR9SPUC-qKOju#&yX3VJB=r{kR(P7$qFjpte&T zhEo3@qxg>PWFJtyo_T~YWCQZk*{&c-i9FZU0ciIYJD-UXeP+RcLbH^S-H?b?hy(=S zNQt#U=0>sfgFn5Cwrk?5u?$1e7y`^|mI}v~IcO})@e8b>xPEGRkL_++hxu0U`Ap~h ztk$)&A~HT2{HYsU+>Zha%3oK90W`0G6H(Fm${+h5nWC*G@cw`$EIm(hOVPAoLR4E3 zhU!_2U}SAlRVbyajBtnV^CuYAF_QledH&ykJjW^sK#!??c)L+f_jM-T1vFe#6SAK% z(+_z5|LebglTfC=0=p<|EIW3dr`zmLO^H_daH$jTwGk-diGL(212>L_Fw*5m+jCpZ zr(@gI_KdvzNrGW>iBvu4OWG|VT{+3^I|us&-1<_Xn!J!Ilp33Gh~nnO&C2L!g`E{R z_Zm6}BPAaKSyg|+fDAOB49P+B$>(k}!CxN1C3Df;DRy`U&$RGX!!S_(*vImy1iaO% z=wG*tTx(zkPGDiG!ee)Z@p{E}21RWC3=TmPd0+;1V8OPKkg zm*}*qToeB)%N=rMu|5kP+qoN8h0JAAIs{nJbnyzBF3tx-XpjMDx_EXa5{i0MJVJ3q1dm!#_Z9j>;vob6n)8 zU)_N!re(FeJz+X~^j)2np4fm>)<9H#5NM~rOA_d7xRg9f;L6Wc0!^gg5aB zOok@ez*p{Ql5KxwRhRUXj}btdM0(Y1G|7e(#Ri&o(CUb4B0P7X{}p28lMrn_Kze&r ztpq%9b0xjxvjYAziA(Bq@PEftZ=M30DKR~F!D|&bTsvG^`vGQN%6Lz9TK&v)2dsMQ zMunGzFI4A*Zpk{Rv z2+SA;qWkyG80hIER~fEM)` zN1QaQ#;c@w?k23pTMVjTB;aBP6G;PoeV~X{ki-F60l5a$&=lN>>`lBT?Wa`+Vq&1V z<-tlEs#)9^3mk_D_I|}-1tPuNkW(ds^KqgC(g9U*D45Xp6saOe8VT%3&ypZE%GVf> zY!32ZsleO9I-e^_)XuP@>Sdu8rumMFeRFOWf=Yk>$Epfg51n6Cd`VWY;LTPy@}==Q ztPw~`3V`Yw>6ZBJ7R>QD8fdcFq_~dHYC@|L!+WBH^ms^t_onVSt5`O6aeKg;I#yx8`;8uw5a`LpvjjjQZx_1 zNloko@DTBxK-9kSn_)ob1k8919)*L$36#Fvfbi#HfF{Sc%-5h$0N!v6&aZqa4=|sD z{xh}C(N=)UZvf{E95Z?b$hXMfvCfYXkoE<%j&N(4tZ*h82Dlaj`FGV%ZtWS$m%|eM zUKCm6P?lkY6q07qNZoUY(e2#|Ljl+#z?H_1mRXrRZopZ0NeY5@m!u#g7e8Rf5cXRJ z27odWFf73P-^CZ$)zFLUFqcv8R?CnM0dCdhO+eHA{r6D}ImJW9oSZ1FBhjoHuy?8i z_SQ8Hi#E`-ilQdX1HyIDPWZ6^U1r`nNl6p3ss((%iW@(9<%vAvMeAa9-?4)D9AOMv z=i=;(KmB%1{kr!h6{ynYt@28F7oy(Fp6|`qj=F<;@VX$JIyN&^8<;b_3lpQQfRU~j&Y-cY zkqx#IR$G*}Vo3V+(^_pd5PRtYh8niE*>NpP0gY~b@#oI+vOHfNW-c(6?Wm^qXz1^N8zvqRZ?unfmmxgNfQYUFjhoBI@k3Thq`PSw?4VD z#TqMh!kWH`LvCQ5m$6Yu{_tum^>^+2km~Z=tBNPP$(Btdz3k&O$|pHEMXIoPUcdGz z=lwUwv>oS43LaR;vE)7u7`^lwc}RQdtFemE{%@~?(ScvR>IiiDTM*sS^QaG1U9+(u zMr}6b-~LmxNe73I?=zvgveu6|E)BRBv9Icu7|t^<-qt}F|GuntjR7fEeONyJ+%P8fPaG9(w-eRf{K_{!j=tQK zzFqa>*)}r5C`ZoqWO3d5oB^J5W*4CF;;^%^nWiD=plI6puCFcY=bx8XzfQk-{D=y= z6bnn3i@S8{*OMQS-5X9X5tsUrFHV9_2QMXOnkB`C@r0yHZS)z$$ptbA6G!aT_D`2+N`VPW3pRyRWcuE%(Q zFv-axaODa&&&6}O#NHfyr~5Ye)EIrJ;+WDQ;QeRWY|H}$72`6ae7-h2U6RmKfWw+t z>tU42Q*ME6p#N)d=qM1214CF=B*4J~cqf2Y9twBRZ~=Gg<%oB+UgM1VIU?M$p4|?SMjq}wu5Aq=F^u5?Il_gQRSXbi7Ng*pLBv< zY=OvgY;ttlNZI>r02YnR4cngtpmG&-%bjf6VV-11vOSWIP97?5R@#)`fQs1i?hxeu zCOB>Ic?KHIS0aG0tiC9=r|8|9ImIULo@bE>iPCzyP8M~I&4m7!g~N0X_~&r|{cz79 zz>?D-3SC3HtO2m6?~We!v1zvzp1QW*YmY$TqBm_ETtC~i2M*^=g0G;n8w&i!Jb5-Y zWmapS%mJ-2?c%d*14H%Z0HJ>3vnzl!u^9#arHM+E!u&lxjYPkv#wPFl!8|&j*Jb z9l2ZAr2r^w=uYL=`iGQwgn$W*vV_44>-1BZ@*wS4NF?@?k2?pi!TBEG`P^;e8YIuZ zZR^N!#($VJi&&DK>3QN7@Cq1_fZQm&;7Ue@U`w!vJbbYV?ZJN`=ixEbuZ+`GQ&07x z<-1_|z<4N3+YM!&)MtFIfNu7EH<%|AXRM%{;Igqv3UcM=^eP7R{Nb#g4PuK}sbY;m zQc@#IH4>19?sMR9-4L{DkLEev=OI*xX>)?nNfkjg8|S7RNc18j?}>HZ6KSUu{wMew z9&W5(k(8wWj^uotvjRMJTn7Y5qPxN8^c#5BCsUpAwD$J$fl`6%g(~-s`2LPD*D+GZ zqkemL(MyM-7WMlc;XI7>T6B1Kn7y%M{HF;+?5)KF!fdm5Ch`5HrRs4ZFXpA?_jKP6 zz)Q-1#Pxr5(nd&cyA?|O(Ykf%z(Jl)Jc-78?YO=KGO7?s(&oakrv!p4ea1!A^NybH zdf5kclf+d*@$;T&{dWq(W$>@65l_aHg^d?7);{6{|2#R1bGxO^(9RX92wE6zh34nv z3THK7ZQ&%JTz>Q2-@Q8?^P$V%Cj{d;zU&u_=V0pK?GTN&3-l68cro`NQU>130AKRy zCVWNFrUU_%HW%-}JP~@KhX40Vo($Tk7LdB3i1AUA|1&+ka**r>7232nG4z{{X&wW_YdutZ?vM-iAsqq4V~-eGe_!LV=95 zE!w5Az<)`LfZ~`lwEnNl_;2dAuh)3~(>xm4)1&nhEjuTyYMEofz?49B5?{g%h$MOl zAj(EChkyzl_fRCDd(O;{{|ZH8GR2@&?xSZD1Ad-^a@pX(0J@eZMU|AG&dltHn(V=- z$1%X}CZLxhsB{j(_xpeCw7N7w&fP;^(57U?u9_J782u0zt$^s@%KN8wEN zCifw2&JPfAJhG(*e{RV`e5(y3n>+NSW@V5m3Fh+@1VL|;(KCNp{4R8H|vaAd-g}1mZgvv zEKti3b0zd(7xI?T40=tvgo^D&KMyt_Wa;q%kki{lh@t~13fB7|{J_lI3OC%+&Vm0e&v_A2p1ee~e;KY{S2^p?7Ds4antt)sKw- z*IP`{-f|^W8Wwh=mY$0?Huj_+Q1N$nMqj(L34Tlv1|*`pMSw;ApCp%TR%l<@hyIv; zwiZNs$o8L^YgcRn3Tr@M!fwFx2H+zf+(fA`)#3nNP;`8Zgj26g_hj*dDoITNh1!3v z;*`9A7;z;1E3pe9iZhog(GvS%3FFuW=x#Up(e-}|U^x2a2=XPd83FzD18 zbO`G;nKj)mG5GZtY<3BAtGUj7Zq9K>mf-EY(g~qQNmTc(9H14-e#=N%4gH6DF0+IEC>``J%-H z(5EO7Tf6EZa6W-83<(V^mfeRaD#DesaymH*S6@m5uBO~|nW*kTy}(7E#y-?P-1lW` zdy8?^R{e2dAe>rSTK4q%w2L6AGLn1q1Q%WT{v0~=JL?D<`<_EgGcqwhq6BuIaDFG6hGE%l z$eKaj9r9S5^ToP21YPLm$W|qp(5nD#h=cILhxT=zBRbB8jEoa;%{M98wKl!h z?Dh=gv{2$lQD_o}PskucaH8xsPnGP4;yddjYz8A_gd$G>9ehZSgG5!*K0sdN$1A};f*M7Q(Zh0y} zz@%rz-{0G=1AoUm$oTUW{~)9PiCXf_zgOQtRAD)A;O0$YAet&ccX3^2@8aELB;0ZeIM4QM}Z+lWhi|nP~Zl3$}z>A@IBFsWm;$y?TxAd`XAqAC9((AI$Nf zMHMXcTAm{LQp`{Q$2tI_R!acrwri(&U%i3Qoy~Egn@{dmD~qg7roXiuOv4An(J>r+ znSo$V%AH z@$ouWoX+@c1>haR*?dhLPHK$)1o=2H#&1PG>~gB^J*S-PxfO1xV2St29*&zNG8hX` zxYatRF|jH1En?KYcQE%N)lU1BUujYKs!~?X$X9C_dB;KbFpHqHZcF;J_c4~ff(Nf; zYB7RV-`ie4huQWQm#@0nS8!mU#squHv0fPRfY$m_u|oxadzpNl{@p*v+}$NbP$fMx zj_VljYlhRQWj{;ju(4z*w0|pJ%WI~U1r@T0P*?E=CUuj=H}@e_rd`wa+0UQL1YGwG z=c`P#oH-zW>ypKAo)v8A#V{<}Mk6mdg;$W^eNpC14+26VPsfb4~QO-hL zYUDj+8XPHt{0H#7W*$GJbbjcwE`Qz_>23)>DKF$8h>2O&F#x1#21rW^tpSz3z@qZt(ecm9w@`Fjd4Jh^jNeg?@T2)oB*Ry) z#wwjipbIP(R1Xa()lLd5l%@y}= zx*3coUoH%LZ`-a)WPUSdz3ZuqBlsjf>SR!?(pK?0%VsdPO@E~F0g5h%gCS+t`m#Bh zBQ8e&n-R?u+lVd3FB~ar3Hj=*pNn_ts^;m~YR)*w4Ok8HhFHJ7SG50JI;iu_sNzQk zb84|*A=XR!l=wNT#C1VC&R&%Ny8_LNAZHu;kr_R5wsHJ+t`hsZUZnRi`99MO&qZi^Fc(3zMu78^^94%Oq2HqOj(X za6GJ)87Z>|!8qIbs_Z`VcXVoNB%vdsG5;v7;qv9dFLNrj4$^IFi|5K@7W(0>R{S5)!IqIHFYP|MVizn(J)J$o z)LiJ3*fKOfYlSB9HU~rs^T@KF{Ss=c1pEw!lqaqtT|HA$nUYiRLFM1ehKXTiD>kBr zd5i1y-@99SO=v$nfmFV1y)s6+1!(H-R5L{X%xA4-#s{OUjffKC!B`N0_c6if8AIkZ zSWP)e3=nV~>D*utvLV3EMj0v0KLm4wZWvJSxBEBt`)pZp8Ib2}kEp6cmRlR$*^d;S z!ghyKti8AnXnF(6KHTFqx7Qa--88t?%V~xQ*jrt~q*o?mC^mlc2W))hbDARGP^y!# zZd(XOYX!n?lr^^S^j~pP2U_2gAc(<{h7bwQ`u5C2!9eo&#y6wa%!L zek9a}CHltlNW5zTLc;HU*@Rucg5VE2&b@6H+z>c3WyZ>93qn?ooCWQ0n8XPxMdo6= z{2X*VP|kg4>U+?xp!8~(D5ia0tu9ul3K3=RGdg9qK#0*+O21Q>F{(>7bm>ju{bS|5 z@-;Z5lZ!J!IkSo4pa60h{~)HKE%SRqcWwq}8H+V!EZAD#uAe0Emd;A~MpZ!Y$~Xr;CckJ>MotPzk`tfA**KQjzoY+NEY7oyZiFYd z*Q{>}E)Znu>(6eW#R>sGH@5-sw=)ew^CM#h|5p?D;ZN1${{h@qWaW~PoskgNEJU(G zm+UQ@F0M^vhvM2Jo5;xM;<{#BGP74MZsz^i**osNzuV{c{f$53oX0t@_v`u6ai;nz zDTP123zXI069Y@fFFL;gp&vq&Ggip?hn{!)oh>M_4&T?&67BE&6`zBu~?K0gPhAb(A9*TJG~H#oQFGgLYO`C2VNAYAb;t3Wi$f9kI=W zof;AJz=nPhu|;w5(Y9suJVWm8z1S&`4a+C~(RHz7uDJSpH(Y*M+w}T?C>LcrRq_Kq zted67;X#(%s&gyrIoe8!Ssg2zZ@05~@KYjqKA{VRC?K60vlAYNDHMTB+Y`QHze&CY z2y?ZL?BqJZmU>`vz%*?4VGj0}@cMIeE@1T<$sC=AY?FvD4#aNTWV$traKn7>XPA~S zoxP*7XsdWfy-mjK!?)s#uXquZ0AYb+%$00P?qaNSKkO)-aGTn2&8a4&lj!rXOMt!p zRn@DAg%)OmyN0IOg{~)EY!|npzwGVPn%RS$9}WK_+(r17)$550-N_Wke`xFH(Txka488ns4NgP{==_-5y|)4~aW z-w!7-c^dTeZzW~M$L-XF6o(UZ^h-1+-|`*YN@Y^gnfpO%l!q*6M3FENxIaO9H&2yo!Ql@`UVE5%yYjO?aTNRG*oozNYoWxR$udRZu4v z#9G0n1eJQtkaw=!3Z%`hzclSs{JC8~^wVn4Hz7Q9@pO~R7H4CxJf9y5|7b*T<*t8A zXpvXf z<#0vu%th$nhssgk@{+}I-Co}vv;Q{LQd#RsT>iyt6y-~gf6gdeX*TiG9y3^pMT?qB zTtHVicR?kO2o2Gzuy%ZSpT03uCrc%Fnwh-VDJg3Nl#CPbTs8ap0XEghDYT zAJizVHQqWYYT(p$K(bwHHq;@|{Bb?pQMJ~=(7$+2u{m#ms@|n%KgGhrtd<)N9gji6 z(6y-Fi;dfyBk%cW(t<7=o(kAQPr0#2siAKsjEuw>fUCs-hljF)MmIm<07a9nHbavagqdbpJxU$Ku^tH+l`y=mzAL_nu zJ8!aZi<>dg0;XS+dXRlbI+{!dd5UKJc_n@$ zyU3^{g&vssoe5v}t9&4+E5M*s9U(RTUlToV)F1gjCK`arrRs>Xa^e`=resb68$NCT*Ug6q=>dJbXWNfx|?TfXoJh+GfhM|nMI6N5*-KM53_h@uM8%B`svkF zVC4Gv*DZ_e(Mcx-_-fzgpWGZy7<*Y6dwJWJkMe>f`}s@aYQ9mSit6H!&071%m-J4T zM-vZ06Xte97q&eGGk8zY`wDz=EUl2*o?5)z6tUgFR436D%ydwG7isrN^CIlS`;Rc~ zkA*`cmir^ho6HRxP*=(Z`g%(M^p0-)@q*MLtxx2qv9KP;)*hub1)@ zux-W5SlzI2e4!h__KI~^4Ll*brD90(!dsSQ1_FR$w;B=)z}3iwYrOPgxMPno&)Ml1K*7N(|czVB?m95 zHnYiF2@4{`Mh;4E+r&=T)Gyi}1-o*nhuy3Mj+sAro%Z0G8})|)y9|f7T>g`gzf8IIt2=hB zFXzUJp^}}Wi^*(iWfJ`*ey$Pm{#`oDG17~22XT#O+A2QA*?h_q#1S5F!dVKEgC3Tp z!GF(W4{tO|T~p@nw10FqkIY9OCCM~lAXYS%It0M7 z_H!$0$%nD)&jM+XD;Ah!!1%unbzorKxIU4Ra=8baQq39Us8 zKts^NRYj(5(C<~*o>_7TS8D;u!b=^N^Xoq^8=b$-^BfgXN;f5uruxh@^=rjd^U`YB z&EjKD&tBt@L%nfmoZtqb2f~cQpL?8xqy=e~#z;i^!P&LtvhxCQGOFgI%il)F-6;Le zz$A5aBk_>OF@2~oEN~WlffsAL4x3{78zSF6!E>#s^wOHxC9(zflFwP^s7jpJM8{QP zQLCFFQ-4JmA)X6cvx^{>64$$>(epR zLW1&g?`H5Km98TZLDN!%vkK}`$!eGpr^~Byjc3H;7yl%|1U#a!k_45xrM37K?;Aag zzxjjx0Poq)GmGp_=Ef3=B+gpNI0L}$G~WBe-_~+*46>1I3m-HGQ_KRw2co*1u;mZ< zW${&d_s+t2S6gr}_9b}W{^sS|zT4hQqwl|Z0V|~0tN@crc}rS$-RrCJ+~ue{d|}h=EtpshRF4e! z&lp+g{hZS7(R$C;$4jp``i+{7PdQD%a1?u7g_;vh`~4XjazCfBDvQm!VM18pqvsLa z?_k`**Q_WU(xC@%<$k7~qRPyE3=7JU-+iT#0C z!B93smc-F7WxmJ#iTc5c{hoLGYVBe{n&rG1A=mkp!YqsQU+liLv}oB z7Q+D))^A2Z^O;yeE6FlBDTj2J48OdYrn{_TxlVP=WtMMFt1W7uPc5OI%4(bH~y3A}5u*@r@s8jo%@me&L?m?RiX+wD*u zYP*-&G0%yYQMx!$L5GACw&@yDej*fU7p(~6g4DAe>s1&Vr(ZW}C*2&2Eo&L2cBnHM z##r1B-%9EgJj@2Yz+h1q zeZV|;lHLN#(Bt=_%q17*7C=esiMI8!O79p1Dw#Wh@ZUX3LYa4>J2E^tnn`bj6eRc@hJ#1i8W*9{`cDuO;*G6-YFp=nHv;Lf?foqg3YQ z`#1!~0xWk}Y25hfpt<^?mklw;^$89#^P3qY$~h9G>hz!aCqG9dNr0U?Ip#BIPJG@| zz{%hr?Fb8shu?J+&Wfz-UeOiVu67c;S3MXJzmY-{ta){N1ZWcd;RnYriSVp4J)sQG zn6uijXFc}RE|98hXrF3B!Bj`-@M=L*w^~I(NlL9buu5@=CP?IfcUaTTX)ww0_icx$ z0u1-Jdoqfz3$m+H{fR{$e0MaC&^4;%5d&Ca`VlMjl!bRWo?37_Xw*xMfLgZtE(dOe z2y0JidsNDqitI0&nlEeC_p$le^AJ`S*ASU%5;a$_ea-E??VYPn0~fKt4m6K46DD~D zo+Hswd|;#^`iqDwrH#^M*f@$;HZAa_(Rg(PyG&>Urxw6@=krgO#;Y0}cKJWu8e(m= zk!Qs%D#8FN7ptkNFc0gQ@4a1v^!?v&w938)J46GBPCXc%EBz(JvsM}SjAvfz12Ra8 z4BEEBM(J8dtT)OmAZHZQ%Vp@emKQ1AS6p$uwlAr|9|mkFih@kmc2?@?hBO-N{&7ED zazlZ{a!AvWG%#~F0W`V^ksIH!RIn47O5NoRbNWjVr;XT z2j?R!cHvKVSF5MoPnB#uTqGKVFujN241KAhw-YyJ;2RXZP49f#xxCJQJaa}-n*wa! zEeOJzI^IwVt>u)V5ZW-P0DT@= z&qPt<4*&M4y$71DBCwdB6uJrmnz;|U*~A^*^1ye_6T^fj8m-@|`@%Q`OUf`BuP=FG zOT7D(V!Cp_e6kBT-BJtfd`cWM-Z^_1yC8Fm9T~zmp`#u{{d|d=ADk~ZGh{5r}T0QF`qZ7;z8n3G1nU!6VeRU*xAaYtPgm#I^1a_u1%LK y>|Hayt``9@;9bI(J#hRU22vlu?%Q19WEpr>L#-~6#DuL}JdM#Z579Ik(SHG&p4LzR literal 0 HcmV?d00001 diff --git a/packages/vault-init-0.1.0.tgz b/packages/vault-init-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b73f9a2bbcb072831430c9560c21024c6f3d380b GIT binary patch literal 3469 zcmV;84RZ1yiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI_RZ`(MN@89|qb50)gFzz@AGSo1!{~!qJ|3P>uzrcJ1-!3WIh^GrZkZ+g70ptF5KTF zk(6GeR8;T~##UT1@VkEC{b=Ez(~FAzj|t0A{Rsf@fc@|6?sx0=DU5+~Enp%t2^y1>5sk|CJc$+-4n@Xw2wl&k2^nJO0Z2@RqFTsF2yr?ToZPBT z1y%skjIo|zG@68Pz;4Mzc>o)5K1L~NY}y|oSbCtz5N=08A;h_y)O~gkR^pxSfhin9 zEARtp zX8b^%32qA1vp*`7A#`(AtTs&x&i@{=Olg!SJ!3dR>JZ)qo=5pmqOwdOH%1$WFd$4B zsu3efofV2|>O|A>&D`_*RCIEBzO5SqA5wnTSWq+7CXuCWgfR3+LTSs1QHXg7oprYH zjwC5VpNWVt`yC)9dXyJ-6--75oq3Kca%E*dG1U{~j{Dr6BBL7StkZTw8h$WQ65_{}~}unYBHMkw_Bcu^rZ0fU-PI=IAu9ZO6M7z>tg) zw83CvFgOxiMO0*tt!N~S=@`&9BR*3oeFxZtDFKuli&3Zyt2}c5QY$lTKyZU_R0?i1 zq~Mn75iqJX%ZFCM%3DxbG&0S9pq!fS^o?OoLm%7>OZ zqudlB@#jq0?}=%EV}wc(IeBa4mzW4EJwlX8Hi5n*RyPBU5?+?7e(C2#6I%9BlxEf{ zlKefv#5$Gk*1Hch7xDKD)w(r2M#soesh$*lYhfd;)1Oeg;aDAr&d|(f&saA7>RO&b zUKJ5W`LNMQ6Ur}~3suH_0wm$QZ;BEf5$vU9k^V z*3~7w4LFEnYQ7K#W5Kcnl^H~)cSNSsOv4eTOiXN#$2c(F+IrT!u(h}iXy+h25W+J` zcE%Ta&aA4Ym`vPT{z;^+@j?kr9DOh@I{Tv*)IiP=UD7< z5#uE?jI@x>eQ3dqOLDOJ>u;V%2Da^q{rsZ?zdTjq|9N!QIXk~PzV!8-ew;QQi2t{@ zxA$xD|8CIjKF9x0k-9$ogbtr86Lt7_aSHv3aT7d`rWAq!bHZa4dedne=m7j{H)SlG ze-2VGo7obQ@FBvc@tY97Un*_=sVNIkmiDcGcew@#r&H6=X1%Uvri_|S!T8eIEbMfq zQ`eNG3$xjD>WGysxT0SDktsB7M1pHVxq{Z2h_NT6Zp~TFgDT%dRE{3r8L)=4^P}TW zz4ME!_nWVbV~jL|A!=y14UVXkLo2Q9sI8eXeKXtxXKht_o3noe_Dd_{STcTn^;tEjRtLMzb(OvU#r zv{`EM?Q%uRl{OlCUvJPTYNdT8s7XvTv9xn-I{6OI&#n$m&Wt8-K#($qi$WoNb*Xd&{1wR!3?QHGT zdE*`5rFONUwlHVc3ViQPCr4&GcWT1Ec3HqKV)$+=(ZXDT*wrOZ_+lnaJc7M#`$&_^ zY%rjA&}z485t?TiJap@RWZr`DU=#Q~Ba99x#s*p}>%R9hI@-3pHZ2%26!bA728onN zu(E6A1RhXiu>vB|Eg@jOq)8RL>QAgPj?OMkSrY&lkbLcXCj*cUsvMEI!*WZ@Ze>!# zEoIEa9GNnFDifz_M{NCj3tFFAUvEevNd$LHs(YDqMI4tSWQngv9m{yQ zDyq!I@?FD?MO3~(a+(wOE2Act^B9M=K9dFSN;!K#}^XRF|8 zv6!Fl+tl2|s|V&LuUC=dRXHoTP!MkA4@>ifMgmK=|D%2KQ>MoF&%Cx3X-mPd-KRXJ zeE1#b0v?F}x$IcM>r4m(D~23?XBAU ze{XkZ>ly!_B7Fn?e>d>|O%Xq1XtB4zd&_>?9g!(dBG|lC#A^P~!8?q+@|cPFGDg|Y z%evUuJ`Pdae@2ylB2;d)|6+Chk&c2sWdFN+b^G7l51#jbpCm1u|1PXNAN9?K{_uuU z&A#o_u%Qy0F9Li4PI-)6!;Y!0QjE&;YYp2)<*tw2oG6Ztx#KhUY%jTOK6l)uSDv-W zPmM{TMI=}VSBJek&k3CuD(3X}OSQbjQIqaR_xNJE&;Ijef$xTa2mOC{yJr9UTf5uO z_Wu-Vt#uo>dbJuTiV4Wtc(HOS@}0=xs@Q{!Dird#of_@G%xr%a{Xg6Ow|17!f9-d>!L$88MXH*0pXg{*#`^y) z`VAJnI5r;3)%QtsBL;(0n$SfTUj5)Kuo$MU#VUg)Rk`_AH~p@R6;{tqmh|9~qA^B9 z`c!Eu+-&4CMmmI+J+s=nhwj7kmT#TAxC<`F9Xpo^@QhS?Kd2f7mn|g2jKDqJU_&PDqLeio4=6}5nxF(W{Ou@;~vGV*> v3gg>7pT