Add helm charts

Author: daniel-va

k8s/.gitignore

@@ -0,0 +1,2 @@
+values-*.yaml
+secrets-*.yaml

k8s/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

k8s/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: swissgeol-viewer
+description:
+type: application
+version: 1.0.0
+appVersion: 1.0.0

k8s/README.md

@@ -0,0 +1,4 @@
+# swissgeol Viewer: Kubernetes Deploymnet
+This directory contains the [Helm](https://helm.sh/) charts used to deploy the Viewer application to Kubernetes.
+
+## Making Changes

k8s/secrets.template.yaml

@@ -0,0 +1,11 @@
+# Template for secret values used by the Helm files.
+
+# Note that every secret needs to be nested below this `secret` key
+# so that we can properly encode them in template/secrets.yaml.
+secrets:
+  # Database
+  database_password:
+
+  # S3
+  s3_access_key:
+  s3_secret_key:

k8s/templates/NOTES.txt

@@ -0,0 +1 @@
+*** {{ .Chart.Name }} is successfully installed ***

k8s/templates/deployment.api.yaml

@@ -0,0 +1,90 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-api
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    keel.sh/policy: force
+    keel.sh/match-tag: 'true'
+    keel.sh/trigger: poll
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-api
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-api
+    spec:
+      containers:
+      - name: {{ .Release.Name }}-api
+        image: {{ .Values.docker.api_image }}
+        imagePullPolicy: Always
+        ports:
+          - containerPort: 3000
+        livenessProbe:
+          httpGet:
+            path: /api/health_check
+            port: http
+        readinessProbe:
+          httpGet:
+            path: /api/health_check
+            port: http
+        env:
+          - name: APP_PORT
+            value: '3000'
+          - name: ENV
+            value: prod
+
+          # Database
+          - name: PGHOST
+            value: {{ .Values.database.host }}
+          - name: PGPORT
+            value: {{ .Values.database.port }}
+          - name: PGDATABASE
+            value: {{ .Values.database.name }}
+          - name: PGUSER
+            value: {{ .Values.database.user }}
+          - name: PGPASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Release.Name }}-secrets
+                key: database_password
+
+          # S3
+          - name: S3_ENDPOINT
+            value: {{ .Values.s3.endpoint }}
+          - name: S3_AWS_REGION
+            value: {{ .Values.s3.region }}
+          - name: S3_BUCKET
+            value: {{ .Values.s3.bucket }}
+          - name: PROJECTS_S3_BUCKET
+            value: {{ .Values.s3.project_bucket }}
+          - name: AWS_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Release.Name }}-secrets
+                key: s3_access_key
+          - name: AWS_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Release.Name }}-secrets
+                key: s3_secret_key
+
+          # Cognito
+          - name: COGNITO_AWS_REGION
+            value: {{ .Values.cognito.region }}
+          - name: COGNITO_CLIENT_ID
+            value: {{ .Values.cognito.client_id }}
+          - name: COGNITO_POOL_ID
+            value: {{ .Values.cognito.pool_id }}
+          - name: COGNITO_IDENTITY_POOL_ID
+            value: {{ .Values.cognito.identity_pool_id }}
+
+          # ION
+          - name: ION_DEFAULT_ACCESS_TOKEN
+            value: {{ .Values.ion.default_access_token }}
+
+      imagePullSecrets:
+      - name: {{ .Release.Namespace }}-registry

k8s/templates/deployment.ui.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-ui
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    keel.sh/policy: force
+    keel.sh/match-tag: 'true'
+    keel.sh/trigger: poll
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}-ui
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}-ui
+    spec:
+      containers:
+      - name: {{ .Release.Name }}-ui
+        image: {{ .Values.docker.ui_image }}
+        imagePullPolicy: Always
+        ports:
+          - containerPort: 80
+      imagePullSecrets:
+      - name: {{ .Release.Namespace }}-registry
+      
+
+

k8s/templates/ingress-route.yaml

@@ -0,0 +1,21 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ .Release.Name }}-routes
+  namespace: {{ .Release.Namespace }}  
+spec:
+  entryPoints:
+    - web
+  routes:
+    - kind: Rule
+      match: Host(`{{ .Values.host }}`)
+      priority: 100
+      services:
+        - name: {{ .Release.Name }}-ui
+          port: 80
+    - kind: Rule
+      match: Host(`{{ .Values.host }}`) && PathPrefix(`/api`)
+      priority: 120
+      services:
+        - name: {{ .Release.Name }}-api
+          port: 3000

k8s/templates/secrets.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-secrets
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+stringData:
+  {{- range $key, $value := .Values.secrets }}
+  {{ $key }}: {{ $value | b64enc | quote }}
+  {{- end }}

k8s/templates/service.api.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-api
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: {{ .Release.Name }}-api
+  ports:
+    - protocol: TCP
+      port: 3000

k8s/templates/service.app.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-app
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: {{ .Release.Name }}-app
+  ports:
+    - protocol: TCP
+      port: 80

k8s/values.template.yaml

@@ -0,0 +1,24 @@
+docker:
+  api_image:
+  ui_image:
+
+database:
+  host:
+  port:
+  name:
+  user:
+
+s3:
+  endpoint:
+  region:
+  bucket:
+  project_bucket:
+
+cognito:
+  region:
+  client_id:
+  pool_id:
+  identity_pool_id:
+
+ion:
+  default_access_token: