From 3b89eedbb74ce53b85688fde9a396dc256263a6a Mon Sep 17 00:00:00 2001 From: "amit.kumar" Date: Wed, 19 Jun 2019 17:08:27 +0530 Subject: [PATCH] Draft create --- OWNERS | 4 + OWNERS_ALIASES | 6 + .../templates/db-credentials-secret.yaml | 12 - charts/pepper/templates/deployment.yaml | 17 +- charts/pepper/templates/ksvc.yaml | 22 +- charts/pepper/templates/public-service.yaml | 33 -- charts/pepper/templates/sandbox-service.yaml | 33 -- charts/pepper/templates/secret.yaml | 302 ------------------ .../{trusted-service.yaml => service.yaml} | 9 +- charts/pepper/values.yaml | 42 +-- jenkins-x.yml | 1 + skaffold.yaml | 28 ++ 12 files changed, 59 insertions(+), 450 deletions(-) create mode 100644 OWNERS create mode 100644 OWNERS_ALIASES delete mode 100644 charts/pepper/templates/db-credentials-secret.yaml mode change 100644 => 100755 charts/pepper/templates/ksvc.yaml delete mode 100755 charts/pepper/templates/public-service.yaml delete mode 100755 charts/pepper/templates/sandbox-service.yaml delete mode 100644 charts/pepper/templates/secret.yaml rename charts/pepper/templates/{trusted-service.yaml => service.yaml} (71%) create mode 100755 jenkins-x.yml create mode 100644 skaffold.yaml diff --git a/OWNERS b/OWNERS new file mode 100644 index 00000000..154ebc6c --- /dev/null +++ b/OWNERS @@ -0,0 +1,4 @@ +approvers: +- galaxycard-bot +reviewers: +- galaxycard-bot diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES new file mode 100644 index 00000000..e372b6bc --- /dev/null +++ b/OWNERS_ALIASES @@ -0,0 +1,6 @@ +aliases: +- galaxycard-bot +best-approvers: +- galaxycard-bot +best-reviewers: +- galaxycard-bot diff --git a/charts/pepper/templates/db-credentials-secret.yaml b/charts/pepper/templates/db-credentials-secret.yaml deleted file mode 100644 index d4f8940a..00000000 --- a/charts/pepper/templates/db-credentials-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -data: - password: {{ .Values.database.password | b64enc | quote }} - username: {{ .Values.database.username | b64enc | quote }} - database: {{ .Values.database.database | b64enc | quote }} - hostname: {{ .Values.database.hostname | b64enc | quote }} -kind: Secret -metadata: - name: "{{ .Chart.Name }}-db-credentials" - labels: - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -type: Opaque diff --git a/charts/pepper/templates/deployment.yaml b/charts/pepper/templates/deployment.yaml index 11db87aa..2e833afe 100755 --- a/charts/pepper/templates/deployment.yaml +++ b/charts/pepper/templates/deployment.yaml @@ -9,11 +9,6 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" spec: replicas: {{ .Values.replicaCount }} - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate template: metadata: labels: @@ -24,22 +19,14 @@ spec: {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} spec: - volumes: - - name: config - secret: - secretName: {{ template "fullname" . }} containers: - name: {{ .Chart.Name }} - volumeMounts: - - readOnly: true - mountPath: server/config - name: config image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- range $pkey, $pval := .Values.env }} - name: {{ $pkey }} - value: {{ $pval | quote }} + value: {{ $pval }} {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -61,4 +48,4 @@ spec: resources: {{ toYaml .Values.resources | indent 12 }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/pepper/templates/ksvc.yaml b/charts/pepper/templates/ksvc.yaml old mode 100644 new mode 100755 index 13b44dfe..ff7ecfce --- a/charts/pepper/templates/ksvc.yaml +++ b/charts/pepper/templates/ksvc.yaml @@ -18,26 +18,6 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - - name: MAUTIC_DB_HOST - valueFrom: - secretKeyRef: - name: "{{ .Chart.Name }}-db-credentials" - key: hostname - - name: MAUTIC_DB_USER - valueFrom: - secretKeyRef: - name: "{{ .Chart.Name }}-db-credentials" - key: username - - name: MAUTIC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Chart.Name }}-db-credentials" - key: password - - name: MAUTIC_DB_NAME - valueFrom: - secretKeyRef: - name: "{{ .Chart.Name }}-db-credentials" - key: database {{- range $pkey, $pval := .Values.env }} - name: {{ $pkey }} value: {{ $pval }} @@ -55,4 +35,6 @@ spec: periodSeconds: {{ .Values.readinessProbe.periodSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + resources: +{{ toYaml .Values.resources | indent 14 }} {{- end }} diff --git a/charts/pepper/templates/public-service.yaml b/charts/pepper/templates/public-service.yaml deleted file mode 100755 index f4d3f888..00000000 --- a/charts/pepper/templates/public-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.knativeDeploy }} -{{- else }} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.publicService.name }} - name: {{ .Values.publicService.name }} -{{- else }} - name: {{ template "fullname" . }} -{{- end }} - labels: - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- if (not .Values.publicService.prometheusAnnotations) and (not .Values.publicService.annotations) }} - annotations: {} -{{- else }} - annotations: -{{- if .Values.publicService.annotations }} -{{ toYaml .Values.publicService.annotations | indent 4 }} -{{- end }} -{{- if .Values.publicService.prometheusAnnotations }} -{{ toYaml .Values.publicService.prometheusAnnotations | indent 4 }} -{{- end }} -{{- end }} -spec: - type: {{ .Values.publicService.type }} - ports: - - port: {{ .Values.publicService.externalPort }} - targetPort: {{ .Values.publicService.internalPort }} - protocol: TCP - name: http - selector: - app: {{ template "fullname" . }} -{{- end }} diff --git a/charts/pepper/templates/sandbox-service.yaml b/charts/pepper/templates/sandbox-service.yaml deleted file mode 100755 index 1a947a59..00000000 --- a/charts/pepper/templates/sandbox-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.knativeDeploy }} -{{- else }} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.sandboxService.name }} - name: {{ .Values.sandboxService.name }} -{{- else }} - name: {{ template "fullname" . }} -{{- end }} - labels: - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- if (not .Values.sandboxService.prometheusAnnotations) and (not .Values.sandboxService.annotations) }} - annotations: {} -{{- else }} - annotations: -{{- if .Values.sandboxService.annotations }} -{{ toYaml .Values.sandboxService.annotations | indent 4 }} -{{- end }} -{{- if .Values.sandboxService.prometheusAnnotations }} -{{ toYaml .Values.sandboxService.prometheusAnnotations | indent 4 }} -{{- end }} -{{- end }} -spec: - type: {{ .Values.sandboxService.type }} - ports: - - port: {{ .Values.sandboxService.externalPort }} - targetPort: {{ .Values.sandboxService.internalPort }} - protocol: TCP - name: http - selector: - app: {{ template "fullname" . }} -{{- end }} diff --git a/charts/pepper/templates/secret.yaml b/charts/pepper/templates/secret.yaml deleted file mode 100644 index 918aa471..00000000 --- a/charts/pepper/templates/secret.yaml +++ /dev/null @@ -1,302 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: {{ template "fullname" . }} -stringData: - production.yaml: |- - title: mailtrain - - gdpr: - deleteDataAfterUnsubscribe: - enabled: false - secondsAfterUnsubscribe: 86400 # 1 day - deleteSubscriptionAfterUnsubscribe: - enabled: false - secondsAfterUnsubscribe: 2592000 # 30 days - editors: - - mosaico - - mosaicoWithFsTemplate - - grapesjs - - ckeditor4 - - codeeditor - - defaultLanguage: en-US - - enabledLanguages: - - en-US - - redis: - enabled: {{ .Values.redis.enable }} - host: {{ .Values.redis.host }} - port: 6379 - db: 5 - log: - level: info - sendStacktracesToClient: false - www: - trustedPort: 3000 - sandboxPort: 3003 - publicPort: 3004 - host: 0.0.0.0 - trustedUrlBase: http://localhost:3000 - # URL base for sandbox urls (logged-in users). It must be absolute (starting with http:// or https://) and contain the sandbox port. - sandboxUrlBase: http://localhost:3003 - # URL base for public urls (campaign recipients). It must be absolute (starting with http:// or https://) and contain the sandbox port. - publicUrlBase: http://localhost:3004 - - - # Secret for signing the session ID cookie - secret: {{ randAlphaNum | quote }} - # Session length in seconds when remember me is checked - remember: 2592000 # 30 days - # logger interface for expressjs morgan - log: dev - # Is the server behind a proxy? true/false - # Set this to true if you are serving Mailtrain as a virtual domain through Nginx or Apache - proxy: true - # maximum POST body size - postSize: 20MB - - mysql: - host: {{ .Values.database.hostname }} - user: {{ .Values.database.username }} - password: {{ .Values.database.password }} - database: {{ .Values.database.database }} - port: 3306 - charset: utf8mb4 - timezone: local - - verp: - enabled: false - port: 25 - host: 0.0.0.0 - - ldap: - # enable to use ldap user backend - enabled: false - # method is ldapjs or ldapauth - it chooses the library to be used. If not given, it chooses the one present. - # method: ldapjs - host: localhost - port: 3002 - baseDN: ou=users,dc=company - filter: (|(username={{username}})(mail={{username}})) - # Username field in LDAP (uid/cn/username) - uidTag: username - # nameTag identifies the attribute to be used for user's full name - nameTag: username - passwordresetlink: - newUserRole: master - # Global namespace id - newUserNamespaceId: 1 - # Use a different user to bind LDAP (final bind DN will be: {{uidTag}}: {{bindUser}},{{baseDN}}) - bindUser: name@company.net - bindPassword: mySecretPassword - - postfixBounce: - # Enable to allow writing Postfix bounce log to Mailtrain listener - # If enabled, tail mail.log to Mailtrain with the following command: - # tail -f -n +0 /var/log/mail.log | nc localhost 5699 - - enabled: false - port: 5699 - # allow connections from localhost only - host: 127.0.0.1 - - # extra options for nodemailer - nodemailer: - #textEncoding: base64 - - queue: - # How many parallel sender processes to spawn - processes: 4 - - cors: - # Allow subscription widgets to be embedded - # origins: ['https://www.example.com'] - - mosaico: - # Installed templates - fsTemplates: - - key: versafix-1 - label: Versafix One - # Inject custom scripts - # customscripts: - # - /mosaico/custom/my-mosaico-plugin.js - fileCache: - blockThumbnails: - maxSize: 100 # megabytes - pruneInterval: 60 # seconds - images: - maxSize: 1024 # megabytes - pruneInterval: 60 # seconds - - - grapesjs: - # Installed templates - templates: - - key: demo - label: HTML Template - - key: aves - label: MJML Template - - reports: - # The whole reporting functionality can be disabled below if the they are not needed and the DB cannot be - # properly protected. - # Reports rely on custom user defined Javascript snippets defined in the report template. The snippets are run on the - # server when generating a report. As these snippets are stored in the DB, they pose a security risk because they can - # help gaining access to the server if the DB cannot - # be properly protected (e.g. if it is shared with another application with security weaknesses). - # Mailtrain mitigates this problem by running the custom Javascript snippets in a chrooted environment and under a - # DB user that cannot modify the database (see userRO in [mysql] above). However the chrooted environment is available - # only if Mailtrain is started as root. The chrooted environment still does not prevent the custom JS script in - # performing network operations and in generating XSS attacks as part of the report. - # The bottom line is that if people who are creating report templates or have write access to the DB cannot be trusted, - # then it's safer to switch off the reporting functionality below. - enabled: true - - testServer: - # Starts a vanity server that redirects all mail to /dev/null - # Mostly needed for local development - enabled: false - port: 5587 - mailboxServerPort: 3001 - host: 0.0.0.0 - username: testuser - password: testpass - logger: false - - builtinZoneMTA: - enabled: true - host: localhost - port: 2525 - mongo: mongodb://127.0.0.1:27017/zone-mta - redis: redis://localhost:6379/2 - log: - level: warn - processes: 2 - connections: 5 - - seleniumWebDriver: - browser: phantomjs - - - roles: - global: - master: - name: Global Master - admin: true - description: All permissions - permissions: [rebuildPermissions, createJavascriptWithROAccess, displayManageUsers, manageBlacklist, manageSettings, setupAutomation] - rootNamespaceRole: master - campaignsAdmin: - name: Campaigns Admin - description: Under the namespace in which the user is located, the user has all permissions for managing lists, templates and campaigns and the permission to send to send configurations. - permissions: [setupAutomation] - ownNamespaceRole: campaignsAdmin - nobody: - name: None - description: No permissions - permissions: [] - - namespace: - master: - name: Master - description: All permissions - permissions: [view, edit, delete, share, createNamespace, createList, createCustomForm, createReport, createReportTemplate, createTemplate, createMosaicoTemplate, createSendConfiguration, createCampaign, manageUsers] - children: - sendConfiguration: [viewPublic, viewPrivate, edit, delete, share, sendWithoutOverrides, sendWithAllowedOverrides, sendWithAnyOverrides] - list: [view, edit, delete, share, viewFields, manageFields, viewSubscriptions, manageSubscriptions, viewSegments, manageSegments, viewImports, manageImports] - customForm: [view, edit, delete, share] - campaign: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, send, viewStats, fetchRss] - template: [view, edit, delete, share, viewFiles, manageFiles] - report: [view, edit, delete, share, execute, viewContent, viewOutput] - reportTemplate: [view, edit, delete, share, execute] - mosaicoTemplate: [view, edit, delete, share, viewFiles, manageFiles] - namespace: [view, edit, delete, share, createNamespace, createList, createCustomForm, createReport, createReportTemplate, createTemplate, createMosaicoTemplate, createSendConfiguration, createCampaign, manageUsers] - - campaignsAdmin: - name: Campaigns Admin - description: In the respective namespace, the user has all permissions for managing lists, templates and campaigns and the permission to send to send configurations. - permissions: [view, edit, delete, share, createNamespace, createList, createCustomForm, createReport, createTemplate, createMosaicoTemplate, createCampaign] - children: - sendConfiguration: [viewPublic, sendWithoutOverrides, sendWithAllowedOverrides] - list: [view, edit, delete, share, viewFields, manageFields, viewSubscriptions, manageSubscriptions, viewSegments, manageSegments, viewImports, manageImports] - customForm: [view, edit, delete, share] - campaign: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, send, viewStats, fetchRss] - template: [view, edit, delete, share, viewFiles, manageFiles] - report: [view, edit, delete, share, execute, viewContent, viewOutput] - reportTemplate: [view, share, execute] - mosaicoTemplate: [view, edit, delete, share, viewFiles, manageFiles] - namespace: [view, edit, delete, share, createNamespace, createList, createCustomForm, createReport, createTemplate, createMosaicoTemplate, createCampaign] - - campaignsCreator: - name: Campaigns Creator - description: In the respective namespace, the user has all permissions for templates and campaigns. - permissions: [view, createTemplate, createCampaign] - children: - sendConfiguration: [viewPublic] - campaign: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, fetchRss] - template: [view, edit, delete, share, viewFiles, manageFiles] - - sendConfiguration: - master: - name: Master - description: All permissions - permissions: [viewPublic, viewPrivate, edit, delete, share, sendWithoutOverrides, sendWithAllowedOverrides, sendWithAnyOverrides] - campaignsCreator: - name: Campaigns Creator - description: The user can only use the send configuration in setting up a campaign. However, this gives no permission to send. - permissions: [viewPublic] - - list: - master: - name: Master - description: All permissions - permissions: [view, edit, delete, share, viewFields, manageFields, viewSubscriptions, manageSubscriptions, viewSegments, manageSegments, viewImports, manageImports] - campaignsCreator: - name: Campaigns Creator - description: The user can only use the list in setting up a campaign. However, this gives no permission to view subscriptions or to send to the list. - permissions: [view, viewFields, viewSegments] - - customForm: - master: - name: Master - description: All permissions - permissions: [view, edit, delete, share] - - campaign: - master: - name: Master - description: All permissions - permissions: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, send, viewStats, manageMessages, fetchRss] - campaignsCreator: - name: Campaigns Creator - description: The user can setup the campaign but cannot send it. - permissions: [view, edit, delete, share, viewFiles, manageFiles, viewAttachments, manageAttachments, viewTriggers, manageTriggers, fetchRss] - rssTrigger: - name: RSS Campaign Trigger - description: Allows triggering a fetch of an RSS campaign - permissions: [fetchRss] - - template: - master: - name: Master - description: All permissions - permissions: [view, edit, delete, share, viewFiles, manageFiles] - - report: - master: - name: Master - description: All permissions - permissions: [view, edit, delete, share, execute, viewContent, viewOutput] - - reportTemplate: - master: - name: Master - description: All permissions - permissions: [view, edit, delete, share, execute] - - mosaicoTemplate: - master: - name: Master - description: All permissions - permissions: [view, edit, delete, share, viewFiles, manageFiles] diff --git a/charts/pepper/templates/trusted-service.yaml b/charts/pepper/templates/service.yaml similarity index 71% rename from charts/pepper/templates/trusted-service.yaml rename to charts/pepper/templates/service.yaml index 78d69b60..9321361e 100755 --- a/charts/pepper/templates/trusted-service.yaml +++ b/charts/pepper/templates/service.yaml @@ -10,17 +10,10 @@ metadata: {{- end }} labels: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- if (not .Values.service.prometheusAnnotations) and (not .Values.service.annotations) }} - annotations: {} -{{- else }} - annotations: {{- if .Values.service.annotations }} + annotations: {{ toYaml .Values.service.annotations | indent 4 }} {{- end }} -{{- if .Values.service.prometheusAnnotations }} -{{ toYaml .Values.service.prometheusAnnotations | indent 4 }} -{{- end }} -{{- end }} spec: type: {{ .Values.service.type }} ports: diff --git a/charts/pepper/values.yaml b/charts/pepper/values.yaml index 452a12bc..e9aa2c11 100755 --- a/charts/pepper/values.yaml +++ b/charts/pepper/values.yaml @@ -6,31 +6,28 @@ image: repository: draft tag: dev pullPolicy: IfNotPresent + +# define environment variables here as a map of key: value +env: + +# enable this flag to use knative serve to deploy the app +knativeDeploy: false + service: name: pepper type: ClusterIP externalPort: 80 - internalPort: 3000 - annotations: {} -sandboxService: - name: pepper-sandbox - type: ClusterIP - externalPort: 80 - internalPort: 3003 - annotations: {} -publicService: - name: emails - type: ClusterIP - externalPort: 80 - internalPort: 3004 - annotations: {} + internalPort: 8080 + annotations: + fabric8.io/expose: "true" + fabric8.io/ingress.annotations: "kubernetes.io/ingress.class: nginx" resources: limits: - cpu: 2000m - memory: 2Gi + cpu: 400m + memory: 256Mi requests: - cpu: 500m - memory: 512Mi + cpu: 200m + memory: 128Mi probePath: / livenessProbe: initialDelaySeconds: 60 @@ -41,12 +38,3 @@ readinessProbe: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 -terminationGracePeriodSeconds: 10 - -knativeDeploy: false - -database: - hostname: localhost - username: root - password: password - database: pepper diff --git a/jenkins-x.yml b/jenkins-x.yml new file mode 100755 index 00000000..dd664625 --- /dev/null +++ b/jenkins-x.yml @@ -0,0 +1 @@ +buildPack: javascript diff --git a/skaffold.yaml b/skaffold.yaml new file mode 100644 index 00000000..f85f1640 --- /dev/null +++ b/skaffold.yaml @@ -0,0 +1,28 @@ +apiVersion: skaffold/v1beta2 +kind: Config +build: + artifacts: + - image: galaxycard/pepper + context: . + docker: {} + tagPolicy: + envTemplate: + template: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}:{{.VERSION}}' + local: {} +deploy: + kubectl: {} +profiles: +- name: dev + build: + tagPolicy: + envTemplate: + template: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}:{{.DIGEST_HEX}}' + local: {} + deploy: + helm: + releases: + - name: pepper + chartPath: charts/pepper + setValueTemplates: + image.repository: '{{.DOCKER_REGISTRY}}/{{.IMAGE_NAME}}' + image.tag: '{{.DIGEST_HEX}}'