diff --git a/charts/authdemo/.gitignore b/charts/authdemo/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/authdemo/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/authdemo/.helmignore b/charts/authdemo/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/authdemo/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/authdemo/Chart.yaml b/charts/authdemo/Chart.yaml deleted file mode 100644 index 9e9486b6f..000000000 --- a/charts/authdemo/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: authdemo -description: A Helm chart to deploy authdemo for MOSIP modules -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - authdemo -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/authdemo/README.md b/charts/authdemo/README.md deleted file mode 100644 index 6d81db826..000000000 --- a/charts/authdemo/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# authdemo - -Helm chart to deploy authdemo for `MOSIP` modules - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/authdemo -``` diff --git a/charts/authdemo/templates/NOTES.txt b/charts/authdemo/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/authdemo/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/authdemo/templates/_helpers.tpl b/charts/authdemo/templates/_helpers.tpl deleted file mode 100644 index c1dc2902f..000000000 --- a/charts/authdemo/templates/_helpers.tpl +++ /dev/null @@ -1,59 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "authdemo.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "authdemo.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "authdemo.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "authdemo.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "authdemo.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "authdemo.validateValues.foo" .) -}} -{{- $messages := append $messages (include "authdemo.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "authdemo.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} diff --git a/charts/authdemo/templates/authdemo-authcerts-pv-pvc.yaml b/charts/authdemo/templates/authdemo-authcerts-pv-pvc.yaml deleted file mode 100644 index 82118a676..000000000 --- a/charts/authdemo/templates/authdemo-authcerts-pv-pvc.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.persistence.enabled }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ template "common.names.fullname" . }}-authcerts-pv -spec: - accessModes: - {{- if not (empty .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- else }} - - {{ .Values.persistence.accessMode | quote }} - {{- end }} - capacity: - storage: {{ .Values.persistence.size | quote }} - nfs: - path: {{ .Values.persistence.nfs.path }} - server: {{ .Values.persistence.nfs.server }} - persistentVolumeReclaimPolicy: Retain - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - annotations: - pv.kubernetes.io/bind-completed: "yes" - name: {{ template "common.names.fullname" . }}-authcerts-pvc - namespace: {{ .Release.namespace }} -spec: - accessModes: - {{- if not (empty .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- else }} - - {{ .Values.persistence.accessMode | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - storageClassName: "" - volumeMode: Filesystem - volumeName: {{ template "common.names.fullname" . }}-authcerts-pv -{{- end }} \ No newline at end of file diff --git a/charts/authdemo/templates/deployment.yaml b/charts/authdemo/templates/deployment.yaml deleted file mode 100644 index 57db66a07..000000000 --- a/charts/authdemo/templates/deployment.yaml +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} - template: - metadata: - annotations: - {{- if or .Values.podAnnotations .Values.metrics.enabled }} - {{- include "authdemo.podAnnotations" $ | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "authdemo.serviceAccountName" $ }} - {{- include "authdemo.imagePullSecrets" $ | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "authdemo.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -c - - chown -R mosip:mosip {{ .Values.persistence.mountDir }} - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: {{ template "common.names.fullname" . }}-authcerts - mountPath: {{ .Values.persistence.mountDir }} - {{- end }} - {{- if .Values.enable_insecure }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: {{ template "common.names.fullname" . }} - image: {{ template "authdemo.image" $ }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: container_user - value: {{ .Values.containerSecurityContext.runAsUser }} - - name: JDK_JAVA_OPTIONS - value: {{ .Values.additionalResources.javaOpts }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - ports: - - name: spring-service - containerPort: {{ .Values.service.springServicePort }} - volumeMounts: - - name: {{ template "common.names.fullname" . }}-authcerts - mountPath: {{ .Values.persistence.mountDir }} - {{- if .Values.enable_insecure }} - - mountPath: /usr/local/openjdk-11/lib/security/cacerts - name: cacerts - subPath: cacerts - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: {{ template "common.names.fullname" . }}-authcerts - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ template "common.names.fullname" . }}-authcerts-pvc - {{ end }} - {{- if .Values.enable_insecure }} - - name: cacerts - emptyDir: {} - {{- end }} \ No newline at end of file diff --git a/charts/authdemo/templates/extra-list.yaml b/charts/authdemo/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/authdemo/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/authdemo/templates/service-account.yaml b/charts/authdemo/templates/service-account.yaml deleted file mode 100644 index 14def0d47..000000000 --- a/charts/authdemo/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "authdemo.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/authdemo/templates/service.yaml b/charts/authdemo/templates/service.yaml deleted file mode 100644 index e1b9e857e..000000000 --- a/charts/authdemo/templates/service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: {{ template "common.names.fullname" . }} - port: {{ .Values.service.port }} - protocol: TCP - targetPort: {{ .Values.service.springServicePort }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/authdemo/templates/servicemonitor.yaml b/charts/authdemo/templates/servicemonitor.yaml deleted file mode 100644 index 15f48fdee..000000000 --- a/charts/authdemo/templates/servicemonitor.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} -spec: - endpoints: - - targetPort: {{ .Values.springServicePort }} - path: {{ .Values.metrics.endpointPath }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/authdemo/values.yaml b/charts/authdemo/values.yaml deleted file mode 100644 index 3eb554546..000000000 --- a/charts/authdemo/values.yaml +++ /dev/null @@ -1,449 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## Port on which this particular spring service module is running. - springServicePort: 8082 - -image: - registry: docker.io - repository: mosipqa/authentication-demo-service - tag: develop - - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## -startupProbe: - enabled: true - httpGet: - path: '/v1/identity/actuator/health' - port: 8082 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 30 - successThreshold: 1 - -livenessProbe: - enabled: true - httpGet: - path: '/v1/identity/actuator/health' - port: 8082 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - httpGet: - path: '/v1/identity/actuator/health' - port: 8082 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 500m - memory: 2800Mi - requests: - cpu: 500m - memory: 2800Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2000M -Xmx2000M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - config-server-share - - -## Secret with extra environment variables -## -extraEnvVarsSecret: - - keycloak-client-secrets - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: - - command: - - /bin/bash - - -c - - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" - |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST - $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" - -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN - CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool - -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass - changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" - -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" - ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; - EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; - fi - env: - - name: ENABLE_INSECURE - value: "true" - envFrom: - - configMapRef: - name: global - image: docker.io/openjdk:11-jre - imagePullPolicy: Always - name: cacerts - resources: {} - securityContext: - runAsUser: 0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /cacerts - name: cacerts - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: true - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 50G - existingClaim: - - nfs: - path: '/srv/nfs/mosip/packetcreator-authdemo-authcerts' - server: '' - # Dir where config and keys are written inside container - mountDir: '/home/mosip/authcerts' - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: enable - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: false - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -enable_insecure: false