diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..36a530d --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,30 @@ +name: Release Charts + +on: + push: + branches: + - main + +jobs: + release: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v4.1.0 + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.gitignore b/.gitignore index 26cfbc8..b05ca81 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,2 @@ # Environment file containing sensitive data .env -kubernetes-manifests/secrets/* -!kubernetes-manifests/secrets/boreholes.template.yaml diff --git a/LICENSE b/LICENSE index a5190cc..67e5580 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2022 GeoWerkstatt GmbH +Copyright (c) 2024 GeoWerkstatt GmbH Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 0000000..7548756 --- /dev/null +++ b/charts/README.md @@ -0,0 +1,21 @@ +# Kubernetes Deployment + +The application gets deployed to a Kubernetes cluster using Helm. Deployments, services, configmaps, secrets and ingress routes are pre-defined in the Helm chart and can be customized using the `values.yaml` file. + +## Validating the Chart + +Validate with + +```bash +helm lint .\swissgeol-boreholes +``` + +or pretend to install the chart to the cluster and if there is some issue it will show the error. + +```bash +helm install --dry-run swissgeol-boreholes .\swissgeol-boreholes +``` + +## Installing the Chart + +For detailed instructions on how to install and configure the Helm chart, refer to the corresponding [documentation](./swissgeol-boreholes/README.md). diff --git a/charts/swissgeol-boreholes/Chart.yaml b/charts/swissgeol-boreholes/Chart.yaml new file mode 100644 index 0000000..401c76d --- /dev/null +++ b/charts/swissgeol-boreholes/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: swissgeol-boreholes +description: Borehole Data Management System +type: application +version: 0.2.1 +icon: https://raw.githubusercontent.com/geoadmin/suite-bdms/main/src/client/public/favicon.ico +appVersion: "v2.0.506" +home: https://www.swissgeol.ch/en +maintainers: + - name: GeoWerkstatt GmbH + email: support@geowerkstatt.ch + url: https://www.geowerkstatt.ch/ +keywords: + - boreholes + - swissgeol + - geoadmin + - bdms +sources: + - https://github.com/geoadmin/suite-bdms + - https://github.com/geoadmin/config-bdms diff --git a/charts/swissgeol-boreholes/README.md b/charts/swissgeol-boreholes/README.md new file mode 100644 index 0000000..a599cf8 --- /dev/null +++ b/charts/swissgeol-boreholes/README.md @@ -0,0 +1,81 @@ +![Helm Chart](https://img.shields.io/badge/helm%20chart-swissgeol--boreholes-blue) + +# Helm package for swissgeol-boreholes + +_swissgeol-boreholes_ is a web application which allows to easily manage structured data about boreholes. The source code is available at [geoadmin/suite-bdms](https://github.com/geoadmin/suite-bdms). + +## TL;DR + +```bash +# Add the swissgeol-boreholes Helm repository +helm repo add swissgeol-boreholes https://geoadmin.github.io/config-bdms/ + +# Update the Helm repositories +helm repo update + +# Install the swissgeol-boreholes Helm chart +helm install swissgeol-boreholes geoadmin/swissgeol-boreholes \ + --namespace 'swissgeol-boreholes' \ + --create-namespace +``` + +## Introduction + +This chart bootstraps the [swissgeol-boreholes](https://github.com/geoadmin/suite-bdms) web application as also the required services and deployments in a Kubernetes cluster using the Helm package manager. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Installing the Chart + +To install the chart with the release name `swissgeol-boreholes`: + +```bash +helm install swissgeol-boreholes geoadmin/swissgeol-boreholes +``` + +## Configuring the Chart + +The following table lists the configurable parameters of the swissgeol-boreholes chart and their default values. + +| Parameter | Description | Default | +| --- | --- | --- | +| `replicaCount` | Number of replicas | `1` | +| `app.domain` | Base domain name | `boreholes.swissgeol.ch` | +| `app.version` | Docker image tag | `latest` | +| `auth.authority` | Issuer URL | `""` | +| `auth.audience` | Client id | `""` | +| `database.host` | Database host | `""` | +| `database.name` | Database name | `""` | +| `database.username` | Database username | `""` | +| `database.password` | Database password | `""` | +| `s3.endpoint` | S3 endpoint | `""` | +| `s3.bucket` | S3 bucket name | `""` | +| `s3.accessKey` | S3 access key | `""` | +| `s3.secretKey` | S3 secret key | `""` | + +Specify each parameter using the `--set key=value` argument to `helm install`. For example, + +```bash +helm install swissgeol-boreholes geoadmin/swissgeol-boreholes \ + --namespace 'swissgeol-boreholes' \ + --create-namespace \ + --set app.domain="dev-boreholes.swissgeol.ch" \ + --set app.version="edge" +``` + +For a full list of values, you can check the `values.yaml` file or use the `helm show values geoadmin/swissgeol-boreholes` command. Refer to the corresponding Helm [documentation](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing) for more information on how to override settings in a YAML formated file. + +## Additional commands + +Refer to the [Helm documentation](https://helm.sh/docs/helm/helm/) for more information on how to install, upgrade, or delete a Helm chart. + +## Automated updates using Keel (optional) + +This chart is configured to work with [Keel](https://keel.sh/), a tool that scans Kubernetes and Helm releases for outdated images and performs automated updates according the specified `app.version` setting. To enable Keel, you need to deploy it in your cluster using kubectl or Helm. Refer to the [Keel documentation](https://keel.sh/docs/#introduction) for more information on how to do that. + +## License + +This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. diff --git a/charts/swissgeol-boreholes/templates/api-legacy.yaml b/charts/swissgeol-boreholes/templates/api-legacy.yaml new file mode 100644 index 0000000..f6117e3 --- /dev/null +++ b/charts/swissgeol-boreholes/templates/api-legacy.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-api-legacy + namespace: {{ .Release.Namespace }} + annotations: + keel.sh/policy: force + keel.sh/match-tag: 'true' + keel.sh/trigger: poll +spec: + replicas: {{ .Values.replicaCount}} + selector: + matchLabels: + app: {{ .Release.Name }}-api-legacy + template: + metadata: + labels: + app: {{ .Release.Name }}-api-legacy + spec: + containers: + - name: {{ .Release.Name }}-api-legacy + image: ghcr.io/geoadmin/suite-bdms-api-legacy:{{ .Values.app.version | default "latest" }} + imagePullPolicy: Always + ports: + - containerPort: 8888 + env: + - name: DB_HOST + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: databaseHost + - name: DB_PORT + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: databasePort + optional: true + - name: DB_DATABASE + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: databaseName + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: databaseUsername + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: databasePassword + - name: TZ + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: timezone +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-api-legacy + namespace: {{ .Release.Namespace }} +spec: + selector: + app: {{ .Release.Name }}-api-legacy + ports: + - protocol: TCP + port: 80 + targetPort: 8888 diff --git a/charts/swissgeol-boreholes/templates/api.yaml b/charts/swissgeol-boreholes/templates/api.yaml new file mode 100644 index 0000000..0aaa23c --- /dev/null +++ b/charts/swissgeol-boreholes/templates/api.yaml @@ -0,0 +1,107 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-api + namespace: {{ .Release.Namespace }} + annotations: + keel.sh/policy: force + keel.sh/match-tag: 'true' + keel.sh/trigger: poll +spec: + replicas: {{ .Values.replicaCount}} + selector: + matchLabels: + app: {{ .Release.Name }}-api + template: + metadata: + labels: + app: {{ .Release.Name }}-api + spec: + containers: + - name: {{ .Release.Name }}-api + image: ghcr.io/geoadmin/suite-bdms-api:{{ .Values.app.version | default "latest" }} + imagePullPolicy: Always + ports: + - containerPort: 8080 + env: + - name: S3__ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: s3AccessKey + optional: true + - name: S3__SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: s3SecretKey + optional: true + - name: S3__BUCKET_NAME + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: s3bucket + - name: S3__ENDPOINT + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: s3Endpoint + - name: S3__SECURE + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: s3Secure + optional: true + - name: CONNECTIONSTRINGS__BdmsContext + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: databaseConnectionString + - name: TZ + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: timezone + - name: ReverseProxy__Clusters__pythonApi__Destinations__legacyApi__Address + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: legacyApiAddress + - name: Auth__Authority + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: authAuthority + - name: Auth__Audience + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: authAudience + - name: Auth__Scopes + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: authScopes + - name: Auth__GroupClaimType + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: authGroupClaimType + - name: Auth__AuthorizedGroupName + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: authAuthorizedGroupName +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-api + namespace: {{ .Release.Namespace }} +spec: + selector: + app: {{ .Release.Name }}-api + ports: + - protocol: TCP + port: 80 + targetPort: 8080 diff --git a/charts/swissgeol-boreholes/templates/client.yaml b/charts/swissgeol-boreholes/templates/client.yaml new file mode 100644 index 0000000..17ec5b0 --- /dev/null +++ b/charts/swissgeol-boreholes/templates/client.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-client + namespace: {{ .Release.Namespace }} + annotations: + keel.sh/policy: force + keel.sh/match-tag: 'true' + keel.sh/trigger: poll +spec: + replicas: {{ .Values.replicaCount}} + selector: + matchLabels: + app: {{ .Release.Name }}-client + template: + metadata: + labels: + app: {{ .Release.Name }}-client + spec: + containers: + - name: {{ .Release.Name }}-client + image: ghcr.io/geoadmin/suite-bdms-client:{{ .Values.app.version | default "latest" }} + imagePullPolicy: Always + ports: + - containerPort: 3000 + env: + - name: TZ + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-config + key: timezone +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-client + namespace: {{ .Release.Namespace }} +spec: + selector: + app: {{ .Release.Name }}-client + ports: + - protocol: TCP + port: 80 + targetPort: 3000 + diff --git a/charts/swissgeol-boreholes/templates/configmap.yaml b/charts/swissgeol-boreholes/templates/configmap.yaml new file mode 100644 index 0000000..1fd52c4 --- /dev/null +++ b/charts/swissgeol-boreholes/templates/configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-config + namespace: {{ .Release.Namespace }} +data: + timezone: {{ .Values.app.timezone | default "Europe/Zurich" | quote }} + databaseHost: {{ .Values.database.host }} + databaseName: {{ .Values.database.name }} + databasePort: {{ .Values.database.port | default "5432" | quote }} + s3Endpoint: {{ .Values.s3.endpoint }} + s3bucket: {{ .Values.s3.bucket }} + s3Secure: {{ .Values.s3.secure | default "1" | quote }} + authAuthority: {{ .Values.auth.authority | quote }} + authAudience: {{ .Values.auth.audience | quote }} + authScopes: {{ .Values.auth.scopes | default "openid profile" | quote }} + authGroupClaimType: {{ .Values.auth.groupClaimType | default "cognito:groups" | quote }} + authAuthorizedGroupName: {{ .Values.auth.authorizedGroupName | default "boreholes.swissgeol" | quote }} + legacyApiAddress: "http://{{ .Release.Name }}-api-legacy.{{ .Release.Namespace }}.svc.cluster.local" diff --git a/charts/swissgeol-boreholes/templates/ingressroute.yaml b/charts/swissgeol-boreholes/templates/ingressroute.yaml new file mode 100644 index 0000000..e2e5f7e --- /dev/null +++ b/charts/swissgeol-boreholes/templates/ingressroute.yaml @@ -0,0 +1,19 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + entryPoints: + - web + routes: + - kind: Rule + match: "Host(`{{ .Values.app.domain | default "boreholes.swissgeol.ch" }}`) && PathPrefix(`/api`)" + services: + - name: {{ .Release.Name }}-api + port: 80 + - kind: Rule + match: "Host(`{{ .Values.app.domain | default "boreholes.swissgeol.ch" }}`)" + services: + - name: {{ .Release.Name }}-client + port: 80 diff --git a/charts/swissgeol-boreholes/templates/secrets.yaml b/charts/swissgeol-boreholes/templates/secrets.yaml new file mode 100644 index 0000000..ed3bba8 --- /dev/null +++ b/charts/swissgeol-boreholes/templates/secrets.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-secrets + namespace: {{ .Release.Namespace }} +type: Opaque +data: + databaseUsername: {{ default "" .Values.database.username | b64enc | quote }} + databasePassword: {{ default "" .Values.database.password | b64enc | quote }} + databaseConnectionString: {{ printf "Host=%s:%s;Database=%s;Username=%s;Password=%s" .Values.database.host (default "5432" .Values.database.port) .Values.database.name .Values.database.username .Values.database.password | b64enc | quote }} + s3AccessKey: {{ default "" .Values.s3.accessKey | b64enc | quote }} + s3Secretkey: {{ default "" .Values.s3.secretKey | b64enc | quote }} diff --git a/charts/swissgeol-boreholes/values.yaml b/charts/swissgeol-boreholes/values.yaml new file mode 100644 index 0000000..046d618 --- /dev/null +++ b/charts/swissgeol-boreholes/values.yaml @@ -0,0 +1,67 @@ +# Default values for the swissgeol-boreholes application. +# This is a YAML-formatted file. + +# +# General application configuration +# +app: + # -- The fully qualified domain name the application gets accessed by + # -- defaults to "boreholes.swissgeol.ch" + domain: + # -- The timezone which will be used in the application + # -- defaults to "Europe/Zurich" + timezone: + # -- The tag name of the Docker image tags to be deployed + # -- e.g. v2.0.506, latest or edge + # -- defaults to "latest" + version: + +# OpenID Connect configuration +auth: + # -- The issuer URL of the OpenID Connect provider + # -- e.g. https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXXXX + authority: + # -- The client ID of the application + audience: + # -- The required scopes needed by the application + # -- defaults to "openid profile" + scopes: + # -- The claim type to be used to get the user's groups + # -- defaults to "cognito:groups" + groupClaimType: + # -- The name of the group the user must be a member of + # -- defaults to "boreholes.swissgeol" + authorizedGroupName: + +# Database configuration +database: + # -- The hostname of the database server + host: + # -- The port of the database server + # -- defaults to "5432" + port: + # -- The name of the database + name: + # -- The username to connect to the database + username: + # -- The password to connect to the database + password: + +# +# Desired number of replicas for the application +# +replicaCount: 1 + +# AWS S3 Bucket configuration +s3: + # -- The endpoint of the S3 bucket + endpoint: + # -- The name of the S3 bucket + bucket: + # -- The access key to connect to the S3 bucket + accessKey: + # -- The secret key to connect to the S3 bucket + secretKey: + # -- Set to 0 to use a insecure connection + # -- defaults to 1 (secure connection) + secure: diff --git a/kubernetes-manifests/README.md b/kubernetes-manifests/README.md deleted file mode 100644 index eb66001..0000000 --- a/kubernetes-manifests/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# Kubernetes Deployment - -## Connect to Kubernetes Cluster - -## Prerequisites - -1. Create secret and access key for your [AWS account](https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-east-1#/security_credentials?section=IAM_credentials) -2. Download, install and configure [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) -3. Download, install and configure [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-windows/#install-nonstandard-package-tools) - -## Deploy Application - -Use the following commands to delete and configure the bdms application on the cluster. - -Valid actions are `delete` and `configure`. -Valid contexts are `prod`, `dev` and `int`. - -```bash -# Delete all the resources in the namespace. Use with caution! -.\bdms-app.ps1 -action delete -context dev - -# Configure the application on the cluster -.\bdms-app.ps1 -action configure -context dev -``` diff --git a/kubernetes-manifests/bdms-app.ps1 b/kubernetes-manifests/bdms-app.ps1 deleted file mode 100644 index 72343dd..0000000 --- a/kubernetes-manifests/bdms-app.ps1 +++ /dev/null @@ -1,57 +0,0 @@ -param ( - [Parameter(Mandatory=$true)] - [ValidateSet("delete","configure")] - [string]$action, - - [Parameter(Mandatory=$true)] - [ValidateSet("dev","int","prod")] - [string]$context -) - -# Default namespace -$namespace = "boreholes" - -# Get the base path using the location of the script file -$basePath = Split-Path -Parent $MyInvocation.MyCommand.Definition - -function PrepareContext { - param ( - [string]$env - ) - - Write-Output "Prepare kubectl context: $env" - kubectl config use-context $namespace-$env - kubectl apply -f $basePath\namespaces\boreholes.yaml - kubectl config set-context --current --namespace=$namespace - - # Configure helm locally - helm repo add keel https://charts.keel.sh - helm repo update -} - -if ($action -eq 'delete') { - Write-Output "Detele all resources on $context in the namespace $namespace" - PrepareContext -env $context - kubectl delete all --all --namespace=$namespace - kubectl delete secret --all --namespace=$namespace - helm uninstall keel keel/keel --namespace $namespace -} -elseif ($action -eq 'configure') { - Write-Output "Apply manifests on $context in the namespace $namespace" - PrepareContext -env $context - - helm install keel keel/keel --namespace $namespace - - kubectl apply -f $basePath\secrets\boreholes.$context.yaml - - kubectl apply -f $basePath\deployments\api.yaml - kubectl apply -f $basePath\deployments\client.yaml - kubectl apply -f $basePath\deployments\api-legacy.yaml - - kubectl apply -f $basePath\services\api.yaml - kubectl apply -f $basePath\services\client.yaml - kubectl apply -f $basePath\services\api-legacy.yaml -} -else { - Write-Output "Invalid action specified: $action" -} diff --git a/kubernetes-manifests/deployments/api-legacy.yaml b/kubernetes-manifests/deployments/api-legacy.yaml deleted file mode 100644 index 49079a3..0000000 --- a/kubernetes-manifests/deployments/api-legacy.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bdms-api-legacy - namespace: boreholes - annotations: - keel.sh/policy: force - keel.sh/match-tag: 'true' - keel.sh/trigger: poll -spec: - replicas: 1 - selector: - matchLabels: - app: bdms-api-legacy - template: - metadata: - labels: - app: bdms-api-legacy - spec: - containers: - - name: bdms-api-legacy - image: ghcr.io/geoadmin/suite-bdms-api-legacy:edge - imagePullPolicy: Always - ports: - - containerPort: 8888 - env: - - name: DB_HOST - valueFrom: - secretKeyRef: - name: boreholes - key: DB_HOST - - name: DB_PORT - valueFrom: - secretKeyRef: - name: boreholes - key: DB_PORT - optional: true - - name: DB_DATABASE - valueFrom: - secretKeyRef: - name: boreholes - key: DB_DATABASE - - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: boreholes - key: DB_USERNAME - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: boreholes - key: DB_PASSWORD - - name: S3_ENDPOINT - valueFrom: - secretKeyRef: - name: boreholes - key: S3_ENDPOINT - - name: S3_BUCKET_NAME - valueFrom: - secretKeyRef: - name: boreholes - key: S3_BUCKET_NAME - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: boreholes - key: S3_ACCESS_KEY - optional: true - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: boreholes - key: S3_SECRET_KEY - optional: true - - name: S3_SECURE - valueFrom: - secretKeyRef: - name: boreholes - key: S3_SECURE - optional: true - - name: TZ - valueFrom: - secretKeyRef: - name: boreholes - key: TZ diff --git a/kubernetes-manifests/deployments/api.yaml b/kubernetes-manifests/deployments/api.yaml deleted file mode 100644 index 2f28bac..0000000 --- a/kubernetes-manifests/deployments/api.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bdms-api - namespace: boreholes - annotations: - keel.sh/policy: force - keel.sh/match-tag: 'true' - keel.sh/trigger: poll -spec: - replicas: 1 - selector: - matchLabels: - app: bdms-api - template: - metadata: - labels: - app: bdms-api - spec: - containers: - - name: bdms-api - image: ghcr.io/geoadmin/suite-bdms-api:edge - imagePullPolicy: Always - ports: - - containerPort: 8080 - env: - - name: S3__ACCESS_KEY - valueFrom: - secretKeyRef: - name: boreholes - key: S3_ACCESS_KEY - optional: true - - name: S3__SECRET_KEY - valueFrom: - secretKeyRef: - name: boreholes - key: S3_SECRET_KEY - optional: true - - name: S3__BUCKET_NAME - valueFrom: - secretKeyRef: - name: boreholes - key: S3_BUCKET_NAME - - name: S3__ENDPOINT - valueFrom: - secretKeyRef: - name: boreholes - key: S3_ENDPOINT - - name: S3__SECURE - valueFrom: - secretKeyRef: - name: boreholes - key: S3_SECURE - optional: true - - name: CONNECTIONSTRINGS__BdmsContext - valueFrom: - secretKeyRef: - name: boreholes - key: DB_CONNECTIONSTRING - - name: TZ - valueFrom: - secretKeyRef: - name: boreholes - key: TZ - - name: ReverseProxy__Clusters__pythonApi__Destinations__legacyApi__Address - valueFrom: - secretKeyRef: - name: boreholes - key: LEGACY_API_ENDPOINT - - name: Auth__Authority - valueFrom: - secretKeyRef: - name: boreholes - key: AUTH_AUTHORITY - - name: Auth__Audience - valueFrom: - secretKeyRef: - name: boreholes - key: AUTH_AUDIENCE - - name: Auth__Scopes - valueFrom: - secretKeyRef: - name: boreholes - key: AUTH_SCOPES - - name: Auth__GroupClaimType - valueFrom: - secretKeyRef: - name: boreholes - key: AUTH_GROUP_CLAIM_TYPE - - name: Auth__AuthorizedGroupName - valueFrom: - secretKeyRef: - name: boreholes - key: AUTH_AUTHORIZED_GROUP_NAME diff --git a/kubernetes-manifests/deployments/client.yaml b/kubernetes-manifests/deployments/client.yaml deleted file mode 100644 index 1620431..0000000 --- a/kubernetes-manifests/deployments/client.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bdms-client - namespace: boreholes - annotations: - keel.sh/policy: force - keel.sh/match-tag: 'true' - keel.sh/trigger: poll -spec: - replicas: 1 - selector: - matchLabels: - app: bdms-client - template: - metadata: - labels: - app: bdms-client - spec: - containers: - - name: bdms-client - image: ghcr.io/geoadmin/suite-bdms-client:edge - imagePullPolicy: Always - ports: - - containerPort: 3000 - env: - - name: TZ - valueFrom: - secretKeyRef: - name: boreholes - key: TZ diff --git a/kubernetes-manifests/namespaces/boreholes.yaml b/kubernetes-manifests/namespaces/boreholes.yaml deleted file mode 100644 index ebf3aa6..0000000 --- a/kubernetes-manifests/namespaces/boreholes.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: boreholes diff --git a/kubernetes-manifests/secrets/boreholes.template.yaml b/kubernetes-manifests/secrets/boreholes.template.yaml deleted file mode 100644 index 7fa0b89..0000000 --- a/kubernetes-manifests/secrets/boreholes.template.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: boreholes - namespace: boreholes -type: Opaque -stringData: - # ------------------------------------------------------------------------- # - # The fully qualified base domain name used for all pods # - # ------------------------------------------------------------------------- # - BASE_DOMAIN: example.com - - # ------------------------------------------------------------------------- # - # PostgreSQL database configuration # - # ------------------------------------------------------------------------- # - DB_HOST: - #DB_PORT: '5432' #optional - DB_DATABASE: - DB_USERNAME: - DB_PASSWORD: - - # ------------------------------------------------------------------------- # - # The PostgreSQL DB connection string for the .NET REST API (v2) # - # using the following schema: # - # `Host=my_host[:port];Database=my_db;Username=my_user;Password=my_pw` # - # ------------------------------------------------------------------------- # - DB_CONNECTIONSTRING: - - # ------------------------------------------------------------------------- # - # The legacy python API to proxy /api/v1 requests to # - # ------------------------------------------------------------------------- # - LEGACY_API_ENDPOINT: http://bdms-api-legacy.boreholes.svc.cluster.local - - # ------------------------------------------------------------------------- # - # AWS S3 Bucket configuration (borehole attachments) # - # ------------------------------------------------------------------------- # - S3_ENDPOINT: https://s3.eu-central-1.amazonaws.com - S3_BUCKET_NAME: - #S3_ACCESS_KEY: #optional, default IAM - #S3_SECRET_KEY: #optional, default IAM - #S3_SECURE: '1' #optional, default uses a secure TLS connection - - # ------------------------------------------------------------------------- # - # OpenID Connect configuration # - # ------------------------------------------------------------------------- # - AUTH_AUTHORITY: - AUTH_AUDIENCE: - AUTH_SCOPES: "openid profile" - AUTH_GROUP_CLAIM_TYPE: - AUTH_AUTHORIZED_GROUP_NAME: - - # ------------------------------------------------------------------------- # - # The default timezone to use for all containers # - # ------------------------------------------------------------------------- # - TZ: Europe/Zurich diff --git a/kubernetes-manifests/services/api-legacy.yaml b/kubernetes-manifests/services/api-legacy.yaml deleted file mode 100644 index ed95bf5..0000000 --- a/kubernetes-manifests/services/api-legacy.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bdms-api-legacy - namespace: boreholes -spec: - selector: - app: bdms-api-legacy - ports: - - protocol: TCP - port: 80 - targetPort: 8888 diff --git a/kubernetes-manifests/services/api.yaml b/kubernetes-manifests/services/api.yaml deleted file mode 100644 index b809f38..0000000 --- a/kubernetes-manifests/services/api.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bdms-api - namespace: boreholes -spec: - selector: - app: bdms-api - ports: - - protocol: TCP - port: 80 - targetPort: 8080 diff --git a/kubernetes-manifests/services/client.yaml b/kubernetes-manifests/services/client.yaml deleted file mode 100644 index bf5fac8..0000000 --- a/kubernetes-manifests/services/client.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: bdms-client - namespace: boreholes -spec: - selector: - app: bdms-client - ports: - - protocol: TCP - port: 80 - targetPort: 3000