Commit fc8f6188 authored by Volodymyr Kovalenko's avatar Volodymyr Kovalenko
Browse files

change helm template

parent c09cec29
......@@ -32,3 +32,4 @@ MANIFEST
!.coveragerc
cover-html
__pycache__
helm/*/charts/*
......@@ -18,6 +18,12 @@ variables:
code-style-check:
extends: .lint-template
helm-linter-check:
extends: .helm-lint-template
helm-kubeval:
extends: .helm-kubeval-template
build-new-image:
extends: .build-new-image-template
......
PROJECT_NAME=auth-service
IMAGE ?= prozorro-sale-auth:develop
IMAGE_TEST ?= prozorro-sale-auth:develop-test
CI_COMMIT_SHORT_SHA ?= $(shell git rev-parse --short HEAD)
......@@ -82,13 +83,21 @@ test-integration: $(REBUILD_IMAGES_FOR_TESTS)
$(IMAGE_TEST) pytest -v -s -q --cov-report= --cov=prozorro_sale test/integration/
docker cp prozorro-auth-$(CI_COMMIT_SHORT_SHA):/auth/.coverage .coverage.integration
## Dependency update helm
helm-dependency-update:
@helm3 dependency update helm/$(PROJECT_NAME)
## Build helm | Release
helm-build:
helm package helm/auth-service --app-version=$(GIT_STAMP) --version=$(GIT_STAMP)
helm-build: helm-dependency-update
@helm3 package helm/$(PROJECT_NAME) --app-version=$(GIT_STAMP) --version=$(GIT_STAMP)
## Check helm
helm-lint:
helm lint helm/auth-service
helm-lint: helm-dependency-update
@helm3 lint helm/$(PROJECT_NAME)
## Check helm-kubeval
validate-helm-charts-kubeval: helm-dependency-update
@helm3 kubeval --exit-on-error --strict --name-template=prozorro-dev-test --namespace=prozorro-dev-test helm/$(PROJECT_NAME)
## Publish helm
push-helm-package:
......
dependencies:
- name: prozorro-helm-template-chart
repository: https://helm.prozorro.sale
version: v0.1.0
digest: sha256:09fbdf7f15b1eeedc606c48a55a4fa6d5b873df39a83bdd2d156e9c49a1cfcbf
generated: "2021-09-09T18:45:40.838216+03:00"
apiVersion: v1
apiVersion: v2
appVersion: "1.0"
description: A Helm chart for Kubernetes
description: The auth Helm chart for Kubernetes
name: auth-service
version: 0.1.0
dependencies:
- name: prozorro-helm-template-chart
version: 0.1.0
repository: https://helm.prozorro.sale
\ No newline at end of file
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "auth-service.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "auth-service.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "auth-service.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "auth-service.labels" -}}
app.kubernetes.io/name: {{ include "auth-service.name" . }}
helm.sh/chart: {{ include "auth-service.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- $Context := dict "ArchitectComponent" "api" "Release" .Release "Chart" .Chart "Values" .Values.application.api "Global" . -}}
{{- include "prozorro-helm-template.base-http-app" $Context -}}
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "auth-service.fullname" . }}
labels:
{{ include "auth-service.labels" . | indent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "auth-service.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "auth-service.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: procedure-config
configMap:
name: {{ .Release.Name }}-procedure-config
- name: secrets-volume
projected:
sources:
- secret:
name: procedure-api-keys
- secret:
name: auth-api-keys
- secret:
name: auth-file
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ['python', '-m', 'prozorro_sale.auth.api']
env:
- name: AUCTIONS_API
value: {{ .Values.auction_url }}
- name: DOMAIN
value: {{ .Values.domain }}
- name: SWAGGER_DOC
value: "{{.Values.swaggerDoc}}"
- name: AUTH_IP_BLOCK_STRICT
value: "{{ .Values.authApiBlockStrict }}"
ports:
- name: http
containerPort: 80
protocol: TCP
volumeMounts:
- name: procedure-config
mountPath: /config/
- mountPath: /secrets/
name: secrets-volume
readOnly: true
livenessProbe:
httpGet:
path: /api/ping
port: http
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
readinessProbe:
httpGet:
path: /api/ping
port: http
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
httpGet:
path: /api/ping
port: http
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "auth-service.fullname" . }}
labels:
{{ include "auth-service.labels" . | indent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "auth-service.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "auth-service.fullname" . -}}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{ include "auth-service.labels" . | indent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ . }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- end }}
{{- end }}
replicaCount: 1
auction_url: http://auction-prozorro-sale.raccoongang.com
domain: localhost
swaggerDoc: '1'
authApiBlockStrict: '1'
image:
replicaCount: 1
......@@ -7,12 +11,47 @@ image:
pullPolicy: Always
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
service:
type: ClusterIP
port: 80
application:
api:
enabled: true
command:
- python
args:
- -m
- prozorro_sale.auth.api
env:
- name: AUCTIONS_API
value: "{{ .Values.auction_url }}"
- name: DOMAIN
value: "{{ .Values.domain }}"
- name: SWAGGER_DOC
value: "{{.Values.swaggerDoc}}"
- name: AUTH_IP_BLOCK_STRICT
value: "{{ .Values.authApiBlockStrict }}"
volumes:
- name: procedure-config
configMap:
name: "{{ .Release.Name }}-procedure-config"
- name: secrets-volume
projected:
sources:
- secret:
name: procedure-api-keys
- secret:
name: auth-api-keys
- secret:
name: auth-file
volumeMounts:
- name: procedure-config
mountPath: /config/
- mountPath: /secrets/
name: secrets-volume
readOnly: true
livenessProbe:
timeoutSeconds: 10
......@@ -27,29 +66,10 @@ startupProbe:
failureThreshold: 20
periodSeconds: 5
ingress:
enabled: false
hosts:
- host: auth.localhost
paths:
- /
resources:
limits:
cpu: 1200m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
auction_url: http://auction-prozorro-sale.raccoongang.com
domain: localhost
swaggerDoc: '1'
authApiBlockStrict: '1'
\ No newline at end of file
memory: 128Mi
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment