From bb0f85824cb5a7da0636dd8bdd7ed9c640c1c469 Mon Sep 17 00:00:00 2001 From: sfdevops Date: Tue, 1 Oct 2024 19:18:48 +0530 Subject: [PATCH] auth0 changes added --- .../tenant-helm-chart/{ => auth0}/.helmignore | 0 .../tenant-helm-chart/{ => auth0}/Chart.yaml | 0 .../tenant-helm-chart/{ => auth0}/README.md | 0 .../{ => auth0}/templates/_helpers.tpl | 0 .../authentication-service-deployment.yaml | 244 ++++++++++++ .../templates/authorization-policy.yaml | 0 .../templates/cm-authentication-service.yaml | 19 + .../templates/cm-feature-service.yaml | 0 .../templates/cm-frontend-service.yaml | 0 .../templates/cm-notification-service.yaml | 0 .../templates/cm-user-tenant-service.yaml | 0 .../cm-video-confrencing-service.yaml | 0 .../templates/feature-service-deployment.yaml | 0 .../frontend-service-deployment.yaml | 0 .../{ => auth0}/templates/gateway.yaml | 0 .../templates/hooks/migration-job.yaml | 0 .../templates/imagePullSecret.yaml | 0 .../templates/kuberhealthy-http-checker.yaml | 0 .../notification-service-deployment.yaml | 0 .../{ => auth0}/templates/provisioner.yaml | 0 .../secret-provider-class-and-sa.yaml | 117 ++++++ .../user-tenant-service-deployment.yaml | 214 ++++++++++ ...video-conferencing-service-deployment.yaml | 0 .../templates/virtual-service.yaml | 0 .../auth0/values.yaml.template | 371 ++++++++++++++++++ .../tenant-helm-chart/cognito}/.helmignore | 0 .../tenant-helm-chart/cognito}/Chart.yaml | 0 .../tenant-helm-chart/cognito}/README.md | 0 .../cognito}/templates/_helpers.tpl | 0 .../authentication-service-deployment.yaml | 0 .../templates/authorization-policy.yaml | 0 .../templates/cm-authentication-service.yaml | 0 .../templates/cm-feature-service.yaml | 0 .../templates/cm-frontend-service.yaml | 0 .../templates/cm-notification-service.yaml | 0 .../templates/cm-user-tenant-service.yaml | 0 .../cm-video-confrencing-service.yaml | 0 .../templates/feature-service-deployment.yaml | 0 .../frontend-service-deployment.yaml | 0 .../cognito}/templates/gateway.yaml | 0 .../templates/hooks/migration-job.yaml | 0 .../cognito}/templates/imagePullSecret.yaml | 0 .../templates/kuberhealthy-http-checker.yaml | 0 .../notification-service-deployment.yaml | 0 .../cognito/templates/provisioner.yaml | 61 +++ .../secret-provider-class-and-sa.yaml | 0 .../user-tenant-service-deployment.yaml | 0 ...video-conferencing-service-deployment.yaml | 0 .../cognito}/templates/virtual-service.yaml | 0 .../{ => cognito}/values.yaml.template | 0 .../tenant-helm-chart/auth0/.helmignore | 23 ++ .../pooled/tenant-helm-chart/auth0/Chart.yaml | 24 ++ .../pooled/tenant-helm-chart/auth0/README.md | 1 + .../auth0/templates/_helpers.tpl | 62 +++ .../authentication-service-deployment.yaml | 244 ++++++++++++ .../auth0/templates/authorization-policy.yaml | 14 + .../templates/cm-authentication-service.yaml | 19 + .../auth0/templates/cm-feature-service.yaml | 19 + .../auth0/templates/cm-frontend-service.yaml | 26 ++ .../templates/cm-notification-service.yaml | 16 + .../templates/cm-user-tenant-service.yaml | 19 + .../cm-video-confrencing-service.yaml | 17 + .../templates/feature-service-deployment.yaml | 244 ++++++++++++ .../frontend-service-deployment.yaml | 129 ++++++ .../auth0/templates/gateway.yaml | 18 + .../auth0/templates/hooks/migration-job.yaml | 164 ++++++++ .../auth0/templates/imagePullSecret.yaml | 12 + .../templates/kuberhealthy-http-checker.yaml | 27 ++ .../notification-service-deployment.yaml | 229 +++++++++++ .../{ => auth0}/templates/provisioner.yaml | 0 .../secret-provider-class-and-sa.yaml | 118 ++++++ .../user-tenant-service-deployment.yaml | 214 ++++++++++ ...video-conferencing-service-deployment.yaml | 219 +++++++++++ .../auth0/templates/virtual-service.yaml | 63 +++ .../auth0/values.yaml.template | 371 ++++++++++++++++++ .../tenant-helm-chart/cognito/.helmignore | 23 ++ .../tenant-helm-chart/cognito/Chart.yaml | 24 ++ .../tenant-helm-chart/cognito/README.md | 1 + .../cognito/templates/_helpers.tpl | 62 +++ .../authentication-service-deployment.yaml | 0 .../templates/authorization-policy.yaml | 14 + .../templates/cm-authentication-service.yaml | 0 .../cognito/templates/cm-feature-service.yaml | 19 + .../templates/cm-frontend-service.yaml | 26 ++ .../templates/cm-notification-service.yaml | 16 + .../templates/cm-user-tenant-service.yaml | 19 + .../cm-video-confrencing-service.yaml | 17 + .../templates/feature-service-deployment.yaml | 244 ++++++++++++ .../frontend-service-deployment.yaml | 129 ++++++ .../cognito/templates/gateway.yaml | 18 + .../templates/hooks/migration-job.yaml | 164 ++++++++ .../cognito/templates/imagePullSecret.yaml | 12 + .../templates/kuberhealthy-http-checker.yaml | 27 ++ .../notification-service-deployment.yaml | 229 +++++++++++ .../cognito/templates/provisioner.yaml | 60 +++ .../secret-provider-class-and-sa.yaml | 0 .../user-tenant-service-deployment.yaml | 0 ...video-conferencing-service-deployment.yaml | 219 +++++++++++ .../cognito/templates/virtual-service.yaml | 63 +++ .../{ => cognito}/values.yaml.template | 0 100 files changed, 4704 insertions(+) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/.helmignore (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/Chart.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/README.md (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/_helpers.tpl (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/authorization-policy.yaml (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-feature-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-frontend-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-notification-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-user-tenant-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/cm-video-confrencing-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/feature-service-deployment.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/frontend-service-deployment.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/gateway.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/hooks/migration-job.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/imagePullSecret.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/kuberhealthy-http-checker.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/notification-service-deployment.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/provisioner.yaml (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/video-conferencing-service-deployment.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => auth0}/templates/virtual-service.yaml (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/.helmignore (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/Chart.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/README.md (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/_helpers.tpl (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/templates/authentication-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/authorization-policy.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/templates/cm-authentication-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-feature-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-frontend-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-notification-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-user-tenant-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/cm-video-confrencing-service.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/feature-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/frontend-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/gateway.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/hooks/migration-job.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/imagePullSecret.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/kuberhealthy-http-checker.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/notification-service-deployment.yaml (100%) create mode 100644 files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/templates/secret-provider-class-and-sa.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/templates/user-tenant-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/video-conferencing-service-deployment.yaml (100%) rename files/tenant-samples/{pooled/tenant-helm-chart => bridge/tenant-helm-chart/cognito}/templates/virtual-service.yaml (100%) rename files/tenant-samples/bridge/tenant-helm-chart/{ => cognito}/values.yaml.template (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/.helmignore create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/Chart.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/README.md create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/_helpers.tpl create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authorization-policy.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-feature-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-notification-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/gateway.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/imagePullSecret.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml rename files/tenant-samples/pooled/tenant-helm-chart/{ => auth0}/templates/provisioner.yaml (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/virtual-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/.helmignore create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/Chart.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/README.md create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/_helpers.tpl rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/templates/authentication-service-deployment.yaml (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authorization-policy.yaml rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/templates/cm-authentication-service.yaml (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-feature-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-notification-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/gateway.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/imagePullSecret.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/templates/secret-provider-class-and-sa.yaml (100%) rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/templates/user-tenant-service-deployment.yaml (100%) create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml create mode 100644 files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/virtual-service.yaml rename files/tenant-samples/pooled/tenant-helm-chart/{ => cognito}/values.yaml.template (100%) diff --git a/files/tenant-samples/bridge/tenant-helm-chart/.helmignore b/files/tenant-samples/bridge/tenant-helm-chart/auth0/.helmignore similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/.helmignore rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/.helmignore diff --git a/files/tenant-samples/bridge/tenant-helm-chart/Chart.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/Chart.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/Chart.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/Chart.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/README.md b/files/tenant-samples/bridge/tenant-helm-chart/auth0/README.md similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/README.md rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/README.md diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/_helpers.tpl b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/_helpers.tpl similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/_helpers.tpl rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/_helpers.tpl diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml new file mode 100644 index 00000000..99442569 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml @@ -0,0 +1,244 @@ +{{- if .Values.authenticationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.authenticationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-authentication-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/authentication-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.authenticationService.pullPolicy }} + resources: + {{- toYaml .Values.authenticationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-authentication-service + image: {{ .Values.authenticationService.repository }}:{{ .Values.authenticationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-authentication-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.authenticationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.authenticationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-authentication-service + minReplicas: {{ .Values.authenticationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.authenticationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.authenticationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.authenticationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.authenticationService.service.type }} + ports: + - port: {{ .Values.authenticationService.service.port }} + targetPort: {{ .Values.authenticationService.service.targetPort }} + protocol: {{ .Values.authenticationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: authentication-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/authorization-policy.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authorization-policy.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/authorization-policy.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/authorization-policy.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml new file mode 100644 index 00000000..9ddb8c11 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.authenticationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.authenticationService.port }}' + NODE_ENV: '{{ .Values.authenticationService.node_env }}' + LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' + BASE_PATH: '{{ .Values.authenticationService.base_path }}' + DB_SSL: '{{ .Values.authenticationService.db_ssl }}' + PRIVATE_DECRYPTION_KEY: '' + JWT_PRIVATE_KEY: '' + JWT_PUBLIC_KEY: '' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-feature-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-feature-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-feature-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-feature-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-frontend-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-frontend-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-notification-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-notification-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-notification-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-notification-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-user-tenant-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-user-tenant-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-video-confrencing-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/feature-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/feature-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/frontend-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/frontend-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/gateway.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/gateway.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/gateway.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/gateway.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/hooks/migration-job.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/hooks/migration-job.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/imagePullSecret.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/imagePullSecret.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/imagePullSecret.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/imagePullSecret.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/kuberhealthy-http-checker.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/kuberhealthy-http-checker.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/notification-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/notification-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/provisioner.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/provisioner.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/provisioner.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/provisioner.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml new file mode 100644 index 00000000..5e80fe71 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml @@ -0,0 +1,117 @@ +--- +#namespace specific service account for +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + {{- include "helm.labels" . | nindent 4 }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.arn }} + +--- +#custom resource to fetch the secrets from paramter store +apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +kind: SecretProviderClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + labels: + {{- include "helm.labels" . | nindent 4 }} +spec: + provider: aws + secretObjects: + - secretName: api-token + type: Opaque + data: + - objectName: db_host + key: DB_HOST + - objectName: db_port + key: DB_PORT + - objectName: db_user + key: DB_USER + - objectName: db_password + key: DB_PASSWORD + - objectName: db_schema + key: DB_SCHEMA + - objectName: redis_host + key: REDIS_HOST + - objectName: redis_port + key: REDIS_PORT + - objectName: redis_database + key: REDIS_DATABASE + - objectName: jwt_secret + key: JWT_SECRET + - objectName: jwt_issuer + key: JWT_ISSUER + - objectName: authentication_service_db_database + key: AUTHENTICATION_SERVICE_DB_DATABASE + - objectName: feature_db_database + key: FEATURE_DB_DATABASE + - objectName: video_confrencing_service_db_database + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - objectName: notification_service_db_database + - objectName: vonage-api-key-secret + key: VONAGE_API_KEY_SECRET + - objectName: pubnub-pub-key + key: PUBNUB_PUB_KEY + - objectName: pubnub-sub-key + key: PUBNUB_SUB_KEY + - objectName: pubnub-secret-key + key: PUBNUB_SECRET_KEY + parameters: +# region: us-west-2 + objects: | + - objectName: {{ .Values.dbhost }} + objectType: ssmparameter + objectAlias: db_host + - objectName: {{ .Values.dbport }} + objectType: ssmparameter + objectAlias: db_port + - objectName: {{ .Values.dbuser }} + objectType: ssmparameter + objectAlias: db_user + - objectName: {{ .Values.dbpassword }} + objectType: ssmparameter + objectAlias: db_password + - objectName: {{ .Values.dbschema }} + objectType: ssmparameter + objectAlias: db_schema + - objectName: {{ .Values.redishost }} + objectType: ssmparameter + objectAlias: redis_host + - objectName: {{ .Values.redisport }} + objectType: ssmparameter + objectAlias: redis_port + - objectName: {{ .Values.redisdatabase }} + objectType: ssmparameter + objectAlias: redis_database + - objectName: {{ .Values.jwtsecret }} + objectType: ssmparameter + objectAlias: jwt_secret + - objectName: {{ .Values.jwtissuer }} + objectType: ssmparameter + objectAlias: jwt_issuer + - objectName: {{ .Values.authenticationdbdatabase }} + objectType: ssmparameter + objectAlias: authentication_service_db_database + - objectName: {{ .Values.featuredbdatabase }} + objectType: ssmparameter + objectAlias: feature_db_database + - objectName: {{ .Values.notificationdbdatabase }} + objectType: ssmparameter + objectAlias: notification_service_db_database + - objectName: {{ .Values.videoconfrencingdbdatabase }} + objectType: ssmparameter + objectAlias: video_confrencing_service_db_database + - objectName: {{ .Values.vonageSecret }} + objectType: ssmparameter + objectAlias: vonage-api-key-secret + - objectName: {{ .Values.pubnubPubKey }} + objectType: ssmparameter + objectAlias: pubnub-pub-key + - objectName: {{ .Values.pubnubSubKey }} + objectType: ssmparameter + objectAlias: pubnub-sub-key + - objectName: {{ .Values.pubnubSecretKey }} + objectType: ssmparameter + objectAlias: pubnub-secret-key \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml new file mode 100644 index 00000000..aa8a3a07 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml @@ -0,0 +1,214 @@ +{{- if .Values.userTenantService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.userTenantService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-user-tenant-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/user-tenant-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.userTenantService.pullPolicy }} + resources: + {{- toYaml .Values.userTenantService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-user-tenant-service + image: {{ .Values.userTenantService.repository }}:{{ .Values.userTenantService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.userTenantService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.userTenantService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-user-tenant-service + minReplicas: {{ .Values.userTenantService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.userTenantService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.userTenantService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.userTenantService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.userTenantService.service.type }} + ports: + - port: {{ .Values.userTenantService.service.port }} + targetPort: {{ .Values.userTenantService.service.targetPort }} + protocol: {{ .Values.userTenantService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: user-tenant-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/video-conferencing-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/video-conferencing-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/virtual-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/virtual-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/virtual-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/auth0/templates/virtual-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template new file mode 100644 index 00000000..d9fd64e9 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/auth0/values.yaml.template @@ -0,0 +1,371 @@ +# Default values for helm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +strategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 +app: + url: "" + basePath: "" +livenessProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 7 +readinessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + +frontend: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-ui + pullPolicy: Always + tag: "0.0.5" + log_level: "info" + home_path: "/home" + replicaCount: 1 + affinity: {} + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "2" + Service: + type: NodePort + port: 80 + targetPort: 80 + protocol: TCP + extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "false" + enabled: "1" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 20 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + + +#Services +#featureService +featureService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + timestamp_tolerance: 300 + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /feature-service + +#authenticationService +authenticationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /authentication-service + +#notificationService +notificationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /notification-service + +#userTenantService +userTenantService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service + pullPolicy: Always + tag: "0.0.4" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /user-tenant-service + +videoConfrencingService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /video-confrencing-service + +#migrationJob +migrationJob: +#enable it when correct image has been provided + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-migration + pullPolicy: Always + tag: "0.0.1" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + +##Common env's + +#Common URL'S + +imagePullSecret: +#enable it and pass the correct parameters below + enabled: false + name: regcred + registry: https://index.docker.io/v1/ + username: '' + password: '' + email: sfdevops@sourcefuse.com + +nameOverride: "" + +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "true" + enabled: "1" + +nodeSelector: {} + +tolerations: + - effect: NoSchedule + key: pooled-node + operator: Equal + value: "pooled" + +affinity: {} + +#Migration Job Variable +tenantKey: ${TENANT_KEY} +tenantName: ${TENANT_NAME} +tenantSecret: ${TENANT_SECRET} +tenantID: ${TENANT_ID} +tenantEmail: ${TENANT_EMAIL} +adminUserTenantId: "b439829b-57e7-49d8-bb23-8ccb2ca56435" +#userCallbackSecret: "yugeyifgweyfgy" +userCallbackSecret: ${USER_CALLBACK_SECRET} + +# Frontend variable +clientId: ${TENANT_CLIENT_ID} +publicKey: ${TENANT_CLIENT_SECRET} + +tier: ${TIER} +namespace: ${NAMESPACE} +region: ${REGION} +karpenterRoleName: ${KARPENTER_ROLE} +eksClusterName: ${EKS_CLUSTER_NAME} +hostname: ${TENANT_HOST_NAME} +tenant: ${TENANT_KEY} +arn: ${WEB_IDENTITY_ROLE_ARN} +dbhost: ${DB_HOST} +dbport: ${DB_PORT} +dbuser: ${DB_USER} +dbpassword: ${DB_PASSWORD} +dbschema: ${DB_SCHEMA} +redishost: ${REDIS_HOST} +redisport: ${REDIS_PORT} +redisdatabase: ${REDIS_DATABASE} +jwtsecret: ${JWT_SECRET} +jwtissuer: ${JWT_ISSUER} +authenticationdbdatabase: ${AUTH_DATABASE} +featuredbdatabase: ${FEATURE_DATABASE} +notificationdbdatabase: ${NOTIFICATION_DATABASE} +videoconfrencingdbdatabase: ${VIDEO_CONFRENCING_DATABASE} + +# pubnub config +vonageSecret: /pubnub/vonage-api-key-secret +pubnubPubKey: /pubnub/public-key +pubnubSubKey: /pubnub/subscribe-key +pubnubSecretKey: /pubnub/secret-key \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/.helmignore b/files/tenant-samples/bridge/tenant-helm-chart/cognito/.helmignore similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/.helmignore rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/.helmignore diff --git a/files/tenant-samples/pooled/tenant-helm-chart/Chart.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/Chart.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/Chart.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/Chart.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/README.md b/files/tenant-samples/bridge/tenant-helm-chart/cognito/README.md similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/README.md rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/README.md diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/_helpers.tpl b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/_helpers.tpl similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/_helpers.tpl rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/_helpers.tpl diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/authentication-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/authentication-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/authorization-policy.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/authorization-policy.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/authorization-policy.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/authorization-policy.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/cm-authentication-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/cm-authentication-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-feature-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-feature-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-feature-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-feature-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-frontend-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-frontend-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-notification-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-notification-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-notification-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-notification-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-user-tenant-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-user-tenant-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-video-confrencing-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/feature-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/feature-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/frontend-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/frontend-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/gateway.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/gateway.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/gateway.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/gateway.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/hooks/migration-job.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/hooks/migration-job.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/imagePullSecret.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/imagePullSecret.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/imagePullSecret.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/imagePullSecret.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/kuberhealthy-http-checker.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/kuberhealthy-http-checker.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/notification-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/notification-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml new file mode 100644 index 00000000..5ed47914 --- /dev/null +++ b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/provisioner.yaml @@ -0,0 +1,61 @@ +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "NodePool to restrict the number of cpus provisioned to 100" +spec: + template: + metadata: + labels: + pooled-node: {{ .Values.tier }} + spec: + requirements: + - key: kubernetes.io/arch + operator: In + values: ["amd64"] + - key: kubernetes.io/os + operator: In + values: ["linux"] + - key: karpenter.sh/capacity-type + operator: In + values: ["on-demand"] + - key: karpenter.k8s.aws/instance-category + operator: In + values: ["t"] + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: ["2"] + nodeClassRef: + name: {{ .Values.tier }}-{{ .Values.tenant }} + taints: + - key: pooled-node + value: "pooled" + effect: NoSchedule + + limits: + cpu: 100 + memory: 1000Gi +--- +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "General purpose EC2NodeClass for running Amazon Linux 2 nodes" +spec: + amiFamily: AL2 # Amazon Linux 2 + role: {{ .Values.karpenterRoleName }} + subnetSelectorTerms: + - tags: + Type: "private" + securityGroupSelectorTerms: + - tags: + "aws:eks:cluster-name": {{ .Values.eksClusterName }} + tags: + Tenant: "pooled" + + + + + diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/templates/user-tenant-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/video-conferencing-service-deployment.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/video-conferencing-service-deployment.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/virtual-service.yaml b/files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/virtual-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/virtual-service.yaml rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/templates/virtual-service.yaml diff --git a/files/tenant-samples/bridge/tenant-helm-chart/values.yaml.template b/files/tenant-samples/bridge/tenant-helm-chart/cognito/values.yaml.template similarity index 100% rename from files/tenant-samples/bridge/tenant-helm-chart/values.yaml.template rename to files/tenant-samples/bridge/tenant-helm-chart/cognito/values.yaml.template diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/.helmignore b/files/tenant-samples/pooled/tenant-helm-chart/auth0/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/Chart.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/Chart.yaml new file mode 100644 index 00000000..fc389922 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: helm +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/README.md b/files/tenant-samples/pooled/tenant-helm-chart/auth0/README.md new file mode 100644 index 00000000..524ebf64 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/README.md @@ -0,0 +1 @@ +# ARC-SAAS Application Plane Helm \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/_helpers.tpl b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/_helpers.tpl new file mode 100644 index 00000000..69baf8f2 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm.labels" -}} +helm.sh/chart: {{ include "helm.chart" . }} +{{ include "helm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm.selectorLabels" -}} +app: {{ include "helm.name" . }} + +{{- end }} + + +{{/* +Configuring .dockerconfigjson +*/}} +{{- define "imagePullSecret" }} +{{- with .Values.imagePullSecret }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml new file mode 100644 index 00000000..99442569 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authentication-service-deployment.yaml @@ -0,0 +1,244 @@ +{{- if .Values.authenticationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.authenticationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-authentication-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/authentication-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.authenticationService.pullPolicy }} + resources: + {{- toYaml .Values.authenticationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/authentication-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-authentication-service + image: {{ .Values.authenticationService.repository }}:{{ .Values.authenticationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-authentication-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.authenticationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.authenticationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + component: authentication-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-authentication-service + minReplicas: {{ .Values.authenticationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.authenticationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.authenticationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.authenticationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.authenticationService.service.type }} + ports: + - port: {{ .Values.authenticationService.service.port }} + targetPort: {{ .Values.authenticationService.service.targetPort }} + protocol: {{ .Values.authenticationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: authentication-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authorization-policy.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authorization-policy.yaml new file mode 100644 index 00000000..ebb14452 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/authorization-policy.yaml @@ -0,0 +1,14 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: deny-traffic-from-cross-namespace + namespace: {{ .Values.namespace }} + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + action: ALLOW + rules: + - from: + - source: + namespaces: ["{{ .Values.namespace }}","kube-system","prometheus-node-exporter", "adot-collector-kubeprometheus","istio-system","karpenter","kubecost", "kuberhealthy", "argocd", "argo-workflows"] \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml new file mode 100644 index 00000000..9ddb8c11 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-authentication-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.authenticationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-authentication-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.authenticationService.port }}' + NODE_ENV: '{{ .Values.authenticationService.node_env }}' + LOG_LEVEL: '{{ .Values.authenticationService.log_level }}' + BASE_PATH: '{{ .Values.authenticationService.base_path }}' + DB_SSL: '{{ .Values.authenticationService.db_ssl }}' + PRIVATE_DECRYPTION_KEY: '' + JWT_PRIVATE_KEY: '' + JWT_PUBLIC_KEY: '' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-feature-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-feature-service.yaml new file mode 100644 index 00000000..f6f18490 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-feature-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.featureService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.featureService.port }}' + NODE_ENV: '{{ .Values.featureService.node_env }}' + LOG_LEVEL: '{{ .Values.featureService.log_level }}' + BASE_PATH: '{{ .Values.featureService.base_path }}' + DB_SSL: '{{ .Values.featureService.db_ssl }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + TIMESTAMP_TOLERANCE: '{{ .Values.featureService.timestamp_tolerance}}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml new file mode 100644 index 00000000..13352de3 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-frontend-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.frontend.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + env: |- + { + "baseApiUrl": "https://{{ .Values.hostname }}", + "authApiBaseUrl": "https://{{ .Values.hostname }}/authentication-service", + "notificationApiBaseUrl" :"https://{{ .Values.hostname }}/notification-service", + "homePath": "{{ .Values.frontend.home_path }}", + "videoApiBaseUrl": "https://{{ .Values.hostname }}/video-confrencing-service", + "notificationChannelUuid": "9f7360f6-5c1a-4354-ad68-0e62b2a1200b", + "chatChannelUuid": "ad0cac27-972e-4b69-9188-3685f7eeb8bb", + "vonageApiKey": "47793071", + "logLevel": "{{ .Values.frontend.log_level }}", + "clientId": "{{ .Values.clientId }}", + "clientSecret": "{{ .Values.publicKey }}", + "loginTitle": "Welcome to the Telemed App" + } +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-notification-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-notification-service.yaml new file mode 100644 index 00000000..87d683da --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-notification-service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.notificationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.notificationService.port }}' + NODE_ENV: '{{ .Values.notificationService.node_env }}' + LOG_LEVEL: '{{ .Values.notificationService.log_level }}' + BASE_PATH: '{{ .Values.notificationService.base_path }}' + DB_SSL: '{{ .Values.notificationService.db_ssl }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml new file mode 100644 index 00000000..e429bc25 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-user-tenant-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.userTenantService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.userTenantService.port }}' + NODE_ENV: '{{ .Values.userTenantService.node_env }}' + LOG_LEVEL: '{{ .Values.userTenantService.log_level }}' + BASE_PATH: '{{ .Values.userTenantService.base_path }}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + DB_SSL: '{{ .Values.userTenantService.db_ssl }}' + AWS_REGION: '{{ .Values.region }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml new file mode 100644 index 00000000..df67fa42 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/cm-video-confrencing-service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.videoConfrencingService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.videoConfrencingService.port }}' + NODE_ENV: '{{ .Values.videoConfrencingService.node_env }}' + LOG_LEVEL: '{{ .Values.videoConfrencingService.log_level }}' + BASE_PATH: '{{ .Values.videoConfrencingService.base_path }}' + DB_SSL: '{{ .Values.videoConfrencingService.db_ssl }}' + VONAGE_API_KEY: '47793071' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml new file mode 100644 index 00000000..abaaa2d9 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/feature-service-deployment.yaml @@ -0,0 +1,244 @@ +{{- if .Values.featureService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.featureService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-feature-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/feature-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.featureService.pullPolicy }} + resources: + {{- toYaml .Values.featureService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-feature-service + image: {{ .Values.featureService.repository }}:{{ .Values.featureService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-feature-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.featureService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.featureService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-feature-service + minReplicas: {{ .Values.featureService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.featureService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.featureService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.featureService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.featureService.service.type }} + ports: + - port: {{ .Values.featureService.service.port }} + targetPort: {{ .Values.featureService.service.targetPort }} + protocol: {{ .Values.featureService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: feature-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml new file mode 100644 index 00000000..b4fd696f --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/frontend-service-deployment.yaml @@ -0,0 +1,129 @@ +--- +#Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-frontend-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/frontend/obf/metrics +{{- if .Values.frontend.extraAnnotations }} +{{ toYaml .Values.frontend.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: frontend + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.frontend.pullPolicy }} + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-frontend + image: {{ .Values.frontend.repository }}:{{ .Values.frontend.tag }} + ports: + - containerPort: 80 + volumeMounts: + - name: env-var + mountPath: /usr/share/nginx/html/config.json + subPath: config.json + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: pubnubPublishKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: pubnubSubscribeKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: env-var + configMap: + name: {{ include "helm.fullname" . }}-cm-frontend + items: + - key: env + path: config.json + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.frontend.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.frontend.Service.type }} + ports: + - port: {{ .Values.frontend.Service.port }} + targetPort: {{ .Values.frontend.Service.targetPort }} + protocol: {{ .Values.frontend.Service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: frontend +--- \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/gateway.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/gateway.yaml new file mode 100644 index 00000000..b534262f --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - {{ .Values.hostname }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml new file mode 100644 index 00000000..81f2dbcc --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/hooks/migration-job.yaml @@ -0,0 +1,164 @@ +{{- if .Values.migrationJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ template "helm.fullname" . }}-migration-job" + annotations: + argocd.argoproj.io/hook: PostSync +spec: + backoffLimit: 20 + activeDeadlineSeconds: 600 + ttlSecondsAfterFinished: 3600 + parallelism: 1 + completions: 1 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + restartPolicy: 'OnFailure' + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} + containers: + - name: init + image: {{ .Values.migrationJob.repository }}:{{ .Values.migrationJob.tag }} + imagePullPolicy: {{ .Values.migrationJob.pullPolicy }} + resources: +{{ toYaml .Values.migrationJob.resources | indent 10 }} + command: ["/bin/sh", "-c"] + args: ["cd packages/migrations; npm run db:migrate"] + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: AUTH_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: AUTH_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: AUTH_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: AUTH_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: AUTH_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: NOTIF_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: NOTIF_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: NOTIF_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: NOTIF_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: NOTIF_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: VIDEO_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: VIDEO_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: VIDEO_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: VIDEO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: VIDEO_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + + - name: TENANT_NAME + value: {{ .Values.tenantName }} + - name: TENANT_KEY + value: {{ .Values.tenantKey }} + - name: SECRET + value: {{ .Values.tenantSecret }} + - name: TENANT_EMAIL + value: {{ .Values.tenantEmail }} + - name: CLIENT_ID + value: {{ .Values.clientId }} + - name: CLIENT_SECRET + value: {{ .Values.publicKey }} + - name: ADMIN_USER_TENANT_ID + value: {{ .Values.adminUserTenantId }} + - name: REDIRECT_URL + value: "https://{{ .Values.hostname }}{{ .Values.frontend.home_path }}" + # - name: USERNAME + # value: {{ .Values.cognitoUser }} + # - name: USER_SUB + # value: {{ .Values.cognitoSub }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/imagePullSecret.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/imagePullSecret.yaml new file mode 100644 index 00000000..d40fa6ab --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/imagePullSecret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.imagePullSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.imagePullSecret.name }} + labels: + {{- include "helm.labels" . | nindent 4 }} + component: {{ include "helm.name" . }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml new file mode 100644 index 00000000..b793f40d --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/kuberhealthy-http-checker.yaml @@ -0,0 +1,27 @@ +apiVersion: comcast.github.io/v1 +kind: KuberhealthyCheck +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-http-check + namespace: kuberhealthy + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + runInterval: 5m + timeout: 10m + podSpec: + containers: + - name: main + image: kuberhealthy/http-check:latest + imagePullPolicy: IfNotPresent + env: + - name: CHECK_URL + value: "https://{{ .Values.hostname }}/" + - name: COUNT + value: "5" + - name: SECONDS + value: "1" + - name: REQUEST_TYPE + value: "GET" + - name: PASSING + value: "80" \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml new file mode 100644 index 00000000..6de67db6 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/notification-service-deployment.yaml @@ -0,0 +1,229 @@ +{{- if .Values.notificationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.notificationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-notification-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/notification-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.notificationService.pullPolicy }} + resources: + {{- toYaml .Values.notificationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-notification-service + image: {{ .Values.notificationService.repository }}:{{ .Values.notificationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-notification-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: PUBNUB_PUBLISH_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: PUBNUB_SUBSCRIBE_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY + - name: PUBNUB_SECRET_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SECRET_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.notificationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.notificationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-notification-service + minReplicas: {{ .Values.notificationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.notificationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.notificationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.notificationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.notificationService.service.type }} + ports: + - port: {{ .Values.notificationService.service.port }} + targetPort: {{ .Values.notificationService.service.targetPort }} + protocol: {{ .Values.notificationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: notification-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/provisioner.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/provisioner.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/provisioner.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/provisioner.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml new file mode 100644 index 00000000..45c0d9e5 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/secret-provider-class-and-sa.yaml @@ -0,0 +1,118 @@ +--- +#namespace specific service account for +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + {{- include "helm.labels" . | nindent 4 }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.arn }} + +--- +#custom resource to fetch the secrets from paramter store +apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +kind: SecretProviderClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + labels: + {{- include "helm.labels" . | nindent 4 }} +spec: + provider: aws + secretObjects: + - secretName: api-token + type: Opaque + data: + - objectName: db_host + key: DB_HOST + - objectName: db_port + key: DB_PORT + - objectName: db_user + key: DB_USER + - objectName: db_password + key: DB_PASSWORD + - objectName: db_schema + key: DB_SCHEMA + - objectName: redis_host + key: REDIS_HOST + - objectName: redis_port + key: REDIS_PORT + - objectName: redis_database + key: REDIS_DATABASE + - objectName: jwt_secret + key: JWT_SECRET + - objectName: jwt_issuer + key: JWT_ISSUER + - objectName: authentication_service_db_database + key: AUTHENTICATION_SERVICE_DB_DATABASE + - objectName: feature_db_database + key: FEATURE_DB_DATABASE + - objectName: video_confrencing_service_db_database + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - objectName: notification_service_db_database + key: NOTIFICATION_SERVICE_DB_DATABASE + - objectName: vonage-api-key-secret + key: VONAGE_API_KEY_SECRET + - objectName: pubnub-pub-key + key: PUBNUB_PUB_KEY + - objectName: pubnub-sub-key + key: PUBNUB_SUB_KEY + - objectName: pubnub-secret-key + key: PUBNUB_SECRET_KEY + parameters: +# region: us-west-2 + objects: | + - objectName: {{ .Values.dbhost }} + objectType: ssmparameter + objectAlias: db_host + - objectName: {{ .Values.dbport }} + objectType: ssmparameter + objectAlias: db_port + - objectName: {{ .Values.dbuser }} + objectType: ssmparameter + objectAlias: db_user + - objectName: {{ .Values.dbpassword }} + objectType: ssmparameter + objectAlias: db_password + - objectName: {{ .Values.dbschema }} + objectType: ssmparameter + objectAlias: db_schema + - objectName: {{ .Values.redishost }} + objectType: ssmparameter + objectAlias: redis_host + - objectName: {{ .Values.redisport }} + objectType: ssmparameter + objectAlias: redis_port + - objectName: {{ .Values.redisdatabase }} + objectType: ssmparameter + objectAlias: redis_database + - objectName: {{ .Values.jwtsecret }} + objectType: ssmparameter + objectAlias: jwt_secret + - objectName: {{ .Values.jwtissuer }} + objectType: ssmparameter + objectAlias: jwt_issuer + - objectName: {{ .Values.authenticationdbdatabase }} + objectType: ssmparameter + objectAlias: authentication_service_db_database + - objectName: {{ .Values.featuredbdatabase }} + objectType: ssmparameter + objectAlias: feature_db_database + - objectName: {{ .Values.notificationdbdatabase }} + objectType: ssmparameter + objectAlias: notification_service_db_database + - objectName: {{ .Values.videoconfrencingdbdatabase }} + objectType: ssmparameter + objectAlias: video_confrencing_service_db_database + - objectName: {{ .Values.vonageSecret }} + objectType: ssmparameter + objectAlias: vonage-api-key-secret + - objectName: {{ .Values.pubnubPubKey }} + objectType: ssmparameter + objectAlias: pubnub-pub-key + - objectName: {{ .Values.pubnubSubKey }} + objectType: ssmparameter + objectAlias: pubnub-sub-key + - objectName: {{ .Values.pubnubSecretKey }} + objectType: ssmparameter + objectAlias: pubnub-secret-key \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml new file mode 100644 index 00000000..aa8a3a07 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/user-tenant-service-deployment.yaml @@ -0,0 +1,214 @@ +{{- if .Values.userTenantService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.userTenantService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-user-tenant-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/user-tenant-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.userTenantService.pullPolicy }} + resources: + {{- toYaml .Values.userTenantService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/user-tenant-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-user-tenant-service + image: {{ .Values.userTenantService.repository }}:{{ .Values.userTenantService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.userTenantService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.userTenantService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + component: user-tenant-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-user-tenant-service + minReplicas: {{ .Values.userTenantService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.userTenantService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.userTenantService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.userTenantService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.userTenantService.service.type }} + ports: + - port: {{ .Values.userTenantService.service.port }} + targetPort: {{ .Values.userTenantService.service.targetPort }} + protocol: {{ .Values.userTenantService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: user-tenant-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml new file mode 100644 index 00000000..4707073a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/video-conferencing-service-deployment.yaml @@ -0,0 +1,219 @@ +{{- if .Values.videoConfrencingService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.videoConfrencingService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-video-confrencing-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/video-confrencing-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.videoConfrencingService.pullPolicy }} + resources: + {{- toYaml .Values.videoConfrencingService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-video-confrencing-service + image: {{ .Values.videoConfrencingService.repository }}:{{ .Values.videoConfrencingService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: VONAGE_API_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: VONAGE_API_KEY_SECRET +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.videoConfrencingService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.videoConfrencingService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-video-confrencing-service + minReplicas: {{ .Values.videoConfrencingService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.videoConfrencingService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.videoConfrencingService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.videoConfrencingService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.videoConfrencingService.service.type }} + ports: + - port: {{ .Values.videoConfrencingService.service.port }} + targetPort: {{ .Values.videoConfrencingService.service.targetPort }} + protocol: {{ .Values.videoConfrencingService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/virtual-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/virtual-service.yaml new file mode 100644 index 00000000..f46c6b4a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/templates/virtual-service.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + hosts: + - {{ .Values.hostname }} + gateways: + - {{ .Values.tier }}-{{ .Values.tenant }} #create gateway with name as tenant name + http: + - match: + - uri: + prefix: {{ .Values.app.basePath }}/authentication-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-authentication-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/feature-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-feature-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/notification-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-notification-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/user-tenant-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-user-tenant-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/video-confrencing-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-video-confrencing-service" + port: + number: 3000 + - match: + - uri: + prefix: / + route: + - destination: + host: "{{ include "helm.fullname" . }}-frontend" + port: + number: 80 \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template b/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template new file mode 100644 index 00000000..d9fd64e9 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/auth0/values.yaml.template @@ -0,0 +1,371 @@ +# Default values for helm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +strategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 +app: + url: "" + basePath: "" +livenessProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 7 +readinessProbe: + enabled: false + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + +frontend: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-ui + pullPolicy: Always + tag: "0.0.5" + log_level: "info" + home_path: "/home" + replicaCount: 1 + affinity: {} + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "2" + Service: + type: NodePort + port: 80 + targetPort: 80 + protocol: TCP + extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "false" + enabled: "1" + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 20 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + + +#Services +#featureService +featureService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-feature-toggle-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + timestamp_tolerance: 300 + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /feature-service + +#authenticationService +authenticationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-authentication-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /authentication-service + +#notificationService +notificationService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-notification-service + pullPolicy: Always + tag: "0.0.3" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /notification-service + +#userTenantService +userTenantService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-user-tenant-service + pullPolicy: Always + tag: "0.0.4" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /user-tenant-service + +videoConfrencingService: + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-video-conferencing-service + pullPolicy: Always + tag: "0.0.2" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + db_ssl: false + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "2048Mi" + cpu: "1" + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 75 + targetMemoryUtilizationPercentage: 80 + base_path: /video-confrencing-service + +#migrationJob +migrationJob: +#enable it when correct image has been provided + enabled: true + repository: public.ecr.aws/p1a1c8p2/sourcefuse-arc-saas-application-plane-migration + pullPolicy: Always + tag: "0.0.1" + replicaCount: 1 + port: 3000 + node_env: "production" + log_level: "info" + affinity: {} + allowed_origins: "*" + imagePullPolicy: + enabled: "yes" + name: regcred + service: + type: NodePort + port: 3000 + targetPort: 3000 + protocol: TCP + +##Common env's + +#Common URL'S + +imagePullSecret: +#enable it and pass the correct parameters below + enabled: false + name: regcred + registry: https://index.docker.io/v1/ + username: '' + password: '' + email: sfdevops@sourcefuse.com + +nameOverride: "" + +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +extraAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "3000" + sidecar.istio.io/inject: "true" + enabled: "1" + +nodeSelector: {} + +tolerations: + - effect: NoSchedule + key: pooled-node + operator: Equal + value: "pooled" + +affinity: {} + +#Migration Job Variable +tenantKey: ${TENANT_KEY} +tenantName: ${TENANT_NAME} +tenantSecret: ${TENANT_SECRET} +tenantID: ${TENANT_ID} +tenantEmail: ${TENANT_EMAIL} +adminUserTenantId: "b439829b-57e7-49d8-bb23-8ccb2ca56435" +#userCallbackSecret: "yugeyifgweyfgy" +userCallbackSecret: ${USER_CALLBACK_SECRET} + +# Frontend variable +clientId: ${TENANT_CLIENT_ID} +publicKey: ${TENANT_CLIENT_SECRET} + +tier: ${TIER} +namespace: ${NAMESPACE} +region: ${REGION} +karpenterRoleName: ${KARPENTER_ROLE} +eksClusterName: ${EKS_CLUSTER_NAME} +hostname: ${TENANT_HOST_NAME} +tenant: ${TENANT_KEY} +arn: ${WEB_IDENTITY_ROLE_ARN} +dbhost: ${DB_HOST} +dbport: ${DB_PORT} +dbuser: ${DB_USER} +dbpassword: ${DB_PASSWORD} +dbschema: ${DB_SCHEMA} +redishost: ${REDIS_HOST} +redisport: ${REDIS_PORT} +redisdatabase: ${REDIS_DATABASE} +jwtsecret: ${JWT_SECRET} +jwtissuer: ${JWT_ISSUER} +authenticationdbdatabase: ${AUTH_DATABASE} +featuredbdatabase: ${FEATURE_DATABASE} +notificationdbdatabase: ${NOTIFICATION_DATABASE} +videoconfrencingdbdatabase: ${VIDEO_CONFRENCING_DATABASE} + +# pubnub config +vonageSecret: /pubnub/vonage-api-key-secret +pubnubPubKey: /pubnub/public-key +pubnubSubKey: /pubnub/subscribe-key +pubnubSecretKey: /pubnub/secret-key \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/.helmignore b/files/tenant-samples/pooled/tenant-helm-chart/cognito/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/Chart.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/Chart.yaml new file mode 100644 index 00000000..fc389922 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: helm +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/README.md b/files/tenant-samples/pooled/tenant-helm-chart/cognito/README.md new file mode 100644 index 00000000..524ebf64 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/README.md @@ -0,0 +1 @@ +# ARC-SAAS Application Plane Helm \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/_helpers.tpl b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/_helpers.tpl new file mode 100644 index 00000000..69baf8f2 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm.labels" -}} +helm.sh/chart: {{ include "helm.chart" . }} +{{ include "helm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm.selectorLabels" -}} +app: {{ include "helm.name" . }} + +{{- end }} + + +{{/* +Configuring .dockerconfigjson +*/}} +{{- define "imagePullSecret" }} +{{- with .Values.imagePullSecret }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} + diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/authentication-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/authentication-service-deployment.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authentication-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authorization-policy.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authorization-policy.yaml new file mode 100644 index 00000000..ebb14452 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/authorization-policy.yaml @@ -0,0 +1,14 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: deny-traffic-from-cross-namespace + namespace: {{ .Values.namespace }} + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + action: ALLOW + rules: + - from: + - source: + namespaces: ["{{ .Values.namespace }}","kube-system","prometheus-node-exporter", "adot-collector-kubeprometheus","istio-system","karpenter","kubecost", "kuberhealthy", "argocd", "argo-workflows"] \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/cm-authentication-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/cm-authentication-service.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-authentication-service.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-feature-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-feature-service.yaml new file mode 100644 index 00000000..f6f18490 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-feature-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.featureService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.featureService.port }}' + NODE_ENV: '{{ .Values.featureService.node_env }}' + LOG_LEVEL: '{{ .Values.featureService.log_level }}' + BASE_PATH: '{{ .Values.featureService.base_path }}' + DB_SSL: '{{ .Values.featureService.db_ssl }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + TIMESTAMP_TOLERANCE: '{{ .Values.featureService.timestamp_tolerance}}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml new file mode 100644 index 00000000..13352de3 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-frontend-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.frontend.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + env: |- + { + "baseApiUrl": "https://{{ .Values.hostname }}", + "authApiBaseUrl": "https://{{ .Values.hostname }}/authentication-service", + "notificationApiBaseUrl" :"https://{{ .Values.hostname }}/notification-service", + "homePath": "{{ .Values.frontend.home_path }}", + "videoApiBaseUrl": "https://{{ .Values.hostname }}/video-confrencing-service", + "notificationChannelUuid": "9f7360f6-5c1a-4354-ad68-0e62b2a1200b", + "chatChannelUuid": "ad0cac27-972e-4b69-9188-3685f7eeb8bb", + "vonageApiKey": "47793071", + "logLevel": "{{ .Values.frontend.log_level }}", + "clientId": "{{ .Values.clientId }}", + "clientSecret": "{{ .Values.publicKey }}", + "loginTitle": "Welcome to the Telemed App" + } +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-notification-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-notification-service.yaml new file mode 100644 index 00000000..87d683da --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-notification-service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.notificationService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.notificationService.port }}' + NODE_ENV: '{{ .Values.notificationService.node_env }}' + LOG_LEVEL: '{{ .Values.notificationService.log_level }}' + BASE_PATH: '{{ .Values.notificationService.base_path }}' + DB_SSL: '{{ .Values.notificationService.db_ssl }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml new file mode 100644 index 00000000..e429bc25 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-user-tenant-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.userTenantService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-user-tenant-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.userTenantService.port }}' + NODE_ENV: '{{ .Values.userTenantService.node_env }}' + LOG_LEVEL: '{{ .Values.userTenantService.log_level }}' + BASE_PATH: '{{ .Values.userTenantService.base_path }}' + ADMIN_USER_TENANT_ID: '{{ .Values.adminUserTenantId }}' + USER_CALLBACK_SECRET: '{{ .Values.userCallbackSecret }}' + DB_SSL: '{{ .Values.userTenantService.db_ssl }}' + AWS_REGION: '{{ .Values.region }}' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml new file mode 100644 index 00000000..df67fa42 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/cm-video-confrencing-service.yaml @@ -0,0 +1,17 @@ +{{- if .Values.videoConfrencingService.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +data: + PORT: '{{ .Values.videoConfrencingService.port }}' + NODE_ENV: '{{ .Values.videoConfrencingService.node_env }}' + LOG_LEVEL: '{{ .Values.videoConfrencingService.log_level }}' + BASE_PATH: '{{ .Values.videoConfrencingService.base_path }}' + DB_SSL: '{{ .Values.videoConfrencingService.db_ssl }}' + VONAGE_API_KEY: '47793071' +{{- end}} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml new file mode 100644 index 00000000..abaaa2d9 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/feature-service-deployment.yaml @@ -0,0 +1,244 @@ +{{- if .Values.featureService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.featureService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-feature-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/feature-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.featureService.pullPolicy }} + resources: + {{- toYaml .Values.featureService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/feature-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-feature-service + image: {{ .Values.featureService.repository }}:{{ .Values.featureService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-feature-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: FEATURE_DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.featureService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.featureService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + component: feature-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-feature-service + minReplicas: {{ .Values.featureService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.featureService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.featureService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.featureService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-feature-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.featureService.service.type }} + ports: + - port: {{ .Values.featureService.service.port }} + targetPort: {{ .Values.featureService.service.targetPort }} + protocol: {{ .Values.featureService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: feature-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml new file mode 100644 index 00000000..b4fd696f --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/frontend-service-deployment.yaml @@ -0,0 +1,129 @@ +--- +#Deployment +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-frontend-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/frontend/obf/metrics +{{- if .Values.frontend.extraAnnotations }} +{{ toYaml .Values.frontend.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: frontend + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.frontend.pullPolicy }} + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/frontend + port: 80 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-frontend + image: {{ .Values.frontend.repository }}:{{ .Values.frontend.tag }} + ports: + - containerPort: 80 + volumeMounts: + - name: env-var + mountPath: /usr/share/nginx/html/config.json + subPath: config.json + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: pubnubPublishKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: pubnubSubscribeKey + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: env-var + configMap: + name: {{ include "helm.fullname" . }}-cm-frontend + items: + - key: env + path: config.json + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.frontend.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-frontend + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.frontend.Service.type }} + ports: + - port: {{ .Values.frontend.Service.port }} + targetPort: {{ .Values.frontend.Service.targetPort }} + protocol: {{ .Values.frontend.Service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: frontend +--- \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/gateway.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/gateway.yaml new file mode 100644 index 00000000..b534262f --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - {{ .Values.hostname }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml new file mode 100644 index 00000000..81f2dbcc --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/hooks/migration-job.yaml @@ -0,0 +1,164 @@ +{{- if .Values.migrationJob.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ template "helm.fullname" . }}-migration-job" + annotations: + argocd.argoproj.io/hook: PostSync +spec: + backoffLimit: 20 + activeDeadlineSeconds: 600 + ttlSecondsAfterFinished: 3600 + parallelism: 1 + completions: 1 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets + restartPolicy: 'OnFailure' + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} + containers: + - name: init + image: {{ .Values.migrationJob.repository }}:{{ .Values.migrationJob.tag }} + imagePullPolicy: {{ .Values.migrationJob.pullPolicy }} + resources: +{{ toYaml .Values.migrationJob.resources | indent 10 }} + command: ["/bin/sh", "-c"] + args: ["cd packages/migrations; npm run db:migrate"] + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + env: + - name: AUTH_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: AUTH_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: AUTH_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: AUTH_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: AUTH_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: AUTHENTICATION_SERVICE_DB_DATABASE + - name: FEATURE_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: FEATURE_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: FEATURE_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: FEATURE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: FEATURE_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: FEATURE_DB_DATABASE + - name: NOTIF_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: NOTIF_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: NOTIF_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: NOTIF_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: NOTIF_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: VIDEO_DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: VIDEO_DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: VIDEO_DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: VIDEO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: VIDEO_DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + + - name: TENANT_NAME + value: {{ .Values.tenantName }} + - name: TENANT_KEY + value: {{ .Values.tenantKey }} + - name: SECRET + value: {{ .Values.tenantSecret }} + - name: TENANT_EMAIL + value: {{ .Values.tenantEmail }} + - name: CLIENT_ID + value: {{ .Values.clientId }} + - name: CLIENT_SECRET + value: {{ .Values.publicKey }} + - name: ADMIN_USER_TENANT_ID + value: {{ .Values.adminUserTenantId }} + - name: REDIRECT_URL + value: "https://{{ .Values.hostname }}{{ .Values.frontend.home_path }}" + # - name: USERNAME + # value: {{ .Values.cognitoUser }} + # - name: USER_SUB + # value: {{ .Values.cognitoSub }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/imagePullSecret.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/imagePullSecret.yaml new file mode 100644 index 00000000..d40fa6ab --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/imagePullSecret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.imagePullSecret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.imagePullSecret.name }} + labels: + {{- include "helm.labels" . | nindent 4 }} + component: {{ include "helm.name" . }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml new file mode 100644 index 00000000..b793f40d --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/kuberhealthy-http-checker.yaml @@ -0,0 +1,27 @@ +apiVersion: comcast.github.io/v1 +kind: KuberhealthyCheck +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }}-http-check + namespace: kuberhealthy + labels: + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + runInterval: 5m + timeout: 10m + podSpec: + containers: + - name: main + image: kuberhealthy/http-check:latest + imagePullPolicy: IfNotPresent + env: + - name: CHECK_URL + value: "https://{{ .Values.hostname }}/" + - name: COUNT + value: "5" + - name: SECONDS + value: "1" + - name: REQUEST_TYPE + value: "GET" + - name: PASSING + value: "80" \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml new file mode 100644 index 00000000..6de67db6 --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/notification-service-deployment.yaml @@ -0,0 +1,229 @@ +{{- if .Values.notificationService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.notificationService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-notification-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/notification-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.notificationService.pullPolicy }} + resources: + {{- toYaml .Values.notificationService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/notification-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-notification-service + image: {{ .Values.notificationService.repository }}:{{ .Values.notificationService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-notification-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: NOTIFICATION_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: PUBNUB_PUBLISH_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_PUB_KEY + - name: PUBNUB_SUBSCRIBE_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SUB_KEY + - name: PUBNUB_SECRET_KEY + valueFrom: + secretKeyRef: + name: api-token + key: PUBNUB_SECRET_KEY +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.notificationService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.notificationService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + component: notification-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-notification-service + minReplicas: {{ .Values.notificationService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.notificationService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.notificationService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.notificationService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-notification-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.notificationService.service.type }} + ports: + - port: {{ .Values.notificationService.service.port }} + targetPort: {{ .Values.notificationService.service.targetPort }} + protocol: {{ .Values.notificationService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: notification-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml new file mode 100644 index 00000000..49843c8a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/provisioner.yaml @@ -0,0 +1,60 @@ +apiVersion: karpenter.sh/v1beta1 +kind: NodePool +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "NodePool to restrict the number of cpus provisioned to 100" +spec: + template: + metadata: + labels: + pooled-node: {{ .Values.tier }} + spec: + requirements: + - key: kubernetes.io/arch + operator: In + values: ["amd64"] + - key: kubernetes.io/os + operator: In + values: ["linux"] + - key: karpenter.sh/capacity-type + operator: In + values: ["on-demand"] + - key: karpenter.k8s.aws/instance-category + operator: In + values: ["t"] + - key: karpenter.k8s.aws/instance-generation + operator: Gt + values: ["2"] + nodeClassRef: + name: {{ .Values.tier }}-{{ .Values.tenant }} + taints: + - key: pooled-node + value: "pooled" + effect: NoSchedule + + limits: + cpu: 100 + memory: 1000Gi +--- +apiVersion: karpenter.k8s.aws/v1beta1 +kind: EC2NodeClass +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + annotations: + kubernetes.io/description: "General purpose EC2NodeClass for running Amazon Linux 2 nodes" +spec: + amiFamily: AL2 # Amazon Linux 2 + role: {{ .Values.karpenterRoleName }} + subnetSelectorTerms: + - tags: + Type: "private" + securityGroupSelectorTerms: + - tags: + "aws:eks:cluster-name": {{ .Values.eksClusterName }} + tags: + Tenant: "pooled" + + + + diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/secret-provider-class-and-sa.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/secret-provider-class-and-sa.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/templates/user-tenant-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/templates/user-tenant-service-deployment.yaml rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/user-tenant-service-deployment.yaml diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml new file mode 100644 index 00000000..4707073a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/video-conferencing-service-deployment.yaml @@ -0,0 +1,219 @@ +{{- if .Values.videoConfrencingService.enabled }} +--- +#Deployment + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + replicas: {{ .Values.videoConfrencingService.replicaCount }} + strategy: + type: {{ .Values.strategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.strategy.maxUnavailable }} + maxSurge: {{ .Values.strategy.maxSurge }} + selector: + matchLabels: + app: {{ include "helm.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/cm-video-confrencing-service.yaml") . | sha256sum }} + prometheus.io/path: {{ .Values.app.basePath }}/video-confrencing-service/obf/metrics +{{- if .Values.extraAnnotations }} +{{ toYaml .Values.extraAnnotations | indent 8 }} +{{- end }} + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} + spec: + serviceAccountName: {{ .Values.tier }}-{{ .Values.tenant }} + containers: + - imagePullPolicy: {{ .Values.videoConfrencingService.pullPolicy }} + resources: + {{- toYaml .Values.videoConfrencingService.resources | nindent 12 }} +{{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} +{{- end }} +{{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.app.basePath }}/video-confrencing-service + port: 3000 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} +{{- end }} + name: {{ include "helm.fullname" . }}-video-confrencing-service + image: {{ .Values.videoConfrencingService.repository }}:{{ .Values.videoConfrencingService.tag }} + volumeMounts: + - name: my-api-token + mountPath: /mnt/api-token + readOnly: true + envFrom: + - configMapRef: + name: {{ include "helm.fullname" . }}-cm-video-confrencing-service + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: api-token + key: DB_HOST + - name: DB_PORT + valueFrom: + secretKeyRef: + name: api-token + key: DB_PORT + - name: DB_USER + valueFrom: + secretKeyRef: + name: api-token + key: DB_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: api-token + key: DB_PASSWORD + - name: DB_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: VIDEO_CONFRENCING_SERVICE_DB_DATABASE + - name: DB_SCHEMA + valueFrom: + secretKeyRef: + name: api-token + key: DB_SCHEMA + - name: REDIS_HOST + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PORT + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_PORT + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_HOST + - name: REDIS_PASSWORD + value: "" + - name: REDIS_DATABASE + valueFrom: + secretKeyRef: + name: api-token + key: REDIS_DATABASE + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: JWT_SECRET + - name: JWT_ISSUER + valueFrom: + secretKeyRef: + name: api-token + key: JWT_ISSUER + - name: VONAGE_API_SECRET + valueFrom: + secretKeyRef: + name: api-token + key: VONAGE_API_KEY_SECRET +{{- if .Values.imagePullSecret.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecret.name }} +{{- end }} + + nodeSelector: + pooled-node: {{ .Values.tier }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + volumes: + - name: my-api-token + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: {{ .Values.tier }}-{{ .Values.tenant }}-aws-secrets +{{- with .Values.videoConfrencingService.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + +--- +#HPA + +{{- if .Values.videoConfrencingService.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "helm.fullname" . }}-video-confrencing-service + minReplicas: {{ .Values.videoConfrencingService.autoscaling.minReplicas }} + maxReplicas: {{ .Values.videoConfrencingService.autoscaling.maxReplicas }} + metrics: + {{- with .Values.videoConfrencingService.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .Values.videoConfrencingService.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: AverageValue + averageValue: {{ . }} + {{- end }} +{{- end }} +--- +#Service +apiVersion: v1 +kind: Service +metadata: + name: {{ include "helm.fullname" . }}-video-confrencing-service + labels: + app: {{ include "helm.fullname" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + type: {{ .Values.videoConfrencingService.service.type }} + ports: + - port: {{ .Values.videoConfrencingService.service.port }} + targetPort: {{ .Values.videoConfrencingService.service.targetPort }} + protocol: {{ .Values.videoConfrencingService.service.protocol }} + name: web + selector: + app: {{ include "helm.fullname" . }} + component: video-confrencing-service +--- +{{- end }} \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/virtual-service.yaml b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/virtual-service.yaml new file mode 100644 index 00000000..f46c6b4a --- /dev/null +++ b/files/tenant-samples/pooled/tenant-helm-chart/cognito/templates/virtual-service.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Values.tier }}-{{ .Values.tenant }} + labels: + app: {{ include "helm.name" . }} + Tenant: {{ .Values.tenant }} + Tenant_ID: {{ .Values.tenantID }} +spec: + hosts: + - {{ .Values.hostname }} + gateways: + - {{ .Values.tier }}-{{ .Values.tenant }} #create gateway with name as tenant name + http: + - match: + - uri: + prefix: {{ .Values.app.basePath }}/authentication-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-authentication-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/feature-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-feature-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/notification-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-notification-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/user-tenant-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-user-tenant-service" + port: + number: 3000 + - match: + - uri: + prefix: {{ .Values.app.basePath }}/video-confrencing-service + route: + - destination: + host: "{{ include "helm.fullname" . }}-video-confrencing-service" + port: + number: 3000 + - match: + - uri: + prefix: / + route: + - destination: + host: "{{ include "helm.fullname" . }}-frontend" + port: + number: 80 \ No newline at end of file diff --git a/files/tenant-samples/pooled/tenant-helm-chart/values.yaml.template b/files/tenant-samples/pooled/tenant-helm-chart/cognito/values.yaml.template similarity index 100% rename from files/tenant-samples/pooled/tenant-helm-chart/values.yaml.template rename to files/tenant-samples/pooled/tenant-helm-chart/cognito/values.yaml.template