From cd05ed286fc2dfaee2c4a039d4fe8ab4822aed87 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Wed, 19 Nov 2025 12:20:48 +0545 Subject: [PATCH 1/3] chore: rename toggle-django-helm dir to chart --- .github/workflows/helm-publish.yml | 20 +++++++++---------- {toggle-django-helm => chart}/.gitignore | 0 {toggle-django-helm => chart}/.helmignore | 0 {toggle-django-helm => chart}/Chart.lock | 0 {toggle-django-helm => chart}/Chart.yaml | 0 .../linter_values.yaml | 0 .../templates/_helpers.tpl | 0 .../templates/api/deployment.yaml | 0 .../templates/api/ingress.yaml | 0 .../templates/api/secrets-provider-class.yaml | 0 .../templates/api/service-account.yaml | 0 .../templates/api/service.yaml | 0 .../templates/argo-hooks/hook-job.yaml | 0 .../templates/celery-flower/deployment.yaml | 0 .../templates/celery-flower/service.yaml | 0 .../templates/config/configmap.yaml | 0 .../templates/config/secret.yaml | 0 .../templates/cronjobs/deployment.yaml | 0 .../templates/extraManifests.yaml | 0 .../templates/worker-beat/deployment.yaml | 0 .../templates/worker/deployment.yaml | 0 .../tests/values-1.yaml | 0 .../tests/values-2.yaml | 0 .../tests/values-3.yaml | 0 {toggle-django-helm => chart}/values.yaml | 0 25 files changed, 10 insertions(+), 10 deletions(-) rename {toggle-django-helm => chart}/.gitignore (100%) rename {toggle-django-helm => chart}/.helmignore (100%) rename {toggle-django-helm => chart}/Chart.lock (100%) rename {toggle-django-helm => chart}/Chart.yaml (100%) rename {toggle-django-helm => chart}/linter_values.yaml (100%) rename {toggle-django-helm => chart}/templates/_helpers.tpl (100%) rename {toggle-django-helm => chart}/templates/api/deployment.yaml (100%) rename {toggle-django-helm => chart}/templates/api/ingress.yaml (100%) rename {toggle-django-helm => chart}/templates/api/secrets-provider-class.yaml (100%) rename {toggle-django-helm => chart}/templates/api/service-account.yaml (100%) rename {toggle-django-helm => chart}/templates/api/service.yaml (100%) rename {toggle-django-helm => chart}/templates/argo-hooks/hook-job.yaml (100%) rename {toggle-django-helm => chart}/templates/celery-flower/deployment.yaml (100%) rename {toggle-django-helm => chart}/templates/celery-flower/service.yaml (100%) rename {toggle-django-helm => chart}/templates/config/configmap.yaml (100%) rename {toggle-django-helm => chart}/templates/config/secret.yaml (100%) rename {toggle-django-helm => chart}/templates/cronjobs/deployment.yaml (100%) rename {toggle-django-helm => chart}/templates/extraManifests.yaml (100%) rename {toggle-django-helm => chart}/templates/worker-beat/deployment.yaml (100%) rename {toggle-django-helm => chart}/templates/worker/deployment.yaml (100%) rename {toggle-django-helm => chart}/tests/values-1.yaml (100%) rename {toggle-django-helm => chart}/tests/values-2.yaml (100%) rename {toggle-django-helm => chart}/tests/values-3.yaml (100%) rename {toggle-django-helm => chart}/values.yaml (100%) diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml index 57b5033..50cde60 100644 --- a/.github/workflows/helm-publish.yml +++ b/.github/workflows/helm-publish.yml @@ -39,8 +39,8 @@ jobs: OCI_REPO=$(echo $OCI_REPO | tr '[:upper:]' '[:lower:]') # Helm - HELM_TARGET_REVISION=$(helm show chart ./toggle-django-helm/ | grep '^version:' | awk '{print $2}') - HELM_CHART=$(helm show chart ./toggle-django-helm/ | grep '^name:' | awk '{print $2}') + HELM_TARGET_REVISION=$(helm show chart ./chart/ | grep '^version:' | awk '{print $2}') + HELM_CHART=$(helm show chart ./chart/ | grep '^name:' | awk '{print $2}') echo "helm_oci_repo=$OCI_REPO" >> $GITHUB_OUTPUT echo "helm_chart=$HELM_CHART" >> $GITHUB_OUTPUT @@ -56,23 +56,23 @@ jobs: - name: 🐳 Helm dependency run: | - yq --indent 0 '.dependencies | map(select(.repository | test("^oci:") | not)) | map(["helm", "repo", "add", .name, .repository] | join(" ")) | .[]' ./toggle-django-helm/Chart.lock | sh -- - helm dependency build ./toggle-django-helm/ + yq --indent 0 '.dependencies | map(select(.repository | test("^oci:") | not)) | map(["helm", "repo", "add", .name, .repository] | join(" ")) | .[]' ./chart/Chart.lock | sh -- + helm dependency build ./chart/ - name: Helm lint - run: helm lint ./toggle-django-helm --values ./toggle-django-helm/linter_values.yaml + run: helm lint ./chart --values ./chart/linter_values.yaml - name: Helm template run: | - helm template ./toggle-django-helm --values ./toggle-django-helm/linter_values.yaml + helm template ./chart --values ./chart/linter_values.yaml # Test using all test values - for values_file in ./toggle-django-helm/tests/values-*.yaml; do - helm template ./toggle-django-helm --values "$values_file" + for values_file in ./chart/tests/values-*.yaml; do + helm template ./chart --values "$values_file" done - name: Package Helm Chart - run: helm package ./toggle-django-helm/ -d ./toggle-django-helm/.helm-charts + run: helm package ./chart/ -d ./chart/.helm-charts - name: Push Helm Chart id: push @@ -82,7 +82,7 @@ jobs: HELM_CHART: "${{ steps.prep.outputs.helm_chart }}" HELM_TARGET_REVISION: "${{ steps.prep.outputs.helm_target_revision }}" run: | - PACKAGE_FILE=$(ls ./toggle-django-helm/.helm-charts/*.tgz | head -n 1) + PACKAGE_FILE=$(ls ./chart/.helm-charts/*.tgz | head -n 1) echo "# Helm Chart" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo '```yaml' >> $GITHUB_STEP_SUMMARY diff --git a/toggle-django-helm/.gitignore b/chart/.gitignore similarity index 100% rename from toggle-django-helm/.gitignore rename to chart/.gitignore diff --git a/toggle-django-helm/.helmignore b/chart/.helmignore similarity index 100% rename from toggle-django-helm/.helmignore rename to chart/.helmignore diff --git a/toggle-django-helm/Chart.lock b/chart/Chart.lock similarity index 100% rename from toggle-django-helm/Chart.lock rename to chart/Chart.lock diff --git a/toggle-django-helm/Chart.yaml b/chart/Chart.yaml similarity index 100% rename from toggle-django-helm/Chart.yaml rename to chart/Chart.yaml diff --git a/toggle-django-helm/linter_values.yaml b/chart/linter_values.yaml similarity index 100% rename from toggle-django-helm/linter_values.yaml rename to chart/linter_values.yaml diff --git a/toggle-django-helm/templates/_helpers.tpl b/chart/templates/_helpers.tpl similarity index 100% rename from toggle-django-helm/templates/_helpers.tpl rename to chart/templates/_helpers.tpl diff --git a/toggle-django-helm/templates/api/deployment.yaml b/chart/templates/api/deployment.yaml similarity index 100% rename from toggle-django-helm/templates/api/deployment.yaml rename to chart/templates/api/deployment.yaml diff --git a/toggle-django-helm/templates/api/ingress.yaml b/chart/templates/api/ingress.yaml similarity index 100% rename from toggle-django-helm/templates/api/ingress.yaml rename to chart/templates/api/ingress.yaml diff --git a/toggle-django-helm/templates/api/secrets-provider-class.yaml b/chart/templates/api/secrets-provider-class.yaml similarity index 100% rename from toggle-django-helm/templates/api/secrets-provider-class.yaml rename to chart/templates/api/secrets-provider-class.yaml diff --git a/toggle-django-helm/templates/api/service-account.yaml b/chart/templates/api/service-account.yaml similarity index 100% rename from toggle-django-helm/templates/api/service-account.yaml rename to chart/templates/api/service-account.yaml diff --git a/toggle-django-helm/templates/api/service.yaml b/chart/templates/api/service.yaml similarity index 100% rename from toggle-django-helm/templates/api/service.yaml rename to chart/templates/api/service.yaml diff --git a/toggle-django-helm/templates/argo-hooks/hook-job.yaml b/chart/templates/argo-hooks/hook-job.yaml similarity index 100% rename from toggle-django-helm/templates/argo-hooks/hook-job.yaml rename to chart/templates/argo-hooks/hook-job.yaml diff --git a/toggle-django-helm/templates/celery-flower/deployment.yaml b/chart/templates/celery-flower/deployment.yaml similarity index 100% rename from toggle-django-helm/templates/celery-flower/deployment.yaml rename to chart/templates/celery-flower/deployment.yaml diff --git a/toggle-django-helm/templates/celery-flower/service.yaml b/chart/templates/celery-flower/service.yaml similarity index 100% rename from toggle-django-helm/templates/celery-flower/service.yaml rename to chart/templates/celery-flower/service.yaml diff --git a/toggle-django-helm/templates/config/configmap.yaml b/chart/templates/config/configmap.yaml similarity index 100% rename from toggle-django-helm/templates/config/configmap.yaml rename to chart/templates/config/configmap.yaml diff --git a/toggle-django-helm/templates/config/secret.yaml b/chart/templates/config/secret.yaml similarity index 100% rename from toggle-django-helm/templates/config/secret.yaml rename to chart/templates/config/secret.yaml diff --git a/toggle-django-helm/templates/cronjobs/deployment.yaml b/chart/templates/cronjobs/deployment.yaml similarity index 100% rename from toggle-django-helm/templates/cronjobs/deployment.yaml rename to chart/templates/cronjobs/deployment.yaml diff --git a/toggle-django-helm/templates/extraManifests.yaml b/chart/templates/extraManifests.yaml similarity index 100% rename from toggle-django-helm/templates/extraManifests.yaml rename to chart/templates/extraManifests.yaml diff --git a/toggle-django-helm/templates/worker-beat/deployment.yaml b/chart/templates/worker-beat/deployment.yaml similarity index 100% rename from toggle-django-helm/templates/worker-beat/deployment.yaml rename to chart/templates/worker-beat/deployment.yaml diff --git a/toggle-django-helm/templates/worker/deployment.yaml b/chart/templates/worker/deployment.yaml similarity index 100% rename from toggle-django-helm/templates/worker/deployment.yaml rename to chart/templates/worker/deployment.yaml diff --git a/toggle-django-helm/tests/values-1.yaml b/chart/tests/values-1.yaml similarity index 100% rename from toggle-django-helm/tests/values-1.yaml rename to chart/tests/values-1.yaml diff --git a/toggle-django-helm/tests/values-2.yaml b/chart/tests/values-2.yaml similarity index 100% rename from toggle-django-helm/tests/values-2.yaml rename to chart/tests/values-2.yaml diff --git a/toggle-django-helm/tests/values-3.yaml b/chart/tests/values-3.yaml similarity index 100% rename from toggle-django-helm/tests/values-3.yaml rename to chart/tests/values-3.yaml diff --git a/toggle-django-helm/values.yaml b/chart/values.yaml similarity index 100% rename from toggle-django-helm/values.yaml rename to chart/values.yaml From fdf7bae9b6e2eb69f8af8f9404befa65e98fee73 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Wed, 19 Nov 2025 12:17:08 +0545 Subject: [PATCH 2/3] feat: add script to generate values-tests snapshot --- .github/workflows/helm-publish.yml | 9 +- chart/.helmignore | 1 + chart/snapshots/values-1.yaml | 1829 +++++++++++++++++++++++ chart/snapshots/values-2.yaml | 2228 ++++++++++++++++++++++++++++ chart/snapshots/values-3.yaml | 1818 +++++++++++++++++++++++ chart/update-snapshots.sh | 81 + 6 files changed, 5960 insertions(+), 6 deletions(-) create mode 100644 chart/snapshots/values-1.yaml create mode 100644 chart/snapshots/values-2.yaml create mode 100644 chart/snapshots/values-3.yaml create mode 100755 chart/update-snapshots.sh diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml index 50cde60..9f57719 100644 --- a/.github/workflows/helm-publish.yml +++ b/.github/workflows/helm-publish.yml @@ -63,13 +63,10 @@ jobs: run: helm lint ./chart --values ./chart/linter_values.yaml - name: Helm template - run: | - helm template ./chart --values ./chart/linter_values.yaml + run: helm template ./chart --values ./chart/linter_values.yaml - # Test using all test values - for values_file in ./chart/tests/values-*.yaml; do - helm template ./chart --values "$values_file" - done + - name: Helm template (snapshots) + run: ./chart/update-snapshots.sh --check-diff-only - name: Package Helm Chart run: helm package ./chart/ -d ./chart/.helm-charts diff --git a/chart/.helmignore b/chart/.helmignore index bbe7669..3f73b78 100644 --- a/chart/.helmignore +++ b/chart/.helmignore @@ -1 +1,2 @@ values-local.yaml +snapshots diff --git a/chart/snapshots/values-1.yaml b/chart/snapshots/values-1.yaml new file mode 100644 index 0000000..a4567c1 --- /dev/null +++ b/chart/snapshots/values-1.yaml @@ -0,0 +1,1829 @@ +--- +# Source: toggle-django-helm/charts/minio/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + # Allow inbound connections + - ports: + - port: 9001 + - port: 9000 +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + podSelector: + matchLabels: + app.kubernetes.io/component: minio-provisioning + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + - ports: + - port: 5432 +--- +# Source: toggle-django-helm/charts/redis/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-redis + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + # Allow inbound connections + - ports: + - port: 6379 +--- +# Source: toggle-django-helm/charts/minio/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/redis/templates/master/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +# Source: toggle-django-helm/charts/minio/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +automountServiceAccountToken: false +secrets: + - name: my-app-minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 +automountServiceAccountToken: false +--- +# Source: toggle-django-helm/charts/redis/templates/master/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: false +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +--- +# Source: toggle-django-helm/templates/api/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: secret-account + annotations: + + azure.workload.identity/client-id: XXXXXXXX-YYYYYYYY + labels: + + azure.workload.identity/use: "true" +automountServiceAccountToken: true +--- +# Source: toggle-django-helm/charts/minio/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +type: Opaque +data: + root-user: "bWluaW8tdXNlcg==" + root-password: "cmFuZG9tLXN0cm9uZy1wYXNzd29yZA==" +--- +# Source: toggle-django-helm/charts/postgresql/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 +type: Opaque +data: + postgres-password: "cmFuZG9tLXN0cm9uZy1wYXNzd29yZA==" + # We don't auto-generate LDAP password when it's not provided as we do for other passwords +--- +# Source: toggle-django-helm/templates/config/secret.yaml +kind: Secret +apiVersion: v1 +metadata: + name: release-name-toggle-django-helm-secret + labels: + app: release-name-toggle-django-helm + environment: ALPHA + release: release-name +type: Opaque +stringData: + # secrets + AWS_S3_ACCESS_KEY_ID: "minio-user" + AWS_S3_AWS_ENDPOINT_URL: "https://myapp-minio.example.com/" + AWS_S3_BUCKET_MEDIA_NAME: "media-data" + AWS_S3_BUCKET_STATIC_NAME: "static-data" + AWS_S3_REGION: "us-east-1" + AWS_S3_SECRET_ACCESS_KEY: "random-strong-password" + POSTGRES_DB: "my-app" + POSTGRES_HOST: "my-app-postgres" + POSTGRES_PASSWORD: "random-strong-password" + POSTGRES_PORT: "5432" + POSTGRES_USER: "postgres" + REDIS_URL: "redis://my-app-redis-master:6379/0" +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning +data: +--- +# Source: toggle-django-helm/charts/redis/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-configuration + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + redis.conf: |- + # User-supplied common configuration: + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # End of common configuration + master.conf: |- + dir /data + # User-supplied master configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of master configuration + replica.conf: |- + dir /data + # User-supplied replica configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of replica configuration +--- +# Source: toggle-django-helm/charts/redis/templates/health-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-health + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status +--- +# Source: toggle-django-helm/charts/redis/templates/scripts-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-scripts + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + exec redis-server "${ARGS[@]}" +--- +# Source: toggle-django-helm/templates/config/configmap.yaml +kind: ConfigMap +apiVersion: v1 +metadata: + name: release-name-toggle-django-helm-env-name + labels: + app: release-name-toggle-django-helm + environment: ALPHA + release: release-name +data: + # Configs + ENV_1: "VALUE_1" +--- +# Source: toggle-django-helm/charts/minio/templates/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "2Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/charts/minio/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + type: ClusterIP + ports: + - name: minio-api + port: 9000 + targetPort: minio-api + nodePort: null + - name: minio-console + port: 9001 + targetPort: minio-console + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-postgres-hl + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary + annotations: +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/redis/templates/headless-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-redis-headless + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis +--- +# Source: toggle-django-helm/charts/redis/templates/master/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + type: ClusterIP + internalTrafficPolicy: Cluster + sessionAffinity: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +# Source: toggle-django-helm/templates/api/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-toggle-django-helm-api + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + type: ClusterIP + selector: + app: release-name-toggle-django-helm + component: api + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +# Source: toggle-django-helm/templates/celery-flower/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-toggle-django-helm-celery-flower + labels: + app: release-name-toggle-django-helm + component: celery-flower + environment: ALPHA + release: release-name +spec: + type: ClusterIP + selector: + app: release-name-toggle-django-helm + component: worker-flower + ports: + - protocol: TCP + port: 80 + targetPort: 8000 +--- +# Source: toggle-django-helm/charts/minio/templates/standalone/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + annotations: + checksum/credentials-secret: 72775f6450ba4e322ce9becb3351be5ad755baf03bccc46bf1c06ee46294468f + spec: + + serviceAccountName: my-app-minio + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + automountServiceAccountToken: false + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [] + sysctls: [] + containers: + - name: minio + image: docker.io/bitnami/minio:2024.12.18-debian-12-r1 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: MINIO_SCHEME + value: "http" + - name: MINIO_FORCE_NEW_KEYS + value: "yes" + - name: MINIO_API_PORT_NUMBER + value: "9000" + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-password + - name: MINIO_DEFAULT_BUCKETS + value: media-data,static-data + - name: MINIO_BROWSER + value: "off" + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + - name: MINIO_CONSOLE_PORT_NUMBER + value: "9001" + - name: MINIO_DATA_DIR + value: "/bitnami/minio/data" + envFrom: + ports: + - name: minio-api + containerPort: 9000 + protocol: TCP + - name: minio-console + containerPort: 9001 + protocol: TCP + livenessProbe: + httpGet: + path: /minio/health/live + port: minio-api + scheme: "HTTP" + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + tcpSocket: + port: minio-api + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + resources: + limits: + cpu: 375m + ephemeral-storage: 2Gi + memory: 384Mi + requests: + cpu: 250m + ephemeral-storage: 50Mi + memory: 256Mi + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/minio/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /.mc + subPath: app-mc-dir + - name: data + mountPath: /bitnami/minio/data + volumes: + - name: empty-dir + emptyDir: {} + - name: data + persistentVolumeClaim: + claimName: my-app-minio +--- +# Source: toggle-django-helm/templates/api/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-api + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: api + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + labels: + app: release-name-toggle-django-helm + component: api + spec: + serviceAccountName: secret-account + containers: + - name: api + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - /code/deploy/run_prod.sh + ports: + - name: http + containerPort: 80 + protocol: TCP + # TODO: livenessProbe + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: "0.2" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "web" +--- +# Source: toggle-django-helm/templates/celery-flower/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-celery-flower + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker-flower + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker-flower + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + labels: + app: release-name-toggle-django-helm + component: worker-flower + spec: + serviceAccountName: secret-account + containers: + - name: worker + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - celery + - -A + - myapp + - flower + - --port=8000 + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: "0.1" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "worker" +--- +# Source: toggle-django-helm/templates/worker-beat/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-worker-beat + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker-beat + environment: ALPHA + release: release-name +spec: + replicas: 1 # This should only 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker-beat + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + labels: + app: release-name-toggle-django-helm + component: worker-beat + spec: + serviceAccountName: secret-account + containers: + - name: worker-beat + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - celery + - -A + - myapp + - beat + - -l + - INFO + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: "0.1" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "worker" +--- +# Source: toggle-django-helm/templates/worker/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-worker-default + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker + queue: default + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker + queue: default + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + labels: + app: release-name-toggle-django-helm + component: worker + queue: default + spec: + serviceAccountName: secret-account + containers: + - name: worker + command: + - celery + - -A + - myapp + - worker + - -l + - INFO + - -Q + - celery + - --concurrency + - "4" + - --max-tasks-per-child + - "10" + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "worker" +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + replicas: 1 + serviceName: my-app-postgres-hl + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + template: + metadata: + name: my-app-postgres + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary + spec: + serviceAccountName: my-app-postgres + + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + hostNetwork: false + hostIPC: false + containers: + - name: postgresql + image: docker.io/bitnami/postgresql:17.2.0-debian-12-r8 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + # Authentication + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-postgres + key: postgres-password + - name: POSTGRES_DATABASE + value: "my-app" + # LDAP + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: "no" + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d "dbname=my-app" -h 127.0.0.1 -p 5432 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "postgres" -d "dbname=my-app" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/tmp + subPath: app-tmp-dir + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + volumes: + - name: empty-dir + emptyDir: {} + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "2Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/charts/redis/templates/master/application.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + serviceName: my-app-redis-headless + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: 43cdf68c28f3abe25ce017a82f74dbf2437d1900fd69df51a55a3edf6193d141 + checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: my-app-redis-master + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + enableServiceLinks: true + terminationGracePeriodSeconds: 30 + containers: + - name: redis + image: docker.io/bitnami/redis:7.4.2-debian-12-r0 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + ports: + - name: redis + containerPort: 6379 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: 6 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 5 + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 1 + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + - name: redis-data + mountPath: /data + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: empty-dir + mountPath: /opt/bitnami/redis/etc/ + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + volumes: + - name: start-scripts + configMap: + name: my-app-redis-scripts + defaultMode: 0755 + - name: health + configMap: + name: my-app-redis-health + defaultMode: 0755 + - name: config + configMap: + name: my-app-redis-configuration + - name: empty-dir + emptyDir: {} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: redis-data + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: ".5Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/templates/argo-hooks/hook-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-toggle-django-helm-collect-static + annotations: + argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + labels: + app: release-name-toggle-django-helm + component: argo-hooks + spec: + restartPolicy: "Never" + serviceAccountName: secret-account + containers: + - name: collect-static + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - ./manage.py + - collectstatic + - --noinput + resources: + limits: + cpu: "4" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "hook" +--- +# Source: toggle-django-helm/templates/argo-hooks/hook-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + generateName: release-name-toggle-django-helm-db-migrate- + annotations: + argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + labels: + app: release-name-toggle-django-helm + component: argo-hooks + spec: + restartPolicy: "Never" + serviceAccountName: secret-account + containers: + - name: db-migrate + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - ./manage.py + - migrate + resources: + limits: + cpu: "4" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "hook" +--- +# Source: toggle-django-helm/charts/minio/templates/api-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: my-app-minio-api + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m +spec: + ingressClassName: "nginx" + rules: + - host: myapp-minio.example.com + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: my-app-minio + port: + name: minio-api +--- +# Source: toggle-django-helm/templates/api/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: release-name-toggle-django-helm-api + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + ingressClassName: "nginx" + rules: + - host: "myapp.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: release-name-toggle-django-helm-api + port: + number: 80 + tls: + - secretName: my-secret + hosts: + - "myapp.example.com" +--- +# Source: toggle-django-helm/templates/extraManifests.yaml +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: pg-cluster +spec: + backup: {} + enablePDB: true + instances: 3 + monitoring: + enablePodMonitor: true + plugins: + - isWALArchiver: true + name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: aws-s3-store + storage: + size: 300Mi +--- +# Source: toggle-django-helm/templates/extraManifests.yaml +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: aws-s3-store +spec: + configuration: + destinationPath: s3://my-db-backup/barman/ + s3Credentials: + accessKeyId: + key: ACCESS_KEY_ID + name: barman-s3-creds + secretAccessKey: + key: ACCESS_SECRET_KEY + name: barman-s3-creds + wal: + compression: gzip + maxParallel: 4 + retentionPolicy: 30d +--- +# Source: toggle-django-helm/templates/extraManifests.yaml +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: backup-daily +spec: + backupOwnerReference: self + cluster: + name: pg-cluster + immediate: true + method: plugin + pluginConfiguration: + name: barman-cloud.cloudnative-pg.io + schedule: 0 0 0 * * * + suspend: false +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation +spec: + ttlSecondsAfterFinished: 600 + parallelism: 1 + template: + metadata: + labels: + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning + spec: + + restartPolicy: OnFailure + terminationGracePeriodSeconds: 0 + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: my-app-minio + initContainers: + - name: wait-for-available-minio + image: docker.io/bitnami/os-shell:12-debian-12-r35 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + - -c + - |- + set -e; + echo "Waiting for Minio"; + wait-for-port \ + --host=my-app-minio \ + --state=inuse \ + --timeout=120 \ + 9000; + echo "Minio is available"; + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + containers: + - name: minio + image: docker.io/bitnami/minio:2024.12.18-debian-12-r1 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + - -c + - |- + set -e; + echo "Start Minio provisioning"; + + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + + function attachPolicy() { + local tmp=$(mc admin $1 info provisioning $2 | sed -n -e 's/^Policy.*: \(.*\)$/\1/p'); + IFS=',' read -r -a CURRENT_POLICIES <<< "$tmp"; + if [[ ! "${CURRENT_POLICIES[*]}" =~ "$3" ]]; then + mc admin policy attach provisioning $3 --$1=$2; + fi; + }; + + function detachDanglingPolicies() { + local tmp=$(mc admin $1 info provisioning $2 | sed -n -e 's/^Policy.*: \(.*\)$/\1/p'); + IFS=',' read -r -a CURRENT_POLICIES <<< "$tmp"; + IFS=',' read -r -a DESIRED_POLICIES <<< "$3"; + for current in "${CURRENT_POLICIES[@]}"; do + if [[ ! "${DESIRED_POLICIES[*]}" =~ "${current}" ]]; then + mc admin policy detach provisioning $current --$1=$2; + fi; + done; + } + + function addUsersFromFile() { + local username=$(grep -oP '^username=\K.+' $1); + local password=$(grep -oP '^password=\K.+' $1); + local disabled=$(grep -oP '^disabled=\K.+' $1); + local policies_list=$(grep -oP '^policies=\K.+' $1); + local set_policies=$(grep -oP '^setPolicies=\K.+' $1); + + mc admin user add provisioning "${username}" "${password}"; + + IFS=',' read -r -a POLICIES <<< "${policies_list}"; + for policy in "${POLICIES[@]}"; do + attachPolicy user "${username}" "${policy}"; + done; + if [ "${set_policies}" == "true" ]; then + detachDanglingPolicies user "${username}" "${policies_list}"; + fi; + + local user_status="enable"; + if [[ "${disabled}" != "" && "${disabled,,}" == "true" ]]; then + user_status="disable"; + fi; + + mc admin user "${user_status}" provisioning "${username}"; + }; + mc alias set provisioning $MINIO_SCHEME://my-app-minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; + + mc admin service restart provisioning --wait --json; + + # Adding a sleep to ensure that the check below does not cause + # a race condition. We check for the MinIO port because the + # "mc admin service restart --wait" command is not working as expected + sleep 5; + echo "Waiting for Minio to be available after restart"; + if ! retry_while "mc admin info provisioning"; then + echo "Error connecting to Minio" + exit 1 + fi + echo "Minio is available. Executing provisioning commands"; + + mc anonymous set download provisioning/static-data; + + echo "End Minio provisioning"; + env: + - name: MINIO_SCHEME + value: "http" + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-password + envFrom: + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: empty-dir + mountPath: /.mc + subPath: app-mc-dir + - name: empty-dir + mountPath: /opt/bitnami/minio/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: minio-provisioning + mountPath: /etc/ilm + volumes: + - name: empty-dir + emptyDir: {} + - name: minio-provisioning + configMap: + name: my-app-minio-provisioning diff --git a/chart/snapshots/values-2.yaml b/chart/snapshots/values-2.yaml new file mode 100644 index 0000000..1d07d10 --- /dev/null +++ b/chart/snapshots/values-2.yaml @@ -0,0 +1,2228 @@ +--- +# Source: toggle-django-helm/charts/minio/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + # Allow inbound connections + - ports: + - port: 9001 + - port: 9000 +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + podSelector: + matchLabels: + app.kubernetes.io/component: minio-provisioning + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + - ports: + - port: 5432 +--- +# Source: toggle-django-helm/charts/redis/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-redis + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + # Allow inbound connections + - ports: + - port: 6379 +--- +# Source: toggle-django-helm/charts/minio/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/redis/templates/master/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +# Source: toggle-django-helm/charts/minio/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +automountServiceAccountToken: false +secrets: + - name: my-app-minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 +automountServiceAccountToken: false +--- +# Source: toggle-django-helm/charts/redis/templates/master/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: false +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +--- +# Source: toggle-django-helm/templates/api/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: release-name-toggle-django-helm +automountServiceAccountToken: true +--- +# Source: toggle-django-helm/charts/minio/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +type: Opaque +data: + root-user: "bWluaW8tdXNlcg==" + root-password: "cmFuZG9tLXN0cm9uZy1wYXNzd29yZA==" +--- +# Source: toggle-django-helm/charts/postgresql/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 +type: Opaque +data: + postgres-password: "cmFuZG9tLXN0cm9uZy1wYXNzd29yZA==" + # We don't auto-generate LDAP password when it's not provided as we do for other passwords +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning +data: +--- +# Source: toggle-django-helm/charts/redis/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-configuration + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + redis.conf: |- + # User-supplied common configuration: + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # End of common configuration + master.conf: |- + dir /data + # User-supplied master configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of master configuration + replica.conf: |- + dir /data + # User-supplied replica configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of replica configuration +--- +# Source: toggle-django-helm/charts/redis/templates/health-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-health + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status +--- +# Source: toggle-django-helm/charts/redis/templates/scripts-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-scripts + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + exec redis-server "${ARGS[@]}" +--- +# Source: toggle-django-helm/templates/config/configmap.yaml +kind: ConfigMap +apiVersion: v1 +metadata: + name: release-name-toggle-django-helm-env-name + labels: + app: release-name-toggle-django-helm + environment: ALPHA + release: release-name +data: + # Configs + ENV_1: "VALUE_1" +--- +# Source: toggle-django-helm/charts/minio/templates/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "2Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/charts/minio/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + type: ClusterIP + ports: + - name: minio-api + port: 9000 + targetPort: minio-api + nodePort: null + - name: minio-console + port: 9001 + targetPort: minio-console + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-postgres-hl + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary + annotations: +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/redis/templates/headless-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-redis-headless + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis +--- +# Source: toggle-django-helm/charts/redis/templates/master/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + type: ClusterIP + internalTrafficPolicy: Cluster + sessionAffinity: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +# Source: toggle-django-helm/templates/api/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-toggle-django-helm-api + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + type: ClusterIP + selector: + app: release-name-toggle-django-helm + component: api + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +# Source: toggle-django-helm/templates/celery-flower/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-toggle-django-helm-celery-flower + labels: + app: release-name-toggle-django-helm + component: celery-flower + environment: ALPHA + release: release-name +spec: + type: ClusterIP + selector: + app: release-name-toggle-django-helm + component: worker-flower + ports: + - protocol: TCP + port: 80 + targetPort: 8000 +--- +# Source: toggle-django-helm/charts/minio/templates/standalone/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + annotations: + checksum/credentials-secret: 72775f6450ba4e322ce9becb3351be5ad755baf03bccc46bf1c06ee46294468f + spec: + + serviceAccountName: my-app-minio + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + automountServiceAccountToken: false + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [] + sysctls: [] + containers: + - name: minio + image: docker.io/bitnami/minio:2024.12.18-debian-12-r1 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: MINIO_SCHEME + value: "http" + - name: MINIO_FORCE_NEW_KEYS + value: "yes" + - name: MINIO_API_PORT_NUMBER + value: "9000" + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-password + - name: MINIO_DEFAULT_BUCKETS + value: media-data,static-data + - name: MINIO_BROWSER + value: "off" + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + - name: MINIO_CONSOLE_PORT_NUMBER + value: "9001" + - name: MINIO_DATA_DIR + value: "/bitnami/minio/data" + envFrom: + ports: + - name: minio-api + containerPort: 9000 + protocol: TCP + - name: minio-console + containerPort: 9001 + protocol: TCP + livenessProbe: + httpGet: + path: /minio/health/live + port: minio-api + scheme: "HTTP" + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + tcpSocket: + port: minio-api + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + resources: + limits: + cpu: 375m + ephemeral-storage: 2Gi + memory: 384Mi + requests: + cpu: 250m + ephemeral-storage: 50Mi + memory: 256Mi + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/minio/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /.mc + subPath: app-mc-dir + - name: data + mountPath: /bitnami/minio/data + volumes: + - name: empty-dir + emptyDir: {} + - name: data + persistentVolumeClaim: + claimName: my-app-minio +--- +# Source: toggle-django-helm/templates/api/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-api + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: api + template: + metadata: + annotations: + checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: api + azure.workload.identity/use: "true" + spec: + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: api + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + command: + - /code/deploy/run_prod.sh + ports: + - name: http + containerPort: 80 + protocol: TCP + # TODO: livenessProbe + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: "0.2" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "web" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/templates/celery-flower/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-celery-flower + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker-flower + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker-flower + template: + metadata: + annotations: + checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: worker-flower + azure.workload.identity/use: "true" + spec: + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: worker + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + command: + - celery + - -A + - myapp + - flower + - --port=8000 + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: "0.1" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "worker" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/templates/worker-beat/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-worker-beat + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker-beat + environment: ALPHA + release: release-name +spec: + replicas: 1 # This should only 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker-beat + template: + metadata: + annotations: + checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: worker-beat + azure.workload.identity/use: "true" + spec: + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: worker-beat + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + command: + - celery + - -A + - myapp + - beat + - -l + - INFO + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: "0.1" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "worker" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/templates/worker/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-worker-default + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker + queue: default + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker + queue: default + template: + metadata: + annotations: + checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: worker + queue: default + azure.workload.identity/use: "true" + spec: + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: worker + command: + - celery + - -A + - myapp + - worker + - -l + - INFO + - -Q + - celery + - --concurrency + - "4" + - --max-tasks-per-child + - "10" + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "worker" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + replicas: 1 + serviceName: my-app-postgres-hl + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + template: + metadata: + name: my-app-postgres + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary + spec: + serviceAccountName: my-app-postgres + + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + hostNetwork: false + hostIPC: false + containers: + - name: postgresql + image: docker.io/bitnami/postgresql:17.2.0-debian-12-r8 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + # Authentication + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-postgres + key: postgres-password + - name: POSTGRES_DATABASE + value: "my-app" + # LDAP + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: "no" + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d "dbname=my-app" -h 127.0.0.1 -p 5432 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "postgres" -d "dbname=my-app" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/tmp + subPath: app-tmp-dir + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + volumes: + - name: empty-dir + emptyDir: {} + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "2Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/charts/redis/templates/master/application.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + serviceName: my-app-redis-headless + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: 43cdf68c28f3abe25ce017a82f74dbf2437d1900fd69df51a55a3edf6193d141 + checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: my-app-redis-master + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + enableServiceLinks: true + terminationGracePeriodSeconds: 30 + containers: + - name: redis + image: docker.io/bitnami/redis:7.4.2-debian-12-r0 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + ports: + - name: redis + containerPort: 6379 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: 6 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 5 + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 1 + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + - name: redis-data + mountPath: /data + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: empty-dir + mountPath: /opt/bitnami/redis/etc/ + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + volumes: + - name: start-scripts + configMap: + name: my-app-redis-scripts + defaultMode: 0755 + - name: health + configMap: + name: my-app-redis-health + defaultMode: 0755 + - name: config + configMap: + name: my-app-redis-configuration + - name: empty-dir + emptyDir: {} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: redis-data + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: ".5Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/templates/argo-hooks/hook-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-toggle-django-helm-collect-static + annotations: + argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + annotations: + checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: argo-hooks + azure.workload.identity/use: "true" + spec: + restartPolicy: "Never" + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: collect-static + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + command: + - ./manage.py + - collectstatic + - --noinput + resources: + limits: + cpu: "4" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "hook" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/templates/argo-hooks/hook-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + generateName: release-name-toggle-django-helm-db-migrate- + annotations: + argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + annotations: + checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: argo-hooks + azure.workload.identity/use: "true" + spec: + restartPolicy: "Never" + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: db-migrate + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + command: + - ./manage.py + - migrate + resources: + limits: + cpu: "4" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "hook" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/templates/argo-hooks/hook-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + generateName: release-name-toggle-django-helm-my-custom-command- + annotations: + argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + annotations: + checksum/secret: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: argo-hooks + azure.workload.identity/use: "true" + spec: + restartPolicy: "Never" + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: my-custom-command + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + command: + - /bin/bash + - -c + args: + - date --iso-8601 && ls + resources: + limits: + cpu: "4" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "hook" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/templates/cronjobs/deployment.yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + name: release-name-toggle-django-helm-job-dummy-01 + labels: + app: release-name-toggle-django-helm + component: cronjob + jobName: dummy-01 + environment: ALPHA + release: release-name +spec: + schedule: "0 0 * * *" + concurrencyPolicy: "Forbid" + jobTemplate: + spec: + activeDeadlineSeconds: 7200 # 2 hours default + metadata: + annotations: + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: cronjob + azure.workload.identity/use: "true" + template: + spec: + restartPolicy: "Never" + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: cronjob + command: + - ./manage.py + - run-dummy-command + - "01" + image: "ghcr.io/example/cronjob:v1.cronjob" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "2" + memory: 4Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "cronjob" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/templates/cronjobs/deployment.yaml +apiVersion: batch/v1 +kind: CronJob +metadata: + name: release-name-toggle-django-helm-job-dummy-02 + labels: + app: release-name-toggle-django-helm + component: cronjob + jobName: dummy-02 + environment: ALPHA + release: release-name +spec: + schedule: "0 0 * * *" + timeZone: "Asia/Kathmandu" + concurrencyPolicy: "Forbid" + jobTemplate: + spec: + activeDeadlineSeconds: 7200 # 2 hours default + metadata: + annotations: + aws.workload.identity/use: "true" + aws.workload.identity/use2: "true" + aws.workload.identity/use3: "true" + labels: + app: release-name-toggle-django-helm + component: cronjob + azure.workload.identity/use: "true" + template: + spec: + restartPolicy: "Never" + volumes: + - name: release-name-toggle-django-helm-secret + csi: + driver: "secrets-store.csi.k8s.io" + readOnly: true + volumeAttributes: + secretProviderClass: release-name-toggle-django-helm-secret-provider + - csi: + driver: secrets-store.csi.k8s.io + readOnly: "true" + volumeAttributes: + secretProviderClass: my-secret-provider + name: my-stuff + serviceAccountName: release-name-toggle-django-helm + containers: + - name: cronjob + command: + - ./manage.py + - run-dummy-command + - "02" + image: "ghcr.io/example/cronjob:v1.cronjob" + imagePullPolicy: IfNotPresent + imagePullSecrets: + - name: regcred + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - secretRef: + name: my-custom-secrets + - configMapRef: + name: release-name-toggle-django-helm-env-name + - configMapRef: + name: my-custom-envs + env: + - name: DJANGO_APP_TYPE + value: "cronjob" + - name: SPECIAL_LEVEL_KEY + valueFrom: + configMapKeyRef: + key: special.how + name: special-config + volumeMounts: + - name: release-name-toggle-django-helm-secret + mountPath: /mnt/secrets-store + readOnly: true + - mountPath: /mnt/secrets-store + name: my-secret + readOnly: true +--- +# Source: toggle-django-helm/charts/minio/templates/api-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: my-app-minio-api + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m +spec: + ingressClassName: "nginx" + rules: + - host: myapp-minio.example.com + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: my-app-minio + port: + name: minio-api +--- +# Source: toggle-django-helm/templates/api/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: release-name-toggle-django-helm-api + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + ingressClassName: "nginx" + rules: + - host: "myapp.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: release-name-toggle-django-helm-api + port: + number: 80 +--- +# Source: toggle-django-helm/templates/api/secrets-provider-class.yaml +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: release-name-toggle-django-helm-secret-provider +spec: + provider: azure + parameters: + clientID: sample + keyvaultName: sample + tenantId: "" + usePodIdentity: "false" + objects: | + array: + - | + objectName: CACHE-REDIS-URL + objectType: secret + - | + objectName: CELERY-BROKER-URL + objectType: secret + secretObjects: + - secretName: release-name-toggle-django-helm-secret + type: Opaque + data: + - objectName: CACHE-REDIS-URL + key: CACHE_REDIS_URL + - objectName: CELERY-BROKER-URL + key: CELERY_BROKER_URL +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation +spec: + ttlSecondsAfterFinished: 600 + parallelism: 1 + template: + metadata: + labels: + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning + spec: + + restartPolicy: OnFailure + terminationGracePeriodSeconds: 0 + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: my-app-minio + initContainers: + - name: wait-for-available-minio + image: docker.io/bitnami/os-shell:12-debian-12-r35 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + - -c + - |- + set -e; + echo "Waiting for Minio"; + wait-for-port \ + --host=my-app-minio \ + --state=inuse \ + --timeout=120 \ + 9000; + echo "Minio is available"; + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + containers: + - name: minio + image: docker.io/bitnami/minio:2024.12.18-debian-12-r1 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + - -c + - |- + set -e; + echo "Start Minio provisioning"; + + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + + function attachPolicy() { + local tmp=$(mc admin $1 info provisioning $2 | sed -n -e 's/^Policy.*: \(.*\)$/\1/p'); + IFS=',' read -r -a CURRENT_POLICIES <<< "$tmp"; + if [[ ! "${CURRENT_POLICIES[*]}" =~ "$3" ]]; then + mc admin policy attach provisioning $3 --$1=$2; + fi; + }; + + function detachDanglingPolicies() { + local tmp=$(mc admin $1 info provisioning $2 | sed -n -e 's/^Policy.*: \(.*\)$/\1/p'); + IFS=',' read -r -a CURRENT_POLICIES <<< "$tmp"; + IFS=',' read -r -a DESIRED_POLICIES <<< "$3"; + for current in "${CURRENT_POLICIES[@]}"; do + if [[ ! "${DESIRED_POLICIES[*]}" =~ "${current}" ]]; then + mc admin policy detach provisioning $current --$1=$2; + fi; + done; + } + + function addUsersFromFile() { + local username=$(grep -oP '^username=\K.+' $1); + local password=$(grep -oP '^password=\K.+' $1); + local disabled=$(grep -oP '^disabled=\K.+' $1); + local policies_list=$(grep -oP '^policies=\K.+' $1); + local set_policies=$(grep -oP '^setPolicies=\K.+' $1); + + mc admin user add provisioning "${username}" "${password}"; + + IFS=',' read -r -a POLICIES <<< "${policies_list}"; + for policy in "${POLICIES[@]}"; do + attachPolicy user "${username}" "${policy}"; + done; + if [ "${set_policies}" == "true" ]; then + detachDanglingPolicies user "${username}" "${policies_list}"; + fi; + + local user_status="enable"; + if [[ "${disabled}" != "" && "${disabled,,}" == "true" ]]; then + user_status="disable"; + fi; + + mc admin user "${user_status}" provisioning "${username}"; + }; + mc alias set provisioning $MINIO_SCHEME://my-app-minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; + + mc admin service restart provisioning --wait --json; + + # Adding a sleep to ensure that the check below does not cause + # a race condition. We check for the MinIO port because the + # "mc admin service restart --wait" command is not working as expected + sleep 5; + echo "Waiting for Minio to be available after restart"; + if ! retry_while "mc admin info provisioning"; then + echo "Error connecting to Minio" + exit 1 + fi + echo "Minio is available. Executing provisioning commands"; + + mc anonymous set download provisioning/static-data; + + echo "End Minio provisioning"; + env: + - name: MINIO_SCHEME + value: "http" + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-password + envFrom: + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: empty-dir + mountPath: /.mc + subPath: app-mc-dir + - name: empty-dir + mountPath: /opt/bitnami/minio/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: minio-provisioning + mountPath: /etc/ilm + volumes: + - name: empty-dir + emptyDir: {} + - name: minio-provisioning + configMap: + name: my-app-minio-provisioning diff --git a/chart/snapshots/values-3.yaml b/chart/snapshots/values-3.yaml new file mode 100644 index 0000000..656de8b --- /dev/null +++ b/chart/snapshots/values-3.yaml @@ -0,0 +1,1818 @@ +--- +# Source: toggle-django-helm/charts/minio/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + # Allow inbound connections + - ports: + - port: 9001 + - port: 9000 +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + podSelector: + matchLabels: + app.kubernetes.io/component: minio-provisioning + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + - ports: + - port: 5432 +--- +# Source: toggle-django-helm/charts/redis/templates/networkpolicy.yaml +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: my-app-redis + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + policyTypes: + - Ingress + - Egress + egress: + - {} + ingress: + # Allow inbound connections + - ports: + - port: 6379 +--- +# Source: toggle-django-helm/charts/minio/templates/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/redis/templates/master/pdb.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + maxUnavailable: 1 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +# Source: toggle-django-helm/charts/minio/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +automountServiceAccountToken: false +secrets: + - name: my-app-minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 +automountServiceAccountToken: false +--- +# Source: toggle-django-helm/charts/redis/templates/master/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: false +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +--- +# Source: toggle-django-helm/charts/minio/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +type: Opaque +data: + root-user: "bWluaW8tdXNlcg==" + root-password: "cmFuZG9tLXN0cm9uZy1wYXNzd29yZA==" +--- +# Source: toggle-django-helm/charts/postgresql/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 +type: Opaque +data: + postgres-password: "cmFuZG9tLXN0cm9uZy1wYXNzd29yZA==" + # We don't auto-generate LDAP password when it's not provided as we do for other passwords +--- +# Source: toggle-django-helm/templates/config/secret.yaml +kind: Secret +apiVersion: v1 +metadata: + name: release-name-toggle-django-helm-secret + labels: + app: release-name-toggle-django-helm + environment: ALPHA + release: release-name +type: Opaque +stringData: + # secrets + AWS_S3_ACCESS_KEY_ID: "minio-user" + AWS_S3_AWS_ENDPOINT_URL: "https://myapp-minio.example.com/" + AWS_S3_BUCKET_MEDIA_NAME: "media-data" + AWS_S3_BUCKET_STATIC_NAME: "static-data" + AWS_S3_REGION: "us-east-1" + AWS_S3_SECRET_ACCESS_KEY: "random-strong-password" + POSTGRES_DB: "my-app" + POSTGRES_HOST: "my-app-postgres" + POSTGRES_PASSWORD: "random-strong-password" + POSTGRES_PORT: "5432" + POSTGRES_USER: "postgres" + REDIS_URL: "redis://my-app-redis-master:6379/0" +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning +data: +--- +# Source: toggle-django-helm/charts/redis/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-configuration + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + redis.conf: |- + # User-supplied common configuration: + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + # End of common configuration + master.conf: |- + dir /data + # User-supplied master configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of master configuration + replica.conf: |- + dir /data + # User-supplied replica configuration: + rename-command FLUSHDB "" + rename-command FLUSHALL "" + # End of replica configuration +--- +# Source: toggle-django-helm/charts/redis/templates/health-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-health + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + ping_readiness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_local.sh: |- + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h localhost \ + -p $REDIS_PORT \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then + echo "$response" + exit 1 + fi + ping_readiness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + if [ "$response" != "PONG" ]; then + echo "$response" + exit 1 + fi + ping_liveness_master.sh: |- + #!/bin/bash + + [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" + [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" + response=$( + timeout -s 15 $1 \ + redis-cli \ + -h $REDIS_MASTER_HOST \ + -p $REDIS_MASTER_PORT_NUMBER \ + ping + ) + if [ "$?" -eq "124" ]; then + echo "Timed out" + exit 1 + fi + responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') + if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then + echo "$response" + exit 1 + fi + ping_readiness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? + "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? + exit $exit_status + ping_liveness_local_and_master.sh: |- + script_dir="$(dirname "$0")" + exit_status=0 + "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? + "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? + exit $exit_status +--- +# Source: toggle-django-helm/charts/redis/templates/scripts-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-app-redis-scripts + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +data: + start-master.sh: | + #!/bin/bash + + [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" + if [[ -f /opt/bitnami/redis/mounted-etc/master.conf ]];then + cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf + fi + if [[ -f /opt/bitnami/redis/mounted-etc/redis.conf ]];then + cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf + fi + ARGS=("--port" "${REDIS_PORT}") + ARGS+=("--protected-mode" "no") + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + exec redis-server "${ARGS[@]}" +--- +# Source: toggle-django-helm/templates/config/configmap.yaml +kind: ConfigMap +apiVersion: v1 +metadata: + name: release-name-toggle-django-helm-env-name + labels: + app: release-name-toggle-django-helm + environment: ALPHA + release: release-name +data: + # Configs + ENV_1: "VALUE_1" +--- +# Source: toggle-django-helm/charts/minio/templates/pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "2Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/charts/minio/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + type: ClusterIP + ports: + - name: minio-api + port: 9000 + targetPort: minio-api + nodePort: null + - name: minio-console + port: 9001 + targetPort: minio-console + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-postgres-hl + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary + annotations: +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary +--- +# Source: toggle-django-helm/charts/redis/templates/headless-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-redis-headless + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis +--- +# Source: toggle-django-helm/charts/redis/templates/master/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + type: ClusterIP + internalTrafficPolicy: Cluster + sessionAffinity: None + ports: + - name: tcp-redis + port: 6379 + targetPort: redis + nodePort: null + selector: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master +--- +# Source: toggle-django-helm/templates/api/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-toggle-django-helm-api + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + type: ClusterIP + selector: + app: release-name-toggle-django-helm + component: api + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +# Source: toggle-django-helm/templates/celery-flower/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: release-name-toggle-django-helm-celery-flower + labels: + app: release-name-toggle-django-helm + component: celery-flower + environment: ALPHA + release: release-name +spec: + type: ClusterIP + selector: + app: release-name-toggle-django-helm + component: worker-flower + ports: + - protocol: TCP + port: 80 + targetPort: 8000 +--- +# Source: toggle-django-helm/charts/minio/templates/standalone/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-app-minio + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 +spec: + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + annotations: + checksum/credentials-secret: 72775f6450ba4e322ce9becb3351be5ad755baf03bccc46bf1c06ee46294468f + spec: + + serviceAccountName: my-app-minio + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: minio + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + automountServiceAccountToken: false + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [] + sysctls: [] + containers: + - name: minio + image: docker.io/bitnami/minio:2024.12.18-debian-12-r1 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: MINIO_SCHEME + value: "http" + - name: MINIO_FORCE_NEW_KEYS + value: "yes" + - name: MINIO_API_PORT_NUMBER + value: "9000" + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-password + - name: MINIO_DEFAULT_BUCKETS + value: media-data,static-data + - name: MINIO_BROWSER + value: "off" + - name: MINIO_PROMETHEUS_AUTH_TYPE + value: "public" + - name: MINIO_CONSOLE_PORT_NUMBER + value: "9001" + - name: MINIO_DATA_DIR + value: "/bitnami/minio/data" + envFrom: + ports: + - name: minio-api + containerPort: 9000 + protocol: TCP + - name: minio-console + containerPort: 9001 + protocol: TCP + livenessProbe: + httpGet: + path: /minio/health/live + port: minio-api + scheme: "HTTP" + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + tcpSocket: + port: minio-api + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + resources: + limits: + cpu: 375m + ephemeral-storage: 2Gi + memory: 384Mi + requests: + cpu: 250m + ephemeral-storage: 50Mi + memory: 256Mi + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/minio/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /.mc + subPath: app-mc-dir + - name: data + mountPath: /bitnami/minio/data + volumes: + - name: empty-dir + emptyDir: {} + - name: data + persistentVolumeClaim: + claimName: my-app-minio +--- +# Source: toggle-django-helm/templates/api/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-api + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: api + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + labels: + app: release-name-toggle-django-helm + component: api + azure.workload.identity/use: "true" + spec: + containers: + - name: api + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - /code/deploy/run_prod.sh + ports: + - name: http + containerPort: 80 + protocol: TCP + # TODO: livenessProbe + resources: + limits: + cpu: "2" + memory: 1Gi + requests: + cpu: "0.2" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "web" +--- +# Source: toggle-django-helm/templates/celery-flower/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-celery-flower + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker-flower + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker-flower + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + labels: + app: release-name-toggle-django-helm + component: worker-flower + azure.workload.identity/use: "true" + spec: + containers: + - name: worker + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - celery + - -A + - myapp + - flower + - --port=8000 + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: "0.1" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "worker" +--- +# Source: toggle-django-helm/templates/worker-beat/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-worker-beat + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker-beat + environment: ALPHA + release: release-name +spec: + replicas: 1 # This should only 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker-beat + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + labels: + app: release-name-toggle-django-helm + component: worker-beat + azure.workload.identity/use: "true" + spec: + containers: + - name: worker-beat + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - celery + - -A + - myapp + - beat + - -l + - INFO + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: "0.1" + memory: 0.5Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "worker" +--- +# Source: toggle-django-helm/templates/worker/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-toggle-django-helm-worker-default + annotations: + reloader.stakater.com/auto: "true" + labels: + app: release-name-toggle-django-helm + component: worker + queue: default + environment: ALPHA + release: release-name +spec: + replicas: 1 + selector: + matchLabels: + app: release-name-toggle-django-helm + component: worker + queue: default + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + labels: + app: release-name-toggle-django-helm + component: worker + queue: default + azure.workload.identity/use: "true" + spec: + containers: + - name: worker + command: + - celery + - -A + - myapp + - worker + - -l + - INFO + - -Q + - celery + - --concurrency + - "4" + - --max-tasks-per-child + - "10" + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + # TODO: livenessProbe + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "worker" +--- +# Source: toggle-django-helm/charts/postgresql/templates/primary/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: my-app-postgres + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary +spec: + replicas: 1 + serviceName: my-app-postgres-hl + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + template: + metadata: + name: my-app-postgres + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + app.kubernetes.io/version: 17.2.0 + helm.sh/chart: postgresql-16.4.5 + app.kubernetes.io/component: primary + spec: + serviceAccountName: my-app-postgres + + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: postgresql + app.kubernetes.io/component: primary + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + hostNetwork: false + hostIPC: false + containers: + - name: postgresql + image: docker.io/bitnami/postgresql:17.2.0-debian-12-r8 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + # Authentication + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-postgres + key: postgres-password + - name: POSTGRES_DATABASE + value: "my-app" + # LDAP + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: "no" + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "postgres" -d "dbname=my-app" -h 127.0.0.1 -p 5432 + readinessProbe: + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "postgres" -d "dbname=my-app" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/tmp + subPath: app-tmp-dir + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + volumes: + - name: empty-dir + emptyDir: {} + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "2Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/charts/redis/templates/master/application.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: my-app-redis-master + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + serviceName: my-app-redis-headless + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: redis + app.kubernetes.io/version: 7.4.2 + helm.sh/chart: redis-20.6.3 + app.kubernetes.io/component: master + annotations: + checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47 + checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9 + checksum/scripts: 43cdf68c28f3abe25ce017a82f74dbf2437d1900fd69df51a55a3edf6193d141 + checksum/secret: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: my-app-redis-master + automountServiceAccountToken: false + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + enableServiceLinks: true + terminationGracePeriodSeconds: 30 + containers: + - name: redis + image: docker.io/bitnami/redis:7.4.2-debian-12-r0 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + args: + - -c + - /opt/bitnami/scripts/start-scripts/start-master.sh + env: + - name: BITNAMI_DEBUG + value: "false" + - name: REDIS_REPLICATION_MODE + value: master + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + - name: REDIS_TLS_ENABLED + value: "no" + - name: REDIS_PORT + value: "6379" + ports: + - name: redis + containerPort: 6379 + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + # One second longer than command timeout should prevent generation of zombie processes. + timeoutSeconds: 6 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_liveness_local.sh 5 + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 5 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 5 + exec: + command: + - sh + - -c + - /health/ping_readiness_local.sh 1 + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: start-scripts + mountPath: /opt/bitnami/scripts/start-scripts + - name: health + mountPath: /health + - name: redis-data + mountPath: /data + - name: config + mountPath: /opt/bitnami/redis/mounted-etc + - name: empty-dir + mountPath: /opt/bitnami/redis/etc/ + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + volumes: + - name: start-scripts + configMap: + name: my-app-redis-scripts + defaultMode: 0755 + - name: health + configMap: + name: my-app-redis-health + defaultMode: 0755 + - name: config + configMap: + name: my-app-redis-configuration + - name: empty-dir + emptyDir: {} + volumeClaimTemplates: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: redis-data + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/name: redis + app.kubernetes.io/component: master + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: ".5Gi" + storageClassName: longhorn +--- +# Source: toggle-django-helm/templates/argo-hooks/hook-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: release-name-toggle-django-helm-collect-static + annotations: + argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + labels: + app: release-name-toggle-django-helm + component: argo-hooks + azure.workload.identity/use: "true" + spec: + restartPolicy: "Never" + containers: + - name: collect-static + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - ./manage.py + - collectstatic + - --noinput + resources: + limits: + cpu: "4" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "hook" +--- +# Source: toggle-django-helm/templates/argo-hooks/hook-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + generateName: release-name-toggle-django-helm-db-migrate- + annotations: + argocd.argoproj.io/hook: PostSync +spec: + template: + metadata: + annotations: + checksum/secret: b3cd21062f0a8704320dc3846cfef185bb2a8f5854cdb033f2f1092d2d2cca67 + checksum/configmap: de0584c99be865e5e466cd78f1d852c5941906498c945aded88f9c23ada87de0 + aws.workload.identity/use: "true" + labels: + app: release-name-toggle-django-helm + component: argo-hooks + azure.workload.identity/use: "true" + spec: + restartPolicy: "Never" + containers: + - name: db-migrate + image: "ghcr.io/example/example:v1.0.1" + imagePullPolicy: IfNotPresent + command: + - ./manage.py + - migrate + resources: + limits: + cpu: "4" + memory: 2Gi + requests: + cpu: "0.1" + memory: 1Gi + envFrom: + - secretRef: + name: release-name-toggle-django-helm-secret + - configMapRef: + name: release-name-toggle-django-helm-env-name + env: + - name: DJANGO_APP_TYPE + value: "hook" +--- +# Source: toggle-django-helm/charts/minio/templates/api-ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: my-app-minio-api + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: 50m +spec: + ingressClassName: "nginx" + rules: + - host: myapp-minio.example.com + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: my-app-minio + port: + name: minio-api +--- +# Source: toggle-django-helm/templates/api/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: release-name-toggle-django-helm-api + labels: + app: release-name-toggle-django-helm + component: api + environment: ALPHA + release: release-name +spec: + ingressClassName: "nginx" + rules: + - host: "myapp.example.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: release-name-toggle-django-helm-api + port: + number: 80 +--- +# Source: toggle-django-helm/templates/extraManifests.yaml +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: pg-cluster +spec: + backup: {} + enablePDB: true + instances: 3 + monitoring: + enablePodMonitor: true + plugins: + - isWALArchiver: true + name: barman-cloud.cloudnative-pg.io + parameters: + barmanObjectName: aws-s3-store + storage: + size: 300Mi +--- +# Source: toggle-django-helm/templates/extraManifests.yaml +apiVersion: barmancloud.cnpg.io/v1 +kind: ObjectStore +metadata: + name: aws-s3-store +spec: + configuration: + destinationPath: s3://my-db-backup/barman/ + s3Credentials: + accessKeyId: + key: ACCESS_KEY_ID + name: barman-s3-creds + secretAccessKey: + key: ACCESS_SECRET_KEY + name: barman-s3-creds + wal: + compression: gzip + maxParallel: 4 + retentionPolicy: 30d +--- +# Source: toggle-django-helm/templates/extraManifests.yaml +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: backup-daily +spec: + backupOwnerReference: self + cluster: + name: pg-cluster + immediate: true + method: plugin + pluginConfiguration: + name: barman-cloud.cloudnative-pg.io + schedule: 0 0 0 * * * + suspend: false +--- +# Source: toggle-django-helm/charts/minio/templates/provisioning-job.yaml +apiVersion: batch/v1 +kind: Job +metadata: + name: my-app-minio-provisioning + namespace: "default" + labels: + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: minio + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning + annotations: + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation +spec: + ttlSecondsAfterFinished: 600 + parallelism: 1 + template: + metadata: + labels: + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: 2024.12.18 + helm.sh/chart: minio-14.10.5 + app.kubernetes.io/component: minio-provisioning + spec: + + restartPolicy: OnFailure + terminationGracePeriodSeconds: 0 + securityContext: + fsGroup: 1001 + fsGroupChangePolicy: Always + supplementalGroups: [] + sysctls: [] + serviceAccountName: my-app-minio + initContainers: + - name: wait-for-available-minio + image: docker.io/bitnami/os-shell:12-debian-12-r35 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + - -c + - |- + set -e; + echo "Waiting for Minio"; + wait-for-port \ + --host=my-app-minio \ + --state=inuse \ + --timeout=120 \ + 9000; + echo "Minio is available"; + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + containers: + - name: minio + image: docker.io/bitnami/minio:2024.12.18-debian-12-r1 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /bin/bash + - -c + - |- + set -e; + echo "Start Minio provisioning"; + + retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + + function attachPolicy() { + local tmp=$(mc admin $1 info provisioning $2 | sed -n -e 's/^Policy.*: \(.*\)$/\1/p'); + IFS=',' read -r -a CURRENT_POLICIES <<< "$tmp"; + if [[ ! "${CURRENT_POLICIES[*]}" =~ "$3" ]]; then + mc admin policy attach provisioning $3 --$1=$2; + fi; + }; + + function detachDanglingPolicies() { + local tmp=$(mc admin $1 info provisioning $2 | sed -n -e 's/^Policy.*: \(.*\)$/\1/p'); + IFS=',' read -r -a CURRENT_POLICIES <<< "$tmp"; + IFS=',' read -r -a DESIRED_POLICIES <<< "$3"; + for current in "${CURRENT_POLICIES[@]}"; do + if [[ ! "${DESIRED_POLICIES[*]}" =~ "${current}" ]]; then + mc admin policy detach provisioning $current --$1=$2; + fi; + done; + } + + function addUsersFromFile() { + local username=$(grep -oP '^username=\K.+' $1); + local password=$(grep -oP '^password=\K.+' $1); + local disabled=$(grep -oP '^disabled=\K.+' $1); + local policies_list=$(grep -oP '^policies=\K.+' $1); + local set_policies=$(grep -oP '^setPolicies=\K.+' $1); + + mc admin user add provisioning "${username}" "${password}"; + + IFS=',' read -r -a POLICIES <<< "${policies_list}"; + for policy in "${POLICIES[@]}"; do + attachPolicy user "${username}" "${policy}"; + done; + if [ "${set_policies}" == "true" ]; then + detachDanglingPolicies user "${username}" "${policies_list}"; + fi; + + local user_status="enable"; + if [[ "${disabled}" != "" && "${disabled,,}" == "true" ]]; then + user_status="disable"; + fi; + + mc admin user "${user_status}" provisioning "${username}"; + }; + mc alias set provisioning $MINIO_SCHEME://my-app-minio:9000 $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; + + mc admin service restart provisioning --wait --json; + + # Adding a sleep to ensure that the check below does not cause + # a race condition. We check for the MinIO port because the + # "mc admin service restart --wait" command is not working as expected + sleep 5; + echo "Waiting for Minio to be available after restart"; + if ! retry_while "mc admin info provisioning"; then + echo "Error connecting to Minio" + exit 1 + fi + echo "Minio is available. Executing provisioning commands"; + + mc anonymous set download provisioning/static-data; + + echo "End Minio provisioning"; + env: + - name: MINIO_SCHEME + value: "http" + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: my-app-minio + key: root-password + envFrom: + resources: + limits: + cpu: 150m + ephemeral-storage: 2Gi + memory: 192Mi + requests: + cpu: 100m + ephemeral-storage: 50Mi + memory: 128Mi + volumeMounts: + - name: empty-dir + mountPath: /.mc + subPath: app-mc-dir + - name: empty-dir + mountPath: /opt/bitnami/minio/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: minio-provisioning + mountPath: /etc/ilm + volumes: + - name: empty-dir + emptyDir: {} + - name: minio-provisioning + configMap: + name: my-app-minio-provisioning diff --git a/chart/update-snapshots.sh b/chart/update-snapshots.sh new file mode 100755 index 0000000..a602724 --- /dev/null +++ b/chart/update-snapshots.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +set -euo pipefail + +# Colors +RED="\033[0;31m" +GREEN="\033[0;32m" +YELLOW="\033[1;33m" +RESET="\033[0m" + +BASE_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +cd "$BASE_DIR" + +CHECK_DIFF_ONLY=false +DIFF_FOUND=false + +# Parse command line flags +for arg in "$@"; do + case "$arg" in + --check-diff-only) + CHECK_DIFF_ONLY=true + ;; + *) + echo -e "${RED}Unknown argument: $arg${RESET}" + echo "Usage: $0 [--check-diff-only]" + exit 1 + ;; + esac +done + +# Test using all test values +for values_file in ./tests/values-*.yaml; do + template_name=$(basename "$values_file") + snapshot_path="./snapshots/$template_name" + + echo -e "${YELLOW}Processing ${values_file}${RESET}" + + if [[ "$CHECK_DIFF_ONLY" == "true" ]]; then + tmpfile=$(mktemp) + helm template ./ --values "$values_file" > "$tmpfile" + + if [[ ! -f "$snapshot_path" ]]; then + echo -e "${RED}❌ Snapshot missing: $snapshot_path${RESET}" + DIFF_FOUND=true + rm "$tmpfile" + continue + fi + + if ! diff_output=$(diff -u "$snapshot_path" "$tmpfile"); then + echo -e "${RED}❌ Differences detected for $values_file${RESET}" + + if command -v delta &>/dev/null; then + echo "$diff_output" | delta + else + echo "$diff_output" + fi + + DIFF_FOUND=true + else + echo -e "${GREEN}✔ No differences for $values_file${RESET}" + fi + + rm "$tmpfile" + else + echo -e "${YELLOW}Generating $values_file -> $snapshot_path${RESET}" + helm template ./ --values "$values_file" > "$snapshot_path" + echo -e "${GREEN}✔ Snapshot updated: $snapshot_path${RESET}" + fi +done + +# Final result +if [[ "$CHECK_DIFF_ONLY" == "true" ]]; then + if [[ "$DIFF_FOUND" == "true" ]]; then + echo -e "${RED}❌ Differences found. Failing.${RESET}" + exit 1 + else + echo -e "${GREEN}✔ No differences found across all snapshots.${RESET}" + fi +else + echo -e "${GREEN}✔ All snapshots updated successfully.${RESET}" +fi From f736ebcf649f0b814f4474acc6c4871460ffa459 Mon Sep 17 00:00:00 2001 From: thenav56 Date: Wed, 19 Nov 2025 12:19:46 +0545 Subject: [PATCH 3/3] feat: support string in extra-manifests --- chart/snapshots/values-3.yaml | 17 +++++++++++++++++ chart/templates/extraManifests.yaml | 11 ++++++++++- chart/tests/values-3.yaml | 17 +++++++++++++++++ 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/chart/snapshots/values-3.yaml b/chart/snapshots/values-3.yaml index 656de8b..8e5eded 100644 --- a/chart/snapshots/values-3.yaml +++ b/chart/snapshots/values-3.yaml @@ -487,6 +487,23 @@ spec: storage: "2Gi" storageClassName: longhorn --- +# Source: toggle-django-helm/templates/extraManifests.yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: my-local-cache + labels: + app: release-name-toggle-django-helm + environment: ALPHA + release: release-name +spec: + storageClassName: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 2Gi +--- # Source: toggle-django-helm/charts/minio/templates/service.yaml apiVersion: v1 kind: Service diff --git a/chart/templates/extraManifests.yaml b/chart/templates/extraManifests.yaml index 8c613f5..682b2e1 100644 --- a/chart/templates/extraManifests.yaml +++ b/chart/templates/extraManifests.yaml @@ -3,14 +3,23 @@ {{- if kindIs "map" $extra }} {{- range $key, $val := $extra }} --- +{{- if kindIs "string" $val }} +{{ tpl $val $ }} +{{- else }} {{ tpl (toYaml $val) $ }} +{{- end }} {{- end }} + {{- else if kindIs "slice" $extra }} {{- range $val := $extra }} --- +{{- if kindIs "string" $val }} +{{ tpl $val $ }} +{{- else }} {{ tpl (toYaml $val) $ }} +{{- end }} {{- end }} {{- else }} - {{- fail "Values.extraManifests must be a map or an array of objects" }} + {{- fail "Values.extraManifests must be a map or array" }} {{- end }} {{- end }} diff --git a/chart/tests/values-3.yaml b/chart/tests/values-3.yaml index 5205a62..fe33c13 100644 --- a/chart/tests/values-3.yaml +++ b/chart/tests/values-3.yaml @@ -147,3 +147,20 @@ extraManifests: isWALArchiver: true parameters: barmanObjectName: aws-s3-store + # Local cache volume + local-cache-pvc: | + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: my-local-cache + labels: + app: {{ include "django-app.fullname" . }} + environment: {{ .Values.environment }} + release: {{ .Release.Name }} + spec: + storageClassName: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 2Gi