diff --git a/.gitignore b/.gitignore index f3d9e3c..b6bd461 100644 --- a/.gitignore +++ b/.gitignore @@ -61,4 +61,5 @@ temp/ *.backup *~ chart/ConfigMap.yaml +chart/SSH.yaml chart/pvc \ No newline at end of file diff --git a/chart/app/templates/configmap.yaml b/chart/app/templates/configmap.yaml index 975f585..af75e04 100644 --- a/chart/app/templates/configmap.yaml +++ b/chart/app/templates/configmap.yaml @@ -1,28 +1,11 @@ -{{/* -Single shared ConfigMap for all services. -Merges global.env with service-specific overrides. -*/}} -{{- $allEnv := deepCopy ($.Values.global.env | default dict) }} -{{- /* Auto-fill APP_GIT_RPC_ADDR for gitdata -> gitpod-rpc service */}} -{{- if and $.Values.gitdata.enabled (not $.Values.gitdata.env.APP_GIT_RPC_ADDR) }} -{{- $_ := set $allEnv "APP_GIT_RPC_ADDR" (include "app.gitpodRpcAddr" $) }} -{{- end }} -{{- range $svcName, $svc := dict "gitdata" $.Values.gitdata "gitpod" $.Values.gitpod "gitsync" $.Values.gitsync "email" $.Values.email }} -{{- if $svc.enabled }} -{{- $allEnv = merge $allEnv ($svc.env | default dict) }} -{{- end }} -{{- end }} -{{- if $allEnv }} +{{- if .Values.configMap.create }} --- apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "app.fullname" $ }} - namespace: {{ $.Values.global.namespace | default $.Release.Namespace }} + name: {{ .Values.configMap.name | default (include "app.fullname" .) }} + namespace: {{ include "app.namespace" . }} labels: - {{- include "app.labels" $ | nindent 4 }} -data: - {{- range $k, $v := $allEnv }} - {{ $k }}: {{ $v | quote }} - {{- end }} + {{- include "app.labels" . | nindent 4 }} +data: {} {{- end }} diff --git a/chart/app/templates/deployment.yaml b/chart/app/templates/deployment.yaml index b42af8b..b0f4b73 100644 --- a/chart/app/templates/deployment.yaml +++ b/chart/app/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* Deployments — One per enabled service. -All pods share app-data-pvc mounted at /data. +All pods share the configured data PVC. */}} {{/* ============================================================ @@ -35,7 +35,7 @@ spec: securityContext: {{- toYaml $svc.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: gitdata image: {{ include "app.image" (dict "root" . "svc" $svc.image) }} imagePullPolicy: {{ .Values.global.image.pullPolicy }} ports: @@ -44,14 +44,14 @@ spec: protocol: TCP envFrom: - configMapRef: - name: {{ include "app.fullname" . }} + name: {{ .Values.configMap.name | default (include "app.fullname" .) }} resources: {{- toYaml $svc.resources | nindent 12 }} securityContext: {{- toYaml $svc.securityContext | nindent 12 }} volumeMounts: - name: data - mountPath: /data + mountPath: {{ .Values.persistence.data.mountPath }} {{- with $svc.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -75,7 +75,7 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: app-data-pvc + claimName: {{ .Values.persistence.data.claimName }} {{- with $svc.volumes }} {{- toYaml . | nindent 8 }} {{- end }} @@ -125,7 +125,7 @@ spec: securityContext: {{- toYaml $svc.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: gitpod image: {{ include "app.image" (dict "root" . "svc" $svc.image) }} imagePullPolicy: {{ .Values.global.image.pullPolicy }} ports: @@ -140,14 +140,14 @@ spec: protocol: TCP envFrom: - configMapRef: - name: {{ include "app.fullname" . }} + name: {{ .Values.configMap.name | default (include "app.fullname" .) }} resources: {{- toYaml $svc.resources | nindent 12 }} securityContext: {{- toYaml $svc.securityContext | nindent 12 }} volumeMounts: - name: data - mountPath: /data + mountPath: {{ .Values.persistence.data.mountPath }} {{- with $svc.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -176,7 +176,7 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: app-data-pvc + claimName: {{ .Values.persistence.data.claimName }} {{- if $svc.sshHostKeySecret }} - name: ssh-host-key secret: @@ -232,7 +232,7 @@ spec: securityContext: {{- toYaml $svc.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: gitsync image: {{ include "app.image" (dict "root" . "svc" $svc.image) }} imagePullPolicy: {{ .Values.global.image.pullPolicy }} ports: @@ -241,14 +241,14 @@ spec: protocol: TCP envFrom: - configMapRef: - name: {{ include "app.fullname" . }} + name: {{ .Values.configMap.name | default (include "app.fullname" .) }} resources: {{- toYaml $svc.resources | nindent 12 }} securityContext: {{- toYaml $svc.securityContext | nindent 12 }} volumeMounts: - name: data - mountPath: /data + mountPath: {{ .Values.persistence.data.mountPath }} {{- with $svc.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -272,7 +272,7 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: app-data-pvc + claimName: {{ .Values.persistence.data.claimName }} {{- with $svc.volumes }} {{- toYaml . | nindent 8 }} {{- end }} @@ -322,7 +322,7 @@ spec: securityContext: {{- toYaml $svc.podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: email image: {{ include "app.image" (dict "root" . "svc" $svc.image) }} imagePullPolicy: {{ .Values.global.image.pullPolicy }} ports: @@ -331,14 +331,14 @@ spec: protocol: TCP envFrom: - configMapRef: - name: {{ include "app.fullname" . }} + name: {{ .Values.configMap.name | default (include "app.fullname" .) }} resources: {{- toYaml $svc.resources | nindent 12 }} securityContext: {{- toYaml $svc.securityContext | nindent 12 }} volumeMounts: - name: data - mountPath: /data + mountPath: {{ .Values.persistence.data.mountPath }} {{- with $svc.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -362,7 +362,7 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: app-data-pvc + claimName: {{ .Values.persistence.data.claimName }} {{- with $svc.volumes }} {{- toYaml . | nindent 8 }} {{- end }} @@ -379,3 +379,87 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} +{{/* ============================================================ + web — Frontend SPA + ============================================================ */}} +{{- if .Values.web.enabled }} +{{- $svc := .Values.web }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "app.serviceFullname" (dict "root" . "name" "web") }} + namespace: {{ include "app.namespace" . }} + labels: + {{- include "app.serviceLabels" (dict "root" . "name" "web") | nindent 4 }} +spec: + replicas: {{ $svc.replicaCount }} + selector: + matchLabels: + {{- include "app.serviceSelectorLabels" (dict "root" . "name" "web") | nindent 6 }} + template: + metadata: + annotations: + {{- with $svc.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "app.serviceLabels" (dict "root" . "name" "web") | nindent 8 }} + spec: + {{- include "app.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "app.serviceAccountName" . }} + securityContext: + {{- toYaml $svc.podSecurityContext | nindent 8 }} + containers: + - name: web + image: {{ include "app.image" (dict "root" . "svc" $svc.image) }} + imagePullPolicy: {{ .Values.global.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + envFrom: + - configMapRef: + name: {{ .Values.configMap.name | default (include "app.fullname" .) }} + resources: + {{- toYaml $svc.resources | nindent 12 }} + securityContext: + {{- toYaml $svc.securityContext | nindent 12 }} + {{- with $svc.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + startupProbe: + httpGet: + path: {{ $svc.startupProbe.httpGet.path }} + port: {{ $svc.startupProbe.httpGet.port }} + initialDelaySeconds: {{ $svc.startupProbe.initialDelaySeconds }} + periodSeconds: {{ $svc.startupProbe.periodSeconds }} + failureThreshold: {{ $svc.startupProbe.failureThreshold }} + livenessProbe: + httpGet: + path: {{ $svc.livenessProbe.httpGet.path }} + port: {{ $svc.livenessProbe.httpGet.port }} + periodSeconds: {{ $svc.livenessProbe.periodSeconds }} + readinessProbe: + httpGet: + path: {{ $svc.readinessProbe.httpGet.path }} + port: {{ $svc.readinessProbe.httpGet.port }} + periodSeconds: {{ $svc.readinessProbe.periodSeconds }} + {{- with $svc.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $svc.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $svc.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $svc.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/chart/app/templates/hpa.yaml b/chart/app/templates/hpa.yaml index ffd15a3..cf64180 100644 --- a/chart/app/templates/hpa.yaml +++ b/chart/app/templates/hpa.yaml @@ -1,4 +1,4 @@ -{{- range $svcName := list "gitdata" "gitpod" "gitsync" "email" }} +{{- range $svcName := list "gitdata" "gitpod" "gitsync" "email" "web" }} {{- $svcCfg := index $.Values $svcName }} {{- $hpaCfg := index $.Values.autoscaling $svcName }} {{- if and $svcCfg.enabled $hpaCfg.enabled }} diff --git a/chart/app/templates/ingress.yaml b/chart/app/templates/ingress.yaml index aad89c6..819b1d2 100644 --- a/chart/app/templates/ingress.yaml +++ b/chart/app/templates/ingress.yaml @@ -43,6 +43,15 @@ spec: port: number: {{ $.Values.gitdata.service.port }} {{- end }} + {{- if $.Values.web.enabled }} + - path: / + pathType: Prefix + backend: + service: + name: {{ include "app.serviceFullname" (dict "root" $ "name" "web") }} + port: + number: {{ $.Values.web.service.port }} + {{- end }} {{- end }} {{- range .Values.ingress.git.hosts }} - host: {{ .host | quote }} diff --git a/chart/app/templates/pdb.yaml b/chart/app/templates/pdb.yaml index 5bc5ba7..367b9c7 100644 --- a/chart/app/templates/pdb.yaml +++ b/chart/app/templates/pdb.yaml @@ -1,5 +1,5 @@ {{- if .Values.podDisruptionBudget.enabled }} -{{- range $svcName := list "gitdata" "gitpod" "gitsync" "email" }} +{{- range $svcName := list "gitdata" "gitpod" "gitsync" "email" "web" }} {{- $svcCfg := index $.Values $svcName }} {{- $pdbCfg := index $.Values.podDisruptionBudget $svcName }} {{- if and $svcCfg.enabled $pdbCfg.minAvailable }} diff --git a/chart/app/templates/service.yaml b/chart/app/templates/service.yaml index 2c29bb2..9c0997b 100644 --- a/chart/app/templates/service.yaml +++ b/chart/app/templates/service.yaml @@ -139,3 +139,26 @@ spec: selector: {{- include "app.serviceSelectorLabels" (dict "root" . "name" "email") | nindent 4 }} {{- end }} +{{- if .Values.web.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "app.serviceFullname" (dict "root" . "name" "web") }} + namespace: {{ include "app.namespace" . }} + labels: + {{- include "app.serviceLabels" (dict "root" . "name" "web") | nindent 4 }} + {{- with .Values.web.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.web.service.type }} + ports: + - port: {{ .Values.web.service.port | default 80 }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "app.serviceSelectorLabels" (dict "root" . "name" "web") | nindent 4 }} +{{- end }} diff --git a/chart/app/templates/servicemonitor.yaml b/chart/app/templates/servicemonitor.yaml index f860653..d38bc96 100644 --- a/chart/app/templates/servicemonitor.yaml +++ b/chart/app/templates/servicemonitor.yaml @@ -23,11 +23,7 @@ spec: endpoints: - interval: {{ $.Values.serviceMonitor.interval }} port: {{ if eq $svcName "gitdata" }}http{{ else if eq $svcName "gitpod" }}http{{ else }}health{{ end }} - {{- if eq $svcName "gitdata" }} path: /metrics - {{- else }} - path: /health - {{- end }} selector: matchLabels: {{- include "app.serviceSelectorLabels" (dict "root" $ "name" $svcName) | nindent 6 }} diff --git a/chart/app/values.yaml b/chart/app/values.yaml index c6d2222..2a998cb 100644 --- a/chart/app/values.yaml +++ b/chart/app/values.yaml @@ -13,6 +13,15 @@ serviceAccount: annotations: {} name: "" +configMap: + create: false + name: gitdataai + +persistence: + data: + claimName: app-data-pvc + mountPath: /data + gitdata: enabled: true replicaCount: 1 @@ -21,12 +30,6 @@ gitdata: registry: "" tag: "" - env: - APP_API_PORT: "8080" - APP_OTEL_SERVICE_NAME: "gitdata-api" - APP_GIT_RPC_ADDR: "" - APP_GIT_RPC_PORT: "50051" - service: type: ClusterIP port: 8080 @@ -88,16 +91,6 @@ gitpod: registry: "" tag: "" - env: - APP_GIT_HTTP_PORT: "8080" - APP_SSH_PORT: "2222" - APP_GIT_RPC_ADDR: "0.0.0.0" - APP_GIT_RPC_PORT: "50051" - APP_OTEL_SERVICE_NAME: "gitpod" - APP_SSH_DOMAIN: "" - APP_GIT_HTTP_DOMAIN: "" - APP_REPOS_ROOT: "/data/repos" - service: type: ClusterIP port: 8080 @@ -155,8 +148,8 @@ gitpod: tolerations: [] affinity: {} - # -- SSH host key secret (mount to /etc/ssh) - sshHostKeySecret: "" + # -- SSH host key secret mounted to /etc/ssh. + sshHostKeySecret: gitpod-ssh-host-keys # -- Data volumes (repos storage) volumes: [] @@ -171,11 +164,6 @@ gitsync: registry: "" tag: "" - env: - APP_GITSYNC_HEALTH_PORT: "8081" - APP_OTEL_SERVICE_NAME: "gitsync" - APP_REPOS_ROOT: "/data/repos" - service: type: ClusterIP port: 8081 @@ -236,10 +224,6 @@ email: registry: "" tag: "" - env: - APP_EMAIL_HEALTH_PORT: "8083" - APP_OTEL_SERVICE_NAME: "email-service" - service: enabled: false type: ClusterIP @@ -290,6 +274,63 @@ email: volumes: [] volumeMounts: [] +web: + enabled: true + replicaCount: 1 + image: + name: gitdata-web + registry: "" + tag: "" + + service: + type: ClusterIP + port: 80 + annotations: {} + + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 200m + memory: 256Mi + + startupProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 5 + periodSeconds: 5 + failureThreshold: 30 + + livenessProbe: + httpGet: + path: /health + port: http + periodSeconds: 30 + + readinessProbe: + httpGet: + path: /health + port: http + periodSeconds: 15 + + podAnnotations: {} + podSecurityContext: + runAsNonRoot: true + runAsUser: 101 + fsGroup: 101 + + securityContext: + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + + nodeSelector: {} + tolerations: [] + affinity: {} + volumes: [] + volumeMounts: [] + ingress: enabled: true className: "nginx" @@ -299,7 +340,9 @@ ingress: hosts: - host: dev.gitdata.ai paths: - - path: / + - path: /api + pathType: Prefix + - path: /socket.io pathType: Prefix tls: - hosts: @@ -352,6 +395,12 @@ autoscaling: maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: "" + web: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: "" podDisruptionBudget: enabled: false @@ -363,3 +412,5 @@ podDisruptionBudget: minAvailable: "" email: minAvailable: "" + web: + minAvailable: ""