Commit f72da026 authored by Francesco-gmail's avatar Francesco-gmail
Browse files

upload common-trec

parents
Pipeline #178162 passed with stage
in 10 seconds
image: gitlab-registry.fbk.eu/gscdev/containers/cloud-utils
stages:
- upload
upload:
stage: upload
script:
- chart_version=$(helm package ./chart | awk -F/ '{print $7}') #--version 1.0.0
- curl --request POST --user gitlab-ci-token:$CI_JOB_TOKEN --form "chart=@$chart_version" "${CI_API_V4_URL}/projects/4410/packages/helm/api/stable/charts"
apiVersion: v1
name: common-trec
type: library
version: 1.0.0
description: The Universal Deployment Helm Chart
dependencies:
- name: fbk-common # Common chart for TreC microservices
version: ~1.1.0
repository: https://gitlab.fbk.eu/api/v4/projects/4410/packages/helm/stable
{{- define trec.configMap -}}
{{- include "fbk-common.configMap" . -}}
{{- end -}}
\ No newline at end of file
{{- define trec.deployment -}}
{{- include "fbk-common.deployment" . -}}
{{- end -}}
\ No newline at end of file
{{- define trec.ingress -}}
{{- include "fbk-common.ingress" . -}}
{{- end -}}
\ No newline at end of file
{{- define trec.service -}}
{{- include "fbk-common.service" . -}}
{{- end -}}
\ No newline at end of file
# Default values for a "deployment"
# REQUIRED for you to set a value here, name of your application/service
#nameOverride: audit-logger
# Number of pods in deployment, default of not highly available (override on HA environments)
replicaCount: 1
# minReadySeconds
minReadySeconds: false
# Rollback limit
revisionHistoryLimit: 10
# The pod priority, to make things more critical
# See: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
priorityClassName: ""
# Image repository location (override if needed)
image:
# Which image to release
tag: latest
# Which repo to use
repository: trecregistry.azurecr.io/trec/microservices
#image: test-fbk-sit-cloud/audit-logger
# Which command to run (NOTE: ONLY SPECIFY IF YOU NEED, IF NOT SPECIFIED WILL USE DOCKER DEFAULT)
command: []
# What args to pass to the command (NOTE: ONLY SPECIFY IF YOU NEED, IF NOT SPECIFIED WILL USE DOCKER DEFAULT)
args: []
# Image pull policy: IfNotPresent / Always
imagePullPolicy: IfNotPresent
configMap: []
# Ingress definitions
ingress:
enabled: true
# If we want to override the name, RECOMMEND YOU DO NOT DO THIS UNLESS YOU NEED, it has a sane default
name: ""
# If we want to have affinity in nginx enabled
nginx_affinity: true
# This is for the nginx controllers, this should be set to the controller that is intended to route your service
nginx_class: "nginx"
annotations: {}
hosts:
- host: trec.log
paths:
- /api/{{ .Values.ingress.hosts.chartPath }}/
# chartPath: "" #audit-logger/?(.*)
tls: []
# Secondary ingress definition
ingress_secondary:
enabled: false
# If we want to override the name, RECOMMEND YOU DO NOT DO THIS UNLESS YOU NEED, it has a sane default
name: ""
# If we want to have affinity in nginx enabled
nginx_affinity: true
# This is for the nginx controllers, this should be set to the controller that is intended to route your service
nginx_class: "nginx"
annotations: {}
hosts:
- host: chart-example.local
paths:
- /api/{{ .Values.ingress.hosts.chartPath }}/"
chartPath: "" #audit-logger/?(.*)
tls: []
# Service definitions
service:
enabled: true
annotations: {}
type: ClusterIP
port: 80
targetPort: 8080
name: ""
# externalTrafficPolicy: Local
additionalPorts: []
# Additional container ports to open
# This can allow scraping by prometheus, or exposure to other services
additionalPorts:
- containerPort: 6666
name: metrics
protocol: TCP
# Additional pod annotations
podAnnotations: {}
# tick: "1528451892"
# Additional labels put onto anything that can be labelled (pods, services)
labels: {}
# This adds lifecycle events for the deployment
lifecycle: {}
# Environment variables (for globals, all deployments)
globalEnvs: []
# stdin and tty status
tty: true
# A secondary source for env variables (eg: for a specific env (eg: dev, or staging))
extraEnvs: []
# A way to pull secondary env variables from configmaps and secrets
envFrom: []
# livenessProbes are used to determine when to restart a container
livenessProbe:
enabled: true
# For the liveness probe we'll wait a full 2 minutes, just incase this service takes a while to start-up
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 9
successThreshold: 1
failureThreshold: 3
# Specify either httpGet, tcpSocket or exec
# httpGet uses path and port (below)
# tcpSocket uses port (below)
# exec uses command (below)
probeType: httpGet
# parameters for probes
path: /metrics
port: metrics
command:
- ls -la /
# readinessProbes are used to determine when a container is ready to start accepting traffic
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 4
successThreshold: 2
failureThreshold: 2
# Specify either httpGet, tcpSocket or exec
# httpGet uses path and port (below)
# tcpSocket uses port (below)
# exec uses command (below)
probeType: httpGet
# parameters for probes
path: /metrics
port: metrics
command:
- ls -la /
# Lower the ndots value, to reduce the search path expansion of DNS queries
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-config
dnsConfig:
enabled: false
ndots: 2
# container resource requests/limits
# this is set VERY low by default, to be aggressive above resource limiting, please override this if necessary
# Note: Limits are HARD Limits
# Requests are "soft" limits and are what affects HPA (autoscaling) aggressiveness and are what is guaranteed
resources:
limits:
# cpu: 100m
memory: 300Mi
requests:
# cpu: 100m
memory: 300Mi
# Assign pods to nodes based on nodeSelector labels, define a default here if desired
nodeSelector: []
# purpose: node-feature-name
# Assign pods to nodes based on tolerations and taints
tolerations: []
# Init container(s)
initContainers: []
# - name: volume-mount-hack
# image: busybox
# command: ["sh", "-c", "chown -R 1000:1000 /var/chaindata"]
# volumeMounts:
# - name: data
# mountPath: /var/chaindata
# Additional containers to be added to the pod (eg: add the cloudsql proxy)
extraContainers: []
# Volumes added to the pod eg: for cloudsql
volumeMounts:
- name: internal-key
readOnly: true
mountPath: /secrets/internal-key/
volumes:
- name: internal-key
secret:
secretName: internal-key
# Security context options, should default to run as non root enabled, but for now not
security:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
# Whether or not to enable autoscaling
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 8
targetCPUUtilizationPercentage: 75
targetMemoryUtilizationPercentage: 90
# Whether or not we want a pod disruption budget, enabled by default, but this only is enabled if replicaCount > 1
podDistuptionBudget:
enabled: true
# maxUnavailable: 1
minAvailable: 1
# What deployment strategy to use
deploymentStrategy:
# Recreate / RollingUpdate
type: RollingUpdate
rollingUpdate:
# Minimize downtime by only having only 25 percent max unavailable. If you're only at 3 pods, because 33% it won't kill any pods before one gets healthy first.
maxUnavailable: 25%
# Allows up to 25% more pods to be created when trying to roll out. If you're at 10 pods, it'll spin up 2 new ones (20%) and when healthy will wait for termination of old ones to ensure compliance of 25%
maxSurge: 25%
# This is so we can use the same tag on various different objects (eg: statefulsets, crons, etc) via our Gitlab CI Automation
global:
image:
tag: ""
# This can be used Gitlab CI and helm automatically to set our URIs based on namespace
namespace: ""
# This is for service accounts
serviceAccount:
# Disabled by default, set to true if you want
enabled: false
# Add annotations if desited,
annotations: {}
# Here's an example of assigning an IAM role to a pod
# eks.amazonaws.com/role-arn: arn:aws:iam::123123123:role/role-name-goes-here
# If we want a hostname set for this deployment
hostname: ""
## For RBAC support, enable if you want, and set the rules you wish, examples below
rbac:
create: false
rules:
## Define specific rbac permissions.
# Eg: This grants all on API groups
# - apiGroups: ['*']
# resources: ['*']
# verbs: ['*']
# Eg: This grants all on non resource URLs
# - nonResourceURLs: ['*']
# verbs: ['*']
# Eg: This is "readonly" for common resources
# - resources: ["deployments", "configmaps", "pods", "pods/log", "services", "jobs", "jobs/status", "nodes", "serviceaccount", "namespaces"]
# verbs: ["get", "list", "watch"]
## Make this into a clusterwide role to give access to all namespaces if desired, disabled by default for more security
clusterWideAccess: false
\ No newline at end of file
- image repository: concatenare repo+image
questo 'e il backend, servir'a anche la common-trec fronted
controllare le annotation sul loro ingress
anche le labels
commonfbk (library, nessun values), common-trec-backend (library, values comuni a tutti i servizi), audit-logger (chart, deploy in dev, values autogenerato dalla pipeline per quel servizio), chart che usa tutti i microservizi come dipendenze (e quindi la loro versione) e il values e' qui.
nel servizio (auditlogger) le mettiamo vuote, poi nello stack vanno compilate:
globalEnvs:
- name: DB_URL
value: mariadb://fbk-mariadb-trec-test.mariadb.database.azure.com:3306/audit_logger
- name: DB_USERNAME
value: trecroot@fbk-mariadb-trec-test # For Azure we need to append the `@servername` part
- name: DB_PASSWORD # Read username from the Kubernetes #secret created by init script
valueFrom:
secretKeyRef:
name: audit-logger-db-credentials
key: password
- name: JAVA_OPTIONS
value: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005,quiet=y"
- name: INTERNAL_KEY_PATH
value: /secrets/internal-key/internal_key
# Used by Swagger library to set the base URL inside the swagger.yaml file
# This is used by Swagger UI to reach the API endpoints when using the "Try it out" button on an API
- name: EXTERNAL_BASE_PATH
value: "/api/{{ .Chart.Name }}/"
# How to reach Redis service
- name: REDIS_URL
value: redis
- name: REDIS_PORT
value: "6379"
- name: JSON_LOGGING
value: "true"
- init container per init db
- add serviceaccount
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment