Keny Villela
10 months ago
17 changed files with 967 additions and 0 deletions
@ -0,0 +1,6 @@ |
|||
dependencies: |
|||
- name: postgresql |
|||
repository: https://charts.bitnami.com/bitnami |
|||
version: 11.6.8 |
|||
digest: sha256:ee4247460b887d3cc558f76c85980fe6848624c688b855100d9863bef6830ed0 |
|||
generated: "2022-06-24T12:28:18.011798975-03:00" |
@ -0,0 +1,24 @@ |
|||
apiVersion: v2 |
|||
name: sigi |
|||
description: Sistema de Informações Gerenciais do Interlegis (SIGI) |
|||
|
|||
# A chart can be either an 'application' or a 'library' chart. |
|||
type: application |
|||
|
|||
# This is the chart version. This version number should be incremented each time you make changes |
|||
# to the chart and its templates, including the app version. |
|||
# Versions are expected to follow Semantic Versioning (https://semver.org/) |
|||
version: 0.2.4 |
|||
|
|||
# This is the version number of the application being deployed. This version number should be |
|||
# incremented each time you make changes to the application. Versions are not expected to |
|||
# follow Semantic Versioning. They should reflect the version the application is using. |
|||
appVersion: 3.0.74 |
|||
|
|||
icon: https://git.interlegis.leg.br/SEIT/rancher-charts/raw/master/images/sigi_interlegis.png |
|||
|
|||
dependencies: |
|||
- name: postgresql |
|||
version: 11.6.8 |
|||
repository: https://charts.bitnami.com/bitnami |
|||
condition: postgresql.internal |
@ -0,0 +1,3 @@ |
|||
# Sistema de Informações Gerenciais do Interlegis |
|||
|
|||
Utilize o formulário abaixo para configurar o SIGI. |
Binary file not shown.
@ -0,0 +1,265 @@ |
|||
labels: |
|||
io.cattle.role: project |
|||
categories: |
|||
- Gerencial |
|||
|
|||
questions: |
|||
|
|||
# Informações Básicas |
|||
- variable: sigi.hostname |
|||
default: sigidsv.interlegis.leg.br |
|||
description: "Endereço para acesso ao SIGI" |
|||
label: "URL do SIGI" |
|||
type: string |
|||
group: Básico |
|||
required: true |
|||
|
|||
# Correio |
|||
- variable: sigi.emailAdmins |
|||
default: "(('SIGI Administrator', 'sigi@interlegis.leg.br'),)" |
|||
description: "Administrador email SIGI" |
|||
label: "ADMINS" |
|||
type: string |
|||
group: Correio |
|||
required: false |
|||
- variable: sigi.defaultFromEmail |
|||
default: "sigi@interlegis.leg.br" |
|||
description: "Remetente padrão do email" |
|||
label: "DEFAULT_FROM_EMAIL" |
|||
type: string |
|||
group: Correio |
|||
required: false |
|||
# - variable: sigi.useTls |
|||
# default: "False" |
|||
# description: "Usar TLS ao conectar no servidor SMTP?" |
|||
# label: "Usar TLS" |
|||
# type: enum |
|||
# group: Correio |
|||
# options: |
|||
# - "True" |
|||
# - "False" |
|||
# required: false |
|||
- variable: sigi.emailPort |
|||
default: 25 |
|||
description: "Porta de envio de E-mail (SMTP)" |
|||
type: int |
|||
label: "EMAIL_PORT" |
|||
required: false |
|||
group: Correio |
|||
- variable: sigi.emailHost |
|||
default: "smtp.interlegis.leg.br" |
|||
description: "Servidor de envio de e-mail (SMTP)" |
|||
label: "EMAIL_HOST" |
|||
type: string |
|||
group: Correio |
|||
required: false |
|||
|
|||
# ldap auth |
|||
- variable: sigi.auth.ldap.serverURI |
|||
default: '' |
|||
description: "Servidor autenticação ldap" |
|||
label: "AUTH_LDAP_SERVER_URI" |
|||
type: string |
|||
group: LDAP |
|||
required: true |
|||
- variable: sigi.auth.ldap.bindDN |
|||
default: '' |
|||
description: "Bind de autenticação ldap" |
|||
label: "AUTH_LDAP_BIND_DN" |
|||
type: string |
|||
group: LDAP |
|||
required: true |
|||
- variable: sigi.auth.ldap.bindPwd |
|||
default: '' |
|||
description: "Autenticação do Bind no ldap" |
|||
label: "AUTH_LDAP_BIND_PASSWORD" |
|||
type: string |
|||
group: LDAP |
|||
required: true |
|||
- variable: sigi.auth.ldap.user |
|||
default: '' |
|||
description: "OU de Usuário no ldap" |
|||
label: "AUTH_LDAP_USER" |
|||
type: string |
|||
group: LDAP |
|||
required: false |
|||
- variable: sigi.auth.ldap.userSearchString |
|||
default: '' |
|||
description: "Query de pesquisa de Usuários no ldap" |
|||
label: "AUTH_LDAP_USER_SEARCH_STRING" |
|||
type: string |
|||
group: LDAP |
|||
required: false |
|||
- variable: sigi.auth.ldap.userAttrMap |
|||
default: '' |
|||
description: "Atributos do Usuário no ldap" |
|||
label: "AUTH_LDAP_USER_ATTR_MAP" |
|||
type: string |
|||
group: LDAP |
|||
required: false |
|||
- variable: sigi.auth.ldap.profileAttrMap |
|||
default: '' |
|||
description: "Atributos do perfil do Usuário no ldap" |
|||
label: "AUTH_LDAP_PROFILE_ATTR_MAP" |
|||
type: string |
|||
group: LDAP |
|||
required: false |
|||
- variable: sigi.auth.profileModule |
|||
default: '' |
|||
description: "Módulo do perfil do Usuário no ldap" |
|||
label: "AUTH_PROFILE_MODULE" |
|||
type: string |
|||
group: LDAP |
|||
required: false |
|||
|
|||
# Saberes |
|||
- variable: sigi.saberes.moodleUrl |
|||
default: '' |
|||
description: "Servidor moodle saberes" |
|||
label: "MOODLE_BASE_URL" |
|||
type: string |
|||
group: Saberes |
|||
required: false |
|||
- variable: sigi.saberes.moodleToken |
|||
default: '' |
|||
description: "Token conexão Saberes" |
|||
label: "MOODLE_API_TOKEN" |
|||
type: string |
|||
group: Saberes |
|||
required: false |
|||
|
|||
# Salas |
|||
- variable: sigi.reservaSala.baseURL |
|||
default: '' |
|||
description: "URL base api de reserva de salas" |
|||
label: "RESERVA_SALA_BASE_URL" |
|||
type: string |
|||
group: Salas |
|||
required: false |
|||
- variable: sigi.reservaSala.apiUser |
|||
default: '' |
|||
description: "Usuário para api de reserva de salas" |
|||
label: "RESERVA_SALA_API_USER" |
|||
type: string |
|||
group: Salas |
|||
required: false |
|||
- variable: sigi.reservaSala.apiPwd |
|||
default: '' |
|||
description: "Senha de usuário para api de reserva de salas" |
|||
label: "RESERVA_SALA_API_PASSWORD" |
|||
type: string |
|||
group: Salas |
|||
required: false |
|||
|
|||
|
|||
# Ingress |
|||
- variable: ingress.tls.enabled |
|||
default: true |
|||
type: boolean |
|||
description: "Habilitar criptografia do protocolo HTTP (HTTPS)?" |
|||
label: "Habilitar TLS?" |
|||
required: false |
|||
group: Ingress |
|||
show_subquestion_if: true |
|||
subquestions: |
|||
- variable: ingress.tls.provider |
|||
default: letsencrypt |
|||
type: enum |
|||
description: "Qual provedor de certificados utilizar?" |
|||
label: "Provedor de certificados" |
|||
required: false |
|||
group: Ingress |
|||
options: |
|||
- letsencrypt |
|||
- letsencrypt-hml |
|||
- aws |
|||
- variable: ingress.class |
|||
default: nginx |
|||
type: enum |
|||
description: "Qual o Ingress Controller?" |
|||
label: "Classe Ingress" |
|||
required: false |
|||
group: Ingress |
|||
options: |
|||
- nginx |
|||
- alb |
|||
|
|||
## PostgreSQL |
|||
#- variable: postgresql.internal |
|||
# default: true |
|||
# description: "Fazer o deploy do Postgres?" |
|||
# label: "Postgres Interno?" |
|||
# type: boolean |
|||
# group: PostgreSQL |
|||
# required: false |
|||
#- variable: postgresql.auth.Password |
|||
# default: "sigi" |
|||
# description: "Senha do banco de dados Postgres" |
|||
# label: "Senha do Postgres" |
|||
# type: password |
|||
# group: PostgreSQL |
|||
# required: true |
|||
|
|||
# Avançado |
|||
- variable: sigi.debug |
|||
default: "False" |
|||
description: "Habilitar mensagens de Debug?" |
|||
label: "Debug?" |
|||
type: enum |
|||
options: |
|||
- "True" |
|||
- "False" |
|||
group: Avançado |
|||
required: true |
|||
|
|||
- variable: image.tag |
|||
default: 3.0.0 |
|||
description: "Versão da imagem docker do SIGI a ser utilizada" |
|||
label: "versão do SIGI" |
|||
type: string |
|||
group: Avançado |
|||
required: true |
|||
|
|||
- variable: image.pullPolicy |
|||
default: IfNotPresent |
|||
description: "Politica de carga da imagem docker do SIGI." |
|||
label: "Carregar a imagem apenas quando não estiver presente?" |
|||
type: enum |
|||
options: |
|||
- IfNotPresent |
|||
- Always |
|||
group: Avançado |
|||
required: true |
|||
|
|||
#- variable: sigi.timeZone |
|||
# default: "America/Sao_Paulo" |
|||
# description: "Fuso Horário do SIGI" |
|||
# label: "Fuso" |
|||
# type: enum |
|||
# options: |
|||
# - "America/Sao_Paulo" |
|||
# - "America/Fortaleza" |
|||
# - "America/Belem" |
|||
# - "America/Araguaina" |
|||
# - "America/Bahia" |
|||
# - "America/Boa_Vista" |
|||
# - "America/Campo_Grande" |
|||
# - "America/Cuiaba" |
|||
# - "America/Maceio" |
|||
# - "America/Manaus" |
|||
# - "America/Porto_Velho" |
|||
# - "America/Recife" |
|||
# - "America/Rio_Branco" |
|||
# - "America/Sao_Paulo" |
|||
# group: Avançado |
|||
# required: true |
|||
|
|||
# Backup |
|||
- variable: velero.backup.enabled |
|||
default: false |
|||
label: "Habilitar backup com Velero?" |
|||
description: "Criar ou não os objetos para backup com o Velero." |
|||
type: boolean |
|||
group: Backup |
|||
required: false |
|||
|
@ -0,0 +1,5 @@ |
|||
1. Seu SIGI pode ser acessado através da URL: |
|||
{{- if .Values.ingress.enabled }} |
|||
http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.sigi.hostname }} |
|||
{{- end }} |
|||
|
@ -0,0 +1,58 @@ |
|||
{{/* |
|||
Expand the name of the chart. |
|||
*/}} |
|||
{{- define "sigi.name" -}} |
|||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} |
|||
{{- end }} |
|||
|
|||
{{/* |
|||
Create a default fully qualified app name. |
|||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). |
|||
If release name contains chart name it will be used as a full name. |
|||
*/}} |
|||
{{- define "sigi.fullname" -}} |
|||
{{- if .Values.fullnameOverride }} |
|||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} |
|||
{{- else }} |
|||
{{- $name := default .Chart.Name .Values.nameOverride }} |
|||
{{- if contains $name .Release.Name }} |
|||
{{- .Release.Name | trunc 63 | trimSuffix "-" }} |
|||
{{- else }} |
|||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} |
|||
{{- end }} |
|||
{{- end }} |
|||
{{- end }} |
|||
|
|||
{{/* |
|||
Create chart name and version as used by the chart label. |
|||
*/}} |
|||
{{- define "sigi.chart" -}} |
|||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} |
|||
{{- end }} |
|||
|
|||
{{/* |
|||
Common labels |
|||
*/}} |
|||
{{- define "sigi.labels" -}} |
|||
helm.sh/chart: {{ include "sigi.chart" . }} |
|||
{{ include "sigi.selectorLabels" . }} |
|||
{{- if .Chart.AppVersion }} |
|||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} |
|||
{{- end }} |
|||
app.kubernetes.io/managed-by: {{ .Release.Service }} |
|||
{{- end }} |
|||
|
|||
{{/* |
|||
Selector labels |
|||
*/}} |
|||
{{- define "sigi.selectorLabels" -}} |
|||
app.kubernetes.io/name: {{ include "sigi.name" . }} |
|||
app.kubernetes.io/instance: {{ .Release.Name }} |
|||
{{- end }} |
|||
|
|||
{{/* |
|||
Create a default fully qualified app name for postgresql. |
|||
*/}} |
|||
{{- define "postgresql.fullname" -}} |
|||
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} |
|||
{{- end -}} |
@ -0,0 +1,182 @@ |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: {{ include "sigi.fullname" . }} |
|||
labels: |
|||
{{- include "sigi.labels" . | nindent 4 }} |
|||
spec: |
|||
{{- if not .Values.autoscaling.enabled }} |
|||
replicas: {{ .Values.replicaCount }} |
|||
{{- end }} |
|||
selector: |
|||
matchLabels: |
|||
{{- include "sigi.selectorLabels" . | nindent 6 }} |
|||
template: |
|||
metadata: |
|||
{{- with .Values.podAnnotations }} |
|||
annotations: |
|||
{{- toYaml . | nindent 8 }} |
|||
{{- end }} |
|||
labels: |
|||
{{- include "sigi.selectorLabels" . | nindent 8 }} |
|||
spec: |
|||
{{- with .Values.imagePullSecrets }} |
|||
imagePullSecrets: |
|||
{{- toYaml . | nindent 8 }} |
|||
{{- end }} |
|||
securityContext: |
|||
{{- toYaml .Values.podSecurityContext | nindent 8 }} |
|||
containers: |
|||
- name: {{ .Chart.Name }} |
|||
securityContext: |
|||
{{- toYaml .Values.securityContext | nindent 12 }} |
|||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" |
|||
imagePullPolicy: {{ .Values.image.pullPolicy }} |
|||
ports: |
|||
- name: http |
|||
containerPort: 80 |
|||
protocol: TCP |
|||
env: |
|||
- name: DEBUG |
|||
value: "{{ .Values.sigi.debug }}" |
|||
- name: TZ |
|||
value: "{{ .Values.sigi.timeZone }}" |
|||
- name: LANG |
|||
value: "{{ .Values.sigi.language }}" |
|||
- name: DATABASE_URL |
|||
value: {{ printf "postgresql://%s:%s@%s:5432/%s" .Values.postgresql.auth.username .Values.postgresql.auth.password (include "postgresql.fullname" .) .Values.postgresql.auth.database| quote }} |
|||
- name: ADMINS |
|||
value: "{{ .Values.sigi.emailAdmins }}" |
|||
- name: EMAIL_PORT |
|||
value: "{{ .Values.sigi.emailPort }}" |
|||
- name: EMAIL_HOST |
|||
value: "{{ .Values.sigi.emailHost }}" |
|||
- name: DEFAULT_FROM_EMAIL |
|||
value: "{{ .Values.sigi.defaultFromEmail }}" |
|||
- name: AUTH_LDAP_SERVER_URI |
|||
value: "{{ .Values.sigi.auth.ldap.serverURI }}" |
|||
- name: AUTH_LDAP_BIND_DN |
|||
value: "{{ .Values.sigi.auth.ldap.bindDN }}" |
|||
- name: AUTH_LDAP_USER |
|||
value: "{{ .Values.sigi.auth.ldap.user }}" |
|||
- name: AUTH_LDAP_BIND_PASSWORD |
|||
value: "{{ .Values.sigi.auth.ldap.bindPwd }}" |
|||
# valueFrom: |
|||
# # Secret Key |
|||
# secretKeyRef: |
|||
# name: {{ include "sigi.fullname" . }}-auth-ldap-key |
|||
# key: AUTH_LDAP_BIND_PASSWORD |
|||
- name: AUTH_LDAP_USER_SEARCH_STRING |
|||
value: "{{ .Values.sigi.auth.ldap.userSearchString }}" |
|||
- name: AUTH_LDAP_USER_ATTR_MAP |
|||
value: {{ .Values.sigi.auth.ldap.userAttrMap | quote }} |
|||
- name: AUTH_LDAP_GROUP |
|||
value: "{{ .Values.sigi.auth.ldap.group }}" |
|||
- name: AUTH_LDAP_GROUP_SEARCH_STRING |
|||
value: "{{ .Values.sigi.auth.ldap.groupSearchString }}" |
|||
- name: AUTH_LDAP_GROUP_TYPE_STRING |
|||
value: "{{ .Values.sigi.auth.ldap.groupTypeString }}" |
|||
- name: AUTH_LDAP_FIND_GROUP_PERMS |
|||
value: "{{ .Values.sigi.auth.ldap.findGroupPerms }}" |
|||
- name: AUTH_LDAP_MIRROR_GROUPS |
|||
value: "{{ .Values.sigi.auth.ldap.mirrorGroups }}" |
|||
- name: AUTH_LDAP_CACHE_GROUPS |
|||
value: "{{ .Values.sigi.auth.ldap.cacheGroups }}" |
|||
- name: AUTH_LDAP_GROUP_CACHE_TIMEOUT |
|||
value: "{{ .Values.sigi.auth.ldap.groupCacheTimeout }}" |
|||
- name: AUTH_LDAP_PROFILE_ATTR_MAP |
|||
value: {{ .Values.sigi.auth.ldap.profileAttrMap | quote }} |
|||
- name: AUTH_PROFILE_MODULE |
|||
value: "{{ .Values.sigi.auth.profileModule }}" |
|||
- name: MOODLE_BASE_URL |
|||
value: "{{ .Values.sigi.saberes.moodleUrl }}" |
|||
- name: MOODLE_API_TOKEN |
|||
value: "{{ .Values.sigi.saberes.moodleToken }}" |
|||
# valueFrom: |
|||
# # Secret Key |
|||
# secretKeyRef: |
|||
# name: {{ include "sigi.fullname" . }}-saberes-tkn |
|||
# key: MOODLE_API_TOKEN |
|||
- name: RESERVA_SALA_BASE_URL |
|||
value: "{{ .Values.sigi.reservaSala.baseURL }}" |
|||
- name: RESERVA_SALA_API_USER |
|||
value: "{{ .Values.sigi.reservaSala.apiUser }}" |
|||
- name: RESERVA_SALA_API_PASSWORD |
|||
value: "{{ .Values.sigi.reservaSala.apiPwd }}" |
|||
volumeMounts: |
|||
# - mountPath: /var/interlegis/sigi/data |
|||
# name: data |
|||
- mountPath: /srv/interlegis/sigi/media |
|||
name: {{ include "sigi.fullname" . }}-media |
|||
livenessProbe: |
|||
httpGet: |
|||
path: / |
|||
port: http |
|||
initialDelaySeconds: 60 |
|||
failureThreshold: 3 |
|||
periodSeconds: 60 |
|||
successThreshold: 1 |
|||
timeoutSeconds: 5 |
|||
readinessProbe: |
|||
httpGet: |
|||
path: / |
|||
port: http |
|||
initialDelaySeconds: 60 |
|||
failureThreshold: 3 |
|||
periodSeconds: 30 |
|||
successThreshold: 1 |
|||
timeoutSeconds: 5 |
|||
resources: |
|||
{{- toYaml .Values.resources | nindent 12 }} |
|||
volumes: |
|||
# - name: data |
|||
# secret: |
|||
# defaultMode: 440 |
|||
# secretName: {{ include "sigi.fullname" . }}-secretkey |
|||
- name: {{ include "sigi.fullname" . }}-media |
|||
{{- if .Values.persistence.enabled }} |
|||
persistentVolumeClaim: |
|||
claimName: {{ include "sigi.fullname" . }}-media |
|||
{{- else }} |
|||
emptyDir: {} |
|||
{{- end }} |
|||
{{- with .Values.nodeSelector }} |
|||
nodeSelector: |
|||
{{- toYaml . | nindent 8 }} |
|||
{{- end }} |
|||
affinity: |
|||
podAffinity: |
|||
preferredDuringSchedulingIgnoredDuringExecution: |
|||
- weight: 100 |
|||
podAffinityTerm: |
|||
labelSelector: |
|||
matchExpressions: |
|||
- key: app.kubernetes.io/name |
|||
operator: In |
|||
values: |
|||
- {{ include "sigi.name" . }} |
|||
- key: app.kubernetes.io/instance |
|||
operator: In |
|||
values: |
|||
- {{ .Release.Name }} |
|||
topologyKey: kubernetes.io/hostname |
|||
- weight: 50 |
|||
podAffinityTerm: |
|||
labelSelector: |
|||
matchExpressions: |
|||
- key: app.kubernetes.io/name |
|||
operator: In |
|||
values: |
|||
- postgresql |
|||
- key: app.kubernetes.io/instance |
|||
operator: In |
|||
values: |
|||
- {{ .Release.Name }} |
|||
topologyKey: kubernetes.io/hostname |
|||
{{- with .Values.affinity }} |
|||
{{- toYaml . | nindent 8 }} |
|||
{{- end }} |
|||
{{- with .Values.tolerations }} |
|||
tolerations: |
|||
{{- toYaml . | nindent 8 }} |
|||
{{- end }} |
@ -0,0 +1,28 @@ |
|||
{{- if .Values.autoscaling.enabled }} |
|||
apiVersion: autoscaling/v2beta1 |
|||
kind: HorizontalPodAutoscaler |
|||
metadata: |
|||
name: {{ include "sigi.fullname" . }} |
|||
labels: |
|||
{{- include "sigi.labels" . | nindent 4 }} |
|||
spec: |
|||
scaleTargetRef: |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
name: {{ include "sigi.fullname" . }} |
|||
minReplicas: {{ .Values.autoscaling.minReplicas }} |
|||
maxReplicas: {{ .Values.autoscaling.maxReplicas }} |
|||
metrics: |
|||
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }} |
|||
- type: Resource |
|||
resource: |
|||
name: cpu |
|||
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} |
|||
{{- end }} |
|||
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} |
|||
- type: Resource |
|||
resource: |
|||
name: memory |
|||
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} |
|||
{{- end }} |
|||
{{- end }} |
@ -0,0 +1,72 @@ |
|||
{{- if .Values.ingress.enabled -}} |
|||
{{- $fullName := include "sigi.fullname" . -}} |
|||
{{- $hostName := .Values.sigi.hostname -}} |
|||
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} |
|||
apiVersion: networking.k8s.io/v1 |
|||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} |
|||
apiVersion: networking.k8s.io/v1beta1 |
|||
{{- else -}} |
|||
apiVersion: extensions/v1beta1 |
|||
{{- end }} |
|||
kind: Ingress |
|||
metadata: |
|||
name: {{ $fullName }} |
|||
labels: |
|||
{{- include "sigi.labels" . | nindent 4 }} |
|||
annotations: |
|||
{{- if .Values.ingress.tls.enabled }} |
|||
# USE TLS |
|||
{{- if contains "letsencrypt" .Values.ingress.tls.provider }} |
|||
cert-manager.io/cluster-issuer: "letsencrypt-prod" |
|||
{{- end }} |
|||
{{- if contains "letsencrypt-hml" .Values.ingress.tls.provider }} |
|||
cert-manager.io/cluster-issuer: "letsencrypt-hml-dns" |
|||
{{- end }} |
|||
{{- if contains "alb" .Values.ingress.class }} |
|||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' |
|||
{{- end }} |
|||
{{- else }} |
|||
# DO NOT USE TLS |
|||
{{- if contains "alb" .Values.ingress.class }} |
|||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' |
|||
{{- end }} |
|||
{{- end }} |
|||
{{- if contains "alb" .Values.ingress.class }} |
|||
alb.ingress.kubernetes.io/group.name: sigi |
|||
alb.ingress.kubernetes.io/scheme: internet-facing |
|||
alb.ingress.kubernetes.io/target-type: ip |
|||
kubernetes.io/ingress.class: alb |
|||
{{- end }} |
|||
{{- with .Values.ingress.annotations }} |
|||
{{- toYaml . | nindent 4 }} |
|||
{{- end }} |
|||
spec: |
|||
{{- if .Values.ingress.tls.enabled }} |
|||
tls: |
|||
- hosts: |
|||
- "{{ $hostName }}" |
|||
secretName: {{ $hostName | replace "." "-" }}-tls |
|||
{{- end }} |
|||
rules: |
|||
- host: "{{ $hostName }}" |
|||
http: |
|||
paths: |
|||
{{- if contains "nginx" .Values.ingress.class }} |
|||
- path: / |
|||
{{- else }} |
|||
- path: /* |
|||
{{- end }} |
|||
{{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} |
|||
pathType: ImplementationSpecific |
|||
{{- end }} |
|||
backend: |
|||
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} |
|||
service: |
|||
name: {{ $fullName }} |
|||
port: |
|||
number: 80 |
|||
{{- else }} |
|||
serviceName: {{ $fullName }} |
|||
servicePort: http |
|||
{{- end }} |
|||
{{- end }} |
@ -0,0 +1,21 @@ |
|||
{{- if .Values.persistence.enabled }} |
|||
apiVersion: v1 |
|||
kind: PersistentVolumeClaim |
|||
metadata: |
|||
name: {{ include "sigi.fullname" . }}-media |
|||
labels: |
|||
{{- include "sigi.labels" . | nindent 4 }} |
|||
spec: |
|||
accessModes: |
|||
- {{ .Values.persistence.accessMode }} |
|||
resources: |
|||
requests: |
|||
storage: {{ .Values.persistence.size }} |
|||
{{- if .Values.persistence.storageClass }} |
|||
{{- if (eq "-" .Values.persistence.storageClass) }} |
|||
storageClassName: "" |
|||
{{- else }} |
|||
storageClassName: "{{ .Values.persistence.storageClass }}" |
|||
{{- end }} |
|||
{{- end }} |
|||
{{- end }} |
@ -0,0 +1,13 @@ |
|||
apiVersion: v1 |
|||
kind: Secret |
|||
metadata: |
|||
name: {{ include "sigi.fullname" . }}-secretkey |
|||
labels: |
|||
{{- include "sigi.labels" . | nindent 4 }} |
|||
type: Opaque |
|||
data: |
|||
{{- if .Release.IsUpgrade }} |
|||
secret.key: {{ index (lookup "v1" "Secret" .Release.Namespace (printf "%s-secretkey" (include "sigi.fullname" .))).data "secret.key" }} |
|||
{{ else }} # install operation |
|||
secret.key: {{ randAscii 50 | b64enc }} |
|||
{{ end }} |
@ -0,0 +1,15 @@ |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
name: {{ include "sigi.fullname" . }} |
|||
labels: |
|||
{{- include "sigi.labels" . | nindent 4 }} |
|||
spec: |
|||
type: {{ .Values.service.type }} |
|||
ports: |
|||
- port: {{ .Values.service.port }} |
|||
targetPort: http |
|||
protocol: TCP |
|||
name: http |
|||
selector: |
|||
{{- include "sigi.selectorLabels" . | nindent 4 }} |
@ -0,0 +1,39 @@ |
|||
{{- if .Values.velero.backup.enabled }} |
|||
apiVersion: velero.io/v1 |
|||
kind: Schedule |
|||
metadata: |
|||
name: {{ include "sigi.fullname" . }}-monthly |
|||
namespace: {{ .Values.velero.namespace }} |
|||
spec: |
|||
# generate a random backup time between 1 and 5 AM on first day of every month |
|||
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} 1 * * |
|||
template: |
|||
includedNamespaces: |
|||
- {{ .Release.Namespace }} |
|||
{{- with .Values.velero.backup.excludedResources }} |
|||
excludedResources: |
|||
{{- toYaml . | nindent 8 }} |
|||
{{- end }} |
|||
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }} |
|||
# every weekday backup is good for the next year (365 days) |
|||
ttl: 8760h0m0s |
|||
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }} |
|||
hooks: |
|||
resources: |
|||
- name: pgdump |
|||
includedResources: |
|||
- pods |
|||
labelSelector: |
|||
matchLabels: |
|||
app.kubernetes.io/instance: {{ .Release.Name }} |
|||
app.kubernetes.io/name: postgresql |
|||
pre: |
|||
- exec: |
|||
command: |
|||
- "/bin/bash" |
|||
- "-c" |
|||
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump" |
|||
timeout: 360s |
|||
onError: Continue |
|||
useOwnerReferencesInBackup: false |
|||
{{- end }} |
@ -0,0 +1,39 @@ |
|||
{{- if .Values.velero.backup.enabled }} |
|||
apiVersion: velero.io/v1 |
|||
kind: Schedule |
|||
metadata: |
|||
name: {{ include "sigi.fullname" . }}-weekdays |
|||
namespace: {{ .Values.velero.namespace }} |
|||
spec: |
|||
# generate a random backup time between 1 and 5 AM on weekdays |
|||
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 1-5 |
|||
template: |
|||
includedNamespaces: |
|||
- {{ .Release.Namespace }} |
|||
{{- with .Values.velero.backup.excludedResources }} |
|||
excludedResources: |
|||
{{- toYaml . | nindent 8 }} |
|||
{{- end }} |
|||
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }} |
|||
# every weekday backup is good for the next week (7 days) |
|||
ttl: 168h0m0s |
|||
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }} |
|||
hooks: |
|||
resources: |
|||
- name: pgdump |
|||
includedResources: |
|||
- pods |
|||
labelSelector: |
|||
matchLabels: |
|||
app.kubernetes.io/instance: {{ .Release.Name }} |
|||
app.kubernetes.io/name: postgresql |
|||
pre: |
|||
- exec: |
|||
command: |
|||
- "/bin/bash" |
|||
- "-c" |
|||
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump" |
|||
timeout: 360s |
|||
onError: Continue |
|||
useOwnerReferencesInBackup: false |
|||
{{- end }} |
@ -0,0 +1,39 @@ |
|||
{{- if .Values.velero.backup.enabled }} |
|||
apiVersion: velero.io/v1 |
|||
kind: Schedule |
|||
metadata: |
|||
name: {{ include "sigi.fullname" . }}-weekly |
|||
namespace: {{ .Values.velero.namespace }} |
|||
spec: |
|||
# generate a random backup time between 1 and 5 AM on sunday |
|||
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 0 |
|||
template: |
|||
includedNamespaces: |
|||
- {{ .Release.Namespace }} |
|||
{{- with .Values.velero.backup.excludedResources }} |
|||
excludedResources: |
|||
{{- toYaml . | nindent 8 }} |
|||
{{- end }} |
|||
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }} |
|||
# every sunday backup is good for 30 days (aprox. 1 month) |
|||
ttl: 744h0m0s |
|||
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }} |
|||
hooks: |
|||
resources: |
|||
- name: pgdump |
|||
includedResources: |
|||
- pods |
|||
labelSelector: |
|||
matchLabels: |
|||
app.kubernetes.io/instance: {{ .Release.Name }} |
|||
app.kubernetes.io/name: postgresql |
|||
pre: |
|||
- exec: |
|||
command: |
|||
- "/bin/bash" |
|||
- "-c" |
|||
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump" |
|||
timeout: 360s |
|||
onError: Continue |
|||
useOwnerReferencesInBackup: false |
|||
{{- end }} |
@ -0,0 +1,158 @@ |
|||
# Default values for sigi. |
|||
# This is a YAML-formatted file. |
|||
# Declare variables to be passed into your templates. |
|||
|
|||
replicaCount: 1 |
|||
|
|||
image: |
|||
# registry: porto.interlegis.leg.br |
|||
repository: porto.interlegis.leg.br/ilb/sigi |
|||
pullPolicy: IfNotPresent |
|||
# Overrides the image tag whose default is the chart appVersion. |
|||
tag: "" |
|||
|
|||
imagePullSecrets: [] |
|||
nameOverride: "" |
|||
fullnameOverride: "" |
|||
|
|||
serviceAccount: |
|||
# Specifies whether a service account should be created |
|||
create: true |
|||
# Annotations to add to the service account |
|||
annotations: {} |
|||
# The name of the service account to use. |
|||
# If not set and create is true, a name is generated using the fullname template |
|||
name: "" |
|||
|
|||
podAnnotations: {} |
|||
|
|||
podSecurityContext: {} |
|||
# fsGroup: 2000 |
|||
|
|||
securityContext: {} |
|||
# capabilities: |
|||
# drop: |
|||
# - ALL |
|||
# readOnlyRootFilesystem: true |
|||
# runAsNonRoot: true |
|||
# runAsUser: 1000 |
|||
|
|||
service: |
|||
type: ClusterIP |
|||
port: 80 |
|||
|
|||
persistence: |
|||
enabled: true |
|||
#storageClass: "" |
|||
accessMode: ReadWriteOnce |
|||
size: 30Gi |
|||
|
|||
sigi: |
|||
debug: 'False' |
|||
hostname: 'sigidsv.interlegis.leg.br' |
|||
timeZone: 'America/Sao_Paulo' |
|||
language: 'pt_BR.UTF-8' |
|||
emailPort: 25 |
|||
emailHost: 'smtp.interlegis.leg.br' |
|||
emailAdmins: "(('SIGI Administrator', 'sigi@interlegis.leg.br'),)" |
|||
defaultFromEmail: 'sigi@interlegis.leg.br' |
|||
auth: |
|||
ldap: |
|||
serverURI: '' |
|||
bindDN: '' |
|||
bindPwd: '' |
|||
user: '' |
|||
userSearchString: '' |
|||
userAttrMap: '' |
|||
group: '' |
|||
groupSearchString: '' |
|||
groupTypeString: '' |
|||
findGroupPerms: False |
|||
mirrorGroups: False |
|||
cacheGroups: False |
|||
groupCacheTimeout: 0 |
|||
profileAttrMap: '' |
|||
profileModule: '' |
|||
saberes: |
|||
moodleUrl: '' |
|||
moodleToken: '' |
|||
reservaSala: |
|||
baseURL: '' |
|||
apiUser: '' |
|||
apiPwd: '' |
|||
|
|||
ingress: |
|||
enabled: true |
|||
class: nginx |
|||
# nginx - for default nginx ingress controller |
|||
# alb - for AWS ALB Load Balancer controller |
|||
tls: |
|||
enabled: true |
|||
provider: letsencrypt |
|||
# extra annotations only |
|||
annotations: {} |
|||
|
|||
velero: |
|||
namespace: velero |
|||
backup: |
|||
enabled: false |
|||
snapshotVolumes: false |
|||
defaultVolumesToRestic: true |
|||
# cert-manager objects are usually blocked during backup |
|||
excludedResources: |
|||
- certificates.cert-manager.io |
|||
- orders.acme.cert-manager.io |
|||
- certificaterequests.cert-manager.io |
|||
- challenges.acme.cert-manager.io |
|||
|
|||
postgresql: |
|||
internal: true |
|||
image: |
|||
# repository: porto.interlegis.leg.br/bitnami/postgresql |
|||
# registry: porto.interlegis.leg.br |
|||
registry: docker.io |
|||
repository: bitnami/postgresql |
|||
tag: 14.4.0-debian-11-r0 |
|||
pullPolicy: IfNotPresent |
|||
primary: |
|||
service: |
|||
type: ClusterIP |
|||
port: 5432 |
|||
persistence: |
|||
enabled: true |
|||
size: 1Gi |
|||
resources: |
|||
requests: |
|||
cpu: 250m |
|||
memory: 256Mi |
|||
auth: |
|||
postgresPassword: sigi |
|||
password: sigi |
|||
username: sigi |
|||
database: sigi |
|||
env: |
|||
- name: LANG |
|||
value: pt_BR.UTF-8 |
|||
- name: LANGUAGE |
|||
value: pt_BR.UTF-8 |
|||
|
|||
resources: |
|||
limits: |
|||
cpu: 1000m |
|||
memory: 1Gi |
|||
requests: |
|||
cpu: 150m |
|||
memory: 500Mi |
|||
|
|||
autoscaling: |
|||
enabled: false |
|||
minReplicas: 1 |
|||
maxReplicas: 100 |
|||
targetCPUUtilizationPercentage: 80 |
|||
# targetMemoryUtilizationPercentage: 80 |
|||
|
|||
nodeSelector: {} |
|||
|
|||
tolerations: [] |
|||
|
|||
affinity: {} |
Loading…
Reference in new issue