Keny Villela
3 years ago
18 changed files with 780 additions and 0 deletions
@ -0,0 +1,23 @@ |
|||||
|
# Patterns to ignore when building packages. |
||||
|
# This supports shell glob matching, relative path matching, and |
||||
|
# negation (prefixed with !). Only one pattern per line. |
||||
|
.DS_Store |
||||
|
# Common VCS dirs |
||||
|
.git/ |
||||
|
.gitignore |
||||
|
.bzr/ |
||||
|
.bzrignore |
||||
|
.hg/ |
||||
|
.hgignore |
||||
|
.svn/ |
||||
|
# Common backup files |
||||
|
*.swp |
||||
|
*.bak |
||||
|
*.tmp |
||||
|
*.orig |
||||
|
*~ |
||||
|
# Various IDEs |
||||
|
.project |
||||
|
.idea/ |
||||
|
*.tmproj |
||||
|
.vscode/ |
@ -0,0 +1,24 @@ |
|||||
|
apiVersion: v2 |
||||
|
name: sigi |
||||
|
description: Sistema de Informações Gerenciais do Interlegis (SIGI) |
||||
|
|
||||
|
# A chart can be either an 'application' or a 'library' chart. |
||||
|
type: application |
||||
|
|
||||
|
# This is the chart version. This version number should be incremented each time you make changes |
||||
|
# to the chart and its templates, including the app version. |
||||
|
# Versions are expected to follow Semantic Versioning (https://semver.org/) |
||||
|
version: 0.1.0 |
||||
|
|
||||
|
# This is the version number of the application being deployed. This version number should be |
||||
|
# incremented each time you make changes to the application. Versions are not expected to |
||||
|
# follow Semantic Versioning. They should reflect the version the application is using. |
||||
|
appVersion: 3.0 |
||||
|
|
||||
|
icon: https://git.interlegis.leg.br/SEIT/rancher-charts/raw/master/images/sigi_interlegis.png |
||||
|
|
||||
|
dependencies: |
||||
|
- name: postgresql |
||||
|
version: 11.6.8 |
||||
|
repository: https://charts.bitnami.com/bitnami |
||||
|
condition: postgresql.internal |
@ -0,0 +1,3 @@ |
|||||
|
# Sistema de Informações Gerenciais do Interlegis |
||||
|
|
||||
|
Utilize o formulário abaixo para configurar o SIGI. |
@ -0,0 +1,149 @@ |
|||||
|
labels: |
||||
|
io.cattle.role: project |
||||
|
categories: |
||||
|
- Gerencial |
||||
|
questions: |
||||
|
# Informações Básicas |
||||
|
- variable: sigi.hostname |
||||
|
default: "sigi.interlegis.leg.br" |
||||
|
description: "Endereço para acesso ao SIGI" |
||||
|
label: "URL do SIGI" |
||||
|
type: string |
||||
|
group: Básico |
||||
|
required: true |
||||
|
- variable: sigi.adminEmail |
||||
|
default: "sigi@interlegis.leg.br" |
||||
|
description: "SIGI Administrator" |
||||
|
label: Contato |
||||
|
type: string |
||||
|
group: Básico |
||||
|
required: true |
||||
|
- variable: sigi.adminPassword |
||||
|
default: "sigi" |
||||
|
description: "Senha do usuário administrativo do SIGI" |
||||
|
label: Senha Admin |
||||
|
type: password |
||||
|
group: Básico |
||||
|
required: true |
||||
|
|
||||
|
# Ingress |
||||
|
- variable: ingress.tls.enabled |
||||
|
default: true |
||||
|
type: boolean |
||||
|
description: "Habilitar criptografia do protocolo HTTP (HTTPS)?" |
||||
|
label: "Habilitar TLS?" |
||||
|
required: false |
||||
|
group: Ingress |
||||
|
show_subquestion_if: true |
||||
|
subquestions: |
||||
|
- variable: ingress.tls.provider |
||||
|
default: letsencrypt |
||||
|
type: enum |
||||
|
description: "Qual provedor de certificados utilizar?" |
||||
|
label: "Provedor de certificados" |
||||
|
required: false |
||||
|
group: Ingress |
||||
|
options: |
||||
|
- letsencrypt |
||||
|
- aws |
||||
|
|
||||
|
- variable: ingress.class |
||||
|
default: nginx |
||||
|
type: enum |
||||
|
description: "Qual o Ingress Controller?" |
||||
|
label: "Classe Ingress" |
||||
|
required: false |
||||
|
group: Ingress |
||||
|
options: |
||||
|
- nginx |
||||
|
- alb |
||||
|
|
||||
|
# Correio |
||||
|
- variable: sigi.emailSendUser |
||||
|
default: "sigi@interlegis.leg.br" |
||||
|
description: "Remetente dos e-mails enviados pelo SIGI" |
||||
|
label: "Remetente" |
||||
|
type: string |
||||
|
group: Correio |
||||
|
required: false |
||||
|
- variable: sigi.useTls |
||||
|
default: "False" |
||||
|
description: "Usar TLS ao conectar no servidor SMTP?" |
||||
|
label: "Usar TLS" |
||||
|
type: enum |
||||
|
group: Correio |
||||
|
options: |
||||
|
- "True" |
||||
|
- "False" |
||||
|
required: false |
||||
|
- variable: sigi.emailPort |
||||
|
default: 25 |
||||
|
description: "Porta de envio de E-mail (SMTP)" |
||||
|
type: int |
||||
|
label: "Porta SMTP" |
||||
|
required: false |
||||
|
group: Correio |
||||
|
- variable: sigi.emailHost |
||||
|
default: "smtp.interlegis.leg.br" |
||||
|
description: "Servidor de envio de e-mail (SMTP)" |
||||
|
label: "Servidor SMTP" |
||||
|
type: string |
||||
|
group: Correio |
||||
|
required: false |
||||
|
|
||||
|
# PostgreSQL |
||||
|
- variable: postgresql.internal |
||||
|
default: true |
||||
|
description: "Fazer o deploy do Postgres?" |
||||
|
label: "Postgres Interno?" |
||||
|
type: boolean |
||||
|
group: PostgreSQL |
||||
|
required: false |
||||
|
- variable: postgresql.postgresqlPassword |
||||
|
default: "altereme" |
||||
|
description: "Senha do banco de dados Postgres" |
||||
|
label: "Senha do Postgres" |
||||
|
type: password |
||||
|
group: PostgreSQL |
||||
|
required: true |
||||
|
|
||||
|
# Avançado |
||||
|
- variable: sigi.debug |
||||
|
default: "False" |
||||
|
description: "Habilitar mensagens de Debug?" |
||||
|
label: "Debug?" |
||||
|
type: enum |
||||
|
group: Avançado |
||||
|
options: |
||||
|
- "True" |
||||
|
- "False" |
||||
|
- variable: sigi.timeZone |
||||
|
default: "America/Sao_Paulo" |
||||
|
description: "Fuso Horário do SIGI" |
||||
|
type: enum |
||||
|
label: "Fuso" |
||||
|
options: |
||||
|
- "America/Sao_Paulo" |
||||
|
- "America/Fortaleza" |
||||
|
- "America/Belem" |
||||
|
- "America/Araguaina" |
||||
|
- "America/Bahia" |
||||
|
- "America/Boa_Vista" |
||||
|
- "America/Campo_Grande" |
||||
|
- "America/Cuiaba" |
||||
|
- "America/Maceio" |
||||
|
- "America/Manaus" |
||||
|
- "America/Porto_Velho" |
||||
|
- "America/Recife" |
||||
|
- "America/Rio_Branco" |
||||
|
- "America/Sao_Paulo" |
||||
|
required: true |
||||
|
group: Avançado |
||||
|
|
||||
|
- variable: velero.backup.enabled |
||||
|
default: true |
||||
|
type: boolean |
||||
|
label: "Habilitar backup com Velero?" |
||||
|
description: "Criar ou não os objetos para backup com o Velero." |
||||
|
required: false |
||||
|
group: Avançado |
@ -0,0 +1,10 @@ |
|||||
|
1. Seu SIGI pode ser acessado através da URL: |
||||
|
{{- if .Values.ingress.enabled }} |
||||
|
http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.sigi.hostname }} |
||||
|
{{- end }} |
||||
|
2. Utilize as seguintes credenciais para acesso inicial: |
||||
|
Usuario: sigi |
||||
|
Senha: {{ .Values.sigi.adminPassword }} |
||||
|
3. Usuario de administração do Postgres: |
||||
|
Usuario: sigi |
||||
|
Senha: {{ .Values.postgresql.postgresqlPassword }} |
@ -0,0 +1,58 @@ |
|||||
|
{{/* |
||||
|
Expand the name of the chart. |
||||
|
*/}} |
||||
|
{{- define "sigi.name" -}} |
||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} |
||||
|
{{- end }} |
||||
|
|
||||
|
{{/* |
||||
|
Create a default fully qualified app name. |
||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). |
||||
|
If release name contains chart name it will be used as a full name. |
||||
|
*/}} |
||||
|
{{- define "sigi.fullname" -}} |
||||
|
{{- if .Values.fullnameOverride }} |
||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} |
||||
|
{{- else }} |
||||
|
{{- $name := default .Chart.Name .Values.nameOverride }} |
||||
|
{{- if contains $name .Release.Name }} |
||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" }} |
||||
|
{{- else }} |
||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
|
||||
|
{{/* |
||||
|
Create chart name and version as used by the chart label. |
||||
|
*/}} |
||||
|
{{- define "sigi.chart" -}} |
||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} |
||||
|
{{- end }} |
||||
|
|
||||
|
{{/* |
||||
|
Common labels |
||||
|
*/}} |
||||
|
{{- define "sigi.labels" -}} |
||||
|
helm.sh/chart: {{ include "sigi.chart" . }} |
||||
|
{{ include "sigi.selectorLabels" . }} |
||||
|
{{- if .Chart.AppVersion }} |
||||
|
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} |
||||
|
{{- end }} |
||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }} |
||||
|
{{- end }} |
||||
|
|
||||
|
{{/* |
||||
|
Selector labels |
||||
|
*/}} |
||||
|
{{- define "sigi.selectorLabels" -}} |
||||
|
app.kubernetes.io/name: {{ include "sigi.name" . }} |
||||
|
app.kubernetes.io/instance: {{ .Release.Name }} |
||||
|
{{- end }} |
||||
|
|
||||
|
{{/* |
||||
|
Create a default fully qualified app name for postgresql. |
||||
|
*/}} |
||||
|
{{- define "postgresql.fullname" -}} |
||||
|
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} |
||||
|
{{- end -}} |
@ -0,0 +1,134 @@ |
|||||
|
apiVersion: apps/v1 |
||||
|
kind: Deployment |
||||
|
metadata: |
||||
|
name: {{ include "sigi.fullname" . }} |
||||
|
labels: |
||||
|
{{- include "sigi.labels" . | nindent 4 }} |
||||
|
spec: |
||||
|
{{- if not .Values.autoscaling.enabled }} |
||||
|
replicas: {{ .Values.replicaCount }} |
||||
|
{{- end }} |
||||
|
selector: |
||||
|
matchLabels: |
||||
|
{{- include "sigi.selectorLabels" . | nindent 6 }} |
||||
|
template: |
||||
|
metadata: |
||||
|
{{- with .Values.podAnnotations }} |
||||
|
annotations: |
||||
|
{{- toYaml . | nindent 8 }} |
||||
|
{{- end }} |
||||
|
labels: |
||||
|
{{- include "sigi.selectorLabels" . | nindent 8 }} |
||||
|
spec: |
||||
|
{{- with .Values.imagePullSecrets }} |
||||
|
imagePullSecrets: |
||||
|
{{- toYaml . | nindent 8 }} |
||||
|
{{- end }} |
||||
|
securityContext: |
||||
|
{{- toYaml .Values.podSecurityContext | nindent 8 }} |
||||
|
containers: |
||||
|
- name: {{ .Chart.Name }} |
||||
|
securityContext: |
||||
|
{{- toYaml .Values.securityContext | nindent 12 }} |
||||
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" |
||||
|
imagePullPolicy: {{ .Values.image.pullPolicy }} |
||||
|
ports: |
||||
|
- name: http |
||||
|
containerPort: 80 |
||||
|
protocol: TCP |
||||
|
env: |
||||
|
- name: DATABASE_URL |
||||
|
value: {{ printf "postgresql://%s:%s@%s:5432/%s" .Values.postgresql.postgresqlUsername .Values.postgresql.postgresqlPassword (include "postgresql.fullname" .) .Values.postgresql.postgresqlDatabase| quote }} |
||||
|
- name: ADMIN_PASSWORD |
||||
|
value: "{{ .Values.sigi.adminPassword }}" |
||||
|
- name: ADMIN_EMAIL |
||||
|
value: "{{ .Values.sigi.adminEmail }}" |
||||
|
- name: EMAIL_SEND_USER |
||||
|
value: "{{ .Values.sigi.emailSendUser }}" |
||||
|
- name: DEBUG |
||||
|
value: "{{ .Values.sigi.debug }}" |
||||
|
- name: USE_TLS |
||||
|
value: "{{ .Values.sigi.useTls }}" |
||||
|
- name: EMAIL_PORT |
||||
|
value: "{{ .Values.sigi.emailPort }}" |
||||
|
- name: EMAIL_HOST |
||||
|
value: "{{ .Values.sigi.emailHost }}" |
||||
|
- name: TZ |
||||
|
value: "{{ .Values.sigi.timeZone }}" |
||||
|
volumeMounts: |
||||
|
- mountPath: /var/interlegis/sigi/data |
||||
|
name: data |
||||
|
- mountPath: /var/interlegis/sigi/media |
||||
|
name: media |
||||
|
livenessProbe: |
||||
|
httpGet: |
||||
|
path: / |
||||
|
port: http |
||||
|
initialDelaySeconds: 60 |
||||
|
failureThreshold: 3 |
||||
|
periodSeconds: 60 |
||||
|
successThreshold: 1 |
||||
|
timeoutSeconds: 5 |
||||
|
readinessProbe: |
||||
|
httpGet: |
||||
|
path: / |
||||
|
port: http |
||||
|
initialDelaySeconds: 60 |
||||
|
failureThreshold: 3 |
||||
|
periodSeconds: 30 |
||||
|
successThreshold: 1 |
||||
|
timeoutSeconds: 5 |
||||
|
resources: |
||||
|
{{- toYaml .Values.resources | nindent 12 }} |
||||
|
volumes: |
||||
|
- name: data |
||||
|
secret: |
||||
|
defaultMode: 440 |
||||
|
secretName: {{ include "sigi.fullname" . }}-secretkey |
||||
|
- name: media |
||||
|
{{- if .Values.persistence.enabled }} |
||||
|
persistentVolumeClaim: |
||||
|
claimName: {{ include "sigi.fullname" . }}-media |
||||
|
{{- else }} |
||||
|
emptyDir: {} |
||||
|
{{- end }} |
||||
|
{{- with .Values.nodeSelector }} |
||||
|
nodeSelector: |
||||
|
{{- toYaml . | nindent 8 }} |
||||
|
{{- end }} |
||||
|
affinity: |
||||
|
podAffinity: |
||||
|
preferredDuringSchedulingIgnoredDuringExecution: |
||||
|
- weight: 100 |
||||
|
podAffinityTerm: |
||||
|
labelSelector: |
||||
|
matchExpressions: |
||||
|
- key: app.kubernetes.io/name |
||||
|
operator: In |
||||
|
values: |
||||
|
- {{ include "sigi.name" . }} |
||||
|
- key: app.kubernetes.io/instance |
||||
|
operator: In |
||||
|
values: |
||||
|
- {{ .Release.Name }} |
||||
|
topologyKey: kubernetes.io/hostname |
||||
|
- weight: 50 |
||||
|
podAffinityTerm: |
||||
|
labelSelector: |
||||
|
matchExpressions: |
||||
|
- key: app.kubernetes.io/name |
||||
|
operator: In |
||||
|
values: |
||||
|
- postgresql |
||||
|
- key: app.kubernetes.io/instance |
||||
|
operator: In |
||||
|
values: |
||||
|
- {{ .Release.Name }} |
||||
|
topologyKey: kubernetes.io/hostname |
||||
|
{{- with .Values.affinity }} |
||||
|
{{- toYaml . | nindent 8 }} |
||||
|
{{- end }} |
||||
|
{{- with .Values.tolerations }} |
||||
|
tolerations: |
||||
|
{{- toYaml . | nindent 8 }} |
||||
|
{{- end }} |
@ -0,0 +1,28 @@ |
|||||
|
{{- if .Values.autoscaling.enabled }} |
||||
|
apiVersion: autoscaling/v2beta1 |
||||
|
kind: HorizontalPodAutoscaler |
||||
|
metadata: |
||||
|
name: {{ include "sigi.fullname" . }} |
||||
|
labels: |
||||
|
{{- include "sigi.labels" . | nindent 4 }} |
||||
|
spec: |
||||
|
scaleTargetRef: |
||||
|
apiVersion: apps/v1 |
||||
|
kind: Deployment |
||||
|
name: {{ include "sigi.fullname" . }} |
||||
|
minReplicas: {{ .Values.autoscaling.minReplicas }} |
||||
|
maxReplicas: {{ .Values.autoscaling.maxReplicas }} |
||||
|
metrics: |
||||
|
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }} |
||||
|
- type: Resource |
||||
|
resource: |
||||
|
name: cpu |
||||
|
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} |
||||
|
{{- end }} |
||||
|
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} |
||||
|
- type: Resource |
||||
|
resource: |
||||
|
name: memory |
||||
|
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
@ -0,0 +1,57 @@ |
|||||
|
{{- if .Values.ingress.enabled -}} |
||||
|
{{- $fullName := include "sigi.fullname" . -}} |
||||
|
{{- $hostName := .Values.sigi.hostname -}} |
||||
|
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} |
||||
|
apiVersion: networking.k8s.io/v1beta1 |
||||
|
{{- else -}} |
||||
|
apiVersion: extensions/v1beta1 |
||||
|
{{- end }} |
||||
|
kind: Ingress |
||||
|
metadata: |
||||
|
name: {{ $fullName }} |
||||
|
labels: |
||||
|
{{- include "sigi.labels" . | nindent 4 }} |
||||
|
annotations: |
||||
|
{{- if .Values.ingress.tls.enabled }} |
||||
|
# USE TLS |
||||
|
{{- if contains "letsencrypt" .Values.ingress.tls.provider }} |
||||
|
cert-manager.io/cluster-issuer: "letsencrypt-prod" |
||||
|
{{- end }} |
||||
|
{{- if contains "alb" .Values.ingress.class }} |
||||
|
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]' |
||||
|
{{- end }} |
||||
|
{{- else }} |
||||
|
# DO NOT USE TLS |
||||
|
{{- if contains "alb" .Values.ingress.class }} |
||||
|
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
{{- if contains "alb" .Values.ingress.class }} |
||||
|
alb.ingress.kubernetes.io/group.name: sigi |
||||
|
alb.ingress.kubernetes.io/scheme: internet-facing |
||||
|
alb.ingress.kubernetes.io/target-type: ip |
||||
|
kubernetes.io/ingress.class: alb |
||||
|
{{- end }} |
||||
|
{{- with .Values.ingress.annotations }} |
||||
|
{{- toYaml . | nindent 4 }} |
||||
|
{{- end }} |
||||
|
spec: |
||||
|
{{- if .Values.ingress.tls.enabled }} |
||||
|
tls: |
||||
|
- hosts: |
||||
|
- "{{ $hostName }}" |
||||
|
secretName: {{ $hostName | replace "." "-" }}-tls |
||||
|
{{- end }} |
||||
|
rules: |
||||
|
- host: "{{ $hostName }}" |
||||
|
http: |
||||
|
paths: |
||||
|
{{- if contains "nginx" .Values.ingress.class }} |
||||
|
- path: / |
||||
|
{{- else }} |
||||
|
- path: /* |
||||
|
{{- end }} |
||||
|
backend: |
||||
|
serviceName: {{ $fullName }} |
||||
|
servicePort: http |
||||
|
{{- end }} |
@ -0,0 +1,21 @@ |
|||||
|
{{- if .Values.persistence.enabled }} |
||||
|
apiVersion: v1 |
||||
|
kind: PersistentVolumeClaim |
||||
|
metadata: |
||||
|
name: {{ include "sigi.fullname" . }}-media |
||||
|
labels: |
||||
|
{{- include "sigi.labels" . | nindent 4 }} |
||||
|
spec: |
||||
|
accessModes: |
||||
|
- {{ .Values.persistence.accessMode }} |
||||
|
resources: |
||||
|
requests: |
||||
|
storage: {{ .Values.persistence.size }} |
||||
|
{{- if .Values.persistence.storageClass }} |
||||
|
{{- if (eq "-" .Values.persistence.storageClass) }} |
||||
|
storageClassName: "" |
||||
|
{{- else }} |
||||
|
storageClassName: "{{ .Values.persistence.storageClass }}" |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
@ -0,0 +1,13 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: Secret |
||||
|
metadata: |
||||
|
name: {{ include "sigi.fullname" . }}-secretkey |
||||
|
labels: |
||||
|
{{- include "sigi.labels" . | nindent 4 }} |
||||
|
type: Opaque |
||||
|
data: |
||||
|
{{- if .Release.IsUpgrade }} |
||||
|
secret.key: {{ index (lookup "v1" "Secret" .Release.Namespace (printf "%s-secretkey" (include "sigi.fullname" .))).data "secret.key" }} |
||||
|
{{ else }} # install operation |
||||
|
secret.key: {{ randAscii 50 | b64enc }} |
||||
|
{{ end }} |
@ -0,0 +1,15 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: Service |
||||
|
metadata: |
||||
|
name: {{ include "sigi.fullname" . }} |
||||
|
labels: |
||||
|
{{- include "sigi.labels" . | nindent 4 }} |
||||
|
spec: |
||||
|
type: {{ .Values.service.type }} |
||||
|
ports: |
||||
|
- port: {{ .Values.service.port }} |
||||
|
targetPort: http |
||||
|
protocol: TCP |
||||
|
name: http |
||||
|
selector: |
||||
|
{{- include "sigi.selectorLabels" . | nindent 4 }} |
@ -0,0 +1,39 @@ |
|||||
|
{{- if .Values.velero.backup.enabled }} |
||||
|
apiVersion: velero.io/v1 |
||||
|
kind: Schedule |
||||
|
metadata: |
||||
|
name: {{ include "sigi.fullname" . }}-monthly |
||||
|
namespace: {{ .Values.velero.namespace }} |
||||
|
spec: |
||||
|
# generate a random backup time between 1 and 5 AM on first day of every month |
||||
|
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} 1 * * |
||||
|
template: |
||||
|
includedNamespaces: |
||||
|
- {{ .Release.Namespace }} |
||||
|
{{- with .Values.velero.backup.excludedResources }} |
||||
|
excludedResources: |
||||
|
{{- toYaml . | nindent 8 }} |
||||
|
{{- end }} |
||||
|
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }} |
||||
|
# every weekday backup is good for the next year (365 days) |
||||
|
ttl: 8760h0m0s |
||||
|
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }} |
||||
|
hooks: |
||||
|
resources: |
||||
|
- name: pgdump |
||||
|
includedResources: |
||||
|
- pods |
||||
|
labelSelector: |
||||
|
matchLabels: |
||||
|
app.kubernetes.io/instance: {{ .Release.Name }} |
||||
|
app.kubernetes.io/name: postgresql |
||||
|
pre: |
||||
|
- exec: |
||||
|
command: |
||||
|
- "/bin/bash" |
||||
|
- "-c" |
||||
|
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U sigi -d sigi > /bitnami/postgresql/sigi.dump" |
||||
|
timeout: 360s |
||||
|
onError: Continue |
||||
|
useOwnerReferencesInBackup: false |
||||
|
{{- end }} |
@ -0,0 +1,39 @@ |
|||||
|
{{- if .Values.velero.backup.enabled }} |
||||
|
apiVersion: velero.io/v1 |
||||
|
kind: Schedule |
||||
|
metadata: |
||||
|
name: {{ include "sapl.fullname" . }}-weekdays |
||||
|
namespace: {{ .Values.velero.namespace }} |
||||
|
spec: |
||||
|
# generate a random backup time between 1 and 5 AM on weekdays |
||||
|
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 1-5 |
||||
|
template: |
||||
|
includedNamespaces: |
||||
|
- {{ .Release.Namespace }} |
||||
|
{{- with .Values.velero.backup.excludedResources }} |
||||
|
excludedResources: |
||||
|
{{- toYaml . | nindent 8 }} |
||||
|
{{- end }} |
||||
|
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }} |
||||
|
# every weekday backup is good for the next week (7 days) |
||||
|
ttl: 168h0m0s |
||||
|
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }} |
||||
|
hooks: |
||||
|
resources: |
||||
|
- name: pgdump |
||||
|
includedResources: |
||||
|
- pods |
||||
|
labelSelector: |
||||
|
matchLabels: |
||||
|
app.kubernetes.io/instance: {{ .Release.Name }} |
||||
|
app.kubernetes.io/name: postgresql |
||||
|
pre: |
||||
|
- exec: |
||||
|
command: |
||||
|
- "/bin/bash" |
||||
|
- "-c" |
||||
|
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U sapl -d sapl > /bitnami/postgresql/sapl.dump" |
||||
|
timeout: 360s |
||||
|
onError: Continue |
||||
|
useOwnerReferencesInBackup: false |
||||
|
{{- end }} |
@ -0,0 +1,39 @@ |
|||||
|
{{- if .Values.velero.backup.enabled }} |
||||
|
apiVersion: velero.io/v1 |
||||
|
kind: Schedule |
||||
|
metadata: |
||||
|
name: {{ include "sapl.fullname" . }}-weekly |
||||
|
namespace: {{ .Values.velero.namespace }} |
||||
|
spec: |
||||
|
# generate a random backup time between 1 and 5 AM on sunday |
||||
|
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 0 |
||||
|
template: |
||||
|
includedNamespaces: |
||||
|
- {{ .Release.Namespace }} |
||||
|
{{- with .Values.velero.backup.excludedResources }} |
||||
|
excludedResources: |
||||
|
{{- toYaml . | nindent 8 }} |
||||
|
{{- end }} |
||||
|
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }} |
||||
|
# every sunday backup is good for 30 days (aprox. 1 month) |
||||
|
ttl: 744h0m0s |
||||
|
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }} |
||||
|
hooks: |
||||
|
resources: |
||||
|
- name: pgdump |
||||
|
includedResources: |
||||
|
- pods |
||||
|
labelSelector: |
||||
|
matchLabels: |
||||
|
app.kubernetes.io/instance: {{ .Release.Name }} |
||||
|
app.kubernetes.io/name: postgresql |
||||
|
pre: |
||||
|
- exec: |
||||
|
command: |
||||
|
- "/bin/bash" |
||||
|
- "-c" |
||||
|
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U sapl -d sapl > /bitnami/postgresql/sapl.dump" |
||||
|
timeout: 360s |
||||
|
onError: Continue |
||||
|
useOwnerReferencesInBackup: false |
||||
|
{{- end }} |
@ -0,0 +1,128 @@ |
|||||
|
# Default values for sigi. |
||||
|
# This is a YAML-formatted file. |
||||
|
# Declare variables to be passed into your templates. |
||||
|
|
||||
|
replicaCount: 1 |
||||
|
|
||||
|
image: |
||||
|
registry: porto.interlegis.leg.br |
||||
|
repository: ilb/sigi |
||||
|
pullPolicy: IfNotPresent |
||||
|
# Overrides the image tag whose default is the chart appVersion. |
||||
|
tag: "" |
||||
|
|
||||
|
imagePullSecrets: [] |
||||
|
nameOverride: "" |
||||
|
fullnameOverride: "" |
||||
|
|
||||
|
serviceAccount: |
||||
|
# Specifies whether a service account should be created |
||||
|
create: true |
||||
|
# Annotations to add to the service account |
||||
|
annotations: {} |
||||
|
# The name of the service account to use. |
||||
|
# If not set and create is true, a name is generated using the fullname template |
||||
|
name: "" |
||||
|
|
||||
|
podAnnotations: {} |
||||
|
|
||||
|
podSecurityContext: {} |
||||
|
# fsGroup: 2000 |
||||
|
|
||||
|
securityContext: {} |
||||
|
# capabilities: |
||||
|
# drop: |
||||
|
# - ALL |
||||
|
# readOnlyRootFilesystem: true |
||||
|
# runAsNonRoot: true |
||||
|
# runAsUser: 1000 |
||||
|
|
||||
|
service: |
||||
|
type: ClusterIP |
||||
|
port: 80 |
||||
|
|
||||
|
persistence: |
||||
|
enabled: true |
||||
|
#storageClass: "" |
||||
|
accessMode: ReadWriteOnce |
||||
|
size: 2Gi |
||||
|
|
||||
|
sigi: |
||||
|
adminPassword: altereme |
||||
|
adminEmail: sigi@interlegis.leg.br |
||||
|
emailSendUser: no-reply@interlegis.leg.br |
||||
|
debug: 'False' |
||||
|
useTls: 'False' |
||||
|
emailPort: 25 |
||||
|
emailHost: mail.interlegis.leg.br |
||||
|
timeZone: 'America/Sao_Paulo' |
||||
|
hostname: 'sigi.interlegis.leg.br' |
||||
|
|
||||
|
ingress: |
||||
|
enabled: true |
||||
|
class: nginx |
||||
|
# nginx - for default nginx ingress controller |
||||
|
# alb - for AWS ALB Load Balancer controller |
||||
|
tls: |
||||
|
enabled: true |
||||
|
provider: letsencrypt |
||||
|
# extra annotations only |
||||
|
annotations: {} |
||||
|
|
||||
|
velero: |
||||
|
namespace: velero |
||||
|
backup: |
||||
|
enabled: true |
||||
|
snapshotVolumes: false |
||||
|
defaultVolumesToRestic: true |
||||
|
# cert-manager objects are usually blocked during backup |
||||
|
excludedResources: |
||||
|
- certificates.cert-manager.io |
||||
|
- orders.acme.cert-manager.io |
||||
|
- certificaterequests.cert-manager.io |
||||
|
- challenges.acme.cert-manager.io |
||||
|
|
||||
|
postgresql: |
||||
|
internal: true |
||||
|
image: |
||||
|
# repository: porto.interlegis.leg.br/bitnami/postgresql |
||||
|
# registry: porto.interlegis.leg.br |
||||
|
registry: docker.io |
||||
|
repository: bitnami/postgresql |
||||
|
tag: 14.4.0-debian-11-r0 |
||||
|
pullPolicy: IfNotPresent |
||||
|
service: |
||||
|
type: ClusterIP |
||||
|
port: 5432 |
||||
|
persistence: |
||||
|
enabled: true |
||||
|
size: 1Gi |
||||
|
postgresqlPassword: sigi |
||||
|
postgresqlUsername: sigi |
||||
|
postgresqlDatabase: sigi |
||||
|
resources: |
||||
|
requests: |
||||
|
cpu: 50m |
||||
|
memory: 64Mi |
||||
|
|
||||
|
|
||||
|
resources: |
||||
|
limits: |
||||
|
cpu: 1000m |
||||
|
memory: 1Gi |
||||
|
requests: |
||||
|
cpu: 150m |
||||
|
memory: 500Mi |
||||
|
|
||||
|
autoscaling: |
||||
|
enabled: false |
||||
|
minReplicas: 1 |
||||
|
maxReplicas: 100 |
||||
|
targetCPUUtilizationPercentage: 80 |
||||
|
# targetMemoryUtilizationPercentage: 80 |
||||
|
|
||||
|
nodeSelector: {} |
||||
|
|
||||
|
tolerations: [] |
||||
|
|
||||
|
affinity: {} |
After Width: | Height: | Size: 33 KiB |
After Width: | Height: | Size: 38 KiB |
Loading…
Reference in new issue