SEIT
/
rancher-charts
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

excluded config maps dependency

master
Keny Villela 2 years ago
parent
51dd58a92a
commit
51e186ed99
20 changed files with 896 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      charts/sigi/k8sfiles/sigi-configmap_saberes.yaml
  2. 6
      charts/sigi/v0.2.x/Chart.lock
  3. 24
      charts/sigi/v0.2.x/Chart.yaml
  4. 3
      charts/sigi/v0.2.x/app-readme.md
  5. BIN
      charts/sigi/v0.2.x/charts/postgresql-11.6.8.tgz
  6. 162
      charts/sigi/v0.2.x/questions.yaml
  7. 5
      charts/sigi/v0.2.x/templates/NOTES.txt
  8. 58
      charts/sigi/v0.2.x/templates/_helpers.tpl
  9. 174
      charts/sigi/v0.2.x/templates/deployment.yaml
  10. 28
      charts/sigi/v0.2.x/templates/hpa.yaml
  11. 72
      charts/sigi/v0.2.x/templates/ingress.yaml
  12. 21
      charts/sigi/v0.2.x/templates/pvc-media.yaml
  13. 13
      charts/sigi/v0.2.x/templates/secretkey.yaml
  14. 15
      charts/sigi/v0.2.x/templates/service.yaml
  15. 13
      charts/sigi/v0.2.x/templates/sigi-ldap-secret.yaml
  16. 13
      charts/sigi/v0.2.x/templates/sigi-saberes-token.yaml
  17. 39
      charts/sigi/v0.2.x/templates/velero-schedule-monthly.yaml
  18. 39
      charts/sigi/v0.2.x/templates/velero-schedule-weekdays.yaml
  19. 39
      charts/sigi/v0.2.x/templates/velero-schedule-weekly.yaml
  20. 154
      charts/sigi/v0.2.x/values.yaml

18
charts/sigi/k8sfiles/sigi-configmap_saberes.yaml
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: sigi-saberes-url
namespace: sigi
data:
MOODLE_BASE_URL: "https://saberes.senado.leg.br"
---
apiVersion: v1
kind: Secret
metadata:
name: sigi-saberes-tkn
namespace: sigi
type: Opaque
data:
MOODLE_API_TOKEN: YWx0ZXJlbWU=
# MOODLE_API_TOKEN: altereme

6
charts/sigi/v0.2.x/Chart.lock
View File

@ -0,0 +1,6 @@
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.8
digest: sha256:ee4247460b887d3cc558f76c85980fe6848624c688b855100d9863bef6830ed0
generated: "2022-06-24T12:28:18.011798975-03:00"

24
charts/sigi/v0.2.x/Chart.yaml
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: sigi
description: Sistema de Informações Gerenciais do Interlegis (SIGI)
# A chart can be either an 'application' or a 'library' chart.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.3-t
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 3.0.38
icon: https://git.interlegis.leg.br/SEIT/rancher-charts/raw/master/images/sigi_interlegis.png
dependencies:
- name: postgresql
version: 11.6.8
repository: https://charts.bitnami.com/bitnami
condition: postgresql.internal

3
charts/sigi/v0.2.x/app-readme.md
View File

@ -0,0 +1,3 @@
# Sistema de Informações Gerenciais do Interlegis
Utilize o formulário abaixo para configurar o SIGI.

BIN
charts/sigi/v0.2.x/charts/postgresql-11.6.8.tgz
View File

Binary file not shown.

162
charts/sigi/v0.2.x/questions.yaml
View File

@ -0,0 +1,162 @@
labels:
io.cattle.role: project
categories:
- Gerencial
questions:
# Informações Básicas
- variable: sigi.hostname
default: sigidsv.interlegis.leg.br
description: "Endereço para acesso ao SIGI"
label: "URL do SIGI"
type: string
group: Básico
required: true
# Ingress
- variable: ingress.tls.enabled
default: true
type: boolean
description: "Habilitar criptografia do protocolo HTTP (HTTPS)?"
label: "Habilitar TLS?"
required: false
group: Ingress
show_subquestion_if: true
subquestions:
- variable: ingress.tls.provider
default: letsencrypt
type: enum
description: "Qual provedor de certificados utilizar?"
label: "Provedor de certificados"
required: false
group: Ingress
options:
- letsencrypt
- letsencrypt-hml
- aws
- variable: ingress.class
default: nginx
type: enum
description: "Qual o Ingress Controller?"
label: "Classe Ingress"
required: false
group: Ingress
options:
- nginx
- alb
## Correio
#- variable: sigi.emailSendUser
# default: "sigi@interlegis.leg.br"
# description: "Remetente dos e-mails enviados pelo SIGI"
# label: "Remetente"
# type: string
# group: Correio
# required: false
#- variable: sigi.useTls
# default: "False"
# description: "Usar TLS ao conectar no servidor SMTP?"
# label: "Usar TLS"
# type: enum
# group: Correio
# options:
# - "True"
# - "False"
# required: false
#- variable: sigi.emailPort
# default: 25
# description: "Porta de envio de E-mail (SMTP)"
# type: int
# label: "Porta SMTP"
# required: false
# group: Correio
#- variable: sigi.emailHost
# default: "smtp.interlegis.leg.br"
# description: "Servidor de envio de e-mail (SMTP)"
# label: "Servidor SMTP"
# type: string
# group: Correio
# required: false
## PostgreSQL
#- variable: postgresql.internal
# default: true
# description: "Fazer o deploy do Postgres?"
# label: "Postgres Interno?"
# type: boolean
# group: PostgreSQL
# required: false
#- variable: postgresql.auth.Password
# default: "sigi"
# description: "Senha do banco de dados Postgres"
# label: "Senha do Postgres"
# type: password
# group: PostgreSQL
# required: true
# Avançado
- variable: sigi.debug
default: "False"
description: "Habilitar mensagens de Debug?"
label: "Debug?"
type: enum
options:
- "True"
- "False"
group: Avançado
required: true
- variable: image.tag
default: 3.0.0
description: "Versão da imagem docker do SIGI a ser utilizada"
label: "versão do SIGI"
type: string
group: Avançado
required: true
- variable: image.pullPolicy
default: IfNotPresent
description: "Politica de carga da imagem docker do SIGI."
label: "Carregar a imagem apenas quando não estiver presente?"
type: enum
options:
- IfNotPresent
- Always
group: Avançado
required: true
#- variable: sigi.timeZone
# default: "America/Sao_Paulo"
# description: "Fuso Horário do SIGI"
# label: "Fuso"
# type: enum
# options:
# - "America/Sao_Paulo"
# - "America/Fortaleza"
# - "America/Belem"
# - "America/Araguaina"
# - "America/Bahia"
# - "America/Boa_Vista"
# - "America/Campo_Grande"
# - "America/Cuiaba"
# - "America/Maceio"
# - "America/Manaus"
# - "America/Porto_Velho"
# - "America/Recife"
# - "America/Rio_Branco"
# - "America/Sao_Paulo"
# group: Avançado
# required: true
# Backup
- variable: velero.backup.enabled
default: false
label: "Habilitar backup com Velero?"
description: "Criar ou não os objetos para backup com o Velero."
type: boolean
group: Backup
required: false

5
charts/sigi/v0.2.x/templates/NOTES.txt
View File

@ -0,0 +1,5 @@
1. Seu SIGI pode ser acessado através da URL:
{{- if .Values.ingress.enabled }}
http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.sigi.hostname }}
{{- end }}

58
charts/sigi/v0.2.x/templates/_helpers.tpl
View File

@ -0,0 +1,58 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "sigi.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "sigi.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "sigi.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "sigi.labels" -}}
helm.sh/chart: {{ include "sigi.chart" . }}
{{ include "sigi.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "sigi.selectorLabels" -}}
app.kubernetes.io/name: {{ include "sigi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create a default fully qualified app name for postgresql.
*/}}
{{- define "postgresql.fullname" -}}
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

174
charts/sigi/v0.2.x/templates/deployment.yaml
View File

@ -0,0 +1,174 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "sigi.fullname" . }}
labels:
{{- include "sigi.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "sigi.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "sigi.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
env:
- name: DEBUG
value: "{{ .Values.sigi.debug }}"
- name: TZ
value: "{{ .Values.sigi.timeZone }}"
- name: LANG
value: "{{ .Values.sigi.language }}"
- name: DATABASE_URL
value: {{ printf "postgresql://%s:%s@%s:5432/%s" .Values.postgresql.auth.username .Values.postgresql.auth.password (include "postgresql.fullname" .) .Values.postgresql.auth.database| quote }}
- name: ADMINS
value: "{{ .Values.sigi.emailAdmins }}"
- name: EMAIL_PORT
value: "{{ .Values.sigi.emailPort }}"
- name: EMAIL_HOST
value: "{{ .Values.sigi.emailHost }}"
- name: DEFAULT_FROM_EMAIL
value: "{{ .Values.sigi.defaultFromEmail }}"
- name: AUTH_LDAP_SERVER_URI
value: "{{ .Values.sigi.auth.ldap.serverURI }}"
- name: AUTH_LDAP_BIND_DN
value: "{{ .Values.sigi.auth.ldap.bindDN }}"
- name: AUTH_LDAP_USER
value: "{{ .Values.sigi.auth.ldap.user }}"
- name: AUTH_LDAP_BIND_PASSWORD
valueFrom:
# Secret Key
secretKeyRef:
name: sigi-auth-ldap-key
key: AUTH_LDAP_BIND_PASSWORD
- name: AUTH_LDAP_USER_SEARCH_STRING
value: "{{ .Values.sigi.auth.ldap.userSearchString }}"
- name: AUTH_LDAP_USER_ATTR_MAP
value: "{{ .Values.sigi.auth.ldap.userAttrMap }}"
- name: AUTH_LDAP_GROUP
value: "{{ .Values.sigi.auth.ldap.group }}"
- name: AUTH_LDAP_GROUP_SEARCH_STRING
value: "{{ .Values.sigi.auth.ldap.groupSearchString }}"
- name: AUTH_LDAP_GROUP_TYPE_STRING
value: "{{ .Values.sigi.auth.ldap.groupTypeString }}"
- name: AUTH_LDAP_FIND_GROUP_PERMS
value: "{{ .Values.sigi.auth.ldap.findGroupPerms }}"
- name: AUTH_LDAP_MIRROR_GROUPS
value: "{{ .Values.sigi.auth.ldap.mirrorGroups }}"
- name: AUTH_LDAP_CACHE_GROUPS
value: "{{ .Values.sigi.auth.ldap.cacheGroups }}"
- name: AUTH_LDAP_GROUP_CACHE_TIMEOUT
value: "{{ .Values.sigi.auth.ldap.groupCacheTimeout }}"
- name: AUTH_LDAP_PROFILE_ATTR_MAP
value: "{{ .Values.sigi.auth.ldap.profileAttrMap }}"
- name: AUTH_PROFILE_MODULE
value: "{{ .Values.sigi.auth.profileModule }}"
- name: MOODLE_BASE_URL
value: "{{ .Values.sigi.saberes.moodleUrl }}"
- name: MOODLE_API_TOKEN
valueFrom:
# Secret Key
secretKeyRef:
name: {{ include "sigi.fullname" . }}-saberes-tkn
key: MOODLE_API_TOKEN
volumeMounts:
# - mountPath: /var/interlegis/sigi/data
# name: data
- mountPath: /srv/interlegis/sigi/media
name: {{ include "sigi.fullname" . }}-media
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 60
failureThreshold: 3
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 60
failureThreshold: 3
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
# - name: data
# secret:
# defaultMode: 440
# secretName: {{ include "sigi.fullname" . }}-secretkey
- name: {{ include "sigi.fullname" . }}-media
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "sigi.fullname" . }}-media
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- {{ include "sigi.name" . }}
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
- weight: 50
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- postgresql
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
{{- with .Values.affinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

28
charts/sigi/v0.2.x/templates/hpa.yaml
View File

@ -0,0 +1,28 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "sigi.fullname" . }}
labels:
{{- include "sigi.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "sigi.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

72
charts/sigi/v0.2.x/templates/ingress.yaml
View File

@ -0,0 +1,72 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "sigi.fullname" . -}}
{{- $hostName := .Values.sigi.hostname -}}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "sigi.labels" . | nindent 4 }}
annotations:
{{- if .Values.ingress.tls.enabled }}
# USE TLS
{{- if contains "letsencrypt" .Values.ingress.tls.provider }}
cert-manager.io/cluster-issuer: "letsencrypt-prod"
{{- end }}
{{- if contains "letsencrypt-hml" .Values.ingress.tls.provider }}
cert-manager.io/cluster-issuer: "letsencrypt-hml-dns"
{{- end }}
{{- if contains "alb" .Values.ingress.class }}
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
{{- end }}
{{- else }}
# DO NOT USE TLS
{{- if contains "alb" .Values.ingress.class }}
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
{{- end }}
{{- end }}
{{- if contains "alb" .Values.ingress.class }}
alb.ingress.kubernetes.io/group.name: sigi
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
kubernetes.io/ingress.class: alb
{{- end }}
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls.enabled }}
tls:
- hosts:
- "{{ $hostName }}"
secretName: {{ $hostName | replace "." "-" }}-tls
{{- end }}
rules:
- host: "{{ $hostName }}"
http:
paths:
{{- if contains "nginx" .Values.ingress.class }}
- path: /
{{- else }}
- path: /*
{{- end }}
{{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
pathType: ImplementationSpecific
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: 80
{{- else }}
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- end }}

21
charts/sigi/v0.2.x/templates/pvc-media.yaml
View File

@ -0,0 +1,21 @@
{{- if .Values.persistence.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "sigi.fullname" . }}-media
labels:
{{- include "sigi.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

13
charts/sigi/v0.2.x/templates/secretkey.yaml
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "sigi.fullname" . }}-secretkey
labels:
{{- include "sigi.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Release.IsUpgrade }}
secret.key: {{ index (lookup "v1" "Secret" .Release.Namespace (printf "%s-secretkey" (include "sigi.fullname" .))).data "secret.key" }}
{{ else }} # install operation
secret.key: {{ randAscii 50 | b64enc }}
{{ end }}

15
charts/sigi/v0.2.x/templates/service.yaml
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "sigi.fullname" . }}
labels:
{{- include "sigi.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "sigi.selectorLabels" . | nindent 4 }}

13
charts/sigi/v0.2.x/templates/sigi-ldap-secret.yaml
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "sigi.fullname" . }}-auth-ldap-key
labels:
{{- include "sigi.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Release.IsUpgrade }}
AUTH_LDAP_BIND_PASSWORD: {{ index (lookup "v1" "Secret" .Release.Namespace (printf "%s-auth-ldap-key" (include "sigi.fullname" .))).data "AUTH_LDAP_BIND_PASSWORD" }}
{{ else }} # install operation
AUTH_LDAP_BIND_PASSWORD: {{ .Values.sigi.auth.ldap.bindPwd | b64enc }}
{{ end }}

13
charts/sigi/v0.2.x/templates/sigi-saberes-token.yaml
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "sigi.fullname" . }}-saberes-tkn
labels:
{{- include "sigi.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Release.IsUpgrade }}
MOODLE_API_TOKEN: {{ index (lookup "v1" "Secret" .Release.Namespace (printf "%s-saberes-tkn" (include "sigi.fullname" .))).data "MOODLE_API_TOKEN" }}
{{ else }} # install operation
MOODLE_API_TOKEN: {{ .Values.sigi.saberes.moodleToken | b64enc }}
{{ end }}

39
charts/sigi/v0.2.x/templates/velero-schedule-monthly.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-monthly
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on first day of every month
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} 1 * *
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every weekday backup is good for the next year (365 days)
ttl: 8760h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

39
charts/sigi/v0.2.x/templates/velero-schedule-weekdays.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-weekdays
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on weekdays
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 1-5
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every weekday backup is good for the next week (7 days)
ttl: 168h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

39
charts/sigi/v0.2.x/templates/velero-schedule-weekly.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-weekly
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on sunday
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 0
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every sunday backup is good for 30 days (aprox. 1 month)
ttl: 744h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

154
charts/sigi/v0.2.x/values.yaml
View File

@ -0,0 +1,154 @@
# Default values for sigi.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
# registry: porto.interlegis.leg.br
repository: porto.interlegis.leg.br/ilb/sigi
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
persistence:
enabled: true
#storageClass: ""
accessMode: ReadWriteOnce
size: 12Gi
sigi:
debug: 'False'
hostname: 'sigidsv.interlegis.leg.br'
timeZone: 'America/Sao_Paulo'
language: 'pt_BR.UTF-8'
emailPort: 25
emailHost: 'smtp.interlegis.leg.br'
emailAdmins: "(('SIGI Administrator', 'sigi@interlegis.leg.br'),)"
defaultFromEmail: 'sigi@interlegis.leg.br'
auth:
ldap:
serverURI: 'ldap://ad.senado.gov.br'
bindDN: 'CN=Sistema de Informações Gerenciais do Interlegis Service Account,OU=_UsuariosServicos,OU=2-AdministracaoSistemas,DC=senado,DC=gov,DC=br'
bindPwd: 'RgtJdtvas7s4BSpjnVnR'
user: 'U=UsuariosPessoas,DC=senado,DC=gov,DC=br'
userSearchString: '(&(sAMAccountName=%(user)s)(department=*ILB*)(!(title=*Desligad*))(!(title=*inativ*)))'
userAttrMap: '{"first_name": "givenName", "last_name": "sn", "email": "userPrincipalName", }'
group: ''
groupSearchString: ''
groupTypeString: ''
findGroupPerms: False
mirrorGroups: False
cacheGroups: False
groupCacheTimeout: 0
profileAttrMap: '{"nome_completo": "cn"}'
profileModule: 'servidores.Servidor'
saberes:
moodleUrl: 'https://saberes.senado.leg.br'
moodleToken: 'altereme'
ingress:
enabled: true
class: nginx
# nginx - for default nginx ingress controller
# alb - for AWS ALB Load Balancer controller
tls:
enabled: true
provider: letsencrypt
# extra annotations only
annotations: {}
velero:
namespace: velero
backup:
enabled: false
snapshotVolumes: false
defaultVolumesToRestic: true
# cert-manager objects are usually blocked during backup
excludedResources:
- certificates.cert-manager.io
- orders.acme.cert-manager.io
- certificaterequests.cert-manager.io
- challenges.acme.cert-manager.io
postgresql:
internal: true
image:
# repository: porto.interlegis.leg.br/bitnami/postgresql
# registry: porto.interlegis.leg.br
registry: docker.io
repository: bitnami/postgresql
tag: 14.4.0-debian-11-r0
pullPolicy: IfNotPresent
primary:
service:
type: ClusterIP
port: 5432
persistence:
enabled: true
size: 1Gi
resources:
requests:
cpu: 250m
memory: 256Mi
auth:
postgresPassword: sigi
password: sigi
username: sigi
database: sigi
env:
- name: LANG
value: pt_BR.UTF-8
- name: LANGUAGE
value: pt_BR.UTF-8
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 150m
memory: 500Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
Write Preview
Loading…
Cancel
Save