SEIT
/
rancher-charts
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

SIGI separation app and bkp

master
Keny Villela 2 years ago
parent
b7be7a7b78
commit
84a2fd96d4
25 changed files with 1395 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 24
      charts/sigi/v0.2-bkp/Chart.yaml
  2. 3
      charts/sigi/v0.2-bkp/app-readme.md
  3. 171
      charts/sigi/v0.2-bkp/questions.yaml
  4. 58
      charts/sigi/v0.2-bkp/templates/_helpers.tpl
  5. 39
      charts/sigi/v0.2-bkp/templates/velero-schedule-monthly.yaml
  6. 39
      charts/sigi/v0.2-bkp/templates/velero-schedule-weekdays.yaml
  7. 39
      charts/sigi/v0.2-bkp/templates/velero-schedule-weekly.yaml
  8. 148
      charts/sigi/v0.2-bkp/values.yaml
  9. 6
      charts/sigi/v0.2/Chart.lock
  10. 24
      charts/sigi/v0.2/Chart.yaml
  11. 3
      charts/sigi/v0.2/app-readme.md
  12. BIN
      charts/sigi/v0.2/charts/postgresql-11.6.8.tgz
  13. 162
      charts/sigi/v0.2/questions.yaml
  14. 5
      charts/sigi/v0.2/templates/NOTES.txt
  15. 58
      charts/sigi/v0.2/templates/_helpers.tpl
  16. 215
      charts/sigi/v0.2/templates/deployment.yaml
  17. 28
      charts/sigi/v0.2/templates/hpa.yaml
  18. 60
      charts/sigi/v0.2/templates/ingress.yaml
  19. 21
      charts/sigi/v0.2/templates/pvc-media.yaml
  20. 13
      charts/sigi/v0.2/templates/secretkey.yaml
  21. 15
      charts/sigi/v0.2/templates/service.yaml
  22. 39
      charts/sigi/v0.2/templates/velero-schedule-monthly.yaml
  23. 39
      charts/sigi/v0.2/templates/velero-schedule-weekdays.yaml
  24. 39
      charts/sigi/v0.2/templates/velero-schedule-weekly.yaml
  25. 147
      charts/sigi/v0.2/values.yaml

24
charts/sigi/v0.2-bkp/Chart.yaml
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: sigibkp
description: Backup Sistema de Informações Gerenciais do Interlegis (SIGI)
# A chart can be either an 'application' or a 'library' chart.
#type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
#appVersion: 3.0.0
#icon: https://git.interlegis.leg.br/SEIT/rancher-charts/raw/master/images/sigi_interlegis.png
#
#dependencies:
#- name: postgresql
# version: 11.6.8
# repository: https://charts.bitnami.com/bitnami
# condition: postgresql.internal

3
charts/sigi/v0.2-bkp/app-readme.md
View File

@ -0,0 +1,3 @@
# Backup Sistema de Informações Gerenciais do Interlegis
Utilize o formulário abaixo para configurar o Backup do SIGI.

171
charts/sigi/v0.2-bkp/questions.yaml
View File

@ -0,0 +1,171 @@
labels:
io.cattle.role: project
categories:
- Gerencial
questions:
## Informações Básicas
#- variable: sigi.hostname
# default: sigidsv.interlegis.leg.br
# description: "Endereço para acesso ao SIGI"
# label: "URL do SIGI"
# type: string
# group: Básico
# required: true
#
#
## Ingress
#- variable: ingress.tls.enabled
# default: true
# type: boolean
# description: "Habilitar criptografia do protocolo HTTP (HTTPS)?"
# label: "Habilitar TLS?"
# required: false
# group: Ingress
# show_subquestion_if: true
# subquestions:
# - variable: ingress.tls.provider
# default: letsencrypt
# type: enum
# description: "Qual provedor de certificados utilizar?"
# label: "Provedor de certificados"
# required: false
# group: Ingress
# options:
# - letsencrypt
# - letsencrypt-hml
# - aws
#
#- variable: ingress.class
# default: nginx
# type: enum
# description: "Qual o Ingress Controller?"
# label: "Classe Ingress"
# required: false
# group: Ingress
# options:
# - nginx
# - alb
#
## Correio
#- variable: sigi.emailSendUser
# default: "sigi@interlegis.leg.br"
# description: "Remetente dos e-mails enviados pelo SIGI"
# label: "Remetente"
# type: string
# group: Correio
# required: false
#- variable: sigi.useTls
# default: "False"
# description: "Usar TLS ao conectar no servidor SMTP?"
# label: "Usar TLS"
# type: enum
# group: Correio
# options:
# - "True"
# - "False"
# required: false
#- variable: sigi.emailPort
# default: 25
# description: "Porta de envio de E-mail (SMTP)"
# type: int
# label: "Porta SMTP"
# required: false
# group: Correio
#- variable: sigi.emailHost
# default: "smtp.interlegis.leg.br"
# description: "Servidor de envio de e-mail (SMTP)"
# label: "Servidor SMTP"
# type: string
# group: Correio
# required: false
## PostgreSQL
#- variable: postgresql.internal
# default: true
# description: "Fazer o deploy do Postgres?"
# label: "Postgres Interno?"
# type: boolean
# group: PostgreSQL
# required: false
#- variable: postgresql.auth.Password
# default: "sigi"
# description: "Senha do banco de dados Postgres"
# label: "Senha do Postgres"
# type: password
# group: PostgreSQL
# required: true
## Avançado
#- variable: sigi.debug
# default: "False"
# description: "Habilitar mensagens de Debug?"
# label: "Debug?"
# type: enum
# options:
# - "True"
# - "False"
# group: Avançado
# required: true
#
#- variable: image.tag
# default: 3.0.0
# description: "Versão da imagem docker do SIGI a ser utilizada"
# label: "versão do SIGI"
# type: string
# group: Avançado
# required: true
#- variable: image.pullPolicy
# default: IfNotPresent
# description: "Politica de carga da imagem docker do SIGI."
# label: "Carregar a imagem apenas quando não estiver presente?"
# type: enum
# options:
# - IfNotPresent
# - Always
# group: Avançado
# required: true
#- variable: sigi.timeZone
# default: "America/Sao_Paulo"
# description: "Fuso Horário do SIGI"
# label: "Fuso"
# type: enum
# options:
# - "America/Sao_Paulo"
# - "America/Fortaleza"
# - "America/Belem"
# - "America/Araguaina"
# - "America/Bahia"
# - "America/Boa_Vista"
# - "America/Campo_Grande"
# - "America/Cuiaba"
# - "America/Maceio"
# - "America/Manaus"
# - "America/Porto_Velho"
# - "America/Recife"
# - "America/Rio_Branco"
# - "America/Sao_Paulo"
# group: Avançado
# required: true
# Backup
- variable: velero.backup.enabled
default: true
label: "Habilitar backup com Velero?"
description: "Criar ou não os objetos para backup com o Velero."
type: boolean
group: Backup
required: true
- variable: velero.backup.instance
default: sigi
label: "Nome da instância?"
description: "Nome da instância para backup com o Velero."
type: string
group: Backup
required: true

58
charts/sigi/v0.2-bkp/templates/_helpers.tpl
View File

@ -0,0 +1,58 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "sigibkp.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "sigibkp.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "sigibkp.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "sigibkp.labels" -}}
helm.sh/chart: {{ include "sigibkp.chart" . }}
{{ include "sigibkp.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "sigibkp.selectorLabels" -}}
app.kubernetes.io/name: {{ include "sigibkp.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create a default fully qualified app name for postgresql.
*/}}
{{- define "postgresql.fullname" -}}
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

39
charts/sigi/v0.2-bkp/templates/velero-schedule-monthly.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-monthly
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on first day of every month
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} 1 * *
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every weekday backup is good for the next year (365 days)
ttl: 8760h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Values.velero.backup.instance }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

39
charts/sigi/v0.2-bkp/templates/velero-schedule-weekdays.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-weekdays
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on weekdays
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 1-5
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every weekday backup is good for the next week (7 days)
ttl: 168h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Values.velero.backup.instance }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

39
charts/sigi/v0.2-bkp/templates/velero-schedule-weekly.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-weekly
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on sunday
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 0
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every sunday backup is good for 30 days (aprox. 1 month)
ttl: 744h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Values.velero.backup.instance }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

148
charts/sigi/v0.2-bkp/values.yaml
View File

@ -0,0 +1,148 @@
# Default values for sigi.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
# registry: porto.interlegis.leg.br
repository: porto.interlegis.leg.br/ilb/sigi
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
persistence:
enabled: true
#storageClass: ""
accessMode: ReadWriteOnce
size: 12Gi
sigi:
debug: 'False'
hostname: 'sigidsv.interlegis.leg.br'
timeZone: 'America/Sao_Paulo'
language: 'pt_BR.UTF-8'
emailPort: 25
emailHost: 'smtp.interlegis.leg.br'
defaultFromEmail: 'sigi@interlegis.leg.br'
auth:
ldap:
serverURI: 'ldap://ad.senado.gov.br'
bindDN: 'CN=Sistema de Informações Gerenciais do Interlegis Service Account,OU=_UsuariosServicos,OU=2-AdministracaoSistemas,DC=senado,DC=gov,DC=br'
bindPwd: 'RgtJdtvas7s4BSpjnVnR'
user: 'U=UsuariosPessoas,DC=senado,DC=gov,DC=br'
userSearchString: '(sAMAccountName=%(user)s)'
group: 'OU=GruposAutomaticosOU,DC=senado,DC=gov,DC=br'
groupSearchString: '(objectClass=Group)'
groupTypeString: 'cn'
findGroupPerms: True
mirrorGroups: True
cacheGroups: True
groupCacheTimeout: 3600
profileModule: 'servidores.Servidor'
ingress:
enabled: true
class: nginx
# nginx - for default nginx ingress controller
# alb - for AWS ALB Load Balancer controller
tls:
enabled: true
provider: letsencrypt
# extra annotations only
annotations: {}
velero:
namespace: velero
backup:
enabled: true
instance: sigi
snapshotVolumes: false
defaultVolumesToRestic: true
# cert-manager objects are usually blocked during backup
excludedResources:
- certificates.cert-manager.io
- orders.acme.cert-manager.io
- certificaterequests.cert-manager.io
- challenges.acme.cert-manager.io
postgresql:
internal: true
image:
# repository: porto.interlegis.leg.br/bitnami/postgresql
# registry: porto.interlegis.leg.br
registry: docker.io
repository: bitnami/postgresql
tag: 14.4.0-debian-11-r0
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 5432
persistence:
enabled: true
size: 1Gi
auth:
postgresPassword: sigi
password: sigi
username: sigi
database: sigi
env:
- name: LANG
value: pt_BR.UTF-8
- name: LANGUAGE
value: pt_BR.UTF-8
resources:
requests:
cpu: 50m
memory: 64Mi
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 150m
memory: 500Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}

6
charts/sigi/v0.2/Chart.lock
View File

@ -0,0 +1,6 @@
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.8
digest: sha256:ee4247460b887d3cc558f76c85980fe6848624c688b855100d9863bef6830ed0
generated: "2022-06-24T12:28:18.011798975-03:00"

24
charts/sigi/v0.2/Chart.yaml
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: sigi
description: Sistema de Informações Gerenciais do Interlegis (SIGI)
# A chart can be either an 'application' or a 'library' chart.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: 3.0.0
icon: https://git.interlegis.leg.br/SEIT/rancher-charts/raw/master/images/sigi_interlegis.png
dependencies:
- name: postgresql
version: 11.6.8
repository: https://charts.bitnami.com/bitnami
condition: postgresql.internal

3
charts/sigi/v0.2/app-readme.md
View File

@ -0,0 +1,3 @@
# Sistema de Informações Gerenciais do Interlegis
Utilize o formulário abaixo para configurar o SIGI.

BIN
charts/sigi/v0.2/charts/postgresql-11.6.8.tgz
View File

Binary file not shown.

162
charts/sigi/v0.2/questions.yaml
View File

@ -0,0 +1,162 @@
labels:
io.cattle.role: project
categories:
- Gerencial
questions:
# Informações Básicas
- variable: sigi.hostname
default: sigidsv.interlegis.leg.br
description: "Endereço para acesso ao SIGI"
label: "URL do SIGI"
type: string
group: Básico
required: true
# Ingress
- variable: ingress.tls.enabled
default: true
type: boolean
description: "Habilitar criptografia do protocolo HTTP (HTTPS)?"
label: "Habilitar TLS?"
required: false
group: Ingress
show_subquestion_if: true
subquestions:
- variable: ingress.tls.provider
default: letsencrypt
type: enum
description: "Qual provedor de certificados utilizar?"
label: "Provedor de certificados"
required: false
group: Ingress
options:
- letsencrypt
- letsencrypt-hml
- aws
- variable: ingress.class
default: nginx
type: enum
description: "Qual o Ingress Controller?"
label: "Classe Ingress"
required: false
group: Ingress
options:
- nginx
- alb
## Correio
#- variable: sigi.emailSendUser
# default: "sigi@interlegis.leg.br"
# description: "Remetente dos e-mails enviados pelo SIGI"
# label: "Remetente"
# type: string
# group: Correio
# required: false
#- variable: sigi.useTls
# default: "False"
# description: "Usar TLS ao conectar no servidor SMTP?"
# label: "Usar TLS"
# type: enum
# group: Correio
# options:
# - "True"
# - "False"
# required: false
#- variable: sigi.emailPort
# default: 25
# description: "Porta de envio de E-mail (SMTP)"
# type: int
# label: "Porta SMTP"
# required: false
# group: Correio
#- variable: sigi.emailHost
# default: "smtp.interlegis.leg.br"
# description: "Servidor de envio de e-mail (SMTP)"
# label: "Servidor SMTP"
# type: string
# group: Correio
# required: false
## PostgreSQL
#- variable: postgresql.internal
# default: true
# description: "Fazer o deploy do Postgres?"
# label: "Postgres Interno?"
# type: boolean
# group: PostgreSQL
# required: false
#- variable: postgresql.auth.Password
# default: "sigi"
# description: "Senha do banco de dados Postgres"
# label: "Senha do Postgres"
# type: password
# group: PostgreSQL
# required: true
# Avançado
- variable: sigi.debug
default: "False"
description: "Habilitar mensagens de Debug?"
label: "Debug?"
type: enum
options:
- "True"
- "False"
group: Avançado
required: true
- variable: image.tag
default: 3.0.0
description: "Versão da imagem docker do SIGI a ser utilizada"
label: "versão do SIGI"
type: string
group: Avançado
required: true
- variable: image.pullPolicy
default: IfNotPresent
description: "Politica de carga da imagem docker do SIGI."
label: "Carregar a imagem apenas quando não estiver presente?"
type: enum
options:
- IfNotPresent
- Always
group: Avançado
required: true
#- variable: sigi.timeZone
# default: "America/Sao_Paulo"
# description: "Fuso Horário do SIGI"
# label: "Fuso"
# type: enum
# options:
# - "America/Sao_Paulo"
# - "America/Fortaleza"
# - "America/Belem"
# - "America/Araguaina"
# - "America/Bahia"
# - "America/Boa_Vista"
# - "America/Campo_Grande"
# - "America/Cuiaba"
# - "America/Maceio"
# - "America/Manaus"
# - "America/Porto_Velho"
# - "America/Recife"
# - "America/Rio_Branco"
# - "America/Sao_Paulo"
# group: Avançado
# required: true
## Backup
#- variable: velero.backup.enabled
# default: false
# label: "Habilitar backup com Velero?"
# description: "Criar ou não os objetos para backup com o Velero."
# type: boolean
# group: Backup
# required: false

5
charts/sigi/v0.2/templates/NOTES.txt
View File

@ -0,0 +1,5 @@
1. Seu SIGI pode ser acessado através da URL:
{{- if .Values.ingress.enabled }}
http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.sigi.hostname }}
{{- end }}

58
charts/sigi/v0.2/templates/_helpers.tpl
View File

@ -0,0 +1,58 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "sigi.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "sigi.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "sigi.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "sigi.labels" -}}
helm.sh/chart: {{ include "sigi.chart" . }}
{{ include "sigi.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "sigi.selectorLabels" -}}
app.kubernetes.io/name: {{ include "sigi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create a default fully qualified app name for postgresql.
*/}}
{{- define "postgresql.fullname" -}}
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

215
charts/sigi/v0.2/templates/deployment.yaml
View File

@ -0,0 +1,215 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "sigi.fullname" . }}
labels:
{{- include "sigi.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "sigi.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "sigi.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
env:
- name: DEBUG
value: "{{ .Values.sigi.debug }}"
- name: TZ
value: "{{ .Values.sigi.timeZone }}"
- name: LANG
value: "{{ .Values.sigi.language }}"
- name: DATABASE_URL
value: {{ printf "postgresql://%s:%s@%s:5432/%s" .Values.postgresql.auth.username .Values.postgresql.auth.password (include "postgresql.fullname" .) .Values.postgresql.auth.database| quote }}
- name: EMAIL_PORT
valueFrom:
configMapKeyRef:
name: sigi-email
key: EMAIL_PORT
- name: EMAIL_HOST
valueFrom:
configMapKeyRef:
name: sigi-email
key: EMAIL_HOST
- name: DEFAULT_FROM_EMAIL
valueFrom:
configMapKeyRef:
name: sigi-email
key: DEFAULT_FROM_EMAIL
- name: AUTH_LDAP_SERVER_URI
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_SERVER_URI
- name: AUTH_LDAP_BIND_DN
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_BIND_DN
- name: AUTH_LDAP_USER
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_USER
- name: AUTH_LDAP_USER_SEARCH_STRING
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_USER_SEARCH_STRING
- name: AUTH_LDAP_GROUP
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_GROUP
- name: AUTH_LDAP_GROUP_SEARCH_STRING
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_GROUP_SEARCH_STRING
- name: AUTH_LDAP_GROUP_TYPE_STRING
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_GROUP_TYPE_STRING
- name: AUTH_LDAP_USER_ATTR_MAP
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_USER_ATTR_MAP
- name: AUTH_LDAP_PROFILE_ATTR_MAP
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_PROFILE_ATTR_MAP
- name: AUTH_LDAP_FIND_GROUP_PERMS
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_FIND_GROUP_PERMS
- name: AUTH_LDAP_MIRROR_GROUPS
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_MIRROR_GROUPS
- name: AUTH_LDAP_CACHE_GROUPS
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_CACHE_GROUPS
- name: AUTH_LDAP_GROUP_CACHE_TIMEOUT
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_LDAP_GROUP_CACHE_TIMEOUT
- name: AUTH_PROFILE_MODULE
valueFrom:
configMapKeyRef:
name: sigi-auth-ldap
key: AUTH_PROFILE_MODULE
- name: AUTH_LDAP_BIND_PASSWORD
valueFrom:
# Secret Key
secretKeyRef:
name: sigi-auth-ldap-key
key: AUTH_LDAP_BIND_PASSWORD
volumeMounts:
# - mountPath: /var/interlegis/sigi/data
# name: data
- mountPath: /srv/interlegis/sigi/media
name: {{ include "sigi.fullname" . }}-media
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 60
failureThreshold: 3
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 60
failureThreshold: 3
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 5
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
# - name: data
# secret:
# defaultMode: 440
# secretName: {{ include "sigi.fullname" . }}-secretkey
- name: {{ include "sigi.fullname" . }}-media
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "sigi.fullname" . }}-media
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- {{ include "sigi.name" . }}
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
- weight: 50
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- postgresql
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
topologyKey: kubernetes.io/hostname
{{- with .Values.affinity }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

28
charts/sigi/v0.2/templates/hpa.yaml
View File

@ -0,0 +1,28 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "sigi.fullname" . }}
labels:
{{- include "sigi.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "sigi.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

60
charts/sigi/v0.2/templates/ingress.yaml
View File

@ -0,0 +1,60 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "sigi.fullname" . -}}
{{- $hostName := .Values.sigi.hostname -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "sigi.labels" . | nindent 4 }}
annotations:
{{- if .Values.ingress.tls.enabled }}
# USE TLS
{{- if contains "letsencrypt" .Values.ingress.tls.provider }}
cert-manager.io/cluster-issuer: "letsencrypt-prod"
{{- end }}
{{- if contains "letsencrypt-hml" .Values.ingress.tls.provider }}
cert-manager.io/cluster-issuer: "letsencrypt-hml-dns"
{{- end }}
{{- if contains "alb" .Values.ingress.class }}
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
{{- end }}
{{- else }}
# DO NOT USE TLS
{{- if contains "alb" .Values.ingress.class }}
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'
{{- end }}
{{- end }}
{{- if contains "alb" .Values.ingress.class }}
alb.ingress.kubernetes.io/group.name: sigi
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
kubernetes.io/ingress.class: alb
{{- end }}
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls.enabled }}
tls:
- hosts:
- "{{ $hostName }}"
secretName: {{ $hostName | replace "." "-" }}-tls
{{- end }}
rules:
- host: "{{ $hostName }}"
http:
paths:
{{- if contains "nginx" .Values.ingress.class }}
- path: /
{{- else }}
- path: /*
{{- end }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}

21
charts/sigi/v0.2/templates/pvc-media.yaml
View File

@ -0,0 +1,21 @@
{{- if .Values.persistence.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "sigi.fullname" . }}-media
labels:
{{- include "sigi.labels" . | nindent 4 }}
spec:
accessModes:
- {{ .Values.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

13
charts/sigi/v0.2/templates/secretkey.yaml
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "sigi.fullname" . }}-secretkey
labels:
{{- include "sigi.labels" . | nindent 4 }}
type: Opaque
data:
{{- if .Release.IsUpgrade }}
secret.key: {{ index (lookup "v1" "Secret" .Release.Namespace (printf "%s-secretkey" (include "sigi.fullname" .))).data "secret.key" }}
{{ else }} # install operation
secret.key: {{ randAscii 50 | b64enc }}
{{ end }}

15
charts/sigi/v0.2/templates/service.yaml
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "sigi.fullname" . }}
labels:
{{- include "sigi.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "sigi.selectorLabels" . | nindent 4 }}

39
charts/sigi/v0.2/templates/velero-schedule-monthly.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-monthly
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on first day of every month
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} 1 * *
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every weekday backup is good for the next year (365 days)
ttl: 8760h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

39
charts/sigi/v0.2/templates/velero-schedule-weekdays.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-weekdays
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on weekdays
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 1-5
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every weekday backup is good for the next week (7 days)
ttl: 168h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

39
charts/sigi/v0.2/templates/velero-schedule-weekly.yaml
View File

@ -0,0 +1,39 @@
{{- if .Values.velero.backup.enabled }}
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: {{ include "sigi.fullname" . }}-weekly
namespace: {{ .Values.velero.namespace }}
spec:
# generate a random backup time between 1 and 5 AM on sunday
schedule: {{ mod (randNumeric 2) 60 }} {{ mod (randNumeric 1) 6 }} * * 0
template:
includedNamespaces:
- {{ .Release.Namespace }}
{{- with .Values.velero.backup.excludedResources }}
excludedResources:
{{- toYaml . | nindent 8 }}
{{- end }}
snapshotVolumes: {{ .Values.velero.backup.snapshotVolumes }}
# every sunday backup is good for 30 days (aprox. 1 month)
ttl: 744h0m0s
defaultVolumesToRestic: {{ .Values.velero.backup.defaultVolumesToRestic }}
hooks:
resources:
- name: pgdump
includedResources:
- pods
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/name: postgresql
pre:
- exec:
command:
- "/bin/bash"
- "-c"
- "PGPASSWORD=$POSTGRES_PASSWORD /opt/bitnami/postgresql/bin/pg_dump -U postgres -d sigi > /bitnami/postgresql/sigi.dump"
timeout: 360s
onError: Continue
useOwnerReferencesInBackup: false
{{- end }}

147
charts/sigi/v0.2/values.yaml
View File

@ -0,0 +1,147 @@
# Default values for sigi.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
# registry: porto.interlegis.leg.br
repository: porto.interlegis.leg.br/ilb/sigi
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
persistence:
enabled: true
#storageClass: ""
accessMode: ReadWriteOnce
size: 12Gi
sigi:
debug: 'False'
hostname: 'sigidsv.interlegis.leg.br'
timeZone: 'America/Sao_Paulo'
language: 'pt_BR.UTF-8'
emailPort: 25
emailHost: 'smtp.interlegis.leg.br'
defaultFromEmail: 'sigi@interlegis.leg.br'
auth:
ldap:
serverURI: 'ldap://ad.senado.gov.br'
bindDN: 'CN=Sistema de Informações Gerenciais do Interlegis Service Account,OU=_UsuariosServicos,OU=2-AdministracaoSistemas,DC=senado,DC=gov,DC=br'
bindPwd: 'RgtJdtvas7s4BSpjnVnR'
user: 'U=UsuariosPessoas,DC=senado,DC=gov,DC=br'
userSearchString: '(sAMAccountName=%(user)s)'
group: 'OU=GruposAutomaticosOU,DC=senado,DC=gov,DC=br'
groupSearchString: '(objectClass=Group)'
groupTypeString: 'cn'
findGroupPerms: True
mirrorGroups: True
cacheGroups: True
groupCacheTimeout: 3600
profileModule: 'servidores.Servidor'
ingress:
enabled: true
class: nginx
# nginx - for default nginx ingress controller
# alb - for AWS ALB Load Balancer controller
tls:
enabled: true
provider: letsencrypt
# extra annotations only
annotations: {}
#velero:
# namespace: velero
# backup:
# enabled: false
# snapshotVolumes: false
# defaultVolumesToRestic: true
# # cert-manager objects are usually blocked during backup
# excludedResources:
# - certificates.cert-manager.io
# - orders.acme.cert-manager.io
# - certificaterequests.cert-manager.io
# - challenges.acme.cert-manager.io
postgresql:
internal: true
image:
# repository: porto.interlegis.leg.br/bitnami/postgresql
# registry: porto.interlegis.leg.br
registry: docker.io
repository: bitnami/postgresql
tag: 14.4.0-debian-11-r0
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 5432
persistence:
enabled: true
size: 1Gi
auth:
postgresPassword: sigi
password: sigi
username: sigi
database: sigi
env:
- name: LANG
value: pt_BR.UTF-8
- name: LANGUAGE
value: pt_BR.UTF-8
resources:
requests:
cpu: 50m
memory: 64Mi
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 150m
memory: 500Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
Write Preview
Loading…
Cancel
Save