SIGI helm chart corretions v0

2 years ago · 8e143f04a0
19 changed files with 216 additions and 182 deletions
--- a/charts/sigi/v0.1.0/questions.yaml
+++ b/charts/sigi/v0.1.0/questions.yaml
@ -1,150 +0,0 @@
-labels:
-  io.cattle.role: project
-categories:
- Gerencial
-questions:
-# Informações Básicas
- variable: sigi.hostname
-  default: "sigi.interlegis.leg.br"
-  description: "Endereço para acesso ao SIGI"
-  label: "URL do SIGI"
-  type: string
-  group: Básico
-  required: true
- variable: sigi.adminEmail
-  default: "sigi@interlegis.leg.br"
-  description: "SIGI Administrator"
-  label: Contato
-  type: string
-  group: Básico
-  required: true
- variable: sigi.adminPassword
-  default: "sigi"
-  description: "Senha do usuário administrativo do SIGI"
-  label: Senha Admin
-  type: password
-  group: Básico
-  required: true
-
-# Ingress
- variable: ingress.tls.enabled
-  default: true
-  type: boolean
-  description: "Habilitar criptografia do protocolo HTTP (HTTPS)?"
-  label: "Habilitar TLS?"
-  required: false
-  group: Ingress
-  show_subquestion_if: true
-  subquestions:
-    - variable: ingress.tls.provider
-      default: letsencrypt
-      type: enum
-      description: "Qual provedor de certificados utilizar?"
-      label: "Provedor de certificados"
-      required: false
-      group: Ingress
-      options:
-        - letsencrypt
-        - letsencrypt-hml
-        - aws
-
- variable: ingress.class
-  default: nginx
-  type: enum
-  description: "Qual o Ingress Controller?"
-  label: "Classe Ingress"
-  required: false
-  group: Ingress
-  options:
-    - nginx
-    - alb
-
-# Correio
- variable: sigi.emailSendUser
-  default: "sigi@interlegis.leg.br"
-  description: "Remetente dos e-mails enviados pelo SIGI"
-  label: "Remetente"
-  type: string
-  group: Correio
-  required: false
- variable: sigi.useTls
-  default: "False"
-  description: "Usar TLS ao conectar no servidor SMTP?"
-  label: "Usar TLS"
-  type: enum
-  group: Correio
-  options: 
-    - "True"
-    - "False"
-  required: false
- variable: sigi.emailPort
-  default: 25
-  description: "Porta de envio de E-mail (SMTP)"
-  type: int
-  label: "Porta SMTP"
-  required: false
-  group: Correio
- variable: sigi.emailHost
-  default: "smtp.interlegis.leg.br"
-  description: "Servidor de envio de e-mail (SMTP)"
-  label: "Servidor SMTP"
-  type: string
-  group: Correio
-  required: false
-
-# PostgreSQL
- variable: postgresql.internal
-  default: true
-  description: "Fazer o deploy do Postgres?"
-  label: "Postgres Interno?"
-  type: boolean
-  group: PostgreSQL
-  required: false
- variable: postgresql.auth.Password
-  default: "sigi"
-  description: "Senha do banco de dados Postgres"
-  label: "Senha do Postgres"
-  type: password
-  group: PostgreSQL
-  required: true 
-
-# Avançado
- variable: sigi.debug
-  default: "False"
-  description: "Habilitar mensagens de Debug?"
-  label: "Debug?"
-  type: enum
-  group: Avançado
-  options:
-    - "True"
-    - "False"
- variable: sigi.timeZone
-  default: "America/Sao_Paulo"
-  description: "Fuso Horário do SIGI"
-  type: enum
-  label: "Fuso"
-  options:
-    - "America/Sao_Paulo"
-    - "America/Fortaleza"
-    - "America/Belem"
-    - "America/Araguaina"
-    - "America/Bahia"
-    - "America/Boa_Vista"
-    - "America/Campo_Grande"
-    - "America/Cuiaba"
-    - "America/Maceio"
-    - "America/Manaus"
-    - "America/Porto_Velho"
-    - "America/Recife"
-    - "America/Rio_Branco"
-    - "America/Sao_Paulo"
-  required: true
-  group: Avançado
-
- variable: velero.backup.enabled
-  default: false
-  type: boolean
-  label: "Habilitar backup com Velero?"
-  description: "Criar ou não os objetos para backup com o Velero."
-  required: false
-  group: Avançado
--- a/charts/sigi/v0.1.0/templates/NOTES.txt
+++ b/charts/sigi/v0.1.0/templates/NOTES.txt
@ -1,10 +0,0 @@
-1. Seu SIGI pode ser acessado através da URL:
-{{- if .Values.ingress.enabled }}
-  http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.sigi.hostname }}
-{{- end }}
-2. Utilize as seguintes credenciais para acesso inicial:
-   Usuario: sigi
-   Senha: {{ .Values.sigi.adminPassword }}
-3. Usuario de administração do Postgres:
-   Usuario: sigi
-   Senha: {{ .Values.postgresql.postgresqlPassword }}
--- a/charts/sigi/v0.1.0/Chart.lock
+++ b/charts/sigi/v0.1.0/Chart.lock
--- a/charts/sigi/v0.1.0/Chart.yaml
+++ b/charts/sigi/v0.1.0/Chart.yaml
--- a/charts/sigi/v0.1.0/app-readme.md
+++ b/charts/sigi/v0.1.0/app-readme.md
--- a/charts/sigi/v0.1.0/charts/postgresql-11.6.8.tgz
+++ b/charts/sigi/v0.1.0/charts/postgresql-11.6.8.tgz
--- a/charts/sigi/v0/questions.yaml
+++ b/charts/sigi/v0/questions.yaml
@ -0,0 +1,152 @@
+labels:
+  io.cattle.role: project
+categories:
+- Gerencial
+questions:
+# Informações Básicas
+- variable: sigi.hostname
+  default: {{ include "sigi.fullname" . }}.interlegis.leg.br
+  description: "Endereço para acesso ao SIGI"
+  label: "URL do SIGI"
+  type: string
+  group: Básico
+  required: true
+  
+
+# Ingress
+- variable: ingress.tls.enabled
+  default: true
+  type: boolean
+  description: "Habilitar criptografia do protocolo HTTP (HTTPS)?"
+  label: "Habilitar TLS?"
+  required: false
+  group: Ingress
+  show_subquestion_if: true
+  subquestions:
+    - variable: ingress.tls.provider
+      default: letsencrypt
+      type: enum
+      description: "Qual provedor de certificados utilizar?"
+      label: "Provedor de certificados"
+      required: false
+      group: Ingress
+      options:
+        - letsencrypt
+        - letsencrypt-hml
+        - aws
+
+- variable: ingress.class
+  default: nginx
+  type: enum
+  description: "Qual o Ingress Controller?"
+  label: "Classe Ingress"
+  required: false
+  group: Ingress
+  options:
+    - nginx
+    - alb
+
+## Correio
+#- variable: sigi.emailSendUser
+#  default: "sigi@interlegis.leg.br"
+#  description: "Remetente dos e-mails enviados pelo SIGI"
+#  label: "Remetente"
+#  type: string
+#  group: Correio
+#  required: false
+#- variable: sigi.useTls
+#  default: "False"
+#  description: "Usar TLS ao conectar no servidor SMTP?"
+#  label: "Usar TLS"
+#  type: enum
+#  group: Correio
+#  options: 
+#    - "True"
+#    - "False"
+#  required: false
+#- variable: sigi.emailPort
+#  default: 25
+#  description: "Porta de envio de E-mail (SMTP)"
+#  type: int
+#  label: "Porta SMTP"
+#  required: false
+#  group: Correio
+#- variable: sigi.emailHost
+#  default: "smtp.interlegis.leg.br"
+#  description: "Servidor de envio de e-mail (SMTP)"
+#  label: "Servidor SMTP"
+#  type: string
+#  group: Correio
+#  required: false
+
+# PostgreSQL
+- variable: postgresql.internal
+  default: true
+  description: "Fazer o deploy do Postgres?"
+  label: "Postgres Interno?"
+  type: boolean
+  group: PostgreSQL
+  required: false
+#- variable: postgresql.auth.Password
+#  default: "sigi"
+#  description: "Senha do banco de dados Postgres"
+#  label: "Senha do Postgres"
+#  type: password
+#  group: PostgreSQL
+#  required: true 
+
+# Avançado
+- variable: sigi.debug
+  default: "False"
+  description: "Habilitar mensagens de Debug?"
+  label: "Debug?"
+  type: enum
+  options:
+    - "True"
+    - "False"
+  group: Avançado
+  required: true
+
+- variable: image.pullPolicy
+  default: IfNotPresent
+  description: "Politica de carga da imagem docker do SIGI."
+  label: "Carregar a imagem apenas quando não estiver presente?"
+  type: enum
+  options:
+    - IfNotPresent
+    - Always
+  group: Avançado
+  required: true
+
+#- variable: sigi.timeZone
+#  default: "America/Sao_Paulo"
+#  description: "Fuso Horário do SIGI"
+#  label: "Fuso"
+#  type: enum
+#  options:
+#    - "America/Sao_Paulo"
+#    - "America/Fortaleza"
+#    - "America/Belem"
+#    - "America/Araguaina"
+#    - "America/Bahia"
+#    - "America/Boa_Vista"
+#    - "America/Campo_Grande"
+#    - "America/Cuiaba"
+#    - "America/Maceio"
+#    - "America/Manaus"
+#    - "America/Porto_Velho"
+#    - "America/Recife"
+#    - "America/Rio_Branco"
+#    - "America/Sao_Paulo"
+#  group: Avançado
+#  required: true
+
+# Backup
+- variable: velero.backup.enabled
+  default: false
+  label: "Habilitar backup com Velero?"
+  description: "Criar ou não os objetos para backup com o Velero."
+  type: boolean
+  group: Backup
+  required: false
+
--- a/charts/sigi/v0/templates/NOTES.txt
+++ b/charts/sigi/v0/templates/NOTES.txt
@ -0,0 +1,5 @@
+1. Seu SIGI pode ser acessado através da URL:
+{{- if .Values.ingress.enabled }}
+  http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ .Values.sigi.hostname }}
+{{- end }}
+
--- a/charts/sigi/v0.1.0/templates/_helpers.tpl
+++ b/charts/sigi/v0.1.0/templates/_helpers.tpl
--- a/charts/sigi/v0.1.0/templates/deployment.yaml
+++ b/charts/sigi/v0.1.0/templates/deployment.yaml
@ -37,26 +37,50 @@ spec:
              containerPort: 80
              protocol: TCP
          env:
-            - name: DATABASE_URL
-              value: {{ printf "postgresql://%s:%s@%s:5432/%s" .Values.postgresql.auth.username .Values.postgresql.auth.password (include "postgresql.fullname" .) .Values.postgresql.auth.database| quote }}
-            - name: ADMIN_PASSWORD
-              value: "{{ .Values.sigi.adminPassword }}"
-            - name: ADMIN_EMAIL
-              value: "{{ .Values.sigi.adminEmail }}"
-            - name: EMAIL_SEND_USER
-              value: "{{ .Values.sigi.emailSendUser }}"
            - name: DEBUG
              value: "{{ .Values.sigi.debug }}"
-            - name: USE_TLS
-              value: "{{ .Values.sigi.useTls }}"
-            - name: EMAIL_PORT
-              value: "{{ .Values.sigi.emailPort }}"
-            - name: EMAIL_HOST
-              value: "{{ .Values.sigi.emailHost }}"
            - name: TZ
              value: "{{ .Values.sigi.timeZone }}"
            - name: LANG
              value: "{{ .Values.sigi.language }}"
+            - name: DATABASE_URL
+              value: {{ printf "postgresql://%s:%s@%s:5432/%s" .Values.postgresql.auth.username .Values.postgresql.auth.password (include "postgresql.fullname" .) .Values.postgresql.auth.database| quote }}
+            - name: EMAIL_PORT
+              value: "{{ .Values.sigi.emailPort }}"
+            - name: EMAIL_HOST
+              value: "{{ .Values.sigi.emailHost }}"
+            - name: DEFAULT_FROM_EMAIL
+              value: "{{ .Values.sigi.defaultFromEmail }}"
+            - name: AUTH_LDAP_SERVER_URI
+              value: "{{ .Values.sigi.auth.ldap.serverURI }}"
+            - name: AUTH_LDAP_BIND_DN
+              value: "{{ .Values.sigi.auth.ldap.bindDN }}"
+            - name: AUTH_LDAP_BIND_PASSWORD
+              value: "{{ .Values.sigi.auth.ldap.bindPwd }}"
+            - name: AUTH_LDAP_USER
+              value: "{{ .Values.sigi.auth.ldap.user }}"
+            - name: AUTH_LDAP_USER_SEARCH_STRING
+              value: "{{ .Values.sigi.auth.ldap.userSearchString }}"
+            - name: AUTH_LDAP_GROUP
+              value: "{{ .Values.sigi.auth.ldap.group }}"
+            - name: AUTH_LDAP_GROUP_SEARCH_STRING
+              value: "{{ .Values.sigi.auth.ldap.groupSearchString }}"
+            - name: AUTH_LDAP_GROUP_TYPE_STRING
+              value: "{{ .Values.sigi.auth.ldap.groupTypeString }}"
+            - name: AUTH_LDAP_USER_ATTR_MAP
+              value: "{{ .Values.sigi.auth.ldap.userAttrMap }}"
+            - name: AUTH_LDAP_PROFILE_ATTR_MAP
+              value: "{{ .Values.sigi.auth.ldap.profileAttrMap }}"
+            - name: AUTH_LDAP_FIND_GROUP_PERMS
+              value: "{{ .Values.sigi.auth.ldap.findGroupPerms }}"
+            - name: AUTH_LDAP_MIRROR_GROUPS
+              value: "{{ .Values.sigi.auth.ldap.mirrorGroups }}"
+            - name: AUTH_LDAP_CACHE_GROUPS
+              value: "{{ .Values.sigi.auth.ldap.cacheGroups }}"
+            - name: AUTH_LDAP_GROUP_CACHE_TIMEOUT
+              value: "{{ .Values.sigi.auth.ldap.groupCacheTimeout }}"
+            - name: AUTH_PROFILE_MODULE
+              value: "{{ .Values.sigi.auth.profileModule }}"
          volumeMounts:
 #            - mountPath: /var/interlegis/sigi/data
 #              name: data
--- a/charts/sigi/v0.1.0/templates/hpa.yaml
+++ b/charts/sigi/v0.1.0/templates/hpa.yaml
--- a/charts/sigi/v0.1.0/templates/ingress.yaml
+++ b/charts/sigi/v0.1.0/templates/ingress.yaml
--- a/charts/sigi/v0.1.0/templates/pvc-media.yaml
+++ b/charts/sigi/v0.1.0/templates/pvc-media.yaml
--- a/charts/sigi/v0.1.0/templates/secretkey.yaml
+++ b/charts/sigi/v0.1.0/templates/secretkey.yaml
--- a/charts/sigi/v0.1.0/templates/service.yaml
+++ b/charts/sigi/v0.1.0/templates/service.yaml
--- a/charts/sigi/v0.1.0/templates/velero-schedule-monthly.yaml
+++ b/charts/sigi/v0.1.0/templates/velero-schedule-monthly.yaml
--- a/charts/sigi/v0.1.0/templates/velero-schedule-weekdays.yaml
+++ b/charts/sigi/v0.1.0/templates/velero-schedule-weekdays.yaml
--- a/charts/sigi/v0.1.0/templates/velero-schedule-weekly.yaml
+++ b/charts/sigi/v0.1.0/templates/velero-schedule-weekly.yaml
--- a/charts/sigi/v0.1.0/values.yaml
+++ b/charts/sigi/v0.1.0/values.yaml
@ -48,16 +48,30 @@ persistence:
  size: 2Gi

 sigi:
-  adminPassword: altereme
-  adminEmail: sigi@interlegis.leg.br
-  emailSendUser: no-reply@interlegis.leg.br
  debug: 'False'
-  useTls: 'False'
-  emailPort: 25
-  emailHost: mail.interlegis.leg.br
+  hostname: {{ include "sigi.fullname" . }}.interlegis.leg.br
  timeZone: 'America/Sao_Paulo'
-  hostname: 'sigi.interlegis.leg.br'
  language: 'pt_BR.UTF-8'
+  emailPort: 25
+  emailHost: smtp.interlegis.leg.br
+  defaultFromEmail: sigi@interlegis.leg.br
+  auth:
+    ldap:
+      serverURI: 'ldap://ad.senado.gov.br'
+      bindDN: 'CN=Sistema de Informações Gerenciais do Interlegis Service Account,OU=_UsuariosServicos,OU=2-AdministracaoSistemas,DC=senado,DC=gov,DC=br'
+      bindPwd: 'RgtJdtvas7s4BSpjnVnR'
+      user: 'U=UsuariosPessoas,DC=senado,DC=gov,DC=br'
+      userSearchString: '(sAMAccountName=%(user)s)'
+      group: 'OU=GruposAutomaticosOU,DC=senado,DC=gov,DC=br'
+      groupSearchString: '(objectClass=Group)'
+      groupTypeString: 'cn'
+      userAttrMap: {"first_name": "givenName", "last_name": "sn", "email": "userPrincipalName", 'is_staff': "cn",}
+      profileAttrMap: {"nome_completo": "cn"}
+      findGroupPerms: True
+      mirrorGroups: True
+      cacheGroups: True
+      groupCacheTimeout: 3600
+    profileModule: 'servidores.Servidor'

 ingress:
  enabled: true
@ -113,7 +127,6 @@ postgresql:
      cpu: 50m
      memory: 64Mi

-
 resources:
  limits:
    cpu: 1000m