diff --git a/cerebro/Chart.yaml b/cerebro/Chart.yaml old mode 100755 new mode 100644 index 87101ee7..c3f93084 --- a/cerebro/Chart.yaml +++ b/cerebro/Chart.yaml @@ -1,9 +1,11 @@ +apiVersion: v2 name: cerebro -home: https://github.com/lmenezes/cerebro -apiVersion: v1 -version: 0.4.0 -description: cerebro is an open source(MIT License) elasticsearch web admin tool built using Scala, Play Framework, AngularJS and Bootstrap. -icon: https://github.com/lmenezes/cerebro/raw/master/public/img/logo.png +description: Elasticsearch web admin tool +type: application +version: 1.0.0 +keywords: + - cerebro + - elasticsearch sources: - https://github.com/lmenezes/cerebro maintainers: @@ -13,3 +15,10 @@ maintainers: - name: Matt Clark email: mattclark@cos.io url: https://github.com/mattclark +dependencies: + - name: cos-common + version: 1.0.0 + repository: https://centerforopenscience.github.io/helm-charts/ + # - name: cos-common + # version: 1.0.0 + # repository: "file://../cos-common" diff --git a/cerebro/templates/_helpers.tpl b/cerebro/templates/_helpers.tpl deleted file mode 100644 index 891a9241..00000000 --- a/cerebro/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "cerebro.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "cerebro.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/cerebro/templates/deployment.yaml b/cerebro/templates/deployment.yaml deleted file mode 100644 index 5052c68c..00000000 --- a/cerebro/templates/deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "cerebro.fullname" . }} - labels: - app: {{ template "cerebro.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - selector: - matchLabels: - app: {{ template "cerebro.name" . }} - release: {{ .Release.Name }} - replicas: 1 - template: - metadata: - labels: - app: {{ template "cerebro.name" . }} - release: {{ .Release.Name }} - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - spec: - affinity: - {{- if .Values.additionalAffinities }} - {{- toYaml .Values.additionalAffinities | nindent 8 }} - {{- end }} - containers: - - name: cerebro - env: - - name: JAVA_OPTS - value: "-Djava.net.preferIPv4Stack=true -Xms{{ .Values.heapSize }} -Xmx{{ .Values.heapSize }}" - resources: - {{- toYaml .Values.resources | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ default "" .Values.image.pullPolicy | quote }} - ports: - - containerPort: 9000 - name: http - volumeMounts: - - mountPath: /opt/cerebro/conf/application.conf - name: secret - subPath: application.conf - {{- if .Values.tls.enabled }} - {{- if hasKey .Values.tls "files" }} - {{- range $key := keys .Values.tls.files }} - - mountPath: /certs/{{ $key }} - name: secret - subPath: certs-{{ $key }} - readOnly: true - {{- end }} - {{- end }} - {{- if hasKey .Values.tls "base64Files" }} - {{- range $key := keys .Values.tls.base64Files }} - - mountPath: /certs/{{ $key }} - name: secret - subPath: certs-{{ $key }} - readOnly: true - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: secret - secret: - secretName: {{ template "cerebro.fullname" . }} diff --git a/cerebro/templates/main.yaml b/cerebro/templates/main.yaml new file mode 100644 index 00000000..8167663f --- /dev/null +++ b/cerebro/templates/main.yaml @@ -0,0 +1,2 @@ +{{- include "cos-common.secret" (dict "root" . "name" "" "values" .Values.main) }} +{{- include "cos-common.deployment" (dict "root" . "name" "" "values" .Values.main) }} diff --git a/cerebro/templates/secret.yaml b/cerebro/templates/secret.yaml deleted file mode 100644 index 9d5ef63d..00000000 --- a/cerebro/templates/secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "cerebro.fullname" . }} - labels: - app: {{ template "cerebro.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - {{- range $key, $value := .Values.secrets }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} - {{- if .Values.tls.enabled }} - {{- if hasKey .Values.tls "files" }} - {{- range $key, $value := .Values.tls.files }} - certs-{{ $key }}: {{ $value | b64enc | quote }} - {{- end }} - {{- end }} - {{- if hasKey .Values.tls "base64Files" }} - {{- range $key, $value := .Values.tls.base64Files }} - certs-{{ $key }}: {{ $value | nospace | quote }} - {{- end }} - {{- end }} - {{- end }} diff --git a/cerebro/values.yaml b/cerebro/values.yaml index 60ee0028..84aac819 100644 --- a/cerebro/values.yaml +++ b/cerebro/values.yaml @@ -1,107 +1,160 @@ -# Default values for elasticsearch. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - repository: quay.io/centerforopenscience/cerebro - tag: master # refers to v0.7 - pullPolicy: Always - -heapSize: "128m" - -resources: - limits: - cpu: "1" - memory: "512Mi" - requests: - cpu: "25m" - memory: "256Mi" - -tls: - enabled: false - #files: - # # Certificate Authority certificates - # ca_chain.pem: >- - # ... - # # Client Certificate and Private Key - # client.pem: >- - # ... - #base64Files: - # # Certificate Authority certificates - # trust.jks: >- - # ... - # # Client Certificate and Private Key - # client.jks: >- - # ... - -secrets: - application.conf: | - # Secret will be used to sign session cookies, CSRF tokens and for other encryption utilities. - # It is highly recommended to change this value before running cerebro in production. - secret = "ki:s:[[@=Ag?QI`W2jMwkY:eqvrJ]JqoJyi2axj3ZvOv^/KavOT4ViJSv?6YY4[N" - - # Application base path - basePath = "/" - - # Defaults to RUNNING_PID at the root directory of the app. - # To avoid creating a PID file set this value to /dev/null - #pidfile.path = "/var/run/cerebro.pid" - pidfile.path=/dev/null - - # Rest request history max size per user - rest.history.size = 50 // defaults to 50 if not specified - - # Path of local database file - #data.path: "/var/lib/cerebro/cerebro.db" - data.path = "./cerebro.db" - - # Authentication - auth = { - # Example of LDAP authentication - #type: ldap - #settings: { - #url = "ldap://host:port" - #base-dn = "ou=active,ou=Employee" - #method = "simple" - #user-domain = "domain.com" - #} - # Example of simple username/password authentication - #type: basic - #settings: { - #username = "admin" - #password = "1234" +## =============== MAIN Component =============== +main: + enabled: true + + replicas: 1 + + heapSize: "128m" + +# ------- Configuration follows for containerName: cerebro ------- + image: + repository: quay.io/centerforopenscience/cerebro + tag: master + pullPolicy: Always + + containerName: cerebro + + env: + - name: JAVA_OPTS + value: "-Djava.net.preferIPv4Stack=true -Xms{{ .Values.main.heapSize }} -Xmx{{ .Values.main.heapSize }}" + + ports: + - name: http + containerPort: 9000 + protocol: TCP + + volumeMounts: + - name: secret + mountPath: /opt/cerebro/conf/application.conf + subPath: application.conf + ## If TLS enabled + # - name: secret + # mountPath: /certs/ca_chain.pem + # subPath: certs-ca_chain.pem + # readOnly: true + # - name: secret + # mountPath: /certs/client.pem + # subPath: certs-client.pem + # readOnly: true + # - name: secret + # mountPath: /certs/client.jks + # subPath: certs-client.jks + # readOnly: true + # - name: secret + # mountPath: /certs/trust.jks + # subPath: certs-trust.jks + # readOnly: true + + resources: + limits: + cpu: "1" + memory: "512Mi" + requests: + cpu: "25m" + memory: "256Mi" + + +# ------- Volumes configuration for the pod ------- + volumes: + - name: secret + secret: + secretName: '{{ include "cos-common.fullname" (dict "root" . "name" "") | trim }}' + + +# ------- Affitnity configuration ------- + affinity: {} + additionalAffinities: [] + + +# ------- Pod Annotations ------- + podAnnotations: + checksum/secret: '{{ include "cos-common.componentChecksum" (dict "root" . "name" "" "values" .Values.main "resource" "secret") }}' + + +# ------- Secrets configuration ------- +# Secret name: '{{ include "cos-common.fullname" (dict "root" . "name" "") | trim }}' + secret: + enabled: true + includeTls: "{{ .Values.tls.enabled }}" + data: + application.conf: | + # Secret will be used to sign session cookies, CSRF tokens and for other encryption utilities. + # It is highly recommended to change this value before running cerebro in production. + secret = "ki:s:[[@=Ag?QI`W2jMwkY:eqvrJ]JqoJyi2axj3ZvOv^/KavOT4ViJSv?6YY4[N" + + # Application base path + basePath = "/" + + # Defaults to RUNNING_PID at the root directory of the app. + # To avoid creating a PID file set this value to /dev/null + #pidfile.path = "/var/run/cerebro.pid" + pidfile.path=/dev/null + + # Rest request history max size per user + rest.history.size = 50 // defaults to 50 if not specified + + # Path of local database file + #data.path: "/var/lib/cerebro/cerebro.db" + data.path = "./cerebro.db" + + # Authentication + auth = { + # Example of LDAP authentication + #type: ldap + #settings: { + #url = "ldap://host:port" + #base-dn = "ou=active,ou=Employee" + #method = "simple" + #user-domain = "domain.com" + #} + # Example of simple username/password authentication + #type: basic + #settings: { + #username = "admin" + #password = "1234" + #} + } + + # A list of known hosts + hosts = [ + #{ + # host = "http://localhost:9200" + # name = "Some Cluster" + #}, + # Example of host with authentication + #{ + # host = "http://some-authenticated-host:9200" + # name = "Secured Cluster" + # auth = { + # username = "username" + # password = "secret-password" + # } + #} + ] + + #play.ws.ssl { + # #loose = { + # # disableHostnameVerification: true + # #} + # keyManager = { + # stores = [ + # { path: /certs/client.jks, password: "123456" } + # ] + # } + # trustManager = { + # stores = [ + # { path: /certs/trust.jks } + # ] + # } #} - } - - # A list of known hosts - hosts = [ - #{ - # host = "http://localhost:9200" - # name = "Some Cluster" - #}, - # Example of host with authentication - #{ - # host = "http://some-authenticated-host:9200" - # name = "Secured Cluster" - # auth = { - # username = "username" - # password = "secret-password" - # } - #} - ] - - #play.ws.ssl { - # #loose = { - # # disableHostnameVerification: true - # #} - # keyManager = { - # stores = [ - # { path: /certs/client.jks, password: "123456" } - # ] - # } - # trustManager = { - # stores = [ - # { path: /certs/trust.jks } - # ] - # } - #} + ## If TLS enabled + # certs-ca_chain.pem: "" + # certs-client.pem: "" + # base64Files: + # certs-client.jks: "" + # certs-trust.jks: "" + + +# ------- Selectors and etc. ------- + nodeSelector: {} + tolerations: []