Commit c816d2a3 authored by Günter Hipler's avatar Günter Hipler
Browse files

Merge branch 'helm-charts' into 'master'

Replace k8s manifest with helm chart

See merge request !1
parents 43ac5273 1c4e94c6
Pipeline #31310 passed with stages
in 4 minutes and 48 seconds
......@@ -13,5 +13,6 @@ bin
*.tmp
gh/testdaten
.idea
.metals
node_modules
conf/development.conf
stages:
- test
- test-build
- publish
......@@ -17,3 +18,5 @@ include:
- project: 'memoriav/memobase-2020/utilities/ci-templates'
ref: modular
file: 'docker/default.yml'
- project: 'memoriav/memobase-2020/utilities/ci-templates'
file: 'helm-chart/helm-chart.yml'
......@@ -49,7 +49,7 @@ class ElasticsearchClient @Inject()(
Future.successful(client.getOrElse(Option.empty))
})
override val index: String = getEnv("ELASTICSEARCH_INDEX")
override val index: String = getEnv("ELASTIC_INDEX")
//val client: Option[RestHighLevelClient] = connect()
override val client: Option[RestHighLevelClient] = connect()
......@@ -117,16 +117,16 @@ class ElasticsearchClient @Inject()(
private def connect(): Option[RestHighLevelClient] = {
val hosts = new ArrayBuffer[HttpHost]
val configuredHosts = getEnv("ELASTICSEARCH_HOSTS").split(";")
val configuredPort = getEnv("ELASTICSEARCH_PORT").toIntOption.getOrElse(8080)
val configuredHosts = getEnv("ELASTIC_HOST").split(";")
val configuredPort = getEnv("ELASTIC_PORT").toIntOption.getOrElse(8080)
configuredHosts.foreach(
value => {
hosts += new HttpHost(value, configuredPort)
}
)
val headers = Array(new BasicHeader("cluster.name", getEnv("ELASTICSEARCH_CLUSTER"))
.asInstanceOf[Header])
Option(new RestHighLevelClient(RestClient.builder(hosts.toArray : _*).setDefaultHeaders(headers)))
//val headers = Array(new BasicHeader("cluster.name", getEnv("ELASTIC_CLUSTERNAME"))
// .asInstanceOf[Header])
Option(new RestHighLevelClient(RestClient.builder(hosts.toArray : _*)))
}
private def getEnv(value: String): String = {
......
include "oaiconfigmap/oai.conf"
include "secureconfigmap/secure.conf"
#include "oai"
#include "secure"
#include "oai.conf"
#include "secure.conf"
play {
......
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
\ No newline at end of file
apiVersion: v2
name: oai
description: A helm chart for the OAI service
type: application
version: 0.0.0
appVersion: 0.0.0
maintainers:
- name: Sebastian Schüpbach
email: sebastian.schuepbach@unibas.ch
tag: "0.5.4"
k8sEnvironment: prod
k8sReplicas: 1
k8sRequestsCpu: "0.5"
k8sRequestsMemory: "512Mi"
k8sLimitsCpu: "0.7"
k8sLimitsMemory: "768Mi"
k8sHost: oai.memobase.ch
k8sPort: 9000
elasticHostConfigs: prod-elastic-configs
elasticIndexConfigs: prod-edm-index
responseListlength: "30"
resumptionTokenTtl: "3"
tag: "latest"
k8sEnvironment: stage
k8sReplicas: 1
k8sRequestsCpu: "0.5"
k8sRequestsMemory: "512Mi"
k8sLimitsCpu: "0.7"
k8sLimitsMemory: "768Mi"
k8sHost: oai-stage.memobase.k8s.unibas.ch
k8sPort: 9000
elasticHostConfigs: stage-elastic-configs
elasticIndex: stage-edm-index
responseListlength: "30"
resumptionTokenTtl: "3"
tag: "0.5.4"
k8sEnvironment: test
k8sReplicas: 1
k8sRequestsCpu: "0.5"
k8sRequestsMemory: "512Mi"
k8sLimitsCpu: "0.7"
k8sLimitsMemory: "768Mi"
k8sHost: oai-test.memobase.k8s.unibas.ch
k8sPort: 9000
elasticHostConfigs: test-elastic-configs
elasticIndex: test-edm-index
responseListlength: "30"
resumptionTokenTtl: "3"
oaiconfigs: {
common: {
xsi_schemaLocation: "http://www.openarchives.org/OAI/2.0/ http://www.openarchives.org/OAI/2.0/OAI-PMH.xsd"
}
sets: [
{
"spec": "memobase"
"name": "Association of all sets defined by Memobase for OAI export"
"includedsets": ["memobase:apf"]
}
{
"spec": "memobase:europeana"
"name": "Association of all sets defined by Memobase for OAI export to Europeana"
"includedsets": ["memobase:apf"]
}
{
#brauchen wir das auf Bestandesebene? - dann ein includedsets
"spec": "memobase:apf"
"name": "Association Films Plans-Fixes, all record sets"
"includedsets": ["memobase:apf-001"]
#"field": "institution"
#"value": "apf"
}
{
#brauchen wir das auf Bestandesebene? - dann ein includedsets
"spec": "memobase:apf-001"
"name": "Association Films Plans-Fixes, Fonds film et video Plans-Fixes"
"field": "recordset"
"value": "apf-001"
}
]
metadataPrefix: [
{
"metadataPrefix": "edm"
"schema": "http://www.europeana.eu/schemas/edm/EDM.xsd"
"metadataNamespace": "https://pro.europeana.eu/page/edm-documentation"
}
]
identify: {
repositoryName: "memobase OAI repositories"
baseURL: "https://oai.memobase.ch"
protocolVersion: "2.0"
adminEmail: "admin@memobase.ch"
earliestDatestamp: "2021-01-01T00:00:00.000Z"
deletedRecord: "transient"
granularity: "YYYY-MM-DDThh:mm:ss.sssZ"
}
}
# Set up Play for HTTPS and locked down allowed hosts.
# Nothing in here is required for REST, but it's a good default.
play {
http {
cookies.strict = true
session.secure = true
session.httpOnly = true
flash.secure = true
flash.httpOnly = true
forwarded.trustedProxies = ["::1", "127.0.0.1"]
}
i18n {
langCookieSecure = true
langCookieHttpOnly = true
}
filters {
csrf {
cookie.secure = true
}
hosts {
# A list of valid hosts (e.g. "example.com") or suffixes of valid hosts (e.g. ".example.com")
# Note that ".example.com" will match example.com and any subdomain of example.com, with or without a trailing dot.
# "." matches all domains, and "" matches an empty or nonexistent host.
allowed = ["192.168.99.100", "localhost", ".k8s.unibas.ch", "127.0.0.1", ".memobase.ch"]
routeModifiers {
# If non empty, then requests will be checked if the route does not have this modifier. This is how we enable the
# anyhost modifier, but you may choose to use a different modifier (such as "api") if you plan to check the
# modifier in your code for other purposes.
whiteList = ["anyhost"]
# If non empty, then requests will be checked if the route contains this modifier
# The black list is used only if the white list is empty
blackList = []
}
}
}
}
\ No newline at end of file
oaiconfigs: {
common: {
xsi_schemaLocation: "http://www.openarchives.org/OAI/2.0/ http://www.openarchives.org/OAI/2.0/OAI-PMH.xsd"
}
sets: [
{
"spec": "memobase"
"name": "Association of all sets defined by Memobase for OAI export"
"includedsets": ["memobase:apf"]
}
{
"spec": "memobase:europeana"
"name": "Association of all sets defined by Memobase for OAI export to Europeana"
"includedsets": ["memobase:apf"]
}
{
#brauchen wir das auf Bestandesebene? - dann ein includedsets
"spec": "memobase:apf"
"name": "Association Films Plans-Fixes, all record sets"
"includedsets": ["memobase:apf-001"]
#"field": "institution"
#"value": "apf"
}
{
#brauchen wir das auf Bestandesebene? - dann ein includedsets
"spec": "memobase:apf-001"
"name": "Association Films Plans-Fixes, Fonds film et video Plans-Fixes"
"field": "recordset"
"value": "apf-001"
}
]
metadataPrefix: [
{
"metadataPrefix": "edm"
"schema": "http://www.europeana.eu/schemas/edm/EDM.xsd"
"metadataNamespace": "https://pro.europeana.eu/page/edm-documentation"
}
]
identify: {
repositoryName: "memobase OAI repositories"
baseURL: "https://oai.memobase.ch"
protocolVersion: "2.0"
adminEmail: "admin@memobase.ch"
earliestDatestamp: "2021-01-01T00:00:00.000Z"
deletedRecord: "transient"
granularity: "YYYY-MM-DDThh:mm:ss.sssZ"
}
}
# Set up Play for HTTPS and locked down allowed hosts.
# Nothing in here is required for REST, but it's a good default.
play {
http {
cookies.strict = true
session.secure = true
session.httpOnly = true
flash.secure = true
flash.httpOnly = true
forwarded.trustedProxies = ["::1", "127.0.0.1"]
}
i18n {
langCookieSecure = true
langCookieHttpOnly = true
}
filters {
csrf {
cookie.secure = true
}
hosts {
# A list of valid hosts (e.g. "example.com") or suffixes of valid hosts (e.g. ".example.com")
# Note that ".example.com" will match example.com and any subdomain of example.com, with or without a trailing dot.
# "." matches all domains, and "" matches an empty or nonexistent host.
allowed = ["192.168.99.100", "localhost", ".k8s.unibas.ch", "127.0.0.1", ".memobase.ch"]
routeModifiers {
# If non empty, then requests will be checked if the route does not have this modifier. This is how we enable the
# anyhost modifier, but you may choose to use a different modifier (such as "api") if you plan to check the
# modifier in your code for other purposes.
whiteList = ["anyhost"]
# If non empty, then requests will be checked if the route contains this modifier
# The black list is used only if the white list is empty
blackList = []
}
}
}
}
\ No newline at end of file
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment}}-config"
namespace: "{{ .Values.k8sNamespace }}"
data:
ELASTIC_INDEX: "{{ .Values.elasticIndex }}"
RESPONSE_LISTLENGTH: "{{ .Values.responseListlength }}"
RESUMPTION_TOKEN_TTL: "{{ .Values.resumptionTokenTtl }}"
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment}}"
namespace: "{{ .Values.k8sNamespace }}"
labels:
app: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment}}-app"
spec:
selector:
matchLabels:
app: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment}}-app"
replicas: {{ .Values.k8sReplicas}}
template:
metadata:
labels:
app: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment}}-app"
group: "{{ .Values.k8sGroupName }}"
environment: "{{ .Values.k8sEnvironment }}"
spec:
containers:
- name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment}}-app"
image: "{{ .Values.registry }}/{{ .Values.image }}:{{ .Values.tag }}"
# image: guenterh/oaimemobase:latest
imagePullPolicy: Always
ports:
- containerPort: {{ .Values.k8sPort }}
name: http
protocol: TCP
resources:
requests:
cpu: "{{ .Values.k8sRequestsCpu }}"
memory: "{{ .Values.k8sRequestsMemory }}"
limits:
cpu: "{{ .Values.k8sLimitsCpu }}"
memory: "{{ .Values.k8sLimitsMemory }}"
volumeMounts:
- mountPath: "{{ .Values.oaiConfPath }}"
name: oaiconf
- mountPath: "{{ .Values.secoreConfPath }}"
name: secureconf
envFrom:
- configMapRef:
name: "{{ .Values.elasticHostConfigs }}"
- configMapRef:
name: "{{ .Values.elasticIndexConfigs }}"
- configMapRef:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment}}-config"
restartPolicy: Always
volumes:
- name: oaiconf
configMap:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-oai-config"
- name: secureconf
configMap:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-secure-config"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
namespace: memobase
name: oai-ingress
namespace: "{{ .Values.k8sNamespace }}"
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-ingress"
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
labels:
app: oai-api
app: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-app"
spec:
tls:
- hosts:
- oai.memobase.k8s.unibas.ch
secretName: api.memobase.k8s.unibas.ch-tls
- "{{ .Values.k8sHost }}"
secretName: "{{ .Values.k8sHost }}-tls"
rules:
- host: oai.memobase.k8s.unibas.ch
- host: "{{ .Values.k8sHost }}"
http:
paths:
- path: /
backend:
serviceName: oai-service
servicePort: 9000
serviceName: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-service"
servicePort: {{ .Values.k8sPort }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-oai-config"
namespace: "{{ .Values.k8sNamespace }}"
data:
oai.conf: |-
{{- (.Files.Get (printf "%s-oai.conf" .Values.k8sEnvironment)) | nindent 4 }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-secure-config"
namespace: "{{ .Values.k8sNamespace }}"
data:
secure.conf: |-
{{- (.Files.Get (printf "%s-secure.conf" .Values.k8sEnvironment)) | nindent 4 }}
apiVersion: v1
kind: Service
metadata:
namespace: "{{ .Values.k8sNamespace }}"
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-service"
labels:
app: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-app"
spec:
ports:
- port: {{ .Values.k8sPort }}
selector:
app: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-app"
group: "{{ .Values.k8sGroupName }}"
environment: "{{ .Values.k8sEnvironment }}"
clusterIP: None
oaiconfigs: {
common: {
xsi_schemaLocation: "http://www.openarchives.org/OAI/2.0/ http://www.openarchives.org/OAI/2.0/OAI-PMH.xsd"
}
sets: [
{
"spec": "memobase"
"name": "Association of all sets defined by Memobase for OAI export"
"includedsets": ["memobase:apf"]
}
{
"spec": "memobase:europeana"
"name": "Association of all sets defined by Memobase for OAI export to Europeana"
"includedsets": ["memobase:apf"]
}
{
#brauchen wir das auf Bestandesebene? - dann ein includedsets
"spec": "memobase:apf"
"name": "Association Films Plans-Fixes, all record sets"
"includedsets": ["memobase:apf-001"]
#"field": "institution"
#"value": "apf"
}
{
#brauchen wir das auf Bestandesebene? - dann ein includedsets
"spec": "memobase:apf-001"
"name": "Association Films Plans-Fixes, Fonds film et video Plans-Fixes"
"field": "recordset"
"value": "apf-001"
}
]
metadataPrefix: [
{
"metadataPrefix": "edm"
"schema": "http://www.europeana.eu/schemas/edm/EDM.xsd"
"metadataNamespace": "https://pro.europeana.eu/page/edm-documentation"
}
]
identify: {
repositoryName: "memobase OAI repositories"
baseURL: "https://oai.memobase.ch"
protocolVersion: "2.0"
adminEmail: "admin@memobase.ch"
earliestDatestamp: "2021-01-01T00:00:00.000Z"
deletedRecord: "transient"
granularity: "YYYY-MM-DDThh:mm:ss.sssZ"
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment