Merge pull request #69 from OWASP/helmcharts

Add helm charts

deploy/docker/docker-compose.yml

@@ -134,9 +134,9 @@ services:
     ports:
       - "127.0.0.1:8888:80"
     environment:
-      - GO_SERVICE=crapi-community:${COMMUNITY_SERVER_PORT:-8087}
-      - JAVA_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
-      - PYTHON_SERVICE=crapi-workshop:${WORKSHOP_SERVER_PORT:-8000}
+      - COMMUNITY_SERVICE=crapi-community:${COMMUNITY_SERVER_PORT:-8087}
+      - IDENTITY_SERVICE=crapi-identity:${IDENTITY_SERVER_PORT:-8080}
+      - WORKSHOP_SERVICE=crapi-workshop:${WORKSHOP_SERVER_PORT:-8000}
     depends_on:
       crapi-community:
         condition: service_healthy

deploy/helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/helm/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: crapi
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: helm

deploy/helm/templates/community/config.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: crapi-community-configmap
+  labels:
+    app: crapi-community
+data:
+    DB_HOST: postgresdb
+    DB_DRIVER: postgres
+    JWT_SECRET: crapi
+    DB_USER: admin
+    DB_PASSWORD: crapisecretpassword
+    DB_NAME: crapi
+    DB_PORT: "5432"
+    MONGO_DB_HOST: mongodb
+    MONGO_DB_DRIVER: mongodb
+    MONGO_DB_PORT: "27017"
+    MONGO_DB_USER: admin
+    MONGO_DB_PASSWORD: crapisecretpassword
+    MONGO_DB_NAME: crapi
+    SERVER_PORT: "{{ .Values.community.port }}"

deploy/helm/templates/community/deployment.yaml

@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: crapi-community
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: crapi-community
+  template:
+    metadata:
+      labels:
+        app: crapi-community
+    spec:
+      initContainers:
+        - name: wait-for-postgres
+          image: groundnuty/k8s-wait-for:v1.3
+          imagePullPolicy: Always
+          args:
+            - "service"
+            - "postgresdb"
+        - name: wait-for-mongo
+          image: groundnuty/k8s-wait-for:v1.3
+          imagePullPolicy: Always
+          args:
+            - "service"
+            - "mongodb"
+        - name: wait-for-java
+          image: groundnuty/k8s-wait-for:v1.3
+          imagePullPolicy: Always
+          args:
+            - "service"
+            - "crapi-identity"
+      containers:
+      - name: crapi-community
+        image: {{ .Values.community.image }}:{{ .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        ports:
+        - containerPort: {{ .Values.community.port }}
+        envFrom:
+            - configMapRef:
+                name: crapi-community-configmap
+        resources:
+          limits:
+            cpu: "500m"
+          requests:
+            cpu: 256m

deploy/helm/templates/community/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: crapi-community
+  labels:
+    app: crapi-community
+spec:
+  ports:
+  - port: {{ .Values.community.port }}
+    name: go
+  selector:
+    app: crapi-community

deploy/helm/templates/identity/config.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: crapi-identity-configmap
+  labels:
+    app: crapi-identity
+data:
+  DB_HOST: postgresdb
+  DB_DRIVER: postgresql
+  JWT_SECRET: crapi #Used for creating a JWT. Can be anything 
+  DB_USER: admin
+  DB_PASSWORD: crapisecretpassword
+  DB_NAME: crapi
+  DB_PORT: "5432"
+  APP_NAME: "crapi-identity"
+  BLOCK_SHELL_INJECTION: "true"
+  MAILHOG_HOST: mailhog
+  MAILHOG_PORT: "1025"
+  MAILHOG_DOMAIN: "example.com"
+  SMTP_HOST: "smtp.example.com"
+  SMTP_PORT: "587"
+  SMTP_EMAIL: "[email protected]"
+  SMTP_PASS: "xxxxxxxxxxxxxx"
+  SMTP_FROM: "[email protected]"
+  SMTP_AUTH: "true"
+  SMTP_STARTTLS: "true"
+  SERVER_PORT: "{{ .Values.identity.port }}"

deploy/helm/templates/identity/deployment.yaml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: crapi-identity
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: crapi-identity
+  template:
+    metadata:
+      labels:
+        app: crapi-identity
+    spec:
+      initContainers:
+        - name: wait-for-postgres
+          image: groundnuty/k8s-wait-for:v1.3
+          imagePullPolicy: Always
+          args:
+            - "service"
+            - "postgresdb"
+      containers:
+      - name: crapi-identity
+        image: {{ .Values.identity.image }}:{{ .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        ports:
+        - containerPort: {{ .Values.identity.port }}
+        envFrom:
+            - configMapRef:
+                name: crapi-identity-configmap
+        resources:
+          limits:
+            cpu: "500m"
+          requests:
+            cpu: 256m
+        readinessProbe:
+          tcpSocket:
+            port: {{ .Values.identity.port }}
+          initialDelaySeconds: 15
+          periodSeconds: 10
+

deploy/helm/templates/identity/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: crapi-identity
+  labels:
+    app: crapi-identity
+spec:
+  ports:
+  - port: {{ .Values.identity.port }}
+    name: java
+  selector:
+    app: crapi-identity

deploy/helm/templates/mailhog/config.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mailhog-configmap
+  labels:
+    app: mailhog
+data:
+  MH_MONGO_URI: admin:crapisecretpassword@mongodb:27017
+  MH_STORAGE: mongodb

deploy/helm/templates/mailhog/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mailhog
+  namespace: crapi
+spec:
+  selector:
+    matchLabels:
+      app: mailhog
+  replicas: 1
+  minReadySeconds: 10
+  progressDeadlineSeconds: 600
+  template:
+    metadata:
+      labels:
+        app: mailhog
+      annotations:
+        sidecar.traceable.ai/inject: "false"
+    spec:
+      securityContext:
+        runAsUser: 0
+        runAsGroup: 0
+      containers:
+        - name: mailhog
+          image: {{ .Values.mailhog.image }}:{{ .Chart.AppVersion }}
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          livenessProbe:
+            tcpSocket:
+              port: 1025
+            initialDelaySeconds: 15
+            periodSeconds: 60
+          readinessProbe:
+            tcpSocket:
+              port: 1025
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          ports:
+          - containerPort: 8025
+            name: web
+            protocol: TCP
+          - containerPort: 1025
+            name: smtp
+            protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: mailhog-configmap
+          resources:
+            limits:
+              cpu: "1"
+              memory: 1024Mi
+            requests:
+              cpu: 50m
+              memory: 64Mi

deploy/helm/templates/mailhog/ingress.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mailhog-web
+  namespace: crapi
+spec:
+  ports:
+  - name: web
+    port: 8025
+    nodePort: 30025
+    protocol: TCP
+  selector:
+    app: mailhog
+  sessionAffinity: None
+  type: LoadBalancer

deploy/helm/templates/mailhog/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mailhog
+  namespace: crapi
+spec:
+  ports:
+  - name: smtp
+    port: 1025
+    protocol: TCP
+    targetPort: 1025
+  selector:
+    app: mailhog
+  sessionAffinity: None
+  type: ClusterIP
+

deploy/helm/templates/mongodb/config.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mongodb-config
+  labels:
+    app: mongodb
+data:
+  MONGO_INITDB_ROOT_USERNAME: admin
+  MONGO_INITDB_ROOT_PASSWORD: crapisecretpassword
+

deploy/helm/templates/mongodb/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongodb
+  labels:
+    app: mongodb
+spec:
+  ports:
+  - port: 27017
+    name: mongo
+  selector:
+    app: mongodb

deploy/helm/templates/mongodb/statefulset.yaml

@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongodb
+spec:
+  serviceName: mongodb 
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mongodb
+  template:
+    metadata:
+      labels:
+        app: mongodb
+    spec:
+      containers:
+        - name: mongodb
+          image: {{ .Values.mongodb.image }}:{{ .Values.mongodb.version }}
+          imagePullPolicy: "IfNotPresent"
+          envFrom:
+            - configMapRef:
+                name: mongodb-config
+          volumeMounts:
+            - mountPath: /data/db
+              name: mongodb-data
+      volumes:
+        - name: mongodb-data
+          persistentVolumeClaim:
+            claimName: mongodb-pv-claim

deploy/helm/templates/mongodb/storage.yaml

@@ -0,0 +1,16 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+
+metadata:
+  name: mongodb-pv-claim
+  labels:
+    app: mongo
+
+spec:
+  #storageClassName: local-path
+  accessModes:
+    - ReadWriteOnce
+
+  resources:
+    requests:
+      storage: 1000Mi