diff --git a/README.md b/README.md
index 364a65d7..1f1519fa 100644
--- a/README.md
+++ b/README.md
@@ -1,155 +1,36 @@
+# Updated version of the Gen3 Helm chart for Openstack
-# gen3-helm
-
+updated version of the Gen3 Helm chart, which was utilized to deploy the application on the OpenStack platform.
+## Notes:
-Helm charts for deploying [Gen3](https://gen3.org) on any kubernetes cluster.
+The purpose of this example is to deploy Gen3 on the OpenStack platform using services native to OpenStack. Currently, the deployment of the Helm chart on OpenStack is in the evolutionary phase. We will share any changes in the evolution as they occur.
-# Deploying gen3 with helm
-
-## TL;DR
-```
-helm repo add gen3 https://helm.gen3.org
-helm repo update
-helm upgrade --install gen3 gen3/gen3 -f ./values.yaml
-```
-
-Assuming you already have the [prerequisites](./docs/PREREQUISITES.md) installed and configured, you can deploy Gen3 with the helm command.
-
-
-> **Warning**
-> The default Helm chart configuration is not intended for production. The default chart creates a proof of concept (PoC) implementation where all Gen3 services are deployed in the cluster, including postgres and elasticsearch. For production deployments, you must follow the [Production/Cloud Native/Hybrid architecture](./docs/PRODUCTION.md)
-
-
-For a production deployment, you should have strong working knowledge of Kubernetes. This method of deployment has different management, observability, and concepts than traditional deployments.
-
-In a production deployment:
-
-- The stateful components, like PostgreSQL or Elasticsearch, must run outside the cluster on PaaS or compute instances. This configuration is required to scale and reliably service the variety of workloads found in production Gen3 environments.
-
-- You should use Cloud PaaS for PostgreSQL, Elasticsearch, and object storage.
-
-
-## Configuration
-
-For a full set of configuration options see the [CONFIGURATION.md](./docs/CONFIGURATION.md) for a more in depth instructions on how to configure each service.
-
-There's also an auto-generated table of basic configuration options here:
-
-[README.md for gen3 chart](./helm/gen3/README.md) (auto-generated documentation) or
-
-
-To see documentation around setting up gen3 developer environments see [gen3_developer_environments.md](./docs/gen3_developer_environments.md)
-
-
-Use the following as a template for your `values.yaml` file for a minimum deployment of gen3 using these helm charts.
-
-
-
-```yaml
-global:
- hostname: example-commons.com
-
-fence:
- FENCE_CONFIG:
- # Any fence-config overrides here.
-```
-
-
-
-## Selective deployments
-All gen3 services are sub-charts of the gen3 chart (which acts as an umbrella chart).
-
-For your specific installation of gen3, you may not require all our services.
+The example openstack deployment is using:
+- External Database ( i.e dbCreate = false)
+- elasticsearch sub-chart gen3-helm/helm/elasticsearch at feat/es-6.8.23 · uc-cdis/gen3-helm
+- Internal NeSI metadata service ( not using Gen3 Helm service)
+- Ambassador Edge Stack as Ingress ( not using nginx ingress and not using Ambassador available in Gen3 community helm chart)
+Providing openstack_dev_values.yaml file in the example folder, also updated values.yaml in sub chart where ever some customisations are needed, while submitting example all the customisation (as masked password, urls,…) are removed from the files ( e.g etlmappings, gitops.json, guppy.json… ) are required by the deployment
-To enable or disable a service you can use this pattern in your `values.yaml`
+## Changes to Gen3 chart
-```yaml
-fence:
- enabled: true
+Some of the minor updates to Gen3 chart before proceeding with the deployments
-wts:
- enabled: false
-```
+- The _db_setup_job.tpl is {{- if or $.Values.global.postgres.dbCreate $.Values.postgres.dbCreate }} looks not considering dbCreate = false, to have dbcreated: true condition in k8s secrets, therefore excluded the condition
+- Using "helm-test" for sheepdog : with the latest images , we are getting below errors , then the chart is supporting "helm-test" instead.
-## Gen3 Login Options
-Gen3 does not have any IDP, but can integrate with many. We will cover Google login here, but refer to the fence documentation for additional options.
+Error: failed to start container "sheepdog": Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/var/lib/kubelet/pods/d09e604a-26ab-4de0-b6b1-6093dc3597a8/volume-subpaths/config-volume/sheepdog/0" to rootfs at "/var/www/sheepdog/settings.py"
-TL/DR: At minimum to have google logins working you need to set these settings in your `values.yaml` file
+Therefore using "helm-test" sheepdog image with following volumeMounts
```
-fence:
- FENCE_CONFIG:
- OPENID_CONNECT:
- google:
- client_id: "insert.google.client_id.here"
- client_secret: "insert.google.client_secret.here"
+volumeMounts:
+ - name: "config-volume"
+ readOnly: true
+ mountPath: "/var/www/sheepdog/wsgi.py"
+ subPath: "wsgi.py"
```
-#### Google login generation
-
-You need to set up a google credential for google login as that's the default enabled option in fence.
-
-
-The following steps explain how to create credentials for your gen3
-
-Go to the [Credentials page](https://console.developers.google.com/apis/credentials).
-
-Click Create credentials > OAuth client ID.
-
-Select the Web application application type.
-Name your OAuth 2.0 client and click Create.
-
-For `Authorized Javascript Origins` add `https://`
-
-For `"Authorized redirect URIs"` add `https:///user/login/google/login/`
-
-After configuration is complete, take note of the client ID that was created. You will need the client ID and client secret to complete the next steps.
-
-# Production deployments
-Please read [this](./docs/PRODUCTION.md) for more details on production deployments.
-
-NOTE: Gen3 helm charts are currently not used in production by CTDS, but we are aiming to do that soon and will have additional documentation on that.
-
-# Local Development
-
-For local development you must be connected to a kubernetes cluster. As referenced above in the section `Kubernetes cluster` we recommend using [Rancher Desktop](https://rancherdesktop.io/) as Kubernetes on your local machine, especially on M1 Mac's. You also get ingress and other benefits out of the box.
-
-For MacOS users, [Minikube](https://minikube.sigs.k8s.io/docs/start/) equipped with the ingress addon serves as a viable alternative to Rancher Desktop. On Linux, we've observed that using [Kind](https://kind.sigs.k8s.io/) with an NGINX ingress installed often provides a more seamless experience compared to both Rancher Desktop and Minikube. Essentially, Helm requires access to a Kubernetes cluster with ingress capabilities, facilitating the loading of the portal in your browser for an optimal development workflow.
-
-To install the NGINX ingress:
-```
- helm repo add nginx-stable https://helm.nginx.com/stable
- helm repo update
- kubectl create ns nginx-ingress
- helm install nginx-ingress nginx-stable/nginx-ingress --namespace nginx-ingress
-```
-
-> **Warning**
-> If you are using Rancher Desktop you need to increase the vm.max_map_count as outlined [here](https://docs.rancherdesktop.io/how-to-guides/increasing-open-file-limit/)
-> If you are using Minikube you will need to enabled the ingress addon as outlined [here](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/)
-
-1. Clone the repository
-2. Navigate to the `gen3-helm/helm/gen3` directory and run `helm dependency update`
-3. Navigate to the back to the `gen3-helm` directory and create your values.yaml file. See the `TL;DR` section for a minimal example.
-4. Run `helm upgrade --install gen3 ./helm/gen3 -f ./values.yaml`
-
-## Using Skaffold
-
-Skaffold is a tool for local development that can be used to automatically rebuild and redeploy your application when changes are detected. A minimal skaffold.yaml configuration file has been provided in the gen3-helm directory. Update the values of this file to match your needs.
-
-Follow the steps above, but instead of doing the helm upgrade --install step, use `skaffold dev` to start the development process. Skaffold will automatically build and deploy your application to your kubernetes cluster.
-
-# Troubleshooting
-
-## Sanity checks
-
-* If deploying from the local repo, make sure you followed the steps for `helm dependency update`. If you make any changes, this must be repeated for those changes to propagate.
-
-## Debugging helm chart issues
-
-* Sometimes there are cryptic errors that occur during use of the helm chart, such as duplicate env vars or other items. Try rendering the resources to a file, in debug mode, and it will help determine where the issues may be taking place
-
-`helm template --debug gen3 ./helm/gen3 -f ./values.yaml > test.yaml`
diff --git a/examples/aws_dev_values.yaml b/examples/aws_dev_values.yaml
index a579069c..5a078461 100644
--- a/examples/aws_dev_values.yaml
+++ b/examples/aws_dev_values.yaml
@@ -4,7 +4,7 @@ global:
enabled: true
environment: devplanetv2
# Deploys elasticsearch and postgres in k8s
- dev: true
+ dev: false
# Replace with your dev environment url.
hostname: qureshi.planx-pla.net
# this is arn to a certificate in AWS that needs to match the hostname.
diff --git a/examples/gke_dev_values.yaml b/examples/gke_dev_values.yaml
index 8011210c..a0f717e0 100644
--- a/examples/gke_dev_values.yaml
+++ b/examples/gke_dev_values.yaml
@@ -1,6 +1,6 @@
global:
# to disable local es/postgre
- dev: true
+ dev: false
hostname: qureshi.planx-pla.net
tls:
cert:
diff --git a/examples/local_dev_values.yaml b/examples/local_dev_values.yaml
index 1250b2c5..5ef560c1 100644
--- a/examples/local_dev_values.yaml
+++ b/examples/local_dev_values.yaml
@@ -1,6 +1,6 @@
global:
- dev: true
- hostname: localhost
+ dev: false
+ hostname: example.openstackhelm.org
# configuration for fence helm chart. You can add it for all our services.
fence:
diff --git a/examples/openstack_dev_values.yaml b/examples/openstack_dev_values.yaml
new file mode 100644
index 00000000..598a35f0
--- /dev/null
+++ b/examples/openstack_dev_values.yaml
@@ -0,0 +1,365 @@
+# Default values for gen3.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# Global configuration
+global:
+ # -- (map) AWS configuration
+ aws:
+ # -- (bool) Set to true if deploying to AWS. Controls ingress annotations.
+ enabled: false
+ # -- (string) Credentials for AWS stuff.
+ awsAccessKeyId:
+ # -- (string) Credentials for AWS stuff.
+ awsSecretAccessKey:
+ # -- (map) Local secret setting if using a pre-exising secret.
+ useLocalSecret:
+ # -- (bool) Set to true if you would like to use a secret that is already running on your cluster.
+ enabled: false
+ # -- (string) Name of the local secret.
+ localSecretName:
+ # -- (bool) Deploys postgres/elasticsearch for dev
+ dev: false
+ postgres:
+ # -- (bool) Whether the database create job should run.
+ dbCreate: false
+ master:
+ # -- global postgres master username
+ username: "postgres"
+ # -- global postgres master password
+ password: "xxxxxxxxxxxxxxxx"
+ # -- global postgres master host
+ host: ""
+ # -- global postgres master port
+ port: "5432"
+ # -- (string) Environment name.
+ # This should be the same as vpcname if you're doing an AWS deployment.
+ # Currently this is being used to share ALB's if you have multiple namespaces in same cluster.
+ environment: default
+ # -- (string) Hostname for the deployment.
+ hostname: example.openstackhelm.org
+ # -- (string) ARN of the reverse proxy certificate.
+ revproxyArn: arn:aws:acm:us-east-1:123456:certificate
+ # -- (string) URL of the data dictionary.
+ dictionaryUrl: "https://dictionary-bucket.xxxxxxxx/xxxxxxxxxx.json"
+ # -- (string) Portal application name.
+ portalApp: gitops
+ # -- (bool) Whether public datasets are enabled.
+ publicDataSets: true
+ # -- (string) Access level for tiers. acceptable values for `tier_access_level` are: `libre`, `regular` and `private`. If omitted, by default common will be treated as `private`
+ tierAccessLevel: libre
+ # -- (int) Only relevant if tireAccessLevel is set to "regular". Summary charts below this limit will not appear for aggregated data.
+ tierAccessLimit: "1000"
+ # -- (bool) Whether network policies are enabled.
+ netPolicy: true
+ # -- (int) Number of dispatcher jobs.
+ dispatcherJobNum: "10"
+ # -- (bool) Whether Datadog is enabled.
+ ddEnabled: false
+ # -- (map) If you would like to add any extra values to the manifest-global configmap.
+ manifestGlobalExtraValues: {}
+ # -- (map) External Secrets settings.
+ externalSecrets:
+ # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override secrets you have deployed.
+ deploy: false
+ # -- (bool) Will create the databases and store the creds in Kubernetes Secrets even if externalSecrets is deployed. Useful if you want to use ExternalSecrets for other secrets besides db secrets.
+ dbCreate: false
+
+# Dependancy Charts
+
+ambassador:
+ # -- (bool) Whether to deploy the ambassador subchart.
+ enabled: false
+
+arborist:
+ # -- (bool) Whether to deploy the arborist subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the arborist service.
+ repository: "quay.io/cdis/arborist"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+
+argo-wrapper:
+ # -- (bool) Whether to deploy the argo-wrapper subchart.
+ enabled: false
+
+audit:
+ # -- (bool) Whether to deploy the audit subchart.
+ enabled: true
+ image:
+ # -- (string) The Docker image repository for the audit service
+ repository: quay.io/cdis/audit-service
+ # -- (string) When to pull the image. This value should be "Always" to ensure the latest image is used.
+ tag: "2023.06"
+
+
+aws-es-proxy:
+ # -- (bool) Whether to deploy the aws-es-proxy subchart.
+ enabled: false
+ # -- (str) Elasticsearch endpoint in AWS
+ esEndpoint: test.us-east-1.es.amazonaws.com
+ # -- (map) Secret information
+ secrets:
+ # -- (str) AWS access key ID for aws-es-proxy
+ awsAccessKeyId: ""
+ # -- (str) AWS secret access key for aws-es-proxy
+ awsSecretAccessKey: ""
+
+etl:
+ # -- (bool) Whether to deploy the etl subchart.
+ enabled: true
+ image:
+ tube:
+ # -- (string) The Docker image repository for the fence service
+ repository: quay.io/cdis/tube
+ # -- (string) When to pull the image. This value should be "Always" to ensure the latest image is used.
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "master"
+ spark:
+ # -- (string) The Docker image repository for the spark service
+ repository: quay.io/cdis/gen3-spark
+ # -- (string) When to pull the image. This value should be "Always" to ensure the latest image is used.
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "master"
+
+fence:
+ # -- (bool) Whether to deploy the fence subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the fence service.
+ repository: "quay.io/cdis/fence"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+ FENCE_CONFIG:
+ # -- (string) USER YAML. Passed in as a multiline string.
+ APP_NAME: 'Gen3 Data Commons'
+ # A URL-safe base64-encoded 32-byte key for encrypting keys in db
+ # in python you can use the following script to generate one:
+ # import base64
+ # import os
+ # key = base64.urlsafe_b64encode(os.urandom(32))
+ # print(key)
+ ENCRYPTION_KEY: REPLACEME
+ DEBUG: True
+ OPENID_CONNECT:
+ google:
+ client_id: "xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"
+ client_secret: "XXXXXX-XXXXX-XXXXXX"
+
+ usersync:
+ # -- (bool) Whether to run Fence usersync or not.
+ usersync: false
+ # -- (string) The cron schedule expression to use in the usersync cronjob. Runs every 30 minutes by default.
+ schedule: "*/30 * * * *"
+ # -- (bool) Whether to sync data from dbGaP.
+ syncFromDbgap: false
+ # -- (bool) Force attempting a dbgap sync if "true", falls back on user.yaml
+ addDbgap: false
+ # -- (bool) Forces ONLY a dbgap sync if "true", IGNORING user.yaml
+ onlyDbgap: false
+ # -- (string) Path to the user.yaml file in S3.
+ userYamlS3Path: s3://cdis-gen3-users/helm-test/user.yaml
+ # -- (string) Slack webhook endpoint used with certain jobs.
+ slack_webhook: None
+ # -- (bool) Will echo what files we are seeing on dbgap ftp to Slack.
+ slack_send_dbgap: false
+
+guppy:
+ # -- (bool) Whether to deploy the guppy subchart.
+ enabled: yes
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the guppy service.
+ repository: "quay.io/cdis/guppy"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+hatchery:
+ # -- (bool) Whether to deploy the hatchery subchart.
+ enabled: false
+
+ hatchery:
+ sidecarContainer:
+ # -- (string) The maximum amount of CPU the sidecar container can use
+ cpu-limit: '0.1'
+ # -- (string) The maximum amount of memory the sidecar container can use
+ memory-limit: 256Mi
+ # -- (string) The sidecar image.
+ image: quay.io/cdis/ecs-ws-sidecar:master
+ # -- (map) Environment variables to pass to the sidecar container
+ env:
+ NAMESPACE: "{{ .Release.Namespace }}"
+ HOSTNAME: "{{ .Values.global.hostname }}"
+ # -- (list) Arguments to pass to the sidecare container.
+ args: []
+ # -- (list) Commands to run for the sidecar container.
+ command:
+ - "/bin/bash"
+ - "./sidecar.sh"
+ lifecycle-pre-stop:
+ - su
+ - "-c"
+ - echo test
+ - "-s"
+ - "/bin/sh"
+ - root
+ containers:
+ -
+ # -- (int) port to proxy traffic to in docker contaniner
+ target-port: 8888
+ # -- (string) cpu limit of workspace container
+ cpu-limit: '1.0'
+ # -- (string) memory limit of workspace container
+ memory-limit: 2Gi
+ # -- (string) name of workspace
+ name: "(Tutorials) Example Analysis Jupyter Lab Notebooks"
+ # -- (string) docker image for workspace
+ image: quay.io/cdis/heal-notebooks:combined_tutorials__latest
+ # -- environment variables for workspace container
+ env:
+ FRAME_ANCESTORS: https://{{ .Values.global.hostname }}
+ args:
+ - "--NotebookApp.base_url=/lw-workspace/proxy/"
+ - "--NotebookApp.default_url=/lab"
+ - "--NotebookApp.password=''"
+ - "--NotebookApp.token=''"
+ - "--NotebookApp.shutdown_no_activity_timeout=5400"
+ - "--NotebookApp.quit_button=False"
+ command:
+ - start-notebook.sh
+ path-rewrite: "/lw-workspace/proxy/"
+ use-tls: 'false'
+ ready-probe: "/lw-workspace/proxy/"
+ lifecycle-post-start:
+ - "/bin/sh"
+ - "-c"
+ - export IAM=`whoami`; rm -rf /home/$IAM/pd/dockerHome; rm -rf /home/$IAM/pd/lost+found;
+ ln -s /data /home/$IAM/pd/; true
+ user-uid: 1000
+ fs-gid: 100
+ user-volume-location: "/home/jovyan/pd"
+ gen3-volume-location: "/home/jovyan/.gen3"
+
+
+indexd:
+ # -- (bool) Whether to deploy the indexd subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the indexd service.
+ repository: "quay.io/cdis/indexd"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+ # -- (string) the default prefix for indexd records
+ defaultPrefix: "PREFIX/"
+
+
+manifestservice:
+ # -- (bool) Whether to deploy the manifest service subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) Docker repository.
+ repository: quay.io/cdis/manifestservice
+ # -- (string) Docker pull policy.
+ pullPolicy: Always
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+
+metadata:
+ # -- (bool) Whether to deploy the metadata subchart.
+ enabled: false
+
+peregrine:
+ # -- (bool) Whether to deploy the peregrine subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the peregrine service.
+ repository: "quay.io/cdis/peregrine"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+
+pidgin:
+ # -- (bool) Whether to deploy the pidgin subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the pidgin service.
+ repository: "quay.io/cdis/pidgin"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+
+portal:
+ # -- (bool) Whether to deploy the portal subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the portal service.
+ repository: ""
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ # -- (map) GitOps configuration for portal
+ imagePullSecrets:
+ - name: ""
+
+requestor:
+ # -- (bool) Whether to deploy the requestor subchart.
+ enabled: false
+
+revproxy:
+ # -- (bool) Whether to deploy the revproxy subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the revproxy service.
+ repository: "quay.io/cdis/nginx"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+
+ ingress:
+ # -- (bool) Whether to create the custom revproxy ingress
+ enabled: false
+ # -- (map) Annotations to add to the ingress.
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ # -- (list) Where to route the traffic.
+ hosts:
+ - host: chart-example.local
+ # -- (list) To secure an Ingress by specifying a secret that contains a TLS private key and certificate.
+ tls: []
+
+sheepdog:
+ # -- (bool) Whether to deploy the sheepdog subchart.
+ enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the sheepdog service.
+ repository: "quay.io/cdis/sheepdog"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "helm-test"
+
+ssjdispatcher:
+ # -- (bool) Whether to deploy the ssjdispatcher subchart.
+ enabled: false
+
+wts:
+ # -- (bool) Whether to deploy the wts subchart.
+ enabled: false
+
+# Disable persistence by default so we can spin up and down ephemeral environments
+postgresql:
+ primary:
+ persistence:
+ # -- (bool) Option to persist the dbs data.
+ enabled: false
+elasticsearch:
+ # -- (bool) Whether to deploy the aws-es-proxy subchart.
+ enabled: true
+ image:
+ repository: quay.io/cdis/elasticsearch
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: "feat_es_dockerfile"
\ No newline at end of file
diff --git a/helm/arborist/values.yaml b/helm/arborist/values.yaml
index c472742f..7c6f22d2 100644
--- a/helm/arborist/values.yaml
+++ b/helm/arborist/values.yaml
@@ -80,17 +80,17 @@ secrets:
# -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you
postgres:
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: "arborist_db"
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: "arborist_user"
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- (string) Will create a Database for the individual service to help with developing it.
separate: false
diff --git a/helm/audit/values.yaml b/helm/audit/values.yaml
index 0112fb8a..dcb0a5c3 100644
--- a/helm/audit/values.yaml
+++ b/helm/audit/values.yaml
@@ -83,17 +83,17 @@ secrets:
# -- (map) Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you
postgres:
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: "audit_db"
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: "audit_user"
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- (string) Will create a Database for the individual service to help with developing it.
separate: false
diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl
index 9ea67dbe..7acd75bb 100644
--- a/helm/common/templates/_db_setup_job.tpl
+++ b/helm/common/templates/_db_setup_job.tpl
@@ -31,7 +31,6 @@ roleRef:
# DB Setup Job
{{- define "common.db_setup_job" -}}
-{{- if or $.Values.global.postgres.dbCreate $.Values.postgres.dbCreate }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -59,44 +58,16 @@ spec:
name: {{ .Release.Name }}-postgresql
key: postgres-password
optional: false
- {{- else if $.Values.global.postgres.externalSecret }}
- valueFrom:
- secretKeyRef:
- name: {{ $.Values.global.postgres.externalSecret }}
- key: password
- optional: false
{{- else }}
value: {{ .Values.global.postgres.master.password | quote}}
{{- end }}
- name: PGUSER
- {{- if $.Values.global.postgres.externalSecret }}
- valueFrom:
- secretKeyRef:
- name: {{ $.Values.global.postgres.externalSecret }}
- key: username
- optional: false
- {{- else }}
value: {{ .Values.global.postgres.master.username | quote }}
- {{- end }}
- name: PGPORT
- {{- if $.Values.global.postgres.externalSecret }}
- valueFrom:
- secretKeyRef:
- name: {{ $.Values.global.postgres.externalSecret }}
- key: port
- optional: false
- {{- else }}
value: {{ .Values.global.postgres.master.port | quote }}
- {{- end }}
- name: PGHOST
{{- if $.Values.global.dev }}
value: "{{ .Release.Name }}-postgresql"
- {{- else if $.Values.global.postgres.externalSecret }}
- valueFrom:
- secretKeyRef:
- name: {{ $.Values.global.postgres.externalSecret }}
- key: host
- optional: false
{{- else }}
value: {{ .Values.global.postgres.master.host | quote }}
{{- end }}
@@ -161,7 +132,6 @@ spec:
# Update secret to signal that db has been created, and services can start
kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}'
fi
-{{- end}}
{{- end }}
@@ -170,7 +140,6 @@ Create k8s secrets for connecting to postgres
*/}}
# DB Secrets
{{- define "common.db-secret" -}}
-{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.global.externalSecrets.dbCreate) }}
apiVersion: v1
kind: Secret
metadata:
@@ -185,5 +154,4 @@ data:
{{- else }}
host: {{ ( $.Values.postgres.host | default ( $.Values.global.postgres.master.host)) | b64enc | quote }}
{{- end }}
-{{- end }}
{{- end }}
\ No newline at end of file
diff --git a/helm/elasticsearch/.helmignore b/helm/elasticsearch/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/helm/elasticsearch/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/helm/elasticsearch/Chart.yaml b/helm/elasticsearch/Chart.yaml
new file mode 100644
index 00000000..1720df09
--- /dev/null
+++ b/helm/elasticsearch/Chart.yaml
@@ -0,0 +1,29 @@
+apiVersion: v2
+name: elasticsearch
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.5
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
+
+dependencies:
+- name: common
+ version: 0.1.7
+ repository: file://../common
diff --git a/helm/elasticsearch/README.md b/helm/elasticsearch/README.md
new file mode 100644
index 00000000..92a32023
--- /dev/null
+++ b/helm/elasticsearch/README.md
@@ -0,0 +1,63 @@
+# elasticsearch
+
+![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
+
+A Helm chart for Kubernetes
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| file://../common | common | 0.1.7 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| autoscaling.enabled | bool | `false` | |
+| autoscaling.maxReplicas | int | `100` | |
+| autoscaling.minReplicas | int | `1` | |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
+| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl |
+| criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". |
+| datadogLogsInjection | bool | `true` | If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs. |
+| datadogProfilingEnabled | bool | `true` | If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application. |
+| datadogTraceSampleRate | int | `1` | A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced. |
+| fullnameOverride | string | `""` | |
+| global | map | `{"ddEnabled":false,"environment":"default"}` | Global configuration options. |
+| global.ddEnabled | bool | `false` | Whether Datadog is enabled. |
+| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"quay.io/cdis/elasticsearch"` | |
+| image.tag | string | `"feat_es_dockerfile"` | |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.className | string | `""` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths[0].path | string | `"/"` | |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
+| ingress.tls | list | `[]` | |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| partOf | string | `"Explorer-Tab"` | Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words. |
+| podAnnotations | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| release | string | `"production"` | Valid options are "production" or "dev". If invalid option is set- the value will default to "dev". |
+| replicaCount | int | `1` | |
+| resources.limits.cpu | string | `"4"` | |
+| resources.limits.memory | string | `"4Gi"` | |
+| resources.requests.cpu | string | `"3"` | |
+| resources.requests.memory | string | `"3Gi"` | |
+| securityContext | object | `{}` | |
+| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl |
+| service.port | int | `9200` | |
+| service.type | string | `"ClusterIP"` | |
+| serviceAccount.annotations | object | `{}` | |
+| serviceAccount.create | bool | `true` | |
+| serviceAccount.name | string | `""` | |
+| tolerations | list | `[]` | |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/helm/elasticsearch/templates/NOTES.txt b/helm/elasticsearch/templates/NOTES.txt
new file mode 100644
index 00000000..bf80dccb
--- /dev/null
+++ b/helm/elasticsearch/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+ {{- range .paths }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+ {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "elasticsearch.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "elasticsearch.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "elasticsearch.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "elasticsearch.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/helm/elasticsearch/templates/_helpers.tpl b/helm/elasticsearch/templates/_helpers.tpl
new file mode 100644
index 00000000..5c2c702e
--- /dev/null
+++ b/helm/elasticsearch/templates/_helpers.tpl
@@ -0,0 +1,68 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "elasticsearch.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "elasticsearch.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "elasticsearch.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "elasticsearch.labels" -}}
+{{- if .Values.commonLabels }}
+ {{- with .Values.commonLabels }}
+ {{- toYaml . }}
+ {{- end }}
+{{- else }}
+ {{- (include "common.commonLabels" .)}}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "elasticsearch.selectorLabels" -}}
+{{- if .Values.selectorLabels }}
+ {{- with .Values.selectorLabels }}
+ {{- toYaml . }}
+ {{- end }}
+{{- else }}
+ {{- (include "common.selectorLabels" .)}}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "elasticsearch.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "elasticsearch.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/helm/elasticsearch/templates/deployment.yaml b/helm/elasticsearch/templates/deployment.yaml
new file mode 100644
index 00000000..03e9a84b
--- /dev/null
+++ b/helm/elasticsearch/templates/deployment.yaml
@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: elasticsearch-deployment
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+ {{- if .Values.global.ddEnabled }}
+ {{- include "common.datadogLabels" . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if not .Values.autoscaling.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "elasticsearch.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "elasticsearch.selectorLabels" . | nindent 8 }}
+ {{- if .Values.global.ddEnabled }}
+ {{- include "common.datadogLabels" . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "elasticsearch.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ {{- if .Values.global.ddEnabled }}
+ {{- include "common.datadogEnvVar" . | nindent 12 }}
+ {{- end }}
+ - name: ES_JAVA_OPTS
+ value: "-Xms300m -Xmx300m"
+ ports:
+ - name: http
+ containerPort: 9200
+ protocol: TCP
+ - name: transport
+ containerPort: 9300
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ initialDelaySeconds: 90
+ readinessProbe:
+ httpGet:
+ path: /_cluster/health
+ port: 9200
+ initialDelaySeconds: 5
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/helm/elasticsearch/templates/hpa.yaml b/helm/elasticsearch/templates/hpa.yaml
new file mode 100644
index 00000000..22388451
--- /dev/null
+++ b/helm/elasticsearch/templates/hpa.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "elasticsearch.fullname" . }}
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "elasticsearch.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+{{- end }}
diff --git a/helm/elasticsearch/templates/ingress.yaml b/helm/elasticsearch/templates/ingress.yaml
new file mode 100644
index 00000000..3f8cc2aa
--- /dev/null
+++ b/helm/elasticsearch/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "elasticsearch.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+ {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.ingress.className }}
+ {{- end }}
+ {{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ .path }}
+ {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+ pathType: {{ .pathType }}
+ {{- end }}
+ backend:
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ $svcPort }}
+ {{- else }}
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/helm/elasticsearch/templates/service.yaml b/helm/elasticsearch/templates/service.yaml
new file mode 100644
index 00000000..794cb991
--- /dev/null
+++ b/helm/elasticsearch/templates/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: elasticsearch
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: 9200
+ protocol: TCP
+ selector:
+ {{- include "elasticsearch.selectorLabels" . | nindent 4 }}
diff --git a/helm/elasticsearch/templates/serviceaccount.yaml b/helm/elasticsearch/templates/serviceaccount.yaml
new file mode 100644
index 00000000..1f191c55
--- /dev/null
+++ b/helm/elasticsearch/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "elasticsearch.serviceAccountName" . }}
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/helm/elasticsearch/templates/tests/test-connection.yaml b/helm/elasticsearch/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..af8dd035
--- /dev/null
+++ b/helm/elasticsearch/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "elasticsearch.fullname" . }}-test-connection"
+ labels:
+ {{- include "elasticsearch.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "elasticsearch.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
diff --git a/helm/elasticsearch/values.yaml b/helm/elasticsearch/values.yaml
new file mode 100644
index 00000000..141cecb8
--- /dev/null
+++ b/helm/elasticsearch/values.yaml
@@ -0,0 +1,105 @@
+# Default values for elasticsearch.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# -- (map) Global configuration options.
+global:
+ # -- (string) Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too.
+ environment: default
+ # -- (bool) Whether Datadog is enabled.
+ ddEnabled: false
+
+replicaCount: 1
+
+image:
+ repository: quay.io/cdis/elasticsearch
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+service:
+ type: ClusterIP
+ port: 9200
+
+ingress:
+ enabled: false
+ className: ""
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: chart-example.local
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# Values to determine the labels that are used for the deployment, pod, etc.
+# -- (string) Valid options are "production" or "dev". If invalid option is set- the value will default to "dev".
+release: "production"
+# -- (string) Valid options are "true" or "false". If invalid option is set- the value will default to "false".
+criticalService: "true"
+# -- (string) Label to help organize pods and their use. Any value is valid, but use "_" or "-" to divide words.
+partOf: "Explorer-Tab"
+# -- (map) Will completely override the selectorLabels defined in the common chart's _label_setup.tpl
+selectorLabels:
+# -- (map) Will completely override the commonLabels defined in the common chart's _label_setup.tpl
+commonLabels:
+
+# Values to configure datadog if ddEnabled is set to "true".
+# -- (bool) If enabled, the Datadog Agent will automatically inject Datadog-specific metadata into your application logs.
+datadogLogsInjection: true
+# -- (bool) If enabled, the Datadog Agent will collect profiling data for your application using the Continuous Profiler. This data can be used to identify performance bottlenecks and optimize your application.
+datadogProfilingEnabled: true
+# -- (int) A value between 0 and 1, that represents the percentage of requests that will be traced. For example, a value of 0.5 means that 50% of requests will be traced.
+datadogTraceSampleRate: 1
diff --git a/helm/etl/values.yaml b/helm/etl/values.yaml
index 1db9765e..943a9ba0 100644
--- a/helm/etl/values.yaml
+++ b/helm/etl/values.yaml
@@ -54,92 +54,8 @@ resources:
memory: 2Gi
-esEndpoint: gen3-elasticsearch-master
+esEndpoint: elasticsearch
etlMapping:
- mappings:
- - name: dev_case
- doc_type: case
- type: aggregator
- root: case
- props:
- - name: submitter_id
- - name: project_id
- - name: disease_type
- - name: primary_site
- flatten_props:
- - path: demographics
- props:
- - name: gender
- value_mappings:
- - female: F
- - male: M
- - name: race
- value_mappings:
- - american indian or alaskan native: Indian
- - name: ethnicity
- - name: year_of_birth
- aggregated_props:
- - name: _samples_count
- path: samples
- fn: count
- - name: _aliquots_count
- path: samples.aliquots
- fn: count
- - name: _submitted_methylations_count
- path: samples.aliquots.submitted_methylation_files
- fn: count
- - name: _submitted_copy_number_files_on_aliquots_count
- path: samples.aliquots.submitted_copy_number_files
- fn: count
- - name: _read_groups_count
- path: samples.aliquots.read_groups
- fn: count
- - name: _submitted_aligned_reads_count
- path: samples.aliquots.read_groups.submitted_aligned_reads_files
- fn: count
- - name: _submitted_unaligned_reads_count
- path: samples.aliquots.read_groups.submitted_unaligned_reads_files
- fn: count
- - name: _submitted_copy_number_files_on_read_groups_count
- path: samples.aliquots.read_groups.submitted_copy_number_files
- fn: count
- - name: _submitted_somatic_mutations_count
- path: samples.aliquots.read_groups.submitted_somatic_mutations
- fn: count
- joining_props:
- - index: file
- join_on: _case_id
- props:
- - name: data_format
- src: data_format
- fn: set
- - name: data_type
- src: data_type
- fn: set
- - name: _file_id
- src: _file_id
- fn: set
- - name: dev_file
- doc_type: file
- type: collector
- root: None
- category: data_file
- props:
- - name: object_id
- - name: md5sum
- - name: file_name
- - name: file_size
- - name: data_format
- - name: data_type
- - name: state
- injecting_props:
- case:
- props:
- - name: _case_id
- src: id
- fn: set
- - name: project_id
- target_nodes:
- - name: slide_image
- path: slides.samples.cases
+ # < etlMapping.yaml file content >
+
\ No newline at end of file
diff --git a/helm/fence/templates/fence-creds.yaml b/helm/fence/templates/fence-creds.yaml
index 24cfb7ad..587ab0fe 100644
--- a/helm/fence/templates/fence-creds.yaml
+++ b/helm/fence/templates/fence-creds.yaml
@@ -11,9 +11,9 @@ stringData:
"db_password": "{{include "gen3.service-postgres" (dict "key" "password" "service" $.Chart.Name "context" $) }}",
"db_database": "{{ include "gen3.service-postgres" (dict "key" "database" "service" $.Chart.Name "context" $)}}",
"hostname": "{{ .Values.global.hostname }}",
- "indexd_password": "",
- "google_client_secret": "YOUR.GOOGLE.SECRET",
- "google_client_id": "YOUR.GOOGLE.CLIENT",
+ "indexd_password": "xxxxxxxxxxxxxxxx",
+ "google_client_secret": "XXXXXX-XXXXX-XXXXXX",
+ "google_client_id": "xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
"hmac_key": ""
}
diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml
index 80a02953..6f1c8da6 100644
--- a/helm/fence/values.yaml
+++ b/helm/fence/values.yaml
@@ -130,17 +130,17 @@ postgres:
# (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore
dbRestore: false
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: "fence_db"
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: "fence_user"
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- (string) Will create a Database for the individual service to help with developing it.
separate: false
@@ -1500,9 +1500,9 @@ FENCE_CONFIG:
# -- (str) URL of the OIDC discovery endpoint for Google
discovery_url: 'https://accounts.google.com/.well-known/openid-configuration'
# -- (str) Client ID
- client_id: ''
+ client_id: 'xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com'
# -- (str) Client secret
- client_secret: ''
+ client_secret: 'XXXXXX-XXXXX-XXXXXX'
# -- (str) The allowed redirect back to fence, should not need to change
redirect_url: '{{BASE_URL}}/login/google/login/'
# -- (str) The scope to request from Google (default "openid email")
diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml
index 7a4107f9..3011ffa6 100644
--- a/helm/gen3/Chart.yaml
+++ b/helm/gen3/Chart.yaml
@@ -84,7 +84,7 @@ dependencies:
repository: "file://../ssjdispatcher"
condition: ssjdispatcher.enabled
- name: sower
- version: 0.1.10
+ version: 0.1.9
condition: sower.enabled
repository: "file://../sower"
- name: wts
@@ -94,9 +94,9 @@ dependencies:
- name: elasticsearch
- version: 7.10.2
- repository: "https://helm.elastic.co"
- condition: global.dev
+ version: "0.1.5"
+ repository: "file://../elasticsearch"
+ condition: elasticsearch.enabled
- name: postgresql
version: 11.9.13
repository: "https://charts.bitnami.com/bitnami"
@@ -115,7 +115,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.30
+version: 0.1.29
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
diff --git a/helm/gen3/README.md b/helm/gen3/README.md
index 21adf9b9..1e590c50 100644
--- a/helm/gen3/README.md
+++ b/helm/gen3/README.md
@@ -1,6 +1,6 @@
# gen3
-![Version: 0.1.30](https://img.shields.io/badge/Version-0.1.30-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
+![Version: 0.1.29](https://img.shields.io/badge/Version-0.1.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
Helm chart to deploy Gen3 Data Commons
@@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons
| file://../requestor | requestor | 0.1.10 |
| file://../revproxy | revproxy | 0.1.13 |
| file://../sheepdog | sheepdog | 0.1.13 |
-| file://../sower | sower | 0.1.10 |
+| file://../sower | sower | 0.1.9 |
| file://../ssjdispatcher | ssjdispatcher | 0.1.8 |
| file://../wts | wts | 0.1.12 |
| https://charts.bitnami.com/bitnami | postgresql | 11.9.13 |
diff --git a/helm/gen3/user.yaml b/helm/gen3/user.yaml
new file mode 100644
index 00000000..8693070f
--- /dev/null
+++ b/helm/gen3/user.yaml
@@ -0,0 +1,3 @@
+fence:
+ USER_YAML: |
+ # < User.yaml file content>
\ No newline at end of file
diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml
index 8c2a3bbd..598a35f0 100644
--- a/helm/gen3/values.yaml
+++ b/helm/gen3/values.yaml
@@ -19,17 +19,17 @@ global:
# -- (string) Name of the local secret.
localSecretName:
# -- (bool) Deploys postgres/elasticsearch for dev
- dev: true
+ dev: false
postgres:
# -- (bool) Whether the database create job should run.
- dbCreate: true
+ dbCreate: false
master:
# -- global postgres master username
- username: postgres
+ username: "postgres"
# -- global postgres master password
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- global postgres master host
- host:
+ host: ""
# -- global postgres master port
port: "5432"
# -- (string) Environment name.
@@ -37,11 +37,11 @@ global:
# Currently this is being used to share ALB's if you have multiple namespaces in same cluster.
environment: default
# -- (string) Hostname for the deployment.
- hostname: localhost
+ hostname: example.openstackhelm.org
# -- (string) ARN of the reverse proxy certificate.
revproxyArn: arn:aws:acm:us-east-1:123456:certificate
# -- (string) URL of the data dictionary.
- dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json
+ dictionaryUrl: "https://dictionary-bucket.xxxxxxxx/xxxxxxxxxx.json"
# -- (string) Portal application name.
portalApp: gitops
# -- (bool) Whether public datasets are enabled.
@@ -69,11 +69,17 @@ global:
ambassador:
# -- (bool) Whether to deploy the ambassador subchart.
- enabled: true
+ enabled: false
arborist:
# -- (bool) Whether to deploy the arborist subchart.
enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the arborist service.
+ repository: "quay.io/cdis/arborist"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
argo-wrapper:
# -- (bool) Whether to deploy the argo-wrapper subchart.
@@ -82,6 +88,11 @@ argo-wrapper:
audit:
# -- (bool) Whether to deploy the audit subchart.
enabled: true
+ image:
+ # -- (string) The Docker image repository for the audit service
+ repository: quay.io/cdis/audit-service
+ # -- (string) When to pull the image. This value should be "Always" to ensure the latest image is used.
+ tag: "2023.06"
aws-es-proxy:
@@ -99,11 +110,45 @@ aws-es-proxy:
etl:
# -- (bool) Whether to deploy the etl subchart.
enabled: true
+ image:
+ tube:
+ # -- (string) The Docker image repository for the fence service
+ repository: quay.io/cdis/tube
+ # -- (string) When to pull the image. This value should be "Always" to ensure the latest image is used.
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "master"
+ spark:
+ # -- (string) The Docker image repository for the spark service
+ repository: quay.io/cdis/gen3-spark
+ # -- (string) When to pull the image. This value should be "Always" to ensure the latest image is used.
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "master"
fence:
# -- (bool) Whether to deploy the fence subchart.
enabled: true
- # -- (map) Configuration options for usersync cronjob.
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the fence service.
+ repository: "quay.io/cdis/fence"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
+ FENCE_CONFIG:
+ # -- (string) USER YAML. Passed in as a multiline string.
+ APP_NAME: 'Gen3 Data Commons'
+ # A URL-safe base64-encoded 32-byte key for encrypting keys in db
+ # in python you can use the following script to generate one:
+ # import base64
+ # import os
+ # key = base64.urlsafe_b64encode(os.urandom(32))
+ # print(key)
+ ENCRYPTION_KEY: REPLACEME
+ DEBUG: True
+ OPENID_CONNECT:
+ google:
+ client_id: "xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"
+ client_secret: "XXXXXX-XXXXX-XXXXXX"
+
usersync:
# -- (bool) Whether to run Fence usersync or not.
usersync: false
@@ -124,11 +169,16 @@ fence:
guppy:
# -- (bool) Whether to deploy the guppy subchart.
- enabled: false
-
+ enabled: yes
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the guppy service.
+ repository: "quay.io/cdis/guppy"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
hatchery:
# -- (bool) Whether to deploy the hatchery subchart.
- enabled: true
+ enabled: false
hatchery:
sidecarContainer:
@@ -196,6 +246,12 @@ hatchery:
indexd:
# -- (bool) Whether to deploy the indexd subchart.
enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the indexd service.
+ repository: "quay.io/cdis/indexd"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
# -- (string) the default prefix for indexd records
defaultPrefix: "PREFIX/"
@@ -203,23 +259,51 @@ indexd:
manifestservice:
# -- (bool) Whether to deploy the manifest service subchart.
enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) Docker repository.
+ repository: quay.io/cdis/manifestservice
+ # -- (string) Docker pull policy.
+ pullPolicy: Always
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
metadata:
# -- (bool) Whether to deploy the metadata subchart.
- enabled: true
+ enabled: false
peregrine:
# -- (bool) Whether to deploy the peregrine subchart.
enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the peregrine service.
+ repository: "quay.io/cdis/peregrine"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
pidgin:
# -- (bool) Whether to deploy the pidgin subchart.
enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the pidgin service.
+ repository: "quay.io/cdis/pidgin"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
portal:
# -- (bool) Whether to deploy the portal subchart.
enabled: true
-
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the portal service.
+ repository: ""
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+ # -- (map) GitOps configuration for portal
+ imagePullSecrets:
+ - name: ""
requestor:
# -- (bool) Whether to deploy the requestor subchart.
@@ -228,6 +312,12 @@ requestor:
revproxy:
# -- (bool) Whether to deploy the revproxy subchart.
enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the revproxy service.
+ repository: "quay.io/cdis/nginx"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "2023.06"
ingress:
# -- (bool) Whether to create the custom revproxy ingress
@@ -245,6 +335,12 @@ revproxy:
sheepdog:
# -- (bool) Whether to deploy the sheepdog subchart.
enabled: true
+ # -- (map) Docker image information.
+ image:
+ # -- (string) The Docker image repository for the sheepdog service.
+ repository: "quay.io/cdis/sheepdog"
+ # -- (string) Overrides the image tag whose default is the chart appVersion.
+ tag: "helm-test"
ssjdispatcher:
# -- (bool) Whether to deploy the ssjdispatcher subchart.
@@ -252,7 +348,7 @@ ssjdispatcher:
wts:
# -- (bool) Whether to deploy the wts subchart.
- enabled: true
+ enabled: false
# Disable persistence by default so we can spin up and down ephemeral environments
postgresql:
@@ -260,10 +356,10 @@ postgresql:
persistence:
# -- (bool) Option to persist the dbs data.
enabled: false
-
elasticsearch:
- clusterName: gen3-elasticsearch
- maxUnavailable: 0
- singleNode: true
- replicas: 1
- clusterHealthCheckParams: "wait_for_status=yellow&timeout=1s"
+ # -- (bool) Whether to deploy the aws-es-proxy subchart.
+ enabled: true
+ image:
+ repository: quay.io/cdis/elasticsearch
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: "feat_es_dockerfile"
\ No newline at end of file
diff --git a/helm/guppy/templates/deployment.yaml b/helm/guppy/templates/deployment.yaml
index 552f9063..f85a6e6a 100644
--- a/helm/guppy/templates/deployment.yaml
+++ b/helm/guppy/templates/deployment.yaml
@@ -65,15 +65,13 @@ spec:
- name: GUPPY_CONFIG_FILEPATH
value: /guppy/guppy_config.json
- name: GEN3_ES_ENDPOINT
- value: {{ default "gen3-elasticsearch-master:9200" .Values.esEndpoint }}
- {{- with .Values.arboristUrl }}
+ value: "elasticsearch:9200"
- name: GEN3_ARBORIST_ENDPOINT
- value: {{ . }}
- {{- end }}
+ value: http://arborist-service
- name: TIER_ACCESS_LEVEL
- value: {{ .Values.global.tierAccessLevel | quote }}
+ value: libre
- name: TIER_ACCESS_LIMIT
- value: {{ .Values.global.tierAccessLimit | quote }}
+ value: "1000"
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
diff --git a/helm/guppy/templates/guppy_config.yaml b/helm/guppy/templates/guppy_config.yaml
index ff7ab9be..39a45800 100644
--- a/helm/guppy/templates/guppy_config.yaml
+++ b/helm/guppy/templates/guppy_config.yaml
@@ -4,12 +4,4 @@ metadata:
name: manifest-guppy
data:
guppy_config.json: |
- {
- "indices": {{ .Values.indices | toJson }},
- {{- with .Values.configIndex }}
- "config_index": {{ . | quote }},
- {{- end }}
- "auth_filter_field": {{ .Values.authFilterField | quote }},
- "enable_encrypt_whitelist": {{ .Values.enableEncryptWhitelist | quote }},
- "encrypt_whitelist": {{ .Values.encryptWhitelist | quote }}
- }
\ No newline at end of file
+ // < guppy_config.json file conetent>
diff --git a/helm/guppy/values.yaml b/helm/guppy/values.yaml
index 054e4734..46a02722 100644
--- a/helm/guppy/values.yaml
+++ b/helm/guppy/values.yaml
@@ -144,7 +144,7 @@ image:
# Environment Variables
# -- (string) Elasticsearch endpoint.
-esEndpoint: "gen3-elasticsearch-master:9200"
+esEndpoint: "elasticsearch:9200"
# -- (string) Arborist service URL.
arboristUrl: http://arborist-service
diff --git a/helm/indexd/values.yaml b/helm/indexd/values.yaml
index 8c64335d..74f5c740 100644
--- a/helm/indexd/values.yaml
+++ b/helm/indexd/values.yaml
@@ -92,17 +92,17 @@ postgres:
# (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore
dbRestore: false
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: "indexd_db"
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: "indexd_user"
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- (string) Will create a Database for the individual service to help with developing it.
separate: false
diff --git a/helm/metadata/templates/secrets.yaml b/helm/metadata/templates/secrets.yaml
index 0bd639d7..d9e22e27 100644
--- a/helm/metadata/templates/secrets.yaml
+++ b/helm/metadata/templates/secrets.yaml
@@ -5,7 +5,14 @@ metadata:
name: metadata-g3auto
stringData:
{{- $randomPass := printf "%s%s" "gateway:" (randAlphaNum 32) }}
- base64Authz.txt: {{ $randomPass | quote | b64enc }}
+ base64Authz.txt: {{ $randomPass | b64enc | quote }}
+ dbcreds.json: |
+ {
+ "db_host": {{ .Values.postgres.host | quote }},
+ "db_username": {{ .Values.postgres.user | quote}},
+ "db_password": {{ include "metadata.postgres.password" . | quote }},
+ "db_database": {{ .Values.postgres.dbname | quote }}
+ }
metadata.env: |
DEBUG={{ .Values.debug}}
DB_HOST={{ .Values.postgres.host }}
diff --git a/helm/metadata/values.yaml b/helm/metadata/values.yaml
index d3953808..c4509c57 100644
--- a/helm/metadata/values.yaml
+++ b/helm/metadata/values.yaml
@@ -86,17 +86,17 @@ postgres:
# (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore
dbRestore: false
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: "metadata_db"
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: "metadata_user"
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- (string) Will create a Database for the individual service to help with developing it.
separate: false
@@ -170,7 +170,7 @@ debug: false
# Environment Variables
# -- (string) Elasticsearch endpoint.
-esEndpoint: http://gen3-elasticsearch-master:9200
+esEndpoint: elasticsearch:9200
# -- (bool) Set to true to aggregate metadata from multiple other Metadata Service instances.
useAggMds: "True"
# -- (string) Namespae to use if AggMds is enabled.
diff --git a/helm/peregrine/values.yaml b/helm/peregrine/values.yaml
index 46086658..23641218 100644
--- a/helm/peregrine/values.yaml
+++ b/helm/peregrine/values.yaml
@@ -80,17 +80,17 @@ postgres:
# (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore
dbRestore: false
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: "metadata_db"
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: "metadata_user"
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- (string) Will create a Database for the individual service to help with developing it.
separate: false
@@ -113,7 +113,7 @@ image:
# -- (string) When to pull the image.
pullPolicy: IfNotPresent
# -- (string) Overrides the image tag whose default is the chart appVersion.
- tag: "feat_jq-audience"
+ tag: ""
# -- (list) Docker image pull secrets.
imagePullSecrets: []
diff --git a/helm/pidgin/values.yaml b/helm/pidgin/values.yaml
index 414d642b..9c351ccf 100644
--- a/helm/pidgin/values.yaml
+++ b/helm/pidgin/values.yaml
@@ -65,17 +65,17 @@ postgres:
# (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore
dbRestore: false
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: "pidgin_db"
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: "pidgin_user"
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# Deployment
# -- (map) Configuration for autoscaling the number of replicas
diff --git a/helm/portal/defaults/gitops.css b/helm/portal/defaults/gitops.css
index 1de6c546..56104422 100644
--- a/helm/portal/defaults/gitops.css
+++ b/helm/portal/defaults/gitops.css
@@ -1,8 +1,4 @@
-.nav-bar__logo {
- padding: 15px 0;
-}
-
-.nav-bar__logo-img {
- height: 50px;
-}
+/*
+ gitops.css file content
+*/
diff --git a/helm/portal/defaults/gitops.json b/helm/portal/defaults/gitops.json
index 2f2486e2..323b88ee 100644
--- a/helm/portal/defaults/gitops.json
+++ b/helm/portal/defaults/gitops.json
@@ -1,351 +1 @@
-{
- "subcommons": [
- {
- "URL": "https://tb.diseasedatahub.org/",
- "name": "TB"
- },
- {
- "URL": "https://aids.diseasedatahub.org/",
- "name": "AIDS"
- },
- {
- "URL": "https://flu.diseasedatahub.org/",
- "name": "FLU"
- },
- {
- "URL": "https://microbiome.diseasedatahub.org/",
- "name": "Microbiome"
- }
- ],
- "gaTrackingId": "UA-119127212-1",
- "graphql": {
- "boardCounts": [
- {
- "graphql": "_subject_count",
- "name": "Subject",
- "plural": "Subjects"
- },
- {
- "graphql": "_study_count",
- "name": "Study",
- "plural": "Studies"
- },
- {
- "graphql": "_summary_lab_result_count",
- "name": "Lab record",
- "plural": "Lab records"
- }
- ],
- "chartCounts": [
- {
- "graphql": "_subject_count",
- "name": "Subject"
- },
- {
- "graphql": "_study_count",
- "name": "Study"
- }
- ],
- "projectDetails": "boardCounts"
- },
- "components": {
- "appName": "Gen3 Disease Data Hub",
- "index": {
- "introduction": {
- "heading": "Gen3 Disease Data Hub Datasets",
- "text": "The Gen3 Disease Data Hub hosts data related to infectious diseases and aims to make data findable, accessible, interoperable, and reusable (FAIR).",
- "link": "/datasets"
- },
- "buttons": [
- {
- "name": "TB Environment",
- "icon": "data-explore",
- "body": "Explore TB data.",
- "external_link": "https://tb.diseasedatahub.org"
- },
- {
- "name": "AIDS Environment",
- "icon": "data-explore",
- "body": "Explore AIDS data.",
- "external_link": "https://aids.diseasedatahub.org"
- },
- {
- "name": "Flu Environment",
- "icon": "data-explore",
- "body": "Explore influenza data.",
- "external_link": "https://flu.diseasedatahub.org"
- },
- {
- "name": "Microbiome Environment",
- "icon": "data-explore",
- "body": "Explore data from a collection of open-access microbiome-related studies.",
- "external_link": "https://microbiome.diseasedatahub.org"
- }
- ]
- },
- "navigation": {
- "items": [
- {
- "icon": "query",
- "link": "/datasets",
- "color": "#a2a2a2",
- "name": "Dataset Browser"
- },
- {
- "icon": "exploration",
- "link": "/explorer",
- "color": "#a2a2a2",
- "name": "Eco Explorer"
- }
- ]
- },
- "topBar": {
- "items": [
- {
- "link": "https://gen3.org/resources/user/",
- "name": "Documentation"
- }
- ]
- },
- "login": {
- "title": "Gen3 Disease Data Hub",
- "subTitle": "Cross Environment Datasets",
- "text": "The website combines open access datasets from multiple disciplines to create clean, easy to navigate visualizations for data-driven discovery within the fields of allergy and infectious diseases.",
- "contact": "If you have any questions about access or the registration process, please contact ",
- "email": "support@datacommons.io"
- },
- "footerLogos": [
- {
- "src": "/custom/sponsors/gitops-sponsors/gen3.png",
- "href": "https://ctds.uchicago.edu/gen3",
- "alt": "Gen3 Data Commons"
- },
- {
- "src": "/src/img/createdby.png",
- "href": "https://ctds.uchicago.edu/",
- "alt": "Center for Translational Data Science at the University of Chicago"
- }
- ]
- },
- "requiredCerts": [],
- "featureFlags": {
- "explorer": true,
- "analysis": true
- },
- "datasetBrowserConfig": {
- "filterSections": [
- {
- "title": "Supported Data Resources",
- "options": [
- { "text": "TB", "filterType": "singleSelect"},
- { "text": "AIDS", "filterType": "singleSelect"},
- { "text": "Flu", "filterType": "singleSelect"},
- { "text": "Microbiome", "filterType": "singleSelect"}
- ]
- },
- {
- "title": "Research Focus",
- "options": [
- { "text": "AIDS", "filterType": "singleSelect"},
- { "text": "TB", "filterType": "singleSelect"},
- { "text": "Flu", "filterType": "singleSelect"},
- { "text": "Immune Response", "filterType": "singleSelect"},
- { "text": "Immune Phenotype", "filterType": "singleSelect"},
- { "text": "Allergy", "filterType": "singleSelect"},
- { "text": "Atopy", "filterType": "singleSelect"},
- { "text": "Infection Response", "filterType": "singleSelect"},
- { "text": "Vaccine Response", "filterType": "singleSelect"},
- { "text": "Transplantation", "filterType": "singleSelect"},
- { "text": "Oncology", "filterType": "singleSelect"},
- { "text": "Autoimmune", "filterType": "singleSelect"},
- { "text": "Preterm Birth", "filterType": "singleSelect"}
- ]
- }
- ],
- "fieldMapping" : [
- { "field": "link", "name": "View" },
- { "field": "dataset_name", "name": "Study" },
- { "field": "supported_data_resource", "name": "Supported Data Resource" },
- { "field": "research_focus", "name": "Research Focus" },
- { "field": "description", "name": "Description of Dataset" }
- ],
- "filterConfig": {
- "tabs": [{
- "title": "Filters",
- "fields": ["supported_data_resource", "research_focus"]
- }]
- }
- },
- "dataExplorerConfig": {
- "charts": {
- "project_id": {
- "chartType": "count",
- "title": "Projects"
- },
- "subject_id": {
- "chartType": "count",
- "title": "Subjects"
- },
- "dataset": {
- "chartType": "pie",
- "title": "Resources",
- "chartRow": 0
- },
- "data_format": {
- "chartType": "bar",
- "title": "Data Format",
- "chartRow": 0
- },
- "data_type": {
- "chartType": "pie",
- "title": "Data Type",
- "chartRow": 0
- },
- "experimental_strategies": {
- "chartType": "bar",
- "title": "Experimental Strategies",
- "chartRow": 0
- },
- "species": {
- "chartType": "bar",
- "title": "Genus species",
- "chartRow": 0
- },
- "gender": {
- "chartType": "pie",
- "title": "Gender",
- "chartRow": 1
- },
- "race": {
- "chartType": "pie",
- "title": "Race",
- "chartRow": 1
- },
- "ethnicity": {
- "chartType": "pie",
- "title": "Ethnicity",
- "chartRow": 1
- },
- "biospecimen_anatomic_site": {
- "chartType": "pie",
- "title": "Biospecimen Anatomic Site",
- "chartRow": 1
- }
- },
- "fieldMapping" : [
- { "field": "dataset", "name": "Resource" },
- { "field": "studyAccession", "name": "Study" },
- { "field": "phenotype", "name": "Phenotype" },
- { "field": "gender", "name": "Gender" },
- { "field": "ethnicity", "name": "Ethnicity" },
- { "field": "strain", "name": "Strain" },
- { "field": "species", "name": "Genus species" },
- { "field": "submitter_id", "name": "Submitter ID" },
- { "field": "race", "name": "Race" },
- { "field": "hiv_status", "name": "HIV Status" },
- { "field": "study_submitter_id", "name": "Study"},
- { "field": "frstdthd", "name": "Year of Death" },
- { "field": "arthxbase", "name": "ART Use Prior to Baseline"},
- { "field": "bshbvstat", "name": "Baseline HBV Sero-status"},
- { "field": "bshcvstat", "name": "Baseline HCV Sero-status"},
- { "field": "cd4nadir", "name": "CD4 Nadir Prior to HAART"},
- { "field": "status", "name": "Summarized HIV Sero-status"},
- {"field": "project_id", "name": "Project ID"},
- {"field": "frstcncrd", "name": "First Confirmed Cancer Year"},
- {"field": "frstdmd", "name": "First Visit Year with Diabetes"},
- {"field": "frstdmmd", "name": "First Visit Year with All Necessary Components to Determine Diabetes"},
- {"field": "frsthtnd", "name": "First Visit Year with Hypertension"},
- {"field": "frsthtnmd", "name": "First Visit Year with All Necessary Components to Determine Hypertension"},
- {"field": "fcd4lowd", "name": "First Year Seen CD4N < 200 or CD4% < 14"},
- {"field": "fposdate", "name": "First Year Seen Seropositive"},
- {"field": "frstaidd", "name": "First Reported AIDS Year"},
- {"field": "lastafrd", "name": "Last Reported AIDS Free Year"},
- {"field": "lastcond", "name": "Year of Last Study Visit Attended"},
- {"field": "lastcontact", "name": "Last Year of Contact"},
- {"field": "lcd4higd", "name": "Last Year Seen with CD4N >= 200 and CD4% >= 14"},
- {"field": "lnegdate", "name": "Last Year Seen Seronegative"},
- {"field": "amikacin_res_phenotype", "name": "Amikacin Phenotype" },
- {"field": "capreomycin_res_phenotype", "name": "Capreomycin Phenotype" },
- {"field": "isoniazid_res_phenotype", "name": "Isoniazid Phenotype" },
- {"field": "kanamycin_res_phenotype", "name": "Kanamycin Phenotype" },
- {"field": "ofloxacin_res_phenotype", "name": "Ofloxacin Phenotype" },
- {"field": "pyrazinamide_res_phenotype", "name": "Pyrazinamide Phenotype" },
- {"field": "rifampicin_res_phenotype", "name": "Rifampicin Phenotype" },
- {"field": "rifampin_res_phenotype", "name": "Rifampin Phenotype" },
- {"field": "streptomycin_res_phenotype", "name": "streptomycin Phenotype" }
- ],
- "filterConfig": {
- "tabs": [{
- "title": "Resource",
- "fields": ["dataset", "data_format", "data_type"]
- },
- {
- "title": "Subject",
- "fields": ["ethnicity", "gender", "species", "race"]
- },
- {
- "title": "Diagnosis",
- "fields": [
- "arthxbase",
- "bshbvstat",
- "bshcvstat",
- "cd4nadir",
- "status",
- "hiv_status"
- ]
- },
- {
- "title": "Comorbidity",
- "fields": [
- "frstcncrd",
- "frstdmd",
- "frstdmmd",
- "frsthtnd",
- "frsthtnmd"
- ]
- }, {
- "title": "HIV History",
- "fields": [
- "cd4nadir",
- "fcd4lowd",
- "fposdate",
- "frstaidd",
- "lastafrd",
- "lastcond",
- "lastcontact",
- "lcd4higd",
- "lnegdate",
- "status"
- ]
- },
- {
- "title": "Drug Resistance",
- "fields": [
- "amikacin_res_phenotype",
- "capreomycin_res_phenotype",
- "isoniazid_res_phenotype",
- "kanamycin_res_phenotype",
- "ofloxacin_res_phenotype",
- "pyrazinamide_res_phenotype",
- "rifampicin_res_phenotype",
- "rifampin_res_phenotype",
- "streptomycin_res_phenotype"
- ]
- },
- {
- "title": "Experiment",
- "fields": [
- "experimental_strategies",
- "virus_type",
- "virus_subtype",
- "analyte_type",
- "biospecimen_anatomic_site",
- "cell_line",
- "sample_type",
- "composition",
- "strain"
- ]
- }]
- }
- }
-}
+//
\ No newline at end of file
diff --git a/helm/portal/values.yaml b/helm/portal/values.yaml
index c45a5b02..86f590d5 100644
--- a/helm/portal/values.yaml
+++ b/helm/portal/values.yaml
@@ -37,7 +37,7 @@ global:
# -- (string) ARN of the reverse proxy certificate.
revproxyArn: arn:aws:acm:us-east-1:123456:certificate
# -- (string) URL of the data dictionary.
- dictionaryUrl: https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json
+ dictionaryUrl: "https://dictionary-bucket.xxxxxxxx/xxxxxxxxxx.json"
# -- (string) Portal application name.
portalApp: gitops
# -- (string) S3 bucket name for Kubernetes manifest files.
@@ -67,11 +67,11 @@ replicaCount: 1
# -- (map) Docker image information.
image:
# -- (string) Docker repository.
- repository: quay.io/cdis/data-portal
+ repository: ""
# -- (string) Docker pull policy.
pullPolicy: IfNotPresent
# -- (string) Overrides the image tag whose default is the chart appVersion.
- tag: "master"
+ tag: ""
# -- (list) Docker image pull secrets.
imagePullSecrets: []
@@ -210,274 +210,16 @@ extraImages:
# -- (map) GitOps configuration for portal
gitops:
# -- (string) multiline string - gitops.json
- json: |
- {
- "graphql": {
- "boardCounts": [
- {
- "graphql": "_case_count",
- "name": "Case",
- "plural": "Cases"
- },
- {
- "graphql": "_experiment_count",
- "name": "Experiment",
- "plural": "Experiments"
- },
- {
- "graphql": "_aliquot_count",
- "name": "Aliquot",
- "plural": "Aliquots"
- }
- ],
- "chartCounts": [
- {
- "graphql": "_case_count",
- "name": "Case"
- },
- {
- "graphql": "_experiment_count",
- "name": "Experiment"
- },
- {
- "graphql": "_aliquot_count",
- "name": "Aliquot"
- }
- ],
- "projectDetails": "boardCounts"
- },
- "components": {
- "appName": "Generic Data Commons Portal",
- "index": {
- "introduction": {
- "heading": "Data Commons",
- "text": "The Generic Data Commons supports the management, analysis and sharing of data for the research community.",
- "link": "/submission"
- },
- "buttons": [
- {
- "name": "Define Data Field",
- "icon": "data-field-define",
- "body": "The Generic Data Commons define the data in a general way. Please study the dictionary before you start browsing.",
- "link": "/DD",
- "label": "Learn more"
- },
- {
- "name": "Explore Data",
- "icon": "data-explore",
- "body": "The Exploration Page gives you insights and a clear overview under selected factors.",
- "link": "/explorer",
- "label": "Explore data"
- },
- {
- "name": "Access Data",
- "icon": "data-access",
- "body": "Use our selected tool to filter out the data you need.",
- "link": "/query",
- "label": "Query data"
- },
- {
- "name": "Submit Data",
- "icon": "data-submit",
- "body": "Submit Data based on the dictionary.",
- "link": "/submission",
- "label": "Submit data"
- }
- ]
- },
- "navigation": {
- "title": "Generic Data Commons",
- "items": [
- {
- "icon": "dictionary",
- "link": "/DD",
- "color": "#a2a2a2",
- "name": "Dictionary"
- },
- {
- "icon": "exploration",
- "link": "/explorer",
- "color": "#a2a2a2",
- "name": "Exploration"
- },
- {
- "icon": "query",
- "link": "/query",
- "color": "#a2a2a2",
- "name": "Query"
- },
- {
- "icon": "workspace",
- "link": "/workspace",
- "color": "#a2a2a2",
- "name": "Workspace"
- },
- {
- "icon": "profile",
- "link": "/identity",
- "color": "#a2a2a2",
- "name": "Profile"
- }
- ]
- },
- "topBar": {
- "items": [
- {
- "icon": "upload",
- "link": "/submission",
- "name": "Submit Data"
- },
- {
- "link": "https://gen3.org/resources/user",
- "name": "Documentation"
- }
- ]
- },
- "login": {
- "title": "Generic Data Commons",
- "subTitle": "Explore, Analyze, and Share Data",
- "text": "This website supports the management, analysis and sharing of human disease data for the research community and aims to advance basic understanding of the genetic basis of complex traits and accelerate discovery and development of therapies, diagnostic tests, and other technologies for diseases like cancer.",
- "contact": "If you have any questions about access or the registration process, please contact ",
- "email": "support@datacommons.io"
- },
- "certs": {},
- "footerLogos": [
- {
- "src": "/src/img/gen3.png",
- "href": "https://ctds.uchicago.edu/gen3",
- "alt": "Gen3 Data Commons"
- },
- {
- "src": "/src/img/createdby.png",
- "href": "https://ctds.uchicago.edu/",
- "alt": "Center for Translational Data Science at the University of Chicago"
- }
- ]
- },
- "requiredCerts": [],
- "featureFlags": {
- "explorer": true,
- "noIndex": true,
- "analysis": false,
- "discovery": false,
- "discoveryUseAggMDS": false,
- "studyRegistration": false
- },
- "dataExplorerConfig": {
- "charts": {
- "project_id": {
- "chartType": "count",
- "title": "Projects"
- },
- "_case_id": {
- "chartType": "count",
- "title": "Cases"
- },
- "gender": {
- "chartType": "pie",
- "title": "Gender"
- },
- "race": {
- "chartType": "bar",
- "title": "Race"
- }
- },
- "filters": {
- "tabs": [
- {
- "title": "Case",
- "fields":[
- "project_id",
- "gender",
- "race",
- "ethnicity"
- ]
- }
- ]
- },
- "table": {
- "enabled": false
- },
- "dropdowns": {},
- "buttons": [],
- "guppyConfig": {
- "dataType": "case",
- "nodeCountTitle": "Cases",
- "fieldMapping": [
- { "field": "disease_type", "name": "Disease type" },
- { "field": "primary_site", "name": "Site where samples were collected"}
- ],
- "manifestMapping": {
- "resourceIndexType": "file",
- "resourceIdField": "object_id",
- "referenceIdFieldInResourceIndex": "_case_id",
- "referenceIdFieldInDataIndex": "node_id"
- },
- "accessibleFieldCheckList": ["_case_id"],
- "accessibleValidationField": "_case_id"
- }
- },
- "fileExplorerConfig": {
- "charts": {
- "data_type": {
- "chartType": "stackedBar",
- "title": "File Type"
- },
- "data_format": {
- "chartType": "stackedBar",
- "title": "File Format"
- }
- },
- "filters": {
- "tabs": [
- {
- "title": "File",
- "fields": [
- "project_id",
- "data_type",
- "data_format"
- ]
- }
- ]
- },
- "table": {
- "enabled": true,
- "fields": [
- "project_id",
- "file_name",
- "file_size",
- "object_id"
- ]
- },
- "dropdowns": {},
- "guppyConfig": {
- "dataType": "file",
- "fieldMapping": [
- { "field": "object_id", "name": "GUID" }
- ],
- "nodeCountTitle": "Files",
- "manifestMapping": {
- "resourceIndexType": "case",
- "resourceIdField": "_case_id",
- "referenceIdFieldInResourceIndex": "object_id",
- "referenceIdFieldInDataIndex": "object_id"
- },
- "accessibleFieldCheckList": ["_case_id"],
- "accessibleValidationField": "_case_id",
- "downloadAccessor": "object_id"
- }
- }
- }
+
# -- (string) - favicon in base64
favicon:
- "AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQv3IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1MiCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKg0Nd6yqf+8pi7D3rKp/96yqf/esqn/3rKp/76qNMPEpU2QxbFJNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7WfF3cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWySQAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/TrIS0AAAAAL+nLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACxmAIAxrhKBregGtLesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/2MyPCLGaCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs5kJANqvn0vesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/18l+GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuSAADq5L8H3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/z79qBca0SwAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oR3YAAAAAAAAAAAAAAAAAAAAAAAAAAC4oBlZ3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/AqC/N3rKp/96yqf+/rD3M3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+4oyBkAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+9qDAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzb1oH96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/8qoYv8AAAAAAAAAALefHQC4oB5X3rKp/96yqf/esqn/AAAAAAAAAADm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHbrAAAAAAA6ePTEd6yqf/esqn/3rKp/8CsNngAAAAAAAAAAN6yqf/esqn/3rKp/////xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq4bwA08V3EN6yqf/esqn/3rKp/wAAAAAAAAAA3rKp/96yqf+6nyfZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/AAAAALyjJDbesqn/3rKp/7ihIc0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFpE7l3rKp/96yqf/esqn/wq0+Wd6yqf/esqn/3rKp/wAAAADPwW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7pCAAAAAAAN6yqf/esqn/3rKp/8CsOVK6oyF63rKp/96yqf/esqn/uqQqxAAAAAC7oyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtZ8WAAAAAADesqn/3rKp/96yqf/esqn/3rKp/7ukIHresqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/wK1BXN6yqf/esqn/3rKp/96yqf/esqn/uKAYUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+oO1Hesqn/3rKp/96yqf/esqn/3rKp/76pLXq3nx023rKp/96yqf/esqn/3rKp/96yqf/esqn/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAt58l896yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/xrRRVQAAAADYzYkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM67agAAAAAAybZYUt6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/9+/UXAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAACznRMAtJ4ZV96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/ArDZ4AAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/yqdi/wAAAAAAAAAAAAAAAAAAAADHplZ93rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/6Ny8U+bauVDesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf+5oyBkAAAAAAAAAAAAAAAAAAAAAAAAAADesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/t6Ec1wAAAAAAAAAAAAAAAAAAAAAAAAAAs5sWAOHUlQfesqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/OxHUFxbRJAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJkFAN6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/29COIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr5YBAN6yqf+7pSf43rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/uaMf+d2xp6MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyrhUAAAAAAC7pil73rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7miH38AAAAAxrJDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi150b2K6T4N6yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/96yqf/esqn/3rKp/7mjI5zUxHAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOnftwAAAAAAAAAAAN6yqf/esqn/3rKp/7egG+e2nxf/uKAk/7mjIvPesqn/3rKp/7agGEAAAAAAAAAAANnOjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA///////wD///gAP//gAAf/wAAD/4AAAf8AAAD+AAAAfgAAAHwA/wA8f//+OP///xj///8Y////CP///xh///4IP//8CD///Bgf//gID//wGAP/wBwB/4A8AP8APgAYAH4AAAB/AAAA/wAAAf+AAAH/8AAP//"
+
# -- (string) - multiline string - gitops.css
css: |
/* gitops default css */
# -- (string) - logo in base64
logo:
- ""
# -- (string) - createdby.png - base64
createdby:
- ""
+
sponsors:
diff --git a/helm/sheepdog/sheepdog-secret/wsgi.py b/helm/sheepdog/sheepdog-secret/wsgi.py
new file mode 100644
index 00000000..2818d169
--- /dev/null
+++ b/helm/sheepdog/sheepdog-secret/wsgi.py
@@ -0,0 +1,82 @@
+#####################################################
+# DO NOT CHANGE THIS FILE #
+# config updates should be done in the service code #
+#####################################################
+
+from sheepdog.api import app, app_init
+from os import environ
+# import config_helper
+
+APP_NAME='sheepdog'
+# def load_json(file_name):
+# return config_helper.load_json(file_name, APP_NAME)
+
+# conf_data = load_json('creds.json')
+config = app.config
+
+
+config['INDEX_CLIENT'] = {
+ 'host': environ.get('INDEX_CLIENT_HOST') or 'http://indexd-service',
+ 'version': 'v0',
+ 'auth': (environ.get( "INDEXD_USER", 'sheepdog'), environ.get( "INDEXD_PASS") ),
+}
+
+config["PSQLGRAPH"] = {
+ 'host': environ.get( "PGHOST"),
+ 'user': environ.get( "PGUSER"),
+ 'password': environ.get( "PGPASSWORD"),
+ 'database': environ.get( "PGDB"),
+}
+
+config['HMAC_ENCRYPTION_KEY'] = environ.get( "HMAC_ENCRYPTION_KEY")
+config['FLASK_SECRET_KEY'] = environ.get( "FLASK_SECRET_KEY")
+
+fence_username = environ.get( "FENCE_DB_USER")
+fence_password = environ.get( "FENCE_DB_PASS")
+fence_host = environ.get( "FENCE_DB_HOST")
+fence_database = environ.get( "FENCE_DB_DBNAME")
+config['PSQL_USER_DB_CONNECTION'] = 'postgresql://%s:%s@%s:5432/%s' % (fence_username, fence_password, fence_host, fence_database)
+
+config['DICTIONARY_URL'] = environ.get('DICTIONARY_URL','https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json')
+
+
+# config['SUBMISSION'] = {
+# 'bucket': conf_data.get( 'bagit_bucket', '{{bagit_bucket}}' )
+# }
+
+# config['STORAGE'] = {
+# "s3":
+# {
+# "access_key": conf_data.get( 's3_access', '{{s3_access}}' ),
+# 'secret_key': conf_data.get( 's3_secret', '{{s3_secret}}' )
+# }
+# }
+
+hostname = environ.get("CONF_HOSTNAME", "localhost")
+
+config['OIDC_ISSUER'] = 'https://%s/user' % hostname
+
+config['OAUTH2'] = {
+ 'client_id': "conf_data.get('oauth2_client_id', '{{oauth2_client_id}}')",
+ 'client_secret': "conf_data.get('oauth2_client_secret', '{{oauth2_client_secret}}')",
+ 'api_base_url': 'https://%s/user/' % hostname,
+ 'authorize_url': 'https://%s/user/oauth2/authorize' % hostname,
+ 'access_token_url': 'https://%s/user/oauth2/token' % hostname,
+ 'refresh_token_url': 'https://%s/user/oauth2/token' % hostname,
+ 'client_kwargs': {
+ 'redirect_uri': 'https://%s/api/v0/oauth2/authorize' % hostname,
+ 'scope': 'openid data user',
+ },
+ # deprecated key values, should be removed after all commons use new oidc
+ 'internal_oauth_provider': 'http://fence-service/oauth2/',
+ 'oauth_provider': 'https://%s/user/oauth2/' % hostname,
+ 'redirect_uri': 'https://%s/api/v0/oauth2/authorize' % hostname
+}
+
+config['USER_API'] = environ.get('FENCE_URL') or 'http://fence-service/'
+# use the USER_API URL instead of the public issuer URL to accquire JWT keys
+config['FORCE_ISSUER'] = True
+print(config)
+app_init(app)
+application = app
+application.debug = (environ.get('GEN3_DEBUG') == "True")
diff --git a/helm/sheepdog/values.yaml b/helm/sheepdog/values.yaml
index 59b0841f..ca34a143 100644
--- a/helm/sheepdog/values.yaml
+++ b/helm/sheepdog/values.yaml
@@ -76,17 +76,17 @@ postgres:
# (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore
dbRestore: false
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: "metadata_db"
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: "metadata_user"
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- (string) Will create a Database for the individual service to help with developing it.
separate: false
@@ -168,7 +168,7 @@ image:
# -- (string) Docker pull policy.
pullPolicy: Always
# -- (string) Overrides the image tag whose default is the chart appVersion.
- tag: "bug_auth-audience"
+ tag: ""
# Environment Variables
# -- (string) URL of the data dictionary.
@@ -185,8 +185,8 @@ authNamespace: default
volumeMounts:
- name: "config-volume"
readOnly: true
- mountPath: "/var/www/sheepdog/settings.py"
- subPath: "settings.py"
+ mountPath: "/var/www/sheepdog/wsgi.py"
+ subPath: "wsgi.py"
# -- (map) Resource requests and limits for the containers in the pod
resources:
@@ -214,6 +214,33 @@ service:
# Secrets
# -- (map) Values for sheepdog secret.
secrets:
+ # -- (map) Values for sheepdog's access to the fence database.
+ fence:
+ # -- (string) Host for fence's db.
+ host: ""
+ # -- (string) User for fence's db.
+ user: "fence_user"
+ # -- (string) Password to fence's db.
+ password: "xxxxxxxxxxxxxxxx"
+ # -- (string) Database name for fence's db.
+ database: "fence_db"
+ # -- (map) Values for sheepdog's database.
+ sheepdog:
+ # -- (string) Host for sheepdog's db.
+ host: ""
+ # -- (string) Password to sheepdog's db.
+ password: "xxxxxxxxxxxxxxxx"
+ # -- (string) User for sheepdog's db.
+ user: "metadata_user"
+ # -- (string) Database name for sheepdog's db.
+ database: "metadata_db"
+ gdcapi:
+ # -- (string) GDCAPI token.
+ secretKey:
+ # -- (map) Values for sheepdog's access to indexd database.
+ indexd:
+ # -- (string) Password to indexd's db.
+ password: "xxxxxxxxxxxxxxxx"
# -- (str) AWS access key ID to access the db restore job S3 bucket. Overrides global key.
awsAccessKeyId:
# -- (str) AWS secret access key ID to access the db restore job S3 bucket. Overrides global key.
diff --git a/helm/sower/Chart.yaml b/helm/sower/Chart.yaml
index b273c98b..2efaa70d 100644
--- a/helm/sower/Chart.yaml
+++ b/helm/sower/Chart.yaml
@@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.10
+version: 0.1.9
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
diff --git a/helm/sower/README.md b/helm/sower/README.md
index c2a050f4..2ca77e81 100644
--- a/helm/sower/README.md
+++ b/helm/sower/README.md
@@ -1,6 +1,6 @@
# sower
-![Version: 0.1.10](https://img.shields.io/badge/Version-0.1.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
+![Version: 0.1.9](https://img.shields.io/badge/Version-0.1.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
A Helm chart for gen3 sower
@@ -31,9 +31,6 @@ A Helm chart for gen3 sower
| awsStsRegionalEndpoints | string | `"regional"` | AWS STS to issue temporary credentials to users and roles that make an AWS STS request. Values regional or global. |
| commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl |
| criticalService | string | `"false"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". |
-| externalSecrets | map | `{"createK8sPelicanServiceSecret":false,"pelicanserviceG3auto":null}` | External Secrets settings. |
-| externalSecrets.createK8sPelicanServiceSecret | string | `false` | Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets. |
-| externalSecrets.pelicanserviceG3auto | string | `nil` | Will override the name of the aws secrets manager secret. Default is "pelicanservice-g3auto" |
| fullnameOverride | string | `""` | Override the full name of the deployment. |
| gen3Namespace | string | `"default"` | Namespace to deploy the job. |
| global.aws | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null,"enabled":false}` | AWS configuration |
@@ -45,9 +42,6 @@ A Helm chart for gen3 sower
| global.dictionaryUrl | string | `"https://s3.amazonaws.com/dictionary-artifacts/datadictionary/develop/schema.json"` | URL of the data dictionary. |
| global.dispatcherJobNum | int | `"10"` | Number of dispatcher jobs. |
| global.environment | string | `"default"` | Environment name. This should be the same as vpcname if you're doing an AWS deployment. Currently this is being used to share ALB's if you have multiple namespaces. Might be used other places too. |
-| global.externalSecrets | map | `{"deploy":false,"separateSecretStore":false}` | External Secrets settings. |
-| global.externalSecrets.deploy | bool | `false` | Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed. |
-| global.externalSecrets.separateSecretStore | string | `false` | Will deploy a separate External Secret Store for this service. |
| global.hostname | string | `"localhost"` | Hostname for the deployment. |
| global.kubeBucket | string | `"kube-gen3"` | S3 bucket name for Kubernetes manifest files. |
| global.logsBucket | string | `"logs-gen3"` | S3 bucket name for log files. |
@@ -82,9 +76,6 @@ A Helm chart for gen3 sower
| resources.requests | map | `{"cpu":"100m","memory":"20Mi"}` | The amount of resources that the container requests |
| resources.requests.cpu | string | `"100m"` | The amount of CPU requested |
| resources.requests.memory | string | `"20Mi"` | The amount of memory requested |
-| secrets | map | `{"awsAccessKeyId":null,"awsSecretAccessKey":null}` | Secret information for Usersync and External Secrets. |
-| secrets.awsAccessKeyId | str | `nil` | AWS access key ID. Overrides global key. |
-| secrets.awsSecretAccessKey | str | `nil` | AWS access key ID. Overrides global key. |
| securityContext | map | `{}` | Security context for the containers in the pod |
| selectorLabels | map | `nil` | Will completely override the selectorLabels defined in the common chart's _label_setup.tpl |
| service | map | `{"port":80,"type":"ClusterIP"}` | Kubernetes service information. |
@@ -104,22 +95,7 @@ A Helm chart for gen3 sower
| sowerConfig[0].container.env[1].valueFrom.configMapKeyRef.name | string | `"manifest-global"` | |
| sowerConfig[0].container.env[2].name | string | `"ROOT_NODE"` | |
| sowerConfig[0].container.env[2].value | string | `"subject"` | |
-| sowerConfig[0].container.env[3].name | string | `"DB_HOST"` | |
-| sowerConfig[0].container.env[3].valueFrom.secretKeyRef.key | string | `"host"` | |
-| sowerConfig[0].container.env[3].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | |
-| sowerConfig[0].container.env[4].name | string | `"DB_DATABASE"` | |
-| sowerConfig[0].container.env[4].valueFrom.secretKeyRef.key | string | `"database"` | |
-| sowerConfig[0].container.env[4].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | |
-| sowerConfig[0].container.env[5].name | string | `"DB_USER"` | |
-| sowerConfig[0].container.env[5].valueFrom.secretKeyRef.key | string | `"username"` | |
-| sowerConfig[0].container.env[5].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | |
-| sowerConfig[0].container.env[6].name | string | `"DB_PASS"` | |
-| sowerConfig[0].container.env[6].valueFrom.secretKeyRef.key | string | `"password"` | |
-| sowerConfig[0].container.env[6].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | |
-| sowerConfig[0].container.env[7].name | string | `"SHEEPDOG"` | |
-| sowerConfig[0].container.env[7].valueFrom.secretKeyRef.key | string | `"sheepdog"` | |
-| sowerConfig[0].container.env[7].valueFrom.secretKeyRef.name | string | `"indexd-service-creds"` | |
-| sowerConfig[0].container.image | string | `"quay.io/cdis/pelican-export:GPE-1252"` | |
+| sowerConfig[0].container.image | string | `"quay.io/cdis/pelican-export:master"` | |
| sowerConfig[0].container.memory-limit | string | `"12Gi"` | |
| sowerConfig[0].container.name | string | `"job-task"` | |
| sowerConfig[0].container.pull_policy | string | `"Always"` | |
@@ -127,10 +103,16 @@ A Helm chart for gen3 sower
| sowerConfig[0].container.volumeMounts[0].name | string | `"pelican-creds-volume"` | |
| sowerConfig[0].container.volumeMounts[0].readOnly | bool | `true` | |
| sowerConfig[0].container.volumeMounts[0].subPath | string | `"config.json"` | |
+| sowerConfig[0].container.volumeMounts[1].mountPath | string | `"/peregrine-creds.json"` | |
+| sowerConfig[0].container.volumeMounts[1].name | string | `"peregrine-creds-volume"` | |
+| sowerConfig[0].container.volumeMounts[1].readOnly | bool | `true` | |
+| sowerConfig[0].container.volumeMounts[1].subPath | string | `"creds.json"` | |
| sowerConfig[0].name | string | `"pelican-export"` | |
| sowerConfig[0].restart_policy | string | `"Never"` | |
| sowerConfig[0].volumes[0].name | string | `"pelican-creds-volume"` | |
| sowerConfig[0].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | |
+| sowerConfig[0].volumes[1].name | string | `"peregrine-creds-volume"` | |
+| sowerConfig[0].volumes[1].secret.secretName | string | `"peregrine-creds"` | |
| sowerConfig[1].action | string | `"export-files"` | |
| sowerConfig[1].container.cpu-limit | string | `"1"` | |
| sowerConfig[1].container.env[0].name | string | `"DICTIONARY_URL"` | |
@@ -143,22 +125,7 @@ A Helm chart for gen3 sower
| sowerConfig[1].container.env[2].value | string | `"file"` | |
| sowerConfig[1].container.env[3].name | string | `"EXTRA_NODES"` | |
| sowerConfig[1].container.env[3].value | string | `""` | |
-| sowerConfig[1].container.env[4].name | string | `"DB_HOST"` | |
-| sowerConfig[1].container.env[4].valueFrom.secretKeyRef.key | string | `"host"` | |
-| sowerConfig[1].container.env[4].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | |
-| sowerConfig[1].container.env[5].name | string | `"DB_DATABASE"` | |
-| sowerConfig[1].container.env[5].valueFrom.secretKeyRef.key | string | `"database"` | |
-| sowerConfig[1].container.env[5].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | |
-| sowerConfig[1].container.env[6].name | string | `"DB_USER"` | |
-| sowerConfig[1].container.env[6].valueFrom.secretKeyRef.key | string | `"username"` | |
-| sowerConfig[1].container.env[6].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | |
-| sowerConfig[1].container.env[7].name | string | `"DB_PASS"` | |
-| sowerConfig[1].container.env[7].valueFrom.secretKeyRef.key | string | `"password"` | |
-| sowerConfig[1].container.env[7].valueFrom.secretKeyRef.name | string | `"peregrine-dbcreds"` | |
-| sowerConfig[1].container.env[8].name | string | `"SHEEPDOG"` | |
-| sowerConfig[1].container.env[8].valueFrom.secretKeyRef.key | string | `"sheepdog"` | |
-| sowerConfig[1].container.env[8].valueFrom.secretKeyRef.name | string | `"indexd-service-creds"` | |
-| sowerConfig[1].container.image | string | `"quay.io/cdis/pelican-export:GPE-1252"` | |
+| sowerConfig[1].container.image | string | `"quay.io/cdis/pelican-export:master"` | |
| sowerConfig[1].container.memory-limit | string | `"12Gi"` | |
| sowerConfig[1].container.name | string | `"job-task"` | |
| sowerConfig[1].container.pull_policy | string | `"Always"` | |
@@ -174,6 +141,8 @@ A Helm chart for gen3 sower
| sowerConfig[1].restart_policy | string | `"Never"` | |
| sowerConfig[1].volumes[0].name | string | `"pelican-creds-volume"` | |
| sowerConfig[1].volumes[0].secret.secretName | string | `"pelicanservice-g3auto"` | |
+| sowerConfig[1].volumes[1].name | string | `"peregrine-creds-volume"` | |
+| sowerConfig[1].volumes[1].secret.secretName | string | `"peregrine-creds"` | |
| strategy | map | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Rolling update deployment strategy |
| strategy.rollingUpdate.maxSurge | int | `1` | Number of additional replicas to add during rollout. |
| strategy.rollingUpdate.maxUnavailable | int | `0` | Maximum amount of pods that can be unavailable during the update. |
diff --git a/helm/sower/templates/_helpers.tpl b/helm/sower/templates/_helpers.tpl
index 1815359e..e9a7c298 100644
--- a/helm/sower/templates/_helpers.tpl
+++ b/helm/sower/templates/_helpers.tpl
@@ -66,10 +66,3 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
-
-{{/*
- Pelicanservice g3 Auto Secrets Manager Name
-*/}}
-{{- define "pelicanservice-g3auto" -}}
-{{- default "pelicanservice-g3auto" .Values.externalSecrets.pelicanserviceG3auto }}
-{{- end }}
\ No newline at end of file
diff --git a/helm/sower/templates/aws-config.yaml b/helm/sower/templates/aws-config.yaml
deleted file mode 100644
index 398770d3..00000000
--- a/helm/sower/templates/aws-config.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-{{- if or (.Values.secrets.awsSecretAccessKey) (.Values.global.aws.awsSecretAccessKey ) }}
-{{ include "common.awsconfig" . }}
-{{- end -}}
\ No newline at end of file
diff --git a/helm/sower/templates/external-secret.yaml b/helm/sower/templates/external-secret.yaml
deleted file mode 100644
index 43132663..00000000
--- a/helm/sower/templates/external-secret.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{ if .Values.global.externalSecrets.deploy }}
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- name: pelicanservice-g3auto
-spec:
- refreshInterval: 5m
- secretStoreRef:
- name: {{include "common.SecretStore" .}}
- kind: SecretStore
- target:
- name: pelicanservice-g3auto
- creationPolicy: Owner
- data:
- - secretKey: config.json
- remoteRef:
- #name of secret in secrets manager
- key: {{include "pelicanservice-g3auto" .}}
-{{- end }}
\ No newline at end of file
diff --git a/helm/sower/templates/pelican-creds.yaml b/helm/sower/templates/pelican-creds.yaml
index 0d3420f5..cc6f526c 100644
--- a/helm/sower/templates/pelican-creds.yaml
+++ b/helm/sower/templates/pelican-creds.yaml
@@ -1,4 +1,3 @@
-{{- if or (not .Values.global.externalSecrets.deploy) (and .Values.global.externalSecrets.deploy .Values.externalSecrets.createK8sPelicanServiceSecret) }}
apiVersion: v1
kind: Secret
metadata:
@@ -6,12 +5,11 @@ metadata:
type: Opaque
{{- if .Values.global.aws.enabled }}
stringData:
- config.json: |
- {
- "manifest_bucket_name": "{{ .Values.pelican.bucket }}",
- "hostname": "{{ .Values.global.hostname }}",
- "aws_access_key_id": "{{ .Values.secrets.awsAccessKeyId | default .Values.global.aws.awsAccessKeyId }}",
- "aws_secret_access_key": "{{ .Values.secrets.awsSecretAccessKey | default .Values.global.aws.awsSecretAccessKey }}"
- }
+ config.json: |-
+{
+ "manifest_bucket_name": "{{ .Values.pelican.bucket }}",
+ "hostname": "{{ .Values.global.hostname }}",
+ "aws_access_key_id": "{{ .Values.global.aws.pelican_user.access_key }}",
+ "aws_secret_access_key": "{{ .Values.global.aws.pelican_user.access_secret }}"
+}
{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/helm/sower/templates/secret-store.yaml b/helm/sower/templates/secret-store.yaml
deleted file mode 100644
index 771c7760..00000000
--- a/helm/sower/templates/secret-store.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-{{ if .Values.global.externalSecrets.separateSecretStore }}
-{{ include "common.secretstore" . }}
-{{- end }}
\ No newline at end of file
diff --git a/helm/sower/values.yaml b/helm/sower/values.yaml
index 48f36db2..3bc59048 100644
--- a/helm/sower/values.yaml
+++ b/helm/sower/values.yaml
@@ -55,26 +55,6 @@ global:
dispatcherJobNum: "10"
# -- (bool) Whether Datadog is enabled.
ddEnabled: false
- # -- (map) External Secrets settings.
- externalSecrets:
- # -- (bool) Will use ExternalSecret resources to pull secrets from Secrets Manager instead of creating them locally. Be cautious as this will override any manifestservice secrets you have deployed.
- deploy: false
- # -- (string) Will deploy a separate External Secret Store for this service.
- separateSecretStore: false
-
-# -- (map) External Secrets settings.
-externalSecrets:
- # -- (string) Will create the Helm "manifestservice-g3auto" secret even if Secrets Manager is enabled. This is helpful if you are wanting to use External Secrets for some, but not all secrets.
- createK8sPelicanServiceSecret: false
- # -- (string) Will override the name of the aws secrets manager secret. Default is "pelicanservice-g3auto"
- pelicanserviceG3auto:
-
-# -- (map) Secret information for Usersync and External Secrets.
-secrets:
- # -- (str) AWS access key ID. Overrides global key.
- awsAccessKeyId:
- # -- (str) AWS access key ID. Overrides global key.
- awsSecretAccessKey:
# -- (int) Number of replicas for the deployment.
replicaCount: 1
@@ -210,7 +190,7 @@ sowerConfig:
action: export
container:
name: job-task
- image: quay.io/cdis/pelican-export:GPE-1252
+ image: quay.io/cdis/pelican-export:master
pull_policy: Always
env:
- name: DICTIONARY_URL
@@ -225,48 +205,30 @@ sowerConfig:
key: hostname
- name: ROOT_NODE
value: subject
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: peregrine-dbcreds
- key: host
- - name: DB_DATABASE
- valueFrom:
- secretKeyRef:
- name: peregrine-dbcreds
- key: database
- - name: DB_USER
- valueFrom:
- secretKeyRef:
- name: peregrine-dbcreds
- key: username
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- name: peregrine-dbcreds
- key: password
- - name: SHEEPDOG
- valueFrom:
- secretKeyRef:
- name: indexd-service-creds
- key: sheepdog
volumeMounts:
- name: pelican-creds-volume
readOnly: true
mountPath: "/pelican-creds.json"
subPath: config.json
+ - name: peregrine-creds-volume
+ readOnly: true
+ mountPath: "/peregrine-creds.json"
+ subPath: creds.json
cpu-limit: '1'
memory-limit: 12Gi
volumes:
- name: pelican-creds-volume
secret:
secretName: pelicanservice-g3auto
+ - name: peregrine-creds-volume
+ secret:
+ secretName: peregrine-creds
restart_policy: Never
- name: pelican-export-files
action: export-files
container:
name: job-task
- image: quay.io/cdis/pelican-export:GPE-1252
+ image: quay.io/cdis/pelican-export:master
pull_policy: Always
env:
- name: DICTIONARY_URL
@@ -283,31 +245,6 @@ sowerConfig:
value: file
- name: EXTRA_NODES
value: ''
- - name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: peregrine-dbcreds
- key: host
- - name: DB_DATABASE
- valueFrom:
- secretKeyRef:
- name: peregrine-dbcreds
- key: database
- - name: DB_USER
- valueFrom:
- secretKeyRef:
- name: peregrine-dbcreds
- key: username
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- name: peregrine-dbcreds
- key: password
- - name: SHEEPDOG
- valueFrom:
- secretKeyRef:
- name: indexd-service-creds
- key: sheepdog
volumeMounts:
- name: pelican-creds-volume
readOnly: true
@@ -323,6 +260,9 @@ sowerConfig:
- name: pelican-creds-volume
secret:
secretName: pelicanservice-g3auto
+ - name: peregrine-creds-volume
+ secret:
+ secretName: peregrine-creds
restart_policy: Never
diff --git a/helm/wts/values.yaml b/helm/wts/values.yaml
index d4e10223..1832b408 100644
--- a/helm/wts/values.yaml
+++ b/helm/wts/values.yaml
@@ -76,17 +76,17 @@ postgres:
# (bool) Whether the database should be restored from s3. Default to global.postgres.dbRestore
dbRestore: false
# -- (bool) Whether the database should be created. Default to global.postgres.dbCreate
- dbCreate:
+ dbCreate: false
# -- (string) Hostname for postgres server. This is a service override, defaults to global.postgres.host
- host:
+ host: ""
# -- (string) Database name for postgres. This is a service override, defaults to -
- database:
+ database: postgres
# -- (string) Username for postgres. This is a service override, defaults to -
- username:
+ username: postgres
# -- (string) Port for Postgres.
port: "5432"
# -- (string) Password for Postgres. Will be autogenerated if left empty.
- password:
+ password: "xxxxxxxxxxxxxxxx"
# -- (string) Will create a Database for the individual service to help with developing it.
separate: false