diff --git a/ipeer-ubc-cwl-login/image-1.png b/ipeer-ubc-cwl-login/image-1.png deleted file mode 100644 index e24a29b..0000000 Binary files a/ipeer-ubc-cwl-login/image-1.png and /dev/null differ diff --git a/ipeer-ubc-cwl-login/image-2.png b/ipeer-ubc-cwl-login/image-2.png deleted file mode 100644 index a763b63..0000000 Binary files a/ipeer-ubc-cwl-login/image-2.png and /dev/null differ diff --git a/ipeer-ubc-cwl-login/value-original.txt b/ipeer-ubc-cwl-login/value-original.txt deleted file mode 100644 index 40cf3c0..0000000 --- a/ipeer-ubc-cwl-login/value-original.txt +++ /dev/null @@ -1,233 +0,0 @@ -# Default values for ipeer. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -stage: dev - -app: - image: - repository: ubcctlt/ipeer - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -web: - image: - repository: nginx - pullPolicy: IfNotPresent - tag: "1.24-alpine" - # set request timeout in seconds, some results need more time to calculate - timeout: "300" - -worker: - enabled: false - -cronjob: - email: - enabled: true - backup: - enabled: false - schedule: "00 09 * * *" - nfs: - path: 'REPLACEME' - server: 'REPLACEME' - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - annotations: - kubernetes.io/ingress.class: "nginx" - #nginx.ingress.kubernetes.io/backend-protocol: "FCGI" - #nginx.ingress.kubernetes.io/fastcgi-index: "index.php" - # kubernetes.io/tls-acme: "true" - hosts: - - host: ipeer-example.local - paths: ['/'] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -ipeer: - session_save: database - debug: false - auth: - method: default - ldap: - host: ldap.example.com - port: 636 - serviceUsername: 'uid=USERNAME, ou=Special Users, o=school.ca' - servicePassword: PASSWORD - baseDn: 'ou=Campus Login, o=school.ca' - usernameField: 'uid' - attributeSearchFilters: '[]' - attributeMap: '{}' - fallbackInternal: true - shibboleth: {} - caliper: - enabled: false - host: https://caliper.imsglobal.org/caliper/44c6173f-907f-40c5-8c93-a1acfaa6485c/message - apikey: 44c6173f-907f-40c5-8c93-a1acfaa6485c - baseURL: http://localhost.test.com/ - actorBaseURL: http://www.ubc.ca/%s - actorUniqueIdParam: username - -## -## MariaDB chart configuration -## -## https://github.com/helm/charts/blob/master/stable/mariadb/values.yaml -## -db: - ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters - disableExternal: true - ## standalone or replication - architecture: standalone - # use default image from upstream - #image: - # tag: 10.2 - auth: - #rootPassword: - database: &dbName ipeer - username: &dbUser ipeer - - ## If the password is not specified, mariadb will generates a random password - ## - # password: &dbPass - # replicationUser: replicator - # replicationPassword: - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - master: - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 8Gi - config: |- - [mysqld] - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mariadb - plugin_dir=/opt/bitnami/mariadb/plugin - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - tmpdir=/opt/bitnami/mariadb/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - log-error=/opt/bitnami/mariadb/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - expire-logs-days=90 - - [client] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mariadb/plugin - - [manager] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - - slave: - config: |- - [mysqld] - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mariadb - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - tmpdir=/opt/bitnami/mariadb/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - log-error=/opt/bitnami/mariadb/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - expire-logs-days=90 - - [client] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - default-character-set=UTF8 - - [manager] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - - service: - # uncomment name to use external service - #name: - #endpoints: - # - 10.0.0.1 - # - 10.0.0.2 - port: 3306 - diff --git a/ipeer/Chart.lock b/ipeer/Chart.lock deleted file mode 100644 index 2c5a3b5..0000000 --- a/ipeer/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 11.5.3 -digest: sha256:b56fe0445d330f8519f0dc0d32b8eb67938cdab27fc33b9803f3a1e1e7652413 -generated: "2023-03-16T16:35:24.128906-07:00" diff --git a/ipeer-ubc-cwl-login/README.md b/ipeer/README.md similarity index 78% rename from ipeer-ubc-cwl-login/README.md rename to ipeer/README.md index 038a38a..5666788 100644 --- a/ipeer-ubc-cwl-login/README.md +++ b/ipeer/README.md @@ -7,24 +7,6 @@ This method relies on local database authentication, where users log in using a iPeer CakePHP's ACL system using AROs and ACOs was a traditional method of handling access control before modern auth methods like SAML, OAuth2 became common. -![alt text](image-1.png) - -## Quick Start - -``` bash -git clone https://github.com/ubc/charts.git - -``` - -### Default login: - -```bash - -cd ipeer - -helm install/upgrade -n default -f ./ipeer-stg-defaultlogin-values.yaml --atomic ipeer-stg ./charts/ipeer -``` - ----------- @@ -59,9 +41,7 @@ This project provides: ⚠️ IMPORTANT: This solution makes zero modifications to the original iPeer CakePHP source code or its built-in Access Control List (ACL) system. The ACL continues to use AROs (Access Request Objects) and ACOs (Access Control Objects) to manage permissions and access control in a structured, hierarchical manner. - - -![alt text](image-2.png) +------------------ ## Quick Start @@ -70,13 +50,38 @@ git clone https://github.com/ubc/charts.git ``` +### Modify flag for UBC CWL Login: + +This introduces a configurable flag ubccwlsaml in the ipeer-stg-values.yaml file to switch between UBC CWL SAML login and the Default iPeer database login. By setting or removing this flag, admin can easily control the authentication method without modifying the iPeer image. + +![alt text](image-3.png) + +```bash + + +vi ./ipeer-stg-values.yaml + +# To enable UBC CWL login, set the `ubccwlsaml` flag: +# Use: ipeer-stg-defaultlogin-values + +# To use the default iPeer database login, either: +# - Set the flag empty (`flag: `), or +# - Remove the `flag: ubccwlsaml` flag entirely + +# Apply the changes: +helm install/upgrade -n default -f ./ipeer-stg-values.yaml --atomic ipeer-stg ./charts/ipeer + + +``` + + ### OneLogin SAML Integration for UBC CWL Authentication Login: ```bash -cd ipeer-ubc-cwl-login +cd ipeer -helm install/upgrade -n default -f ./ipeer-stg-oneloginsaml-values.yaml --atomic ipeer-stg ./charts/ipeer-oneloginsaml +helm install/upgrade -n default -f ./ipeer-stg-values.yaml --atomic ipeer-stg ./charts/ipeer ``` ------------------ diff --git a/ipeer/charts/mariadb-11.5.3.tgz b/ipeer/charts/mariadb-11.5.3.tgz deleted file mode 100644 index 14d788c..0000000 Binary files a/ipeer/charts/mariadb-11.5.3.tgz and /dev/null differ diff --git a/ipeer/iPeerCWLCharts/Chart.yaml b/ipeer/iPeerCWLCharts/Chart.yaml new file mode 100644 index 0000000..3354dcc --- /dev/null +++ b/ipeer/iPeerCWLCharts/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v2 +name: ipeer-combined-chart +description: Combined chart for managing multiple subcharts +version: 1.0.0 diff --git a/ipeer/iPeerCWLCharts/README.md b/ipeer/iPeerCWLCharts/README.md new file mode 100644 index 0000000..d0ce4dd --- /dev/null +++ b/ipeer/iPeerCWLCharts/README.md @@ -0,0 +1,7 @@ +## Helm Charts for iPeer – OneLogin SAML: + +> helm upgrade ipeer-stg-cwl ./iPeerCWLCharts/charts/oneloginsaml -n default -f values_ipeer-stg-cwl.yaml --atomic + +## Helm Charts for iPeer: + +> helm upgrade ipeer-stg ./iPeerCWLCharts/charts/ipeer -n default -f ./values_ipeer-stg.yaml --atomic diff --git a/ipeer/iPeerCWLCharts/charts/.DS_Store b/ipeer/iPeerCWLCharts/charts/.DS_Store new file mode 100644 index 0000000..7a564f0 Binary files /dev/null and b/ipeer/iPeerCWLCharts/charts/.DS_Store differ diff --git a/ipeer/iPeerCWLCharts/charts/ipeer/.DS_Store b/ipeer/iPeerCWLCharts/charts/ipeer/.DS_Store new file mode 100644 index 0000000..0d2d859 Binary files /dev/null and b/ipeer/iPeerCWLCharts/charts/ipeer/.DS_Store differ diff --git a/ipeer/iPeerCWLCharts/charts/ipeer/.helmignore b/ipeer/iPeerCWLCharts/charts/ipeer/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/ipeer/iPeerCWLCharts/charts/ipeer/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/ipeer-ubc-cwl-login/Chart.lock b/ipeer/iPeerCWLCharts/charts/ipeer/Chart.lock similarity index 100% rename from ipeer-ubc-cwl-login/Chart.lock rename to ipeer/iPeerCWLCharts/charts/ipeer/Chart.lock diff --git a/ipeer-ubc-cwl-login/Chart.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/Chart.yaml similarity index 94% rename from ipeer-ubc-cwl-login/Chart.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/Chart.yaml index 6863984..14f2fd5 100644 --- a/ipeer-ubc-cwl-login/Chart.yaml +++ b/ipeer/iPeerCWLCharts/charts/ipeer/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: ipeer -description: iPeer helm chart +description: iPeer OneLoginSAML Hybrid Helm Chart # A chart can be either an 'application' or a 'library' chart. # @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.21 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/ipeer-ubc-cwl-login/charts/mariadb-11.5.3.tgz b/ipeer/iPeerCWLCharts/charts/ipeer/charts/mariadb-11.5.3.tgz similarity index 100% rename from ipeer-ubc-cwl-login/charts/mariadb-11.5.3.tgz rename to ipeer/iPeerCWLCharts/charts/ipeer/charts/mariadb-11.5.3.tgz diff --git a/ipeer-ubc-cwl-login/homeubcsaml_controller.php b/ipeer/iPeerCWLCharts/charts/ipeer/homeubcsaml_controller.php similarity index 92% rename from ipeer-ubc-cwl-login/homeubcsaml_controller.php rename to ipeer/iPeerCWLCharts/charts/ipeer/homeubcsaml_controller.php index 57c8383..bf92ab6 100644 --- a/ipeer-ubc-cwl-login/homeubcsaml_controller.php +++ b/ipeer/iPeerCWLCharts/charts/ipeer/homeubcsaml_controller.php @@ -2,7 +2,8 @@ require_once 'vendor/autoload.php'; // Load OneLogin SAML2 -/////// CWL LOGIN ////////// +/////// CWL LOGIN 2 ////////// + class HomeUBCSamlController extends AppController { @@ -161,13 +162,16 @@ function process_user($username, $defaultPassword, $defaultRoleID, $strGivenName return $username; } else { $this->log( "No user found with username '" . $username . "'
", 'debug'); - if ($this->add_user_with_role_extended($username, $password, $role_id, $strGivenName, $strLastName, $strStudentNo, $strEmail)) { - $this->log( "User '" . $username . "' has been added to the database with role ID '" . $role_id . "'.
", 'debug' ); - return $username; - } else { - $this->log( "Failed to add user '" . $username . "' to the database.
" ); - return null; - } + + //if ($this->add_user_with_role_extended($username, $password, $role_id, $strGivenName, $strLastName, $strStudentNo, $strEmail)) { + // $this->log( "User '" . $username . "' has been added to the database with role ID '" . $role_id . "'.
", 'debug' ); + // return $username; + //} else { + // $this->log( "Failed to add user '" . $username . "' to the database.
" ); + // return null; + //} + + return null; } return null; } @@ -334,13 +338,13 @@ function beforeFilter() $decryptedAssertion = $plain; if (!$decryptedAssertion) { - //$this->log("Error: Failed to decrypt SAML Assertion..........................", 'debug'); + $this->log("Error: Failed to decrypt SAML Assertion..........................", 'debug'); - $this->redirect('https://ipeer-stg.apps.ctlt.ubc.ca/login?defaultlogin=true'); + $this->redirect('/login?defaultlogin=true'); exit; }else{ - //$this->log("Decryption OK.", 'debug'); + $this->log("Decryption OK.", 'debug'); $decryptedXml = new DOMDocument(); $decryptedXml->loadXML($decryptedAssertion); @@ -351,7 +355,7 @@ function beforeFilter() $value = $attribute->getElementsByTagName('AttributeValue')->item(0)->nodeValue; $attributes[$name] = $value; - //$this->log("ATTIBBB:::" . $name . ":" . $value , 'debug'); + $this->log("ATTIBBB:::" . $name . ":" . $value , 'debug'); } @@ -408,6 +412,14 @@ function beforeFilter() }else{ $this->log('Valid username '.$userId.' from session transfer.', 'debug'); } + }else{ + $this->log("PROCESS USER:EXISTING-USER::" . $name . ":" . $value , 'debug'); + + $this->_afterLogout(); + + $this->redirect('/public/saml/logout.php'); + + exit; } } @@ -415,7 +427,7 @@ function beforeFilter() } else { $this->log("Error: SAMLResponse is not properly Base64-encoded.", 'debug'); - //$this->log($samlResponse); + $this->log($samlResponse); } diff --git a/ipeer-ubc-cwl-login/homeubcsamllogout_controller.php b/ipeer/iPeerCWLCharts/charts/ipeer/homeubcsamllogout_controller.php similarity index 98% rename from ipeer-ubc-cwl-login/homeubcsamllogout_controller.php rename to ipeer/iPeerCWLCharts/charts/ipeer/homeubcsamllogout_controller.php index f4f0030..44da862 100644 --- a/ipeer-ubc-cwl-login/homeubcsamllogout_controller.php +++ b/ipeer/iPeerCWLCharts/charts/ipeer/homeubcsamllogout_controller.php @@ -3,6 +3,7 @@ require_once 'vendor/autoload.php'; // Load OneLogin SAML2 + class HomeUBCSamlLogoutController extends AppController { /** @@ -37,7 +38,8 @@ function beforeFilter() $this->_afterLogout(); $this->redirect('/public/saml/logout.php'); - + + exit; } diff --git a/ipeer-ubc-cwl-login/login_cwl.php b/ipeer/iPeerCWLCharts/charts/ipeer/login_cwl.php similarity index 85% rename from ipeer-ubc-cwl-login/login_cwl.php rename to ipeer/iPeerCWLCharts/charts/ipeer/login_cwl.php index 12b5d09..1dcd4ed 100644 --- a/ipeer-ubc-cwl-login/login_cwl.php +++ b/ipeer/iPeerCWLCharts/charts/ipeer/login_cwl.php @@ -15,12 +15,8 @@ function isUrlWorking($url) { return false; } -//echo($_ENV['IPEER_AUTH_SHIBB_URL']); -//$authShibbUrl = $_ENV['IPEER_AUTH_SHIBB_URL'] ?? 'https://ipeer.elearning.ubc.ca/login?defaultlogin=true'; - -//02JUNE2025 - STG ENV -$authShibbUrl = $_ENV['IPEER_AUTH_SHIBB_URL'] ?? 'https://ipeer-stg.apps.ctlt.ubc.ca/login?defaultlogin=true'; +$authShibbUrl = $_ENV['IPEER_AUTH_SHIBB_URL'] ?? '/login?defaultlogin=true'; // Define the URL to check using the value of $authShibbUrl diff --git a/ipeer-ubc-cwl-login/routes.php b/ipeer/iPeerCWLCharts/charts/ipeer/routes.php similarity index 100% rename from ipeer-ubc-cwl-login/routes.php rename to ipeer/iPeerCWLCharts/charts/ipeer/routes.php diff --git a/ipeer-ubc-cwl-login/templates/NOTES.txt b/ipeer/iPeerCWLCharts/charts/ipeer/templates/NOTES.txt similarity index 100% rename from ipeer-ubc-cwl-login/templates/NOTES.txt rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/NOTES.txt diff --git a/ipeer-ubc-cwl-login/templates/_helpers.tpl b/ipeer/iPeerCWLCharts/charts/ipeer/templates/_helpers.tpl similarity index 100% rename from ipeer-ubc-cwl-login/templates/_helpers.tpl rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/_helpers.tpl diff --git a/ipeer-ubc-cwl-login/templates/cronjob-backup.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/cronjob-backup.yaml similarity index 100% rename from ipeer-ubc-cwl-login/templates/cronjob-backup.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/cronjob-backup.yaml diff --git a/ipeer-ubc-cwl-login/templates/cronjob-email.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/cronjob-email.yaml similarity index 100% rename from ipeer-ubc-cwl-login/templates/cronjob-email.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/cronjob-email.yaml diff --git a/ipeer-ubc-cwl-login/templates/deployment.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/deployment.yaml similarity index 90% rename from ipeer-ubc-cwl-login/templates/deployment.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/deployment.yaml index d21b901..33115a1 100644 --- a/ipeer-ubc-cwl-login/templates/deployment.yaml +++ b/ipeer/iPeerCWLCharts/charts/ipeer/templates/deployment.yaml @@ -6,7 +6,7 @@ metadata: {{- include "ipeer.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} +replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: @@ -33,11 +33,11 @@ spec: - name: shared-files emptyDir: {} - # Add the ConfigMap we declared above as a volume for the pod - name: nginx-config-volume configMap: name: {{ include "ipeer.fullname" . }}-nginx-config + {{- if and .Values.flag (eq .Values.flag "ubccwlsaml") }} - name: login-cwl-volume configMap: name: {{ include "ipeer.fullname" . }}-login-cwl @@ -45,6 +45,18 @@ spec: - name: php-files-volume configMap: name: {{ include "ipeer.fullname" . }}-php-files + {{- end }} + + # Add the ConfigMap we declared above as a volume for the pod + #- name: nginx-config-volume + # configMap: + # name: {{ include "ipeer.fullname" . }}-nginx-config + #- name: login-cwl-volume + # configMap: + # name: {{ include "ipeer.fullname" . }}-login-cwl + #- name: php-files-volume + # configMap: + # name: {{ include "ipeer.fullname" . }}-php-files containers: - name: {{ .Chart.Name }} @@ -128,7 +140,8 @@ spec: volumeMounts: - name: shared-files mountPath: /shared - + + {{- if and .Values.flag (eq .Values.flag "ubccwlsaml") }} - name: login-cwl-volume # login_level2 mountPath: /var/www/html/app/plugins/guard/views/elements/login_default.ctp subPath: login_cwl.php @@ -141,6 +154,20 @@ spec: - name: php-files-volume mountPath: /var/www/html/app/controllers/homeubcsamllogout_controller.php subPath: homeubcsamllogout_controller.php + {{- end }} + + #- name: login-cwl-volume # login_level2 + # mountPath: /var/www/html/app/plugins/guard/views/elements/login_default.ctp + # subPath: login_cwl.php + #- name: php-files-volume + # mountPath: /var/www/html/app/controllers/homeubcsaml_controller.php + # subPath: homeubcsaml_controller.php + #- name: php-files-volume + # mountPath: /var/www/html/app/config/routes.php + # subPath: routes.php + #- name: php-files-volume + # mountPath: /var/www/html/app/controllers/homeubcsamllogout_controller.php + # subPath: homeubcsamllogout_controller.php # After the container has started, copy the PHP files from this # container's local filesystem to the shared volume, which is diff --git a/ipeer-ubc-cwl-login/templates/hpa.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/hpa.yaml similarity index 100% rename from ipeer-ubc-cwl-login/templates/hpa.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/hpa.yaml diff --git a/ipeer-ubc-cwl-login/templates/ingress.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/ingress.yaml similarity index 97% rename from ipeer-ubc-cwl-login/templates/ingress.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/ingress.yaml index f3645c8..78f3b9f 100644 --- a/ipeer-ubc-cwl-login/templates/ingress.yaml +++ b/ipeer/iPeerCWLCharts/charts/ipeer/templates/ingress.yaml @@ -54,7 +54,7 @@ spec: pathType: ImplementationSpecific backend: service: - name: ipeer-stg-cwl-oneloginsaml + name: ipeer-prod-cwl-oneloginsaml port: number: 80 - path: /public/saml/logout.php diff --git a/ipeer-ubc-cwl-login/templates/login-cwl-configmap.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/login-cwl-configmap.yaml similarity index 100% rename from ipeer-ubc-cwl-login/templates/login-cwl-configmap.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/login-cwl-configmap.yaml diff --git a/ipeer-ubc-cwl-login/templates/nginx-configmap.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/nginx-configmap.yaml similarity index 100% rename from ipeer-ubc-cwl-login/templates/nginx-configmap.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/nginx-configmap.yaml diff --git a/ipeer-ubc-cwl-login/templates/php-files-configmap.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/php-files-configmap.yaml similarity index 84% rename from ipeer-ubc-cwl-login/templates/php-files-configmap.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/php-files-configmap.yaml index a9c97b4..3a5e04c 100644 --- a/ipeer-ubc-cwl-login/templates/php-files-configmap.yaml +++ b/ipeer/iPeerCWLCharts/charts/ipeer/templates/php-files-configmap.yaml @@ -6,6 +6,6 @@ data: homeubcsaml_controller.php: |- {{ .Files.Get "homeubcsaml_controller.php" | indent 4 }} routes.php: |- -{{ .Files.Get "routes.php" | indent 4 }} # ✅ New file +{{ .Files.Get "routes.php" | indent 4 }} homeubcsamllogout_controller.php: |- {{ .Files.Get "homeubcsamllogout_controller.php" | indent 4 }} diff --git a/ipeer-ubc-cwl-login/templates/service.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/service.yaml similarity index 100% rename from ipeer-ubc-cwl-login/templates/service.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/service.yaml diff --git a/ipeer-ubc-cwl-login/templates/serviceaccount.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/serviceaccount.yaml similarity index 100% rename from ipeer-ubc-cwl-login/templates/serviceaccount.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/serviceaccount.yaml diff --git a/ipeer-ubc-cwl-login/templates/tests/test-connection.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/templates/tests/test-connection.yaml similarity index 100% rename from ipeer-ubc-cwl-login/templates/tests/test-connection.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/templates/tests/test-connection.yaml diff --git a/ipeer-ubc-cwl-login/values.yaml b/ipeer/iPeerCWLCharts/charts/ipeer/values.yaml similarity index 98% rename from ipeer-ubc-cwl-login/values.yaml rename to ipeer/iPeerCWLCharts/charts/ipeer/values.yaml index 7e14285..50df2a2 100644 --- a/ipeer-ubc-cwl-login/values.yaml +++ b/ipeer/iPeerCWLCharts/charts/ipeer/values.yaml @@ -1,10 +1,10 @@ # Default values for ipeer. -# This is a YAML-formatted file.. +# This is a YAML-formatted file... # Declare variables to be passed into your templates. replicaCount: 1 -stage: dev +stage: prod app: image: @@ -107,7 +107,7 @@ affinity: {} ipeer: secretKey: 'your_secret_key' jwtSecretKeyParm: 'id_parm_url' - authShibbolethURL: 'https://ipeer-stg.apps.ctlt.ubc.ca' + authShibbolethURL: 'https://shibboleth.url' session_save: database debug: false auth: diff --git a/ipeer/iPeerCWLCharts/charts/oneloginsaml/.DS_Store b/ipeer/iPeerCWLCharts/charts/oneloginsaml/.DS_Store new file mode 100644 index 0000000..fe2000a Binary files /dev/null and b/ipeer/iPeerCWLCharts/charts/oneloginsaml/.DS_Store differ diff --git a/ipeer/iPeerCWLCharts/charts/oneloginsaml/.helmignore b/ipeer/iPeerCWLCharts/charts/oneloginsaml/.helmignore new file mode 100755 index 0000000..50af031 --- /dev/null +++ b/ipeer/iPeerCWLCharts/charts/oneloginsaml/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/ipeer/Chart.yaml b/ipeer/iPeerCWLCharts/charts/oneloginsaml/Chart.yaml old mode 100644 new mode 100755 similarity index 60% rename from ipeer/Chart.yaml rename to ipeer/iPeerCWLCharts/charts/oneloginsaml/Chart.yaml index 5545645..07b9296 --- a/ipeer/Chart.yaml +++ b/ipeer/iPeerCWLCharts/charts/oneloginsaml/Chart.yaml @@ -1,11 +1,11 @@ apiVersion: v2 -name: ipeer -description: iPeer helm chart +name: oneloginsaml +description: OneLoginSAML CWL # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. +# to be deployed.. # # Library charts provide useful utilities or functions for the chart developer. They're included as # a dependency of application charts to inject those utilities and functions into the rendering @@ -14,17 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.13 +version: 0.2.3 # This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 3.4.10 - -dependencies: -- name: mariadb - version: 11.x.x - repository: https://charts.bitnami.com/bitnami - condition: db.disableExternal - alias: db +# incremented each time you make changes to the application. +appVersion: 1.0.0 diff --git a/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/_environment.tpl b/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/_environment.tpl new file mode 100755 index 0000000..877105c --- /dev/null +++ b/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/_environment.tpl @@ -0,0 +1,51 @@ +{{/* +Runtime environment variables +*/}} +{{- define "glu.environment" }} +- name: SECRET_KEY + value: {{ .Values.secretKey | quote }} + # valueFrom: + # secretKeyRef: + # name: {{ template "oneloginsaml.fullname" . }} + # key: secret_key +- name: GLU_BATCH_ENABLED + value: {{ .Values.glu.batchEnabled | quote }} +- name: GLU_BATCH_GROUP_SYNC_SCHEDULE + value: {{ .Values.glu.batchGroupSyncSchedule | quote }} +- name: GLU_BATCH_GROUP_SYNC_MUTEX_TTL + value: {{ .Values.glu.batchGroupSyncMutexTtl | quote }} +- name: GLU_SCRAMBLE_EMAIL + value: {{ .Values.glu.scrambleEmail | quote }} +- name: GLU_RENAME_API_NETWORK_MASK + value: {{ .Values.glu.renameApiNetworkMask | quote }} +- name: SAML_ATTRIBUTE_USERNAME + value: {{ .Values.saml.attributeUsername | quote }} +- name: SAML_ATTRIBUTE_FIRST_NAME + value: {{ .Values.saml.attributeFirstName | quote }} +- name: SAML_ATTRIBUTE_LAST_NAME + value: {{ .Values.saml.attributeLastName | quote }} +- name: SAML_SETTINGS_FILE + value: {{ .Values.saml.settingsFile | quote }} +- name: SAML_SETTINGS + value: {{ .Values.saml.settings | quote }} + # valueFrom: + # secretKeyRef: + # name: {{ template "oneloginsaml.fullname" . }} + # key: saml_settings +- name: SAML_METADATA_URL + value: {{ .Values.saml.metadataUrl | quote }} +- name: SAML_LOGOUT_URL + value: {{ .Values.saml.logoutUrl | default "https://authentication.ubc.ca/idp/profile/Logout" | quote }} +- name: SAML_METADATA_ENTITY_ID + value: {{ .Values.saml.metadataEntityId | quote }} +- name: SAML_EXPOSE_METADATA_ENDPOINT + value: {{ .Values.saml.exposeMetadataEndpoint | quote }} +- name: SAML_FORCE_RESP_HTTPS + value: {{ .Values.saml.forceRespHttps | quote }} +- name: SAML_JWT_SECRET_KEY + value: {{ .Values.saml.jwtSecretKey | quote }} +- name: SAML_JWT_SECRET_KEY_EXPIRATION + value: {{ .Values.saml.jwtSecretKeyExpiration | quote }} +- name: SAML_JWT_PARM + value: {{ .Values.saml.jwtSecretKeyParm | quote }} +{{- end }} diff --git a/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/_helpers.tpl b/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/_helpers.tpl new file mode 100755 index 0000000..d1276e1 --- /dev/null +++ b/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "oneloginsaml.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "oneloginsaml.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "oneloginsaml.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "oneloginsaml.labels" -}} +helm.sh/chart: {{ include "oneloginsaml.chart" . }} +{{ include "oneloginsaml.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "oneloginsaml.selectorLabels" -}} +app.kubernetes.io/name: {{ include "oneloginsaml.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "oneloginsaml.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "oneloginsaml.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/deployment-app.yaml b/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/deployment-app.yaml new file mode 100755 index 0000000..89bea51 --- /dev/null +++ b/ipeer/iPeerCWLCharts/charts/oneloginsaml/templates/deployment-app.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "oneloginsaml.fullname" . }} + labels: + app: {{ template "oneloginsaml.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- if .Values.CI_PIPELINE_ID }} + autodeployed: "true" + pipeline_id: "{{ .Values.CI_PIPELINE_ID }}" + {{- end }} + {{- if .Values.CI_BUILD_ID }} + build_id: "{{ .Values.CI_BUILD_ID }}" + {{- end }} +spec: + replicas: {{ .Values.app.replicaCount }} + strategy: + type: Recreate + selector: + matchLabels: + app: {{ template "oneloginsaml.fullname" . }} + stage: {{ .Values.stage }} + tier: app + template: + metadata: + annotations: + rollme: {{ now | quote }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: {{ template "oneloginsaml.fullname" . }} + stage: {{ .Values.stage }} + tier: app + spec: + {{- if .Values.app.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.app.image.pullSecret }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag }}" + imagePullPolicy: {{ .Values.app.image.pullPolicy }} + env: + {{- include "glu.environment" . | indent 8 }} + ports: + - containerPort: {{ .Values.app.service.internalPort }} + livenessProbe: + tcpSocket: + port: {{ .Values.app.service.internalPort }} + initialDelaySeconds: 15 + periodSeconds: 20 + failureThreshold: 10 + readinessProbe: + tcpSocket: + port: {{ .Values.app.service.internalPort }} + initialDelaySeconds: 10 + periodSeconds: 10 + {{- if .Values.app.persistence.enabled }} + volumeMounts: + - name: {{ template "oneloginsaml.fullname" . }}-persistent-storage + mountPath: /persistent + volumes: + - name: {{ template "oneloginsaml.fullname" . }}-persistent-storage + persistentVolumeClaim: + claimName: {{ template "oneloginsaml.fullname" . }}-pvc + {{- end }} + +--- + +apiVersion: v1 +kind: Service +metadata: + name: {{ template "oneloginsaml.fullname" . }} + labels: + app: {{ template "oneloginsaml.fullname" . }} + stage: {{ .Values.stage }} + tier: app + {{- if .Values.CI_PIPELINE_ID }} + autodeployed: "true" + pipeline_id: "{{ .Values.CI_PIPELINE_ID }}" + {{- end }} + {{- if .Values.CI_BUILD_ID }} + build_id: "{{ .Values.CI_BUILD_ID }}" + {{- end }} +spec: + type: {{ .Values.app.service.type }} + ports: + - port: {{ .Values.app.service.externalPort }} + targetPort: {{ .Values.app.service.internalPort }} + selector: + app: {{ template "oneloginsaml.fullname" . }} + stage: {{ .Values.stage }} + tier: app + diff --git a/ipeer/iPeerCWLCharts/charts/oneloginsaml/values.yaml b/ipeer/iPeerCWLCharts/charts/oneloginsaml/values.yaml new file mode 100755 index 0000000..bf5a969 --- /dev/null +++ b/ipeer/iPeerCWLCharts/charts/oneloginsaml/values.yaml @@ -0,0 +1,46 @@ +# Default values for CWL-ubc. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +stage: prod +secretKey: PLEASE_GENERATE_A_RANDOM_KEY +workerSchedulerEnabled: false +cForceRoot: true +workerSchedulerEnabled: false + +# app settings +glu: + batchEnabled: 'true' + batchGroupSyncSchedule: '{"hour": "*/2", "minute": "20"}' + batchGroupSyncMutexTtl: 1800 + scrambleEmail: 'false' + renameApiNetworkMask: '10.0.0.0/8' + +# saml settings +saml: + jwtSecretKey: 'your_secret_key' + jwtSecretKeyParm: 'pass_url_parm' + jwtSecretKeyExpiration: 10 + attributeUsername: uid + attributeFirstName: firstName + attributeLastName: lastName + settingsFile: null + settings: null + metadataUrl: 'https://samltest.id/saml/idp' + logoutUrl: 'https://samltest.id/saml/logout' + metadataEntityId: 'http://glu/api/saml/metadata' + exposeMetadataEndpoint: 'true' + forceRespHttps: 'false' + +app: + replicaCount: 1 + image: + repository: gcr.io/saml-ubc/glu-app + tag: latest + pullPolicy: IfNotPresent + pullSecret: null + persistence: + enabled: false + service: + type: ClusterIP + externalPort: 3031 + internalPort: 3031 diff --git a/ipeer/iPeerCWLCharts/values.yaml b/ipeer/iPeerCWLCharts/values.yaml new file mode 100644 index 0000000..d7d6e50 --- /dev/null +++ b/ipeer/iPeerCWLCharts/values.yaml @@ -0,0 +1 @@ +# values.yaml (Combined chart) diff --git a/ipeer/templates/NOTES.txt b/ipeer/templates/NOTES.txt deleted file mode 100644 index e184c65..0000000 --- a/ipeer/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ipeer.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ipeer.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ipeer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ipeer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/ipeer/templates/_helpers.tpl b/ipeer/templates/_helpers.tpl deleted file mode 100644 index 5a5cf51..0000000 --- a/ipeer/templates/_helpers.tpl +++ /dev/null @@ -1,101 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -For calling a template with subchart context -From https://github.com/helm/helm/issues/4535#issuecomment-477778391 -*/}} -{{- define "call-nested" }} -{{- $dot := index . 0 }} -{{- $subchart := index . 1 | splitList "." }} -{{- $template := index . 2 }} -{{- $values := $dot.Values }} -{{- range $subchart }} -{{- $values = index $values . }} -{{- end }} -{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} -{{- end }} - -{{/* -Expand the name of the chart. -*/}} -{{- define "ipeer.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ipeer.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} - -{{- define "ipeer.db.fullname" -}} -{{- if .Values.db.disableExternal }} -{{- include "call-nested" (list . "db" "mariadb.primary.fullname") | default .Values.db.service.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name "db" -}} -{{- end -}} -{{- end -}} - - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "ipeer.db.secretName" -}} -{{- printf "%s-%s" .Release.Name "db" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ipeer.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "ipeer.labels" -}} -helm.sh/chart: {{ include "ipeer.chart" . }} -{{ include "ipeer.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -stage: {{ .Values.stage }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "ipeer.selectorLabels" -}} -app.kubernetes.io/name: {{ include "ipeer.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ipeer.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "ipeer.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/ipeer/templates/cronjob-backup.yaml b/ipeer/templates/cronjob-backup.yaml deleted file mode 100644 index df7a65b..0000000 --- a/ipeer/templates/cronjob-backup.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.cronjob.backup.enabled }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "ipeer.fullname" . }}-backup-cronjob -spec: - schedule: {{ .Values.cronjob.backup.schedule | quote }} - jobTemplate: - spec: - template: - spec: - containers: - - name: {{ include "ipeer.fullname" . }}-backup-cronjob - image: "{{ .Values.db.image.repository }}:{{ .Values.db.image.tag }}" - args: - - /bin/sh - - -c - - | - set -e - echo "[$(date)] - Starts backing up ipeer database!" - CURRENT_YEAR=$(date +%Y) - MYSQLDMP_FILE=/db_archives/$CURRENT_YEAR/$IPEER_ENV_NAME-db-$(date +%F_%T).sql.gz - mkdir -p /db_archives/$CURRENT_YEAR - mysqldump -u"$IPEER_DB_USER" -p"$IPEER_DB_PASSWORD" -h"$IPEER_DB_HOST" ipeer --single-transaction --quick | gzip > $MYSQLDMP_FILE - zgrep "Dump completed" $MYSQLDMP_FILE - env: - - name: IPEER_ENV_NAME - value: {{ include "ipeer.fullname" . }} - - name: IPEER_DB_HOST - value: {{ template "ipeer.db.fullname" . }} - - name: IPEER_DB_PORT - value: {{ .Values.db.service.port | quote }} - - name: IPEER_DB_USER - value: {{ .Values.db.auth.username | quote }} - - name: IPEER_DB_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.db.disableExternal }} - name: {{ template "ipeer.db.secretName" . }} - key: mariadb-password - {{- else }} - name: {{ template "ipeer.fullname" . }} - key: db_password - {{- end }} - volumeMounts: - - mountPath: /db_archives - name: nfs-volume - restartPolicy: Never - volumes: - - name: nfs-volume - nfs: - path: {{ .Values.cronjob.backup.nfs.path | quote }} - server: {{ .Values.cronjob.backup.nfs.server | quote }} -{{- end }} diff --git a/ipeer/templates/cronjob-email.yaml b/ipeer/templates/cronjob-email.yaml deleted file mode 100644 index eaf26f7..0000000 --- a/ipeer/templates/cronjob-email.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{- if .Values.cronjob.email.enabled }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "ipeer.fullname" . }}-email-cronjob -spec: - schedule: "*/5 * * * *" - jobTemplate: - spec: - template: - spec: - containers: - - name: {{ include "ipeer.fullname" . }}-email-cronjob - image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag | default .Chart.AppVersion }}" - args: - - /bin/sh - - -c - - | - cake/console/cake send_emails - env: - - name: IPEER_DB_HOST - value: {{ template "ipeer.db.fullname" . }} - - name: IPEER_DB_PORT - value: {{ .Values.db.service.port | quote }} - - name: IPEER_DB_USER - value: {{ .Values.db.auth.username | quote }} - - name: IPEER_DB_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.db.disableExternal }} - name: {{ template "ipeer.db.secretName" . }} - key: mariadb-password - {{- else }} - name: {{ template "ipeer.fullname" . }} - key: db_password - {{- end }} - - name: IPEER_SESSION_SAVE - value: {{ .Values.ipeer.session_save | quote }} - {{- if .Values.ipeer.caliper.enabled }} - - name: CALIPER_HOST - value: {{ .Values.ipeer.caliper.host }} - - name: CALIPER_API_KEY - value: {{ .Values.ipeer.caliper.apikey }} - - name: CALIPER_BASE_URL - value: {{ .Values.ipeer.caliper.baseURL }} - - name: CALIPER_ACTOR_BASE_URL - value: {{ .Values.ipeer.caliper.actorBaseURL }} - - name: CALIPER_ACTOR_UNIQUE_IDENTIFIER_PARAM - value: {{ .Values.ipeer.caliper.actorUniqueIdParam }} - {{- end }} - - name: IPEER_AUTH - value: {{ .Values.ipeer.auth.method }} - {{- if eq .Values.ipeer.auth.method "Ldap" }} - - name: IPEER_AUTH_LDAP_host - value: {{ .Values.ipeer.auth.ldap.host | quote }} - - name: IPEER_AUTH_LDAP_port - value: {{ .Values.ipeer.auth.ldap.port | quote }} - - name: IPEER_AUTH_LDAP_serviceUsername - value: {{ .Values.ipeer.auth.ldap.serviceUsername }} - - name: IPEER_AUTH_LDAP_servicePassword - value: {{ .Values.ipeer.auth.ldap.servicePassword }} - - name: IPEER_AUTH_LDAP_baseDn - value: {{ .Values.ipeer.auth.ldap.baseDn }} - - name: IPEER_AUTH_LDAP_usernameField - value: {{ .Values.ipeer.auth.ldap.usernameField }} - - name: IPEER_AUTH_LDAP_attributeSearchFilters - value: {{ .Values.ipeer.auth.ldap.attributeSearchFilters | quote }} - - name: IPEER_AUTH_LDAP_attributeMap - value: {{ .Values.ipeer.auth.ldap.attributeMap | quote }} - - name: IPEER_AUTH_LDAP_fallbackInternal - value: {{ .Values.ipeer.auth.ldap.fallbackInternal | quote }} - {{- end }} - {{- if .Values.ipeer.debug }} - - name: IPEER_DEBUG - value: "2" - {{- end }} - restartPolicy: Never -{{- end }} diff --git a/ipeer/templates/deployment.yaml b/ipeer/templates/deployment.yaml deleted file mode 100644 index 97b595c..0000000 --- a/ipeer/templates/deployment.yaml +++ /dev/null @@ -1,260 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ipeer.fullname" . }} - labels: - {{- include "ipeer.labels" . | nindent 4 }} -spec: -{{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- include "ipeer.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "ipeer.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "ipeer.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - volumes: - # Create the shared files volume to be used in both pods - - name: shared-files - emptyDir: {} - - # Add the ConfigMap we declared above as a volume for the pod - - name: nginx-config-volume - configMap: - name: {{ include "ipeer.fullname" . }}-nginx-config - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.app.image.pullPolicy }} - env: - - name: IPEER_DB_HOST - value: {{ template "ipeer.db.fullname" . }} - - name: IPEER_DB_PORT - value: {{ .Values.db.service.port | quote }} - - name: IPEER_DB_USER - value: {{ .Values.db.auth.username | quote }} - - name: IPEER_DB_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.db.disableExternal }} - name: {{ template "ipeer.db.secretName" . }} - key: mariadb-password - {{- else }} - name: {{ template "ipeer.fullname" . }} - key: db_password - {{- end }} - - name: IPEER_SESSION_SAVE - value: {{ .Values.ipeer.session_save | quote }} - {{- if .Values.ipeer.caliper.enabled }} - - name: CALIPER_HOST - value: {{ .Values.ipeer.caliper.host }} - - name: CALIPER_API_KEY - value: {{ .Values.ipeer.caliper.apikey }} - - name: CALIPER_BASE_URL - value: {{ .Values.ipeer.caliper.baseURL }} - - name: CALIPER_ACTOR_BASE_URL - value: {{ .Values.ipeer.caliper.actorBaseURL }} - - name: CALIPER_ACTOR_UNIQUE_IDENTIFIER_PARAM - value: {{ .Values.ipeer.caliper.actorUniqueIdParam }} - {{- end }} - - name: IPEER_AUTH - value: {{ .Values.ipeer.auth.method }} - {{- if eq .Values.ipeer.auth.method "Ldap" }} - - name: IPEER_AUTH_LDAP_host - value: {{ .Values.ipeer.auth.ldap.host | quote }} - - name: IPEER_AUTH_LDAP_port - value: {{ .Values.ipeer.auth.ldap.port | quote }} - - name: IPEER_AUTH_LDAP_serviceUsername - value: {{ .Values.ipeer.auth.ldap.serviceUsername }} - - name: IPEER_AUTH_LDAP_servicePassword - value: {{ .Values.ipeer.auth.ldap.servicePassword }} - - name: IPEER_AUTH_LDAP_baseDn - value: {{ .Values.ipeer.auth.ldap.baseDn }} - - name: IPEER_AUTH_LDAP_usernameField - value: {{ .Values.ipeer.auth.ldap.usernameField }} - - name: IPEER_AUTH_LDAP_attributeSearchFilters - value: {{ .Values.ipeer.auth.ldap.attributeSearchFilters | quote }} - - name: IPEER_AUTH_LDAP_attributeMap - value: {{ .Values.ipeer.auth.ldap.attributeMap | quote }} - - name: IPEER_AUTH_LDAP_fallbackInternal - value: {{ .Values.ipeer.auth.ldap.fallbackInternal | quote }} - {{- end }} - {{- if .Values.ipeer.debug }} - - name: IPEER_DEBUG - value: "2" - {{- end }} - ports: - - name: fastcgi - containerPort: 9000 - protocol: TCP - volumeMounts: - - name: shared-files - mountPath: /shared - # After the container has started, copy the PHP files from this - # container's local filesystem to the shared volume, which is - # mounted at /shared. - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "cp -r /var/www/html/app/webroot/. /shared"] - resources: - {{- toYaml .Values.resources | nindent 12 }} - - name: {{ .Chart.Name }}-web - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.web.image.pullPolicy }} - ports: - - name: http - containerPort: 80 - protocol: TCP - volumeMounts: - - name: shared-files - mountPath: /var/www/html - - name: nginx-config-volume - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - -{{- if .Values.worker.enabled }} ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ipeer.fullname" . }}-worker - labels: - compoment: worker - {{- include "ipeer.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - compoment: worker - {{- include "ipeer.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - compoment: worker - {{- include "ipeer.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "ipeer.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }}-worker - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.app.image.pullPolicy }} - command: ["cake/console/cake"] - args: ["worker", "run"] - env: - - name: IPEER_DB_HOST - value: {{ template "ipeer.db.fullname" . }} - - name: IPEER_DB_PORT - value: {{ .Values.db.service.port | quote }} - - name: IPEER_DB_USER - value: {{ .Values.db.auth.username | quote }} - - name: IPEER_DB_PASSWORD - valueFrom: - secretKeyRef: - {{- if .Values.db.disableExternal }} - name: {{ template "ipeer.db.secretName" . }} - key: mariadb-password - {{- else }} - name: {{ template "ipeer.fullname" . }} - key: db_password - {{- end }} - - name: IPEER_SESSION_SAVE - value: {{ .Values.ipeer.session_save | quote }} - {{- if .Values.ipeer.caliper.enabled }} - - name: CALIPER_HOST - value: {{ .Values.ipeer.caliper.host }} - - name: CALIPER_API_KEY - value: {{ .Values.ipeer.caliper.apikey }} - - name: CALIPER_BASE_URL - value: {{ .Values.ipeer.caliper.baseURL }} - - name: CALIPER_ACTOR_BASE_URL - value: {{ .Values.ipeer.caliper.actorBaseURL }} - - name: CALIPER_ACTOR_UNIQUE_IDENTIFIER_PARAM - value: {{ .Values.ipeer.caliper.actorUniqueIdParam }} - {{- end }} - - name: IPEER_AUTH - value: {{ .Values.ipeer.auth.method }} - {{- if eq .Values.ipeer.auth.method "Ldap" }} - - name: IPEER_AUTH_LDAP_host - value: {{ .Values.ipeer.auth.ldap.host | quote }} - - name: IPEER_AUTH_LDAP_port - value: {{ .Values.ipeer.auth.ldap.port | quote }} - - name: IPEER_AUTH_LDAP_serviceUsername - value: {{ .Values.ipeer.auth.ldap.serviceUsername }} - - name: IPEER_AUTH_LDAP_servicePassword - value: {{ .Values.ipeer.auth.ldap.servicePassword }} - - name: IPEER_AUTH_LDAP_baseDn - value: {{ .Values.ipeer.auth.ldap.baseDn }} - - name: IPEER_AUTH_LDAP_usernameField - value: {{ .Values.ipeer.auth.ldap.usernameField }} - - name: IPEER_AUTH_LDAP_attributeSearchFilters - value: {{ .Values.ipeer.auth.ldap.attributeSearchFilters | quote }} - - name: IPEER_AUTH_LDAP_attributeMap - value: {{ .Values.ipeer.auth.ldap.attributeMap | quote }} - - name: IPEER_AUTH_LDAP_fallbackInternal - value: {{ .Values.ipeer.auth.ldap.fallbackInternal | quote }} - {{- end }} - {{- if .Values.ipeer.debug }} - - name: IPEER_DEBUG - value: "2" - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/ipeer/templates/hpa.yaml b/ipeer/templates/hpa.yaml deleted file mode 100644 index 4ce166d..0000000 --- a/ipeer/templates/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "ipeer.fullname" . }} - labels: - {{- include "ipeer.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "ipeer.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/ipeer/templates/ingress.yaml b/ipeer/templates/ingress.yaml deleted file mode 100644 index 3a211c7..0000000 --- a/ipeer/templates/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "ipeer.fullname" . -}} -{{- $svcPort := .Values.service.port -}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $fullName }} -data: - SCRIPT_FILENAME: "/var/www/html/index.php" - ---- - -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "ipeer.labels" . | nindent 4 }} - annotations: - nginx.ingress.kubernetes.io/fastcgi-params-configmap: {{ $fullName }} - nginx.ingress.kubernetes.io/proxy-send-timeout: {{ .Values.web.timeout | quote }} - nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.web.timeout | quote }} - {{- with .Values.ingress.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} diff --git a/ipeer/templates/nginx-configmap.yaml b/ipeer/templates/nginx-configmap.yaml deleted file mode 100644 index fb69a83..0000000 --- a/ipeer/templates/nginx-configmap.yaml +++ /dev/null @@ -1,44 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ include "ipeer.fullname" . }}-nginx-config - labels: - {{- include "ipeer.labels" . | nindent 4 }} -data: - nginx.conf: | - events { - } - http { - server { - listen 80 default_server; - listen [::]:80 default_server; - - # Set nginx to serve files from the shared volume! - root /var/www/html; - server_name _; - - index index.php; - - location / { - include /etc/nginx/mime.types; - try_files $uri /index.php?$query_string; - } - - location = /favicon.ico { log_not_found off; access_log off; } - location = /robots.txt { access_log off; log_not_found off; } - - sendfile off; - - client_max_body_size 100m; - - location ~ \.php$ { - include fastcgi_params; - fastcgi_index index.php; - fastcgi_read_timeout {{ .Values.web.timeout }}s; - fastcgi_send_timeout {{ .Values.web.timeout }}s; - fastcgi_param REQUEST_METHOD $request_method; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass 127.0.0.1:9000; - } - } - } diff --git a/ipeer/templates/service.yaml b/ipeer/templates/service.yaml deleted file mode 100644 index cd0789b..0000000 --- a/ipeer/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ipeer.fullname" . }} - labels: - {{- include "ipeer.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 80 - protocol: TCP - name: http - selector: - {{- include "ipeer.selectorLabels" . | nindent 4 }} diff --git a/ipeer/templates/serviceaccount.yaml b/ipeer/templates/serviceaccount.yaml deleted file mode 100644 index a7e1808..0000000 --- a/ipeer/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ipeer.serviceAccountName" . }} - labels: - {{- include "ipeer.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/ipeer/templates/tests/test-connection.yaml b/ipeer/templates/tests/test-connection.yaml deleted file mode 100644 index 8f1a5a5..0000000 --- a/ipeer/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "ipeer.fullname" . }}-test-connection" - labels: - {{- include "ipeer.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "ipeer.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/ipeer/values.yaml b/ipeer/values.yaml deleted file mode 100644 index 40cf3c0..0000000 --- a/ipeer/values.yaml +++ /dev/null @@ -1,233 +0,0 @@ -# Default values for ipeer. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -stage: dev - -app: - image: - repository: ubcctlt/ipeer - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -web: - image: - repository: nginx - pullPolicy: IfNotPresent - tag: "1.24-alpine" - # set request timeout in seconds, some results need more time to calculate - timeout: "300" - -worker: - enabled: false - -cronjob: - email: - enabled: true - backup: - enabled: false - schedule: "00 09 * * *" - nfs: - path: 'REPLACEME' - server: 'REPLACEME' - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - annotations: - kubernetes.io/ingress.class: "nginx" - #nginx.ingress.kubernetes.io/backend-protocol: "FCGI" - #nginx.ingress.kubernetes.io/fastcgi-index: "index.php" - # kubernetes.io/tls-acme: "true" - hosts: - - host: ipeer-example.local - paths: ['/'] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -ipeer: - session_save: database - debug: false - auth: - method: default - ldap: - host: ldap.example.com - port: 636 - serviceUsername: 'uid=USERNAME, ou=Special Users, o=school.ca' - servicePassword: PASSWORD - baseDn: 'ou=Campus Login, o=school.ca' - usernameField: 'uid' - attributeSearchFilters: '[]' - attributeMap: '{}' - fallbackInternal: true - shibboleth: {} - caliper: - enabled: false - host: https://caliper.imsglobal.org/caliper/44c6173f-907f-40c5-8c93-a1acfaa6485c/message - apikey: 44c6173f-907f-40c5-8c93-a1acfaa6485c - baseURL: http://localhost.test.com/ - actorBaseURL: http://www.ubc.ca/%s - actorUniqueIdParam: username - -## -## MariaDB chart configuration -## -## https://github.com/helm/charts/blob/master/stable/mariadb/values.yaml -## -db: - ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters - disableExternal: true - ## standalone or replication - architecture: standalone - # use default image from upstream - #image: - # tag: 10.2 - auth: - #rootPassword: - database: &dbName ipeer - username: &dbUser ipeer - - ## If the password is not specified, mariadb will generates a random password - ## - # password: &dbPass - # replicationUser: replicator - # replicationPassword: - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - master: - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 8Gi - config: |- - [mysqld] - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mariadb - plugin_dir=/opt/bitnami/mariadb/plugin - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - tmpdir=/opt/bitnami/mariadb/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - log-error=/opt/bitnami/mariadb/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - expire-logs-days=90 - - [client] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mariadb/plugin - - [manager] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - - slave: - config: |- - [mysqld] - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mariadb - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - tmpdir=/opt/bitnami/mariadb/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - log-error=/opt/bitnami/mariadb/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - expire-logs-days=90 - - [client] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - default-character-set=UTF8 - - [manager] - port=3306 - socket=/opt/bitnami/mariadb/tmp/mysql.sock - pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid - - service: - # uncomment name to use external service - #name: - #endpoints: - # - 10.0.0.1 - # - 10.0.0.2 - port: 3306 -