Skip to content
GitLab
Commit 54e2f863 authored by rjshrjndrn's avatar rjshrjndrn
Browse files

moving the helm charts path

parent 4c37c3e2
3node-prior-rebase-2-5
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 675 additions and 0 deletions
+675 -0
kubernetes/helm_charts/nginx-private-ingress/values.yaml 0 → 100644
+ 1
0
View file @ 54e2f863
namespace: {{ env }}
kubernetes/helm_charts/nginx-public-ingress/.helmignore 0 → 100644
+ 22
0
View file @ 54e2f863
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
kubernetes/helm_charts/nginx-public-ingress/Chart.yaml 0 → 100644
+ 21
0
View file @ 54e2f863
apiVersion: v2
name: nginx-public-ingress
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: 1.16.0
kubernetes/helm_charts/nginx-public-ingress/templates/_helpers.tpl 0 → 100644
+ 63
0
View file @ 54e2f863
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "nginx-public-ingress.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "nginx-public-ingress.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "nginx-public-ingress.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "nginx-public-ingress.labels" -}}
helm.sh/chart: {{ include "nginx-public-ingress.chart" . }}
{{ include "nginx-public-ingress.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "nginx-public-ingress.selectorLabels" -}}
app.kubernetes.io/name: {{ include "nginx-public-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "nginx-public-ingress.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "nginx-public-ingress.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
kubernetes/helm_charts/nginx-public-ingress/templates/configMap.yaml 0 → 100644
+ 7
0
View file @ 54e2f863
apiVersion: v1
kind: ConfigMap
metadata:
name: proxy-default
data:
proxy-default.conf: |
{{ .Values.proxyconfig | nindent 4 }}
kubernetes/helm_charts/nginx-public-ingress/templates/deployment.yaml 0 → 100644
+ 55
0
View file @ 54e2f863
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "nginx-public-ingress.fullname" . }}
labels:
{{- include "nginx-public-ingress.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "nginx-public-ingress.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "nginx-public-ingress.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "nginx-public-ingress.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
kubernetes/helm_charts/nginx-public-ingress/values.j2 0 → 100644
+ 506
0
View file @ 54e2f863
namespace: {{ namespace }}
proxyconfig: |
{% if proto=='https' %}
server {
listen 80;
listen [::]:80;
server_name {{ proxy_server_name }};
# Limitting open connection per ip
limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
return 301 https://{{ proxy_server_name }}$request_uri;
}
{% endif %}
server {
{% if proto=='http' %}
listen 80;
listen [::]:80;
{% else %}
listen 443 ssl;
ssl_certificate /run/secrets/site.crt;
ssl_certificate_key /run/secrets/site.key;
{% endif %}
server_name {{ proxy_server_name }};
# Limitting open connection per ip
limit_conn limitbyaddr {{ nginx_per_ip_connection_limit }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
ignore_invalid_headers off; #pass through headers from Jenkins which are considered invalid by Nginx server.
resolver 127.0.0.11 valid=5s;
location ~* ^/auth/realms/(.+)/token/introspect/ {
return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/introspect;
}
location ~* ^/auth/realms/(.+)/token/ {
return 301 {{proto}}://$host/api/auth/v1/realms/$1/token/;
}
location ~* ^/auth/realms/(.+)/userinfo/ {
return 301 {{proto}}://$host/api/auth/v1/realms/$1/userinfo/;
}
location ~* ^/auth/realms/(.+)/logout/ {
return 301 {{proto}}://$host/api/auth/v1/realms/$1/logout/;
}
location ~* ^/auth/realms/(.+)/certs/ {
return 301 {{proto}}://$host/api/auth/v1/realms/$1/certs/;
}
location ~* ^/auth/realms/(.+)/clients-registrations/ {
return 301 {{proto}}://$host/api/auth/v1/realms/$1/clients-registrations/;
}
location ~* ^/auth/v1/refresh/token {
set $target http://player:3000;
rewrite ^/auth/(.*) /auth/$1 break;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* ^/auth/admin/master/console/ {
return 301 {{proto}}://{{ proxy_server_name }};
}
location /auth/ {
set $target {{ keycloak_url }};
rewrite ^/auth/(.*) /auth/$1 break;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /registry/ {
set $target http://registry_registry:8080;
rewrite ^/registry/(.*) /$1 break;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 40;
proxy_set_header X-Forwarded-Proto $scheme;
# root /usr/share/nginx/www;
}
location /api/ {
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
client_max_body_size 60M;
rewrite ^/api/(.*) /$1 break;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
header_filter_by_lua_block {
local h = ngx.req.get_headers()
ngx.log(ngx.WARN, "Deviceid: ", h["x-device-id"], " Channelid: ", h["x-channel-id"], " Appid: ", h["x-app-id"])
}
proxy_pass http://kong;
}
# Oauth2 config
location /oauth2/ {
set $target http://{{swarm_dashboard}}:4111;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location = /oauth2/auth {
set $target http://{{swarm_dashboard}}:4111;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
# nginx auth_request includes headers but not body
proxy_set_header Content-Length "";
proxy_pass_request_body off;
}
location /dashboard/ {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# Setting target url
auth_request_set $target http://{{swarm_dashboard}}:5601;
# pass information via X-User and X-Email headers to backend,
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
rewrite ^/dashboard/(.*) /$1 break;
proxy_pass $target;
}
location /dashboard-old/ {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# Setting target url
auth_request_set $target http://{{swarm_dashboard}}:5602;
# pass information via X-User and X-Email headers to backend,
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
rewrite ^/dashboard-old/(.*) /$1 break;
proxy_pass $target;
}
location /pipeline-dashboard/ {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# Setting Target url
auth_request_set $target http://{{ ep_es_host}}:5601;
# pass information via X-User and X-Email headers to backend,
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
rewrite ^/pipeline-dashboard/(.*) /$1 break;
proxy_pass $target;
}
location /grafana/ {
set $target http://{{swarm_dashboard}}:3001;
rewrite ^/grafana/(.*) /$1 break;
proxy_pass $target;
}
{% if proxy_prometheus==true %}
location /{{prometheus_alertmanager_route_prefix}}/ {
set $target http://monitor_alertmanager:9093;
rewrite ^/{{prometheus_alertmanager_route_prefix}}/(.*) /{{prometheus_alertmanager_route_prefix}}/$1 break;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 40;
auth_basic "Prometheus Alert manager";
auth_basic_user_file /run/secrets/prom_admin_creds;
}
location /{{prometheus_route_prefix}}/ {
set $target http://monitor_prometheus:9090;
rewrite ^/(.*) /$1 break;
proxy_pass $target;
}
{% endif %}
location /encryption/ {
set $target http://encryption-service:8013;
rewrite ^/encryption/(.*) /$1 break;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 40;
proxy_set_header X-Forwarded-Proto $scheme;
# root /usr/share/nginx/www;
}
location /badging/ {
set $target http://badger-service:8004;
rewrite ^/badging/(.*) /$1 break;
proxy_pass $target;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 40;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* ^/assets/public/(.*) {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
set $bucket "{{upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET;
proxy_pass https://$bucket/$url_full;
}
location ~* ^/content/preview/(.*) {
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
set $s3_bucket "{{plugin_upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods GET;
proxy_pass https://$s3_bucket/v3/preview/$url_full;
}
location ~* ^/content-plugins/(.*) {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
set $s3_bucket "{{plugin_upstream_url}}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{plugin_upstream_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET;
proxy_pass https://$s3_bucket/content-plugins/$url_full;
}
location /thirdparty {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
rewrite ^/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://player;
}
location ~* ^/desktop/(.*) {
# Enabling cache for Response code 200
expires 1M;
add_header Pragma public;
add_header Cache-Control "public";
# Enabling compression
gzip on;
gzip_min_length 100000;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript text/css text/javascript;
if ($request_method = OPTIONS ) {
add_header Access-Control-Allow-Origin "*" ;
add_header Access-Control-Allow-Methods "GET, OPTIONS, PATCH, POST";
add_header Access-Control-Allow-Headers "Access-Control-Allow-Origin, Authorization, Content-Type, user-id";
# add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
set $offline_bucket "{{ sunbird_offline_azure_storage_account_url }}";
set $url_full '$1';
proxy_http_version 1.1;
proxy_set_header Host "{{sunbird_offline_azure_storage_account_url.split('/')[0]|lower}}";
proxy_set_header Authorization '';
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Methods;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods GET;
proxy_pass https://$offline_bucket/$url_full;
}
location / {
rewrite ^/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://player;
}
location /v3/device/register {
proxy_pass http://kong;
proxy_set_header Connection "";
rewrite ^/v3/device/register/(.*) /v3/device/register/$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
proxy_http_version 1.1;
}
location /action/data/v3/metrics {
proxy_pass http://kong;
proxy_set_header Connection "";
rewrite ^/action/data/v3/metrics/(.*) /data/v3/metrics/$1 break;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 5;
proxy_send_timeout 60;
proxy_read_timeout 70;
}
location /oauth2callback {
return 200 'OK';
add_header Content-Type text/plain;
}
{# Including custom configuration #}
{{ proxy_custom_config }}
client_max_body_size 60M;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment