897a1bcb by Adam Heath

Merge remote-tracking branch 'k8s-helmfile/um-adam'

2 parents 71e1a5c5 495a2bb5
/Dockerfile
.*.sw?
/build.log
.*.sw?
/build.log
charts/*/charts/*.tgz
......
# syntax=docker/dockerfile:1.4
# Builds a minimal docker image with openjdk and moqui with various volumes for configuration and persisted data outside the container
# NOTE: add components, build and if needed load data before building a docker image with this
ARG RUNTIME_IMAGE=eclipse-temurin:11-jdk
FROM ${RUNTIME_IMAGE} AS moqui-base
RUN true \
&& apt-get update \
&& apt-get install -y unzip less git \
&& apt-get clean && rm -rf /var/lib/apt/lists/* \
&& groupadd -g 1000 moqui \
&& useradd -u 1000 -g 1000 -G 0 -d /opt/moqui moqui \
&& mkdir /opt/moqui \
&& chown moqui:moqui /opt/moqui \
&& true
FROM moqui-base AS moqui-jdbc-drivers
RUN true \
&& apt-get update \
&& apt-get install -y libpostgresql-jdbc-java \
&& apt-get clean && rm -rf /var/lib/apt/lists/* \
&& true
# build runs as root; attempting to chown all the copied-in files runs
# *very* slow
FROM moqui-base AS moqui-build
WORKDIR /opt/moqui-build
RUN ["mkdir", "/opt/moqui-scripts"]
COPY --from=moqui-builder fix-git-submodules /opt/moqui-scripts/fix-git-submodules
COPY ./ /opt/moqui-app/
RUN ["/opt/moqui-scripts/fix-git-submodules", "-start", "/opt/moqui-app"]
RUN true && set -x \
&& rm -rf /opt/moqui-build && ln -sf /opt/moqui-app/framework /opt/moqui-build \
&& rm -rf /opt/moqui-build/runtime && ln -sf /opt/moqui-app/runtime /opt/moqui-build/runtime \
&& rm -rf /opt/moqui-build/runtime/component && ln -sf /opt/moqui-app/component /opt/moqui-build/runtime/component \
&& true
RUN ["./gradlew", "--no-daemon", "--info", "build", "addRuntime"]
WORKDIR /opt/moqui
USER moqui
RUN ["unzip", "-o", "/opt/moqui-build/moqui-plus-runtime.war"]
FROM moqui-base AS moqui-app
MAINTAINER Moqui Framework <moqui@googlegroups.com>
USER moqui
WORKDIR /opt/moqui
COPY --from=moqui-build /opt/moqui/ /opt/moqui/
RUN ["ls", "-l", "/opt/moqui/"]
# create user for search and chown corresponding files
#ARG search_name=opensearch
# This is a fix for previous installs, not needed for new setups.
# upgrade fix #RUN if [ -d runtime/opensearch/bin ]; then echo "Installing OpenSearch User"; \
# upgrade fix # search_name=opensearch; \
# upgrade fix # groupadd -g 1000 opensearch && \
# upgrade fix # useradd -u 1000 -g 1000 -G 0 -d /opt/moqui/runtime/opensearch opensearch && \
# upgrade fix # chmod 0775 /opt/moqui/runtime/opensearch && \
# upgrade fix # chown -R 1000:0 /opt/moqui/runtime/opensearch; \
# upgrade fix # elif [ -d runtime/elasticsearch/bin ]; then echo "Installing ElasticSearch User"; \
# upgrade fix # search_name=elasticsearch; \
# upgrade fix # groupadd -r elasticsearch && \
# upgrade fix # useradd --no-log-init -r -g elasticsearch -d /opt/moqui/runtime/elasticsearch elasticsearch && \
# upgrade fix # chown -R elasticsearch:elasticsearch runtime/elasticsearch; \
# upgrade fix # fi
# exposed as volumes for configuration purposes
RUN ["mkdir", "-p", "/opt/moqui/runtime/conf", "/opt/moqui/runtime/lib", "/opt/moqui/runtime/classes", "/opt/moqui/runtime/ecomponent"]
VOLUME ["/opt/moqui/runtime/conf", "/opt/moqui/runtime/lib", "/opt/moqui/runtime/classes", "/opt/moqui/runtime/ecomponent"]
# exposed as volumes to persist data outside the container, recommended
RUN ["mkdir", "-p", "/opt/moqui/runtime/log", "/opt/moqui/runtime/txlog", "/opt/moqui/runtime/sessions", "/opt/moqui/runtime/db"]
VOLUME ["/opt/moqui/runtime/log", "/opt/moqui/runtime/txlog", "/opt/moqui/runtime/sessions", "/opt/moqui/runtime/db"]
# Main Servlet Container Port
EXPOSE 8080
# Not used for external search # # Search HTTP Port
# Not used for external search # EXPOSE 9200
# Not used for external search # # Search Cluster (TCP Transport) Port
# Not used for external search # EXPOSE 9300
# Hazelcast Cluster Port
EXPOSE 5701
# this is to run from the war file directly, preferred approach unzips war file in advance
# ENTRYPOINT ["java", "-jar", "moqui.war"]
ENTRYPOINT ["java", "-cp", ".", "MoquiStart"]
HEALTHCHECK --interval=30s --timeout=600ms --start-period=120s CMD curl -f -H "X-Forwarded-Proto: https" -H "X-Forwarded-Ssl: on" http://localhost:8080/status || exit 1
# specify this as a default parameter if none are specified with docker exec/run, ie run production by default
CMD ["port=8080", "conf=conf/MoquiProductionConf.xml"]
#!/bin/bash
set -e
TAG=test-latest
APP=moqui-app
PUSH_TO=docker://5.161.91.120:31234
PREFIX=
declare -a images=(moqui-jdbc-drivers moqui-app)
TOP_DIR="$(cd "$(dirname "$0")"; pwd -P)"
_build() {
for image in "${images[@]}"; do
docker buildx build --progress plain --build-context "moqui-builder=$TOP_DIR" -f "${TOP_DIR}/Dockerfile" --tag "${PREFIX}${image}:${TAG}" --target "${image}" "${APP}"
done
}
_push() {
for image in "${images[@]}"; do
echo "Pushing ${PREFIX}${image}:${TAG} to ${PUSH_TO}/${image}:${TAG}"
skopeo copy --dest-tls-verify=false "docker-daemon:${PREFIX}${image}:${TAG}" "${PUSH_TO}/${image}:${TAG}"
done
}
while [[ $# -gt 0 ]]; do
case "$1" in
(--app)
APP="$2"
shift 2
;;
(--prefix)
PREFIX="$2"
shift 2
;;
(--push-to)
PUSH_TO="$2"
shift 2
;;
(--tag)
TAG="$2"
shift 2
;;
(*)
break
;;
esac
done
case "$1" in
(build)
_build
;;
(push)
_push
;;
("")
_build
_push
;;
esac
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: moqui
spec:
version: 8.2.3
nodeSets:
- name: default
count: 2
config:
node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: moqui
spec:
version: 8.2.3
count: 1
elasticsearchRef:
name: moqui
---
#!/bin/sh
set -ex
elasticsearch_timeout=${elasticsearch_timeout:-3}
check_es() {
status="$(curl -o /dev/null -w "%{http_code}" --max-time ${elasticsearch_timeout} -XGET -g -s -k -u "${elasticsearch_user}:${elasticsearch_password}" "${elasticsearch_url}")"
if [ "z$status" = z200 ]; then
return 0
fi
return 1
}
while ! check_es; do
echo "Waiting for Elasticsearch" 1>&2
sleep 1
count=5
while [ $count -gt 0 ] && ! check_es; do
count=$(($count - 1))
sleep 1
done
done
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./elasticsearch.yaml
configMapGenerator:
- name: moqui-elasticsearch-scripts
files:
- ./es_isready
options:
disableNameSuffixHash: true
dependencies:
- name: opensearch
repository: https://opensearch-project.github.io/helm-charts/
version: 2.10.0
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 12.1.14
digest: sha256:32398ca9a1a4833794b8e26cfdbcf4281951a0fc4caad9951a078bcd0d646b7a
generated: "2023-02-08T12:41:35.591551351-06:00"
apiVersion: v2
name: moqui
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "latest"
dependencies:
- name: opensearch
condition: opensearch.enabled
repository: https://opensearch-project.github.io/helm-charts/
version: "2.10.0"
import-values:
- child: .
parent: opensearch
- name: postgresql
condition: postgresql.enabled
repository: https://charts.bitnami.com/bitnami
version: "12.1.14"
import-values:
- child: .
parent: postgresql
No preview for this file type
No preview for this file type
#!/bin/sh
cp -a /usr/share/java/postgresql* /mnt/jdbc-drivers
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./moqui.yaml
configMapGenerator:
- name: moqui-scripts
files:
- ./copy-jdbc-drivers
options:
disableNameSuffixHash: true
---
apiVersion: v1
kind: ConfigMap
metadata:
name: moqui
data:
instance_purpose: production
default_locale: en_US
default_time_zone: US/Central
database_time_zone: US/Central
entity_ds_db_conf: postgres
entity_ds_host: postgresql
entity_ds_port: "5432"
entity_ds_database: moqui
entity_ds_schema: public
_entity_add_missing_runtime: "true"
moqui_load_types: seed,seed-initial,install
moqui.conf: "conf/MoquiProductionConf.xml"
jetty_threads: "100"
---
apiVersion: v1
kind: Secret
metadata:
name: moqui
stringData:
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: moqui-log
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: moqui-txlog
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: moqui-sessions
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: Service
metadata:
name: moqui
spec:
type: ClusterIP
selector:
app: moqui-app
ports:
- name: http-moqui
protocol: TCP
port: 8080
targetPort: 8080
- name: http-hazelcast
protocol: TCP
port: 5701
targetPort: 5701
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: moqui-app
labels:
app: moqui-app
spec:
selector:
matchLabels:
app: moqui-app
template:
metadata:
labels:
app: moqui-app
spec:
restartPolicy: Always
securityContext:
runAsUser: 0
runAsGroup: 0
volumes:
- name: log
persistentVolumeClaim:
claimName: moqui-log
- name: txlog
persistentVolumeClaim:
claimName: moqui-txlog
- name: txlog-init
emptyDir: {}
- name: sessions
persistentVolumeClaim:
claimName: moqui-sessions
- name: scripts
configMap:
name: moqui-scripts
defaultMode: 0755
- name: lib
emptyDir: {}
initContainers:
- name: copy-jdbc-drivers
image: moqui-jdbc-drivers:latest
imagePullPolicy: IfNotPresent
command: ["/scripts/copy-jdbc-drivers"]
volumeMounts:
- name: scripts
mountPath: /scripts
- name: lib
mountPath: /mnt/jdbc-drivers
- name: load-moqui
image: moqui-app:latest
imagePullPolicy: IfNotPresent
args: ["load", "conf=$(moqui.conf)", "types=$(moqui_load_types)"]
resources:
limits:
memory: 1Gi
requests:
memory: 1Gi
envFrom:
- configMapRef:
name: moqui
- secretRef:
name: moqui
env:
- name: entity_add_missing_runtime
value: "true"
volumeMounts:
- name: lib
mountPath: /opt/moqui/runtime/lib
- name: log
mountPath: /opt/moqui/runtime/log
- name: txlog-init
mountPath: /opt/moqui/runtime/txlog
- name: sessions
mountPath: /opt/moqui/runtime/sessions
containers:
- name: moqui
image: moqui-app:latest
imagePullPolicy: IfNotPresent
args: ["port=8080", "conf=$(moqui.conf)", "threads=$(jetty_threads)"]
resources:
limits:
memory: 1Gi
requests:
memory: 1Gi
envFrom:
- configMapRef:
name: moqui
- secretRef:
name: moqui
env:
- name: entity_add_missing_runtime
value: "false"
volumeMounts:
- name: lib
mountPath: /opt/moqui/runtime/lib
- name: log
mountPath: /opt/moqui/runtime/log
- name: txlog
mountPath: /opt/moqui/runtime/txlog
- name: sessions
mountPath: /opt/moqui/runtime/sessions
{{/*
Expand the name of the chart.
*/}}
{{- define "moqui.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "moqui.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "moqui.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "moqui.labels" -}}
helm.sh/chart: {{ include "moqui.chart" . }}
{{ include "moqui.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "moqui.selectorLabels" -}}
app.kubernetes.io/name: {{ include "moqui.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "moqui.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "moqui.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "moqui.opensearch-url" -}}
{{- if .Values.opensearch.enabled -}}
"https://{{- include "opensearch.masterService" .Subcharts.opensearch }}:{{ .Values.opensearch.httpPort }}"
{{- else }}
{{- printf "%s" .Values.opensearch.url }}
{{- end }}
{{- end }}
{{- define "moqui.image-helper" -}}
image: "{{ if .registry }}{{ .registry }}/{{ end }}{{ .repository }}{{ if .tag }}:{{ .tag }}{{ end }}"
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
{{- define "moqui.entity_ds_host" -}}
{{- if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
{{- include "postgresql.primary.svc.headless" .Subcharts.postgresql }}
{{- else -}}
{{ .Values.configMap.entity_ds_host }}
{{- end -}}
{{- end }}
{{- define "moqui.entity_ds_port" -}}
{{- if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
{{- include "postgresql.service.port" .Subcharts.postgresql }}
{{- else -}}
{{ .Values.configMap.entity_ds_port }}
{{- end -}}
{{- end }}
{{- define "moqui.entity_ds_database" -}}
{{- if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
{{- include "postgresql.database" .Subcharts.postgresql }}
{{- else -}}
{{ .Values.configMap.entity_ds_database }}
{{- end -}}
{{- end }}
{{- define "moqui.entity_ds_user" -}}
{{- if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
{{- include "postgresql.username" .Subcharts.postgresql }}
{{- else -}}
{{ .Values.configMap.entity_ds_user }}
{{- end -}}
{{- end }}
{{- define "moqui.entity_ds_password.secret.name" -}}
{{- if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) -}}
{{- include "postgresql.secretName" .Subcharts.postgresql }}
{{- else -}}
{{ include "moqui.fullname" . }}-dsauth
{{- end -}}
{{- end }}
{{- define "moqui.entity_ds_password.secret.key" -}}
{{- if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) -}}
password
{{- else -}}
entity_ds_password
{{- end -}}
{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "moqui.fullname" . }}
labels:
{{- include "moqui.labels" . | nindent 4 }}
data: {{ .Values.configMap | toYaml | nindent 2 }}
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "moqui.fullname" . }}
labels: {{- include "moqui.labels" . | nindent 4 }}
annotations: {{ .Values.ingress.annotations | toYaml | nindent 4 }}
spec:
ingressClassName: {{ .Values.ingress.ingressClassName }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ include "moqui.fullname" $ }}
port:
name: http-moqui
{{- end }}
{{- if .Values.ingress.tls.enabled }}
tls:
- hosts: {{ .Values.ingress.hosts | toYaml | nindent 8 }}
secretName: {{ .Values.ingress.tls.secretName }}
{{- end }}
{{- end }}
apiVersion: apps/v1
kind: {{ .Values.kind }}
metadata:
name: {{ include "moqui.fullname" . }}
labels:
{{- include "moqui.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
{{- if (eq "StatefulSet" .Values.kind) }}
serviceName: {{ include "moqui.fullname" . }}
{{- end }}
selector:
matchLabels:
{{- include "moqui.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "moqui.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "moqui.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- name: runtime-lib
emptyDir: {}
- name: disable-elasticsearch
emptyDir: {}
initContainers:
{{- if (eq .Values.configMap.entity_ds_db_conf "postgres") }}
{{- if .Values.postgresql.jdbcImage.enabled }}
- name: postgresql-copy-jdbc
{{ include "moqui.image-helper" .Values.postgresql.jdbcImage | nindent 10 }}
command:
- bash
- -cx
- cp -a /usr/share/java/*.jar /tmp/runtime-lib
volumeMounts:
- mountPath: /tmp/runtime-lib
name: runtime-lib
{{- end }}
{{- if (.Values.checkDsConnection.enabled) }}
- name: postgresql-check-connection
{{ include "moqui.image-helper" (coalesce .Values.postgresql.image .Values.checkImage) | nindent 10 }}
env:
- name: POSTGRES_HOST
value: {{ include "moqui.entity_ds_host" . }}
- name: POSTGRES_USER
value: {{ include "moqui.entity_ds_user" . }}
- name: POSTGRES_PORT
value: {{ include "moqui.entity_ds_port" . | quote }}
command:
- bash
- -cx
- |-
until pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -p ${POSTGRES_PORT}; do
sleep 5
done
{{- end }}
{{- end }}
{{- define "moqui-container-pod" }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{ include "moqui.image-helper" .Values.image | nindent 10 }}
command: ["java", "-server", "-XX:-OmitStackTraceInFastThrow", "-cp", ".", "MoquiStart"]
envFrom:
- configMapRef:
name: {{ include "moqui.fullname" . }}
- secretRef:
name: {{ include "moqui.fullname" . }}-opensearch
env:
- name: entity_ds_db_conf
value: 'postgres'
- name: entity_ds_database
value: {{ include "moqui.entity_ds_database" . }}
- name: entity_ds_host
value: {{ include "moqui.entity_ds_host" . }}
- name: entity_ds_port
value: {{ include "moqui.entity_ds_port" . | quote }}
- name: entity_ds_user
value: {{ include "moqui.entity_ds_user" . }}
- name: entity_ds_password
valueFrom:
secretKeyRef:
name: {{ include "moqui.entity_ds_password.secret.name" . }}
key: {{ include "moqui.entity_ds_password.secret.key" . }}
optional: false
- name: elasticsearch_url
value: {{ include "moqui.opensearch-url" . }}
volumeMounts:
- mountPath: /opt/moqui/runtime/lib
name: runtime-lib
- mountPath: /opt/moqui/runtime/elasticsearch
name: disable-elasticsearch
{{- end }}
- name: load
{{ include "moqui-container-pod" . }}
args: ["load"]
containers:
- name: {{ .Chart.Name }}
{{ include "moqui-container-pod" . }}
args: ["run"]
ports:
- name: http-moqui
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /status
port: http-moqui
readinessProbe:
httpGet:
path: /status
port: http-moqui
startupProbe:
httpGet:
path: /status
port: http-moqui
periodSeconds: 10
failureThreshold: 3
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
itolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if (and (eq .Values.configMap.entity_ds_db_conf "postgres") .Values.postgresql.enabled) }}
{{- else }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "moqui.fullname" . }}-dsauth
labels:
{{- include "moqui.labels" . | nindent 4 }}
stringData:
entity_ds_password: {{ .Values.configMap.entity_ds_password }}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "moqui.fullname" . }}-opensearch
labels:
{{- include "moqui.labels" . | nindent 4 }}
stringData:
elasticsearch_password: admin
apiVersion: /v1
kind: Service
metadata:
name: {{ include "moqui.fullname" . }}
labels:
{{- include "moqui.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http-moqui
protocol: TCP
name: http-moqui
selector:
{{- include "moqui.selectorLabels" . | nindent 4 }}
{{- if .Values.virtualService.enabled }}
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: {{ include "moqui.fullname" . }}
labels:
{{- include "moqui.labels" . | nindent 4 }}
spec:
gateways: {{ .Values.virtualService.gateways | toYaml | nindent 4 }}
hosts: {{ .Values.virtualService.hosts | toYaml | nindent 4 }}
http:
- match: {{ .Values.virtualService.match | toYaml | nindent 8 }}
route:
- destination:
port:
number: 8080
host: {{ include "moqui.fullname" . }}
{{- end }}
kind: Deployment
imagePullSecrets: {}
image:
pullPolicy: IfNotPresent
registry: docker.io
repository: moqui/moquidemo
tag: latest
configMap:
entity_ds_db_conf: "postgres"
entity_ds_database: "moqui"
entity_ds_host: external-postgres
entity_ds_port: "5432"
entity_ds_user: "moqui"
entity_ds_password: "iuqom"
elasticsearch_user: "admin"
checkDsConnection:
enabled: true
postgresql:
enabled: true
auth:
database: moqui
username: moqui
password: iuqom
checkImage:
pullPolicy: IfNotPresent
registry: null
repository: null
tag: latest
jdbcImage:
enabled: false
pullPolicy: IfNotPresent
repository: null
tag: latest
opensearch:
enabled: true
clusterName: foo-opensearch
url: "http://127.0.0.1:9200"
singleNode: true
masterService: ""
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
annotations: {}
ingressClassName: ""
hosts:
- moqui.local
tls:
enabled: false
secretName: moqui-tls
virtualService:
enabled: false
gateways:
- istio-system/ingress-gateway
hosts:
- moqui.local
match:
- uri:
prefix: "/"
serviceAccount:
create: false
name: default
podSecurityContext: {}
securityContext: {}
replicaCount: 1
podAnnotations: {}
resources: {}
nodeSelector: {}
affinity: {}
tolerations: {}
autoscaling:
enabled: false
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./postgresql.yaml
configMapGenerator:
- name: moqui-postgresql-scripts
files:
- ./pg_isready
options:
disableNameSuffixHash: true
#!/bin/sh
set -ex
# POSTGRES_HOST
# POSTGRES_USER
# POSTGRES_DATABASE
# PGPASSWORD
check_pg() {
pg_isready -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}"
}
check_auth() {
psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" "${POSTGRES_DATABASE}"
}
loop() {
checker="$1"
message="$2"
while ! $checker; do
echo "$message" 1>&2
sleep 1
count=5
while [ $count -gt 0 ] && ! $checker; do
count=$(($count - 1))
sleep 1
done
done
}
loop check_pg "Waiting for database to be up"
loop check_auth "Waiting for user+password to be active"
---
apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: moqui-postgresql
spec:
enableLogicalBackup: true
teamId: "moqui"
volume:
size: 1Gi
numberOfInstances: 2
users:
zalando: # database owner
- superuser
- createdb
moqui:
- login
databases:
moqui: moqui
postgresql:
version: "14"
---
name: test
namespace: default
app:
resources:
limits:
memory: 1Gi
requests:
memory: 1Gi
images:
moqui-app:
name: localhost:31234/moqui-app:latest
pullPolicy: Always
moqui-jdbc-drivers:
name: localhost:31234/moqui-jdbc-drivers:latest
pullPolicy: Always
storage:
log:
requests: 10Gi
storageClassName: null
txlog:
requests: 2Gi
storageClassName: null
sessions:
requests: 2Gi
storageClassName: null
elasticsearch:
enabled: true
version: 8.2.3
count: 2
resources:
limits:
memory: 1.5Gi
env:
- name: ES_JAVA_OPTS
value: "-Xms1g -Xmx1g"
kibana:
count: 1
resources:
limits:
memory: 1Gi
postgresql:
enabled: true
clone: {}
numberOfInstances: 2
volume:
size: 1Gi
version: "14"
images:
wait-for-pg:
name: registry.opensource.zalan.do/acid/spilo-14:2.1-p6
pullPolicy: IfNotPresent
#!/bin/bash
set -ex
cmd="$1"
shift
case "$cmd" in
(-start)
dir="$1"
shift
find "$dir" -type f -name '.git' -exec "$0" -fix "$dir" '{}' \;
;;
(-fix)
dir="$1"
gitdir_link="$2"
gitdir_dir="$(dirname "$gitdir_link")"
read gitdir_token gitdir_location < "$gitdir_link"
case "$gitdir_location" in
(/*)
echo "Can't handle absolute gitdir location: $gitdir_location" 1>&2
exit 1
;;
esac
cd "$gitdir_dir"
pushd "$gitdir_location"
git config --unset core.worktree
popd
rm .git
mv "$gitdir_location" .git
;;
esac
environments:
{{ .Environment.Name }}:
missingFileHandler: Debug
values:
- environments/default-values.yaml
{{- if ne .Environment.Name "default" }}
- environments/{{ .Environment.Name }}-values.yaml
{{- end }}
---
releases:
- name: {{ .Values.name }}-moqui-elasticsearch
condition: elasticsearch.enabled
chart: charts/elasticsearch
namespace: {{ .Values.namespace }}
values:
- namePrefix: {{ .Values.name }}-
strategicMergePatches:
- apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: {{ .Values.name }}-moqui
namespace: {{ .Values.namespace }}
spec:
version: {{ .Values.elasticsearch.version }}
- apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: {{ .Values.name }}-moqui
namespace: {{ .Values.namespace }}
spec:
count: {{ .Values.elasticsearch.kibana.count }}
version: {{ .Values.elasticsearch.version }}
elasticsearchRef:
name: {{ .Values.name }}-moqui
podTemplate:
spec:
containers:
- name: kibana
resources: {{ .Values.elasticsearch.kibana.resources | toYaml | nindent 20 }}
jsonPatches:
- target:
group: elasticsearch.k8s.elastic.co
version: v1
kind: Elasticsearch
name: {{ .Values.name }}-moqui
namespace: {{ .Values.namespace }}
patch:
- op: replace
path: /spec/nodeSets/0/count
value: {{ .Values.elasticsearch.count }}
- op: add
path: /spec/nodeSets/0/podTemplate
value:
spec:
containers:
- name: elasticsearch
resources: {{ .Values.elasticsearch.resources | toYaml | nindent 22 }}
env: {{ .Values.elasticsearch.env | toYaml | nindent 22 }}
- name: {{ .Values.name }}-moqui-postgresql
condition: postgresql.enabled
chart: charts/postgresql
namespace: {{ .Values.namespace }}
values:
- namePrefix: {{ .Values.name }}-
strategicMergePatches:
- apiVersion: acid.zalan.do/v1
kind: postgresql
metadata:
name: {{ .Values.name }}-moqui-postgresql
namespace: {{ .Values.namespace }}
spec:
teamId: {{ .Values.name }}-moqui
volume:
size: {{ .Values.postgresql.volume.size | quote }}
postgresql:
version: {{ .Values.postgresql.version | quote }}
{{- if .Values | get "postgresql.clone.uid" nil }}
clone:
{{ merge .Values.postgresql.clone ( dict "cluster" ( print .Values.name "-moqui-postgresql" ) ) | toYaml | nindent 12 }}
{{- end }}
- name: {{ .Values.name }}-moqui-app
chart: charts/moqui
namespace: {{ .Values.namespace }}
values:
- namePrefix: {{ .Values.name }}-
jsonPatches:
- target:
group: apps
version: v1
kind: Deployment
name: {{ .Values.name }}-moqui-app
namespace: {{ .Values.namespace }}
patch:
{{- if .Values.postgresql.enabled }}
- op: add
path: /spec/template/spec/volumes/-
value:
name: postgresql-scripts
configMap:
name: {{ .Values.name }}-moqui-postgresql-scripts
defaultMode: 0755
- op: add
path: /spec/template/spec/initContainers/0
value:
name: wait-for-pg
image: {{ .Values.postgresql.images | get "wait-for-pg.name" }}
imagePullPolicy: {{ .Values.postgresql.images | get "wait-for-pg.pullPolicy" }}
command: ["/postgresql-scripts/pg_isready"]
volumeMounts:
- name: postgresql-scripts
mountPath: /postgresql-scripts
env:
- name: POSTGRES_DATABASE
value: moqui
- name: POSTGRES_HOST
value: {{ .Values.name }}-moqui-postgresql
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: moqui.{{ .Values.name }}-moqui-postgresql.credentials.postgresql.acid.zalan.do
key: username
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: moqui.{{ .Values.name }}-moqui-postgresql.credentials.postgresql.acid.zalan.do
key: password
{{- end }}
{{- if .Values.elasticsearch.enabled }}
- op: add
path: /spec/template/spec/volumes/-
value:
name: elasticsearch-scripts
configMap:
name: {{ .Values.name }}-moqui-elasticsearch-scripts
defaultMode: 0755
- op: add
path: /spec/template/spec/initContainers/0
value:
name: wait-for-elasticsearch
image: {{ .Values.app.images | get "moqui-app.name" }}
imagePullPolicy: {{ .Values.app.images | get "moqui-app.pullPolicy" }}
command: ["/elasticsearch-scripts/es_isready"]
volumeMounts:
- name: elasticsearch-scripts
mountPath: /elasticsearch-scripts
env:
- name: elasticsearch_url
value: https://{{ .Values.name }}-moqui-es-http:9200
- name: elasticsearch_user
value: elastic
- name: elasticsearch_password
valueFrom:
secretKeyRef:
name: {{ .Values.name }}-moqui-es-elastic-user
key: elastic
{{- end }}
strategicMergePatches:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.name }}-moqui-log
namespace: {{ .Values.namespace }}
spec:
resources:
requests:
storage: {{ .Values.storage.log.requests }}
{{- if .Values.storage.log.storageClassName }}
storageClassName: {{ .Values.storage.log.storageClassName }}
{{- end }}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.name }}-moqui-txlog
namespace: {{ .Values.namespace }}
spec:
resources:
requests:
storage: {{ .Values.storage.txlog.requests }}
{{- if .Values.storage.txlog.storageClassName }}
storageClassName: {{ .Values.storage.txlog.storageClassName }}
{{- end }}
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.name }}-moqui-sessions
namespace: {{ .Values.namespace }}
spec:
resources:
requests:
storage: {{ .Values.storage.sessions.requests }}
{{- if .Values.storage.sessions.storageClassName }}
storageClassName: {{ .Values.storage.sessions.storageClassName }}
{{- end }}
- apiVersion: v1
kind: Service
metadata:
name: {{ .Values.name }}-moqui
namespace: {{ .Values.namespace }}
spec:
selector:
app: {{ .Values.name }}-moqui-app
- apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.name }}-moqui-app
namespace: {{ .Values.namespace }}
labels:
app: {{ .Values.name }}-moqui-app
spec:
selector:
matchLabels:
app: {{ .Values.name }}-moqui-app
template:
metadata:
labels:
app: {{ .Values.name }}-moqui-app
spec:
restartPolicy: Always
securityContext:
runAsUser: 0
runAsGroup: 0
initContainers:
- name: copy-jdbc-drivers
image: {{ .Values.app.images | get "moqui-jdbc-drivers.name" }}
imagePullPolicy: {{ .Values.app.images | get "moqui-jdbc-drivers.pullPolicy" }}
- name: load-moqui
image: {{ .Values.app.images | get "moqui-app.name" }}
imagePullPolicy: {{ .Values.app.images | get "moqui-app.pullPolicy" }}
env:
{{- block "moquideps" . }}
{{- if .Values.elasticsearch.enabled }}
- name: kibana_host
value: {{ .Values.name }}-moqui-kb-http
- name: elasticsearch_url
value: https://{{ .Values.name }}-moqui-es-http:9200
- name: elasticsearch_user
value: elastic
- name: elasticsearch_password
valueFrom:
secretKeyRef:
name: {{ .Values.name }}-moqui-es-elastic-user
key: elastic
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: entity_ds_db_conf
value: postgres
- name: entity_ds_host
value: {{ .Values.name }}-moqui-postgresql
- name: entity_ds_port
value: "5432"
- name: entity_ds_user
valueFrom:
secretKeyRef:
name: moqui.{{ .Values.name }}-moqui-postgresql.credentials.postgresql.acid.zalan.do
key: username
- name: entity_ds_password
valueFrom:
secretKeyRef:
name: moqui.{{ .Values.name }}-moqui-postgresql.credentials.postgresql.acid.zalan.do
key: password
- name: entity_ds_database
value: moqui
- name: entity_ds_schema
value: public
{{- end }}
{{- end }}
containers:
- name: moqui
image: {{ .Values.app.images | get "moqui-app.name" }}
imagePullPolicy: {{ .Values.app.images | get "moqui-app.pullPolicy" }}
resources: {{ .Values.app.resources | toYaml | nindent 20 }}
env:
{{- template "moquideps" . }}