diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 0f6af39..b990266 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -37,10 +37,14 @@ jobs: with: version: v3.18.4 - - name: Adding bitnamirepo + - name: Adding dependency repositories run: | - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add bitnami-full-index https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + helm pull oci://registry-1.docker.io/bitnamicharts/postgresql --version 16.7.21 + helm pull oci://registry-1.docker.io/bitnamicharts/postgresql --version 12.2.6 + helm pull oci://registry-1.docker.io/bitnamicharts/postgresql --version 12.1.6 + helm pull oci://registry-1.docker.io/bitnamicharts/redis --version 21.2.13 + helm pull oci://registry-1.docker.io/bitnamicharts/common --version 1.x.x + helm repo add ory https://k8s.ory.sh/helm/charts - uses: actions/setup-python@v5 with: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fefe987..327ac6e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,10 +22,14 @@ jobs: git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Adding bitnamirepo + - name: Adding dependency repositories run: | - helm repo add bitnami https://charts.bitnami.com/bitnami - helm repo add bitnami-full-index https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami + helm pull oci://registry-1.docker.io/bitnamicharts/postgresql --version 16.7.21 + helm pull oci://registry-1.docker.io/bitnamicharts/postgresql --version 12.2.6 + helm pull oci://registry-1.docker.io/bitnamicharts/postgresql --version 12.1.6 + helm pull oci://registry-1.docker.io/bitnamicharts/redis --version 21.2.13 + helm pull oci://registry-1.docker.io/bitnamicharts/common --version 1.x.x + helm repo add ory https://k8s.ory.sh/helm/charts - name: Prepare GPG key run: | diff --git a/charts/jovvix/.helmignore b/charts/jovvix/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/jovvix/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/jovvix/Chart.lock b/charts/jovvix/Chart.lock new file mode 100644 index 0000000..31bccca --- /dev/null +++ b/charts/jovvix/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 16.7.21 +- name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 21.2.13 +- name: kratos + repository: https://k8s.ory.sh/helm/charts + version: 0.45.0 +digest: sha256:88fc564a207e9b01b1758dfe0911c2181d73a0bd67b9b2d560a50809d55b5353 +generated: "2025-08-06T18:48:56.874391824+05:30" diff --git a/charts/jovvix/Chart.yaml b/charts/jovvix/Chart.yaml new file mode 100644 index 0000000..8807e05 --- /dev/null +++ b/charts/jovvix/Chart.yaml @@ -0,0 +1,41 @@ +apiVersion: v2 +name: jovvix +description: A Helm chart for jovvix + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" + +maintainers: + - name: improwised + +dependencies: + - name: postgresql + version: "16.7.21" + repository: oci://registry-1.docker.io/bitnamicharts + condition: postgresql.enabled + - name: redis + version: "21.2.13" + repository: oci://registry-1.docker.io/bitnamicharts + condition: redis.enabled + - name: kratos + version: "0.45.0" + repository: https://k8s.ory.sh/helm/charts + condition: kratos.enabled diff --git a/charts/jovvix/ci/override-values.yaml b/charts/jovvix/ci/override-values.yaml new file mode 100644 index 0000000..a2045ad --- /dev/null +++ b/charts/jovvix/ci/override-values.yaml @@ -0,0 +1,170 @@ +services: + - fullnameOverride: "jovvix-ui-svc" + name: ui + replicaCount: 1 + image: + repository: improwised/jovvix-ui + tag: main-9acf2cb-1754290699 + pullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: jovvix-ui + service: + enabled: true + fullnameOverride: "jovvix-ui-svc" + type: ClusterIP + ports: + name: http + port: 4000 + targetPort: http + ingress: + enabled: true + fullnameOverride: "jovvix-ui-svc" + host: app.example.com + path: / + pathType: Prefix + - fullnameOverride: "jovvix-api-svc" + name: api + initContainers: + - name: wait-for-redis + image: busybox:1.37.0 + command: + - sh + - -c + - > + until timeout 3 nc -z jovvix-redis-master 6379; + do echo waiting for redis; sleep 5; done; + echo redis found + replicaCount: 1 + image: + repository: improwised/jovvix-api + tag: main-82546e9-1753769203 + pullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: ["./jovvix api || sleep 3600"] + service: + enabled: true + fullnameOverride: "jovvix-api-svc" + type: ClusterIP + ports: + name: http + port: 3300 + targetPort: http + ingress: + enabled: true + fullnameOverride: "jovvix-api-svc" + host: app.example.com + path: /api + pathType: Prefix + envFrom: + - configMapRef: + name: jovvix-api + - secretRef: + name: jovvix-api + +jobs: + - fullnameOverride: jovvix-migration + image: + repository: improwised/jovvix-api + tag: main-82546e9-1753769203 + envFrom: + - configMapRef: + name: jovvix-api + - secretRef: + # To keep the container running + name: jovvix-api + command: ["/bin/sh", "-c"] + args: + - | + echo "Waiting for Postgres to be ready..." + until nc -z jovvix-db-postgresql 5432; do + echo "Postgres not up yet, retrying in 3s..." + sleep 3 + done + + echo "Postgres is ready, running migrations..." + until timeout 5 ./jovvix migrate up; do + echo "Postgres is up but there is some other issue, retrying in 3s..." + sleep 3 + done + echo "Migrations successful" + # annotations: + # # This is what defines this resource as a hook. Without this line, the + # # job is considered part of the release. + # # after completing migration job will disappear + # "helm.sh/hook": post-install,post-upgrade + # # high priority than kratos-migration so that this finishes first + # "helm.sh/hook-weight": "-5" + # "helm.sh/hook-delete-policy": before-hook-creation + - fullnameOverride: jovvix-kratos-migration + image: + repository: oryd/kratos + tag: v1.3.1 + env: + - name: DSN + valueFrom: + secretKeyRef: + name: jovvix-kratos + key: dsn + command: ["/bin/sh", "-c"] + args: + - | + until timeout 5 kratos migrate sql -e --yes; do + echo "Waiting for Postgres to be ready for kratos migrations..." + sleep 3 + done + echo "kratos migrations successful" + # annotations: + # # This is what defines this resource as a hook. Without this line, the + # # job is considered part of the release. + # # after completing migration job will disappear + # "helm.sh/hook": post-install,post-upgrade + # # kept it -4 ao that it can comes after the jovvix migration + # "helm.sh/hook-weight": "-4" + # "helm.sh/hook-delete-policy": before-hook-creation + +postgresql: + fullnameOverride: "jovvix-db-postgresql" + primary: + persistence: + enabled: false + auth: + username: jovvix + database: jovvix + existingSecret: jovvix-db + +redis: + fullnameOverride: "jovvix-redis" + master: + persistence: + enabled: false + auth: + existingSecret: jovvix-db + +kratos: + fullnameOverride: "jovvix-kratos" + ingress: + admin: + enabled: false + public: + enabled: false + secrets: + enabled: false + nameOverride: jovvix-kratos + kratos: + automigration: + enabled: false + config: + courier: + smtp: + connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true + serve: + public: + base_url: http://jovvix-kratos + port: 4433 + admin: + base_url: http://jovvix-kratos + port: 4434 + selfservice: + allowed_return_urls: + - http://localhost diff --git a/charts/jovvix/templates/NOTES.txt b/charts/jovvix/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/charts/jovvix/templates/_helpers.tpl b/charts/jovvix/templates/_helpers.tpl new file mode 100644 index 0000000..1efcb14 --- /dev/null +++ b/charts/jovvix/templates/_helpers.tpl @@ -0,0 +1,51 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "jovvix.name" -}} +{{- default $.Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "jovvix.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default $.Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "jovvix.chart" -}} +{{- printf "%s-%s" $.Chart.Name $.Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "jovvix.labels" -}} +helm.sh/chart: {{ include "jovvix.chart" . }} +{{ include "jovvix.selectorLabels" . }} +{{- if $.Chart.AppVersion }} +app.kubernetes.io/version: {{ $.Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "jovvix.selectorLabels" -}} +app.kubernetes.io/name: {{ include "jovvix.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/jovvix/templates/configmap.yaml b/charts/jovvix/templates/configmap.yaml new file mode 100644 index 0000000..4114391 --- /dev/null +++ b/charts/jovvix/templates/configmap.yaml @@ -0,0 +1,14 @@ +{{- range .Values.configmaps }} +{{- if .create }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .name | default (printf "%s-%s" $.Release.Name .name) }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "jovvix.labels" $ | nindent 4 }} +data: + {{- toYaml .data | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/jovvix/templates/hpa.yaml b/charts/jovvix/templates/hpa.yaml new file mode 100644 index 0000000..af4dd47 --- /dev/null +++ b/charts/jovvix/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "jovvix.fullname" . }} + labels: + {{- include "jovvix.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "jovvix.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/jovvix/templates/job.yaml b/charts/jovvix/templates/job.yaml new file mode 100644 index 0000000..0775172 --- /dev/null +++ b/charts/jovvix/templates/job.yaml @@ -0,0 +1,92 @@ +{{- range .Values.jobs }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + {{- if .fullnameOverride }} + name: "{{ .fullnameOverride }}" + {{- else if $.Values.prefixWithReleaseName.enabled }} + name: "{{ $.Release.Name }}-{{ .name }}" + {{- else}} + name: "{{ .name }}" + {{- end }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "jovvix.labels" $ | nindent 4 }} + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + template: + metadata: + labels: + {{- include "jovvix.labels" $ | nindent 8 }} + {{- with .podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with $.Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: Never + containers: + - name: {{ $.Chart.Name }} + {{- if .image }} + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + {{- else }} + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- if .env }} + env: + {{- toYaml .env | nindent 12 }} + {{- else if $.Values.env }} + env: + {{- toYaml $.Values.env | nindent 12 }} + {{- end }} + {{- if .envFrom }} + envFrom: + {{- toYaml .envFrom | nindent 12 }} + {{- else if $.Values.envFrom }} + envFrom: + {{- toYaml $.Values.envFrom | nindent 12 }} + {{- end }} + {{- if .command }} + {{- with .command }} + command: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .args }} + {{- with .args }} + args: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + volumeMounts: + {{- if .volumeMounts }} + {{- toYaml .volumeMounts | nindent 12 }} + {{- else if $.Values.volumeMounts }} + {{- toYaml $.Values.volumeMounts | nindent 12 }} + {{- end }} + {{- with .securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + {{- if .volumes }} + {{- toYaml .volumes | nindent 8 }} + {{- else if $.Values.volumes }} + {{- toYaml $.Values.volumes | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/jovvix/templates/secret.yaml b/charts/jovvix/templates/secret.yaml new file mode 100644 index 0000000..739b1ea --- /dev/null +++ b/charts/jovvix/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- range .Values.secrets }} +{{- if .create }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name | default (printf "%s-%s" $.Release.Name .name) }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "jovvix.labels" $ | nindent 4 }} +type: Opaque +stringData: + {{- toYaml .stringData | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/jovvix/templates/services.yaml b/charts/jovvix/templates/services.yaml new file mode 100644 index 0000000..07ca015 --- /dev/null +++ b/charts/jovvix/templates/services.yaml @@ -0,0 +1,219 @@ +{{- range .Values.services }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + {{- if .fullnameOverride }} + name: "{{ .fullnameOverride }}" + {{- else if $.Values.prefixWithReleaseName.enabled }} + name: "{{ $.Release.Name }}-{{ .name }}-svc" + {{- else}} + name: "{{ .name }}" + {{- end }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "jovvix.labels" $ | nindent 4 }} + {{- with .annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if not $.Values.autoscaling.enabled }} + replicas: {{ if ne .replicaCount nil }}{{ .replicaCount }}{{ else }}{{ $.Values.replicaCount }}{{ end }} + {{- end }} + selector: + matchLabels: + {{- include "jovvix.selectorLabels" $ | nindent 6 }} + template: + metadata: + {{- with .podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "jovvix.labels" $ | nindent 8 }} + {{- with .podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .initContainers }} + {{- with .initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- with $.Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .name }} + {{- with .securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .image }} + image: "{{ .image.repository }}:{{ .image.tag | default $.Chart.AppVersion }}" + {{- else }} + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}" + {{- end }} + imagePullPolicy: {{ .image.pullPolicy | default $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- if .env }} + env: + {{- toYaml .env | nindent 12 }} + {{- else if $.Values.env }} + env: + {{- toYaml $.Values.env | nindent 12 }} + {{- end }} + {{- if .envFrom }} + envFrom: + {{- toYaml .envFrom | nindent 12 }} + {{- else if $.Values.envFrom }} + envFrom: + {{- toYaml $.Values.envFrom | nindent 12 }} + {{- end }} + {{- if .command }} + {{- with .command }} + command: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- if .args }} + {{- with .args }} + args: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- with .ports }} + ports: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .startupProbe }} + startupProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .resources }} + resources: + {{- toYaml .resources | nindent 12 }} + {{- else if $.Values.resources }} + resources: + {{- toYaml $.Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .volumeMounts }} + {{- toYaml .volumeMounts | nindent 12 }} + {{- else if $.Values.volumeMounts }} + {{- toYaml $.Values.volumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .volumes }} + {{- toYaml .volumes | nindent 8 }} + {{- else if $.Values.volumes }} + {{- toYaml $.Values.volumes | nindent 8 }} + {{- end }} + {{- with .nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- if and .service (.service.enabled) }} +--- +apiVersion: v1 +kind: Service +metadata: + {{- if .fullnameOverride }} + name: "{{ .fullnameOverride }}" + {{- else if $.Values.prefixWithReleaseName.enabled }} + name: "{{ $.Release.Name }}-{{ .service.name }}-svc" + {{- else}} + name: "{{ .service.name }}" + {{- end }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "jovvix.labels" $ | nindent 4 }} + {{- with .service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .service.type | default "ClusterIP" }} + selector: + {{- include "jovvix.selectorLabels" $ | nindent 4 }} + ports: + - name: {{ .service.ports.name | default "http" }} + port: {{ .service.ports.port }} + targetPort: {{ .service.ports.targetPort | default 80 }} + protocol: {{ .service.ports.protocol | default "TCP" }} +{{- end }} +{{- if and .ingress (.ingress.enabled) }} +{{- $svcName := ternary .ingress.fullnameOverride (printf "%s-%s-svc" $.Release.Name .service.name) (ne .ingress.fullnameOverride "") }} +{{- $svcPortName := .service.ports.name | default "http" }} +{{- $svcPortNumber := .service.ports.port }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + {{- if .fullnameOverride }} + name: "{{ .fullnameOverride }}" + {{- else if $.Values.prefixWithReleaseName.enabled }} + name: "{{ $.Release.Name }}-{{ .name }}-svc" + {{- else}} + name: "{{ .ingress.name }}" + {{- end }} + namespace: {{ $.Release.Namespace | quote }} + labels: + {{- include "jovvix.labels" $ | nindent 4 }} + {{- with .ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .ingress.className }} + ingressClassName: {{ . }} + {{- end }} + {{- if .ingress.tls }} + tls: + {{- range .ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .ingress.host | quote }} + http: + paths: + - path: {{ .ingress.path | default "/" }} + pathType: {{ .ingress.pathType | default "Prefix" }} + backend: + service: + name: "{{ $svcName }}" + port: + {{- if $svcPortName }} + name: {{ $svcPortName }} + {{- else }} + number: {{ $svcPortNumber }} + {{- end }} +{{- end }} +{{- end}} diff --git a/charts/jovvix/values.yaml b/charts/jovvix/values.yaml new file mode 100644 index 0000000..fc80938 --- /dev/null +++ b/charts/jovvix/values.yaml @@ -0,0 +1,559 @@ +# Default values for jovvix. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ +replicaCount: 1 + +nameOverride: "" +fullnameOverride: "" +prefixWithReleaseName: + enabled: true + +# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ +image: + repository: nginx + # This sets the pull policy for images. + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] + +# If not resource specified it will take resources from this, remove the brackets and uncomment the below limits and add appropriate resources. +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# This section is for adding the deployments, service, ingress. you can define multiple services as done below. +services: + # This is for the jovvix-ui pod + - name: ui + fullnameOverride: "jovvix-ui-svc" + replicaCount: 1 + image: + repository: improwised/jovvix-ui + tag: main-9acf2cb-1754290699 + pullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: jovvix-ui + ports: + - name: http + containerPort: 5000 + protocol: TCP + resources: {} + # limits: + # memory: 600Mi + # requests: + # cpu: 100m + # memory: 600Mi + service: + enabled: true + fullnameOverride: "jovvix-ui-svc" + type: ClusterIP + ports: + name: http + port: 5000 + targetPort: http + protocol: TCP + # Ingress for the ui pod + ingress: + enabled: true + fullnameOverride: "jovvix-ui-svc" + className: nginx + host: app.example.com + path: / + pathType: Prefix + # This is for the jovvix-api pod + - name: api + fullnameOverride: "jovvix-api-svc" + # This init container waits for the redis pod to running, if removed the api pod crashes while redis is not in running state. + initContainers: + - name: wait-for-redis + image: busybox:1.37.0 + command: + - sh + - -c + - > + until timeout 3 nc -z jovvix-redis-master 6379; + do echo waiting for redis; sleep 5; done; + echo redis found + replicaCount: 1 + image: + repository: improwised/jovvix-api + tag: main-82546e9-1753769203 + pullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: jovvix-api + - secretRef: + name: jovvix-api + livenessProbe: + httpGet: + path: /api/healthz + port: http + initialDelaySeconds: 6 + periodSeconds: 6 + readinessProbe: + httpGet: + path: /api/healthz + port: http + initialDelaySeconds: 6 + periodSeconds: 6 + resources: {} + # limits: + # memory: 4Gi + # requests: + # cpu: 500m + # memory: 4Gi + ports: + - name: http + containerPort: 3300 + protocol: TCP + service: + enabled: true + fullnameOverride: "jovvix-api-svc" + type: ClusterIP + ports: + name: http + port: 3300 + targetPort: http + protocol: TCP + # Used to start the api server + command: + - "/bin/sh" + - "-c" + args: + - "./jovvix api" + # Ingress for the api pod + ingress: + enabled: true + fullnameOverride: "jovvix-api-svc" + className: nginx + host: app.example.com + path: /api + pathType: Prefix + +# Used to add jobs based on job template +jobs: + # runs migraion for the jovvix + - fullnameOverride: jovvix-migration + image: + repository: improwised/jovvix-api + tag: main-82546e9-1753769203 + envFrom: + - configMapRef: + name: jovvix-api + - secretRef: + # To keep the container running + name: jovvix-api + command: ["/bin/sh", "-c"] + args: + - | + until timeout 5 ./jovvix migrate up; do + echo "Waiting for Postgres to be ready for migrations..." + sleep 3 + done + echo "Migrations successful" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + # after completing migration job will disappear + "helm.sh/hook": post-install,post-upgrade + # high priority than kratos-migration so that this finishes first + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + # runs kratos migrations + - fullnameOverride: jovvix-kratos-migration + image: + repository: oryd/kratos + tag: v1.3.1 + env: + - name: DSN + valueFrom: + secretKeyRef: + name: jovvix-kratos + key: dsn + command: ["/bin/sh", "-c"] + args: + - | + until timeout 5 kratos migrate sql -e --yes; do + echo "Waiting for Postgres to be ready for kratos migrations..." + sleep 3 + done + echo "kratos migrations successful" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + # after completing migration job will disappear + "helm.sh/hook": post-install,post-upgrade + # kept it -4 ao that it can comes after the jovvix migration + "helm.sh/hook-weight": "-4" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + +# Used to create configmaps, you can add existing configmaps also, but the name should be the same or you have to make changes accordingly +configmaps: + - name: "jovvix-api" + create: true + data: + APP_PORT: 0.0.0.0:3300 + APP_ENV: local + IS_DEVELOPMENT: "true" + DEBUG: "true" + DB_DIALECT: postgres + DB_HOST: "jovvix-db-postgresql" + DB_PORT: "5432" + DB_USERNAME: jovvix + DB_NAME: jovvix + DB_QUERYSTRING: "sslmode=disable" + MIGRATION_DIR: database/migrations + WEB_URL: "https://app.example.com" + ISSUER: "https://app.example.com" + REDIS_HOST: "jovvix-redis-master" + REDIS_PORT: "6379" + REDIS_DATABASES: "0" + MAXIMUM_POINTS_PER_QUESTION: "20" + MINIMUM_POINTS_PER_QUESTION: "0" + QUESTION_TIME_LIMIT: "15" + SCOREBOARD_MAX_DURATION: "10" + KRATOS_ENABLED: "true" + KRATOS_COOKIE_EXPIRATION_TIME: 2h23m + SERVE_PUBLIC_BASE_URL: https://app.example.com + SERVE_PUBLIC_PORT: "4433" + SERVE_ADMIN_PORT: "4451" + SELF_SERVICE_DEFAULT_BROWSER_RETURN_URL: https://app.example.com/api/v1/kratos/auth + SELF_SERVICE_FLOWS_REGISTRATION_AFTER_DEFAULT_BROWSER_RETURN_URL: https://app.example.com/api/v1/kratos/auth + AWS_REGION: ap-south-1 + BUCKET_NAME: example-bucket + S3_BUCKET_ENDPOINT: https://s3.example.com + SMTP_HOST: "smtp.example.com" + SMTP_PORT: "587" + EMAIL_FROM: "no-reply@example.com" + - name: "jovvix-ui" + create: true + data: + APP_ENV: local + MODE: development + PORT: "4000" + HOST: "0.0.0.0" + NUXT_PUBLIC_BASE_URL: "https://app.example.com" + NUXT_PUBLIC_API_URL: "https://app.example.com/api/v1" + NUXT_PUBLIC_API_SOCKET_URL: "wss://app.example.com/api/v1/socket" + NUXT_PUBLIC_KRATOS_URL: "https://app.example.com" + S3_BUCKET_URL: https://example-bucket.s3.example.com + +# Used to create secrets, you can add existing secrets also, but the name should be the same or you have to make changes accordingly +secrets: + - name: "jovvix-api" + create: true + stringData: + DB_PASSWORD: "example-db-password" + JWT_SECRET: "example-jwt-secret" + REDIS_PASSWORD: "example-redis-password" + DSN: postgres://jovvix:example-db-password@jovvix-db-postgresql:5432/jovvix?sslmode=disable + SMTP_USERNAME: "example-smtp-user" + SMTP_PASSWORD: "example-smtp-pass" + - name: "jovvix-db" + create: true + stringData: + postgres-password: "example-postgres-password" + password: "example-db-password" + redis-password: "example-redis-password" + - name: "jovvix-kratos" + create: true + stringData: + dsn: postgres://jovvix:example-db-password@jovvix-db-postgresql:5432/jovvix?sslmode=disable&search_path=kratos + secretsCipher: example-32-long-secret-change-me + secretsCookie: example-cookie-secret + secretsDefault: example-default-secret + smtpConnectionURI: smtp://example-smtp-user:example-smtp-pass@smtp.example.com:587/ + +# postgresql configurations +postgresql: + fullnameOverride: "jovvix-db-postgresql" + global: + storageClass: local-path + security: + allowInsecureImages: true + imageRegistry: public.ecr.aws + image: + repository: bitnami/postgresql + tag: 17.5.0-debian-12-r20 + primary: + persistence: + enabled: true + size: 100Mi + resources: {} + # requests: + # cpu: 300m + # memory: 4Gi + # limits: + # memory: 4Gi + extendedConfiguration: | + max_connections = 1000 + auth: + username: jovvix + database: jovvix + existingSecret: jovvix-db + postgresql: + maxConnections: 4000 + +# redis configurations +redis: + fullnameOverride: "jovvix-redis" + architecture: standalone + auth: + existingSecret: jovvix-db + global: + storageClass: local-path + security: + allowInsecureImages: true + imageRegistry: public.ecr.aws + image: + repository: bitnami/redis + tag: 8.0.3-debian-12-r1 + master: + persistence: + enabled: true + size: 100Mi + resources: {} + # requests: + # cpu: 200m + # memory: 1024Mi + # limits: + # memory: 1024Mi + +# kratos configurations +kratos: + fullnameOverride: "jovvix-kratos" + job: + extraInitContainers: | + - name: wait-for-jovvix-api-svc + image: curlimages/curl:8.15.0 + command: + [ + "sh", + "-c", + "until curl -sf --connect-timeout 3 http://jovvix-api-svc:3300/api/healthz; do echo 'Waiting for jovvix-api-svc health endpoint...'; sleep 5; done; echo 'jovvix-api-svc is healthy, proceeding...';" + ] + ingress: + admin: + enabled: true + className: "nginx" + hosts: + - host: app.example.com + paths: + - path: /admin/identities + pathType: ImplementationSpecific + servicePort: http + public: + enabled: true + className: "nginx" + hosts: + - host: app.example.com + paths: + - path: /self-service + pathType: ImplementationSpecific + servicePort: http + - path: /sessions + pathType: ImplementationSpecific + servicePort: http + secret: + # do not create secret by default + enabled: false + # takes existing secret with this name + nameOverride: jovvix-kratos + kratos: + automigration: + enabled: false + config: + courier: + smtp: + connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true + from_address: no-reply@example.com + serve: + public: + base_url: https://app.example.com + port: 4433 + cors: + enabled: true + allowed_origins: + - https://app.example.com + allowed_methods: + - POST + - GET + - PUT + - PATCH + - DELETE + allowed_headers: + - Authorization + - Cookie + - Content-Type + exposed_headers: + - Content-Type + - Set-Cookie + allow_credentials: true + admin: + base_url: https://app.example.com + port: 4434 + selfservice: + allowed_return_urls: + - https://app.example.com + default_browser_return_url: https://app.example.com + flows: + error: + ui_url: https://app.example.com/error + login: + after: + default_browser_return_url: https://app.example.com/api/v1/kratos/auth + hooks: + - hook: require_verified_address + lifespan: 10m + ui_url: https://app.example.com/account/login + logout: + after: + default_browser_return_url: https://app.example.com/login + recovery: + enabled: true + ui_url: https://app.example.com/recovery + use: code + registration: + after: + default_browser_return_url: https://app.example.com/api/v1/kratos/auth + oidc: + hooks: + - hook: session + password: + hooks: + - hook: session + - hook: show_verification_ui + lifespan: 10m + ui_url: https://app.example.com/account/register + settings: + privileged_session_max_age: 15m + required_aal: highest_available + ui_url: https://app.example.com/settings + verification: + after: + default_browser_return_url: https://app.example.com/api/v1/kratos/auth + enabled: true + ui_url: https://app.example.com/verification + use: code + methods: + code: + enabled: true + link: + enabled: true + lookup_secret: + enabled: true + oidc: + config: + base_redirect_uri: https://app.example.com + providers: + - auth_url: https://accounts.google.com/o/oauth2/v2/auth + client_id: + client_secret: + id: google + issuer_url: https://accounts.google.com + mapper_url: base64:// + provider: google + scope: + - openid + - email + - profile + token_url: https://www.googleapis.com/oauth2/v4/token + enabled: true + password: + enabled: true + totp: + config: + issuer: Kratos + enabled: true + ciphers: + algorithm: xchacha20-poly1305 + cookies: + domain: app.example.com + path: / + same_site: Lax + hashers: + algorithm: bcrypt + bcrypt: + cost: 8 + identity: + default_schema_id: default + schemas: + - id: default + url: file:///etc/config/identity.schema.json + log: + format: json + leak_sensitive_values: true + level: warning + identitySchemas: + identity.schema.json: | + { + "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Person", + "type": "object", + "properties": { + "traits": { + "type": "object", + "properties": { + "email": { + "type": "string", + "format": "email", + "title": "E-Mail", + "minLength": 3, + "ory.sh/kratos": { + "credentials": { + "password": { + "identifier": true + } + }, + "verification": { + "via": "email" + }, + "recovery": { + "via": "email" + } + } + }, + "name": { + "type": "object", + "properties": { + "first": { + "title": "First Name", + "type": "string" + }, + "last": { + "title": "Last Name", + "type": "string" + } + } + } + }, + "required": [ + "email" + ], + "additionalProperties": false + } + } + }