From f8a0d4c21542620d3645da214ce7776ff32e80ba Mon Sep 17 00:00:00 2001 From: joaquimpeixoto Date: Wed, 27 May 2026 14:42:30 +0100 Subject: [PATCH] feat: use helm subcharts --- charts/helm/checkmate/Chart.lock | 15 ++ charts/helm/checkmate/Chart.yaml | 19 ++ charts/helm/checkmate/INSTALLATION.md | 209 +++++++++++------- .../templates/client-deployment.yaml | 44 ---- .../checkmate/templates/client-ingress.yaml | 31 --- .../checkmate/templates/client-service.yaml | 9 - .../checkmate/templates/mongodb-service.yaml | 9 - .../templates/mongodb-statefulsets.yaml | 44 ---- .../helm/checkmate/templates/prechecks.yaml | 57 ++--- .../checkmate/templates/redis-service.yaml | 11 - .../templates/redis-statefulsets.yaml | 33 --- charts/helm/checkmate/templates/secrets.yaml | 4 +- .../templates/server-deployment.yaml | 37 ---- .../checkmate/templates/server-ingress.yaml | 38 ---- .../checkmate/templates/server-nginx-cm.yaml | 41 ---- .../checkmate/templates/server-service.yaml | 9 - charts/helm/checkmate/values.yaml | 179 +++++++++++---- 17 files changed, 314 insertions(+), 475 deletions(-) create mode 100644 charts/helm/checkmate/Chart.lock delete mode 100644 charts/helm/checkmate/templates/client-deployment.yaml delete mode 100644 charts/helm/checkmate/templates/client-ingress.yaml delete mode 100644 charts/helm/checkmate/templates/client-service.yaml delete mode 100644 charts/helm/checkmate/templates/mongodb-service.yaml delete mode 100644 charts/helm/checkmate/templates/mongodb-statefulsets.yaml delete mode 100644 charts/helm/checkmate/templates/redis-service.yaml delete mode 100644 charts/helm/checkmate/templates/redis-statefulsets.yaml delete mode 100644 charts/helm/checkmate/templates/server-deployment.yaml delete mode 100644 charts/helm/checkmate/templates/server-ingress.yaml delete mode 100644 charts/helm/checkmate/templates/server-nginx-cm.yaml delete mode 100644 charts/helm/checkmate/templates/server-service.yaml diff --git a/charts/helm/checkmate/Chart.lock b/charts/helm/checkmate/Chart.lock new file mode 100644 index 0000000000..78883f648e --- /dev/null +++ b/charts/helm/checkmate/Chart.lock @@ -0,0 +1,15 @@ +dependencies: +- name: app-template + repository: https://bjw-s-labs.github.io/helm-charts + version: 4.4.0 +- name: app-template + repository: https://bjw-s-labs.github.io/helm-charts + version: 4.4.0 +- name: mongodb + repository: oci://registry-1.docker.io/bitnamicharts + version: 19.0.3 +- name: redis + repository: oci://registry-1.docker.io/bitnamicharts + version: 24.1.2 +digest: sha256:a727ca956d590e2ccf9cf6b228e6bedf8fbc459129f728da0dda446c93c5605f +generated: "2026-05-27T14:37:30.244511+01:00" diff --git a/charts/helm/checkmate/Chart.yaml b/charts/helm/checkmate/Chart.yaml index 97f320e68b..169ae1b834 100644 --- a/charts/helm/checkmate/Chart.yaml +++ b/charts/helm/checkmate/Chart.yaml @@ -4,3 +4,22 @@ description: A Helm chart for Checkmate App type: application version: 0.1.0 appVersion: "2.3" +dependencies: + - name: app-template + alias: client + version: 4.4.0 + repository: https://bjw-s-labs.github.io/helm-charts + condition: client.enabled + - name: app-template + alias: server + version: 4.4.0 + repository: https://bjw-s-labs.github.io/helm-charts + condition: server.enabled + - name: mongodb + version: 19.0.3 + repository: oci://registry-1.docker.io/bitnamicharts + condition: mongodb.enabled + - name: redis + version: 24.1.2 + repository: oci://registry-1.docker.io/bitnamicharts + condition: redis.enabled diff --git a/charts/helm/checkmate/INSTALLATION.md b/charts/helm/checkmate/INSTALLATION.md index 06cf9f7b96..b00347a3f5 100644 --- a/charts/helm/checkmate/INSTALLATION.md +++ b/charts/helm/checkmate/INSTALLATION.md @@ -1,6 +1,6 @@ # Kubernetes Installation Guide for Checkmate -This guide walks you through deploying Checkmate on your Kubernetes cluster using Helm. +This guide walks you through deploying Checkmate on Kubernetes using Helm. ## Prerequisites @@ -8,109 +8,162 @@ This guide walks you through deploying Checkmate on your Kubernetes cluster usin - Helm CLI installed and configured - `kubectl` configured to access your cluster -## Steps +## Chart layout -### 1. Clone the repo and navigate to the Helm chart +The Checkmate chart is an umbrella chart: + +- `client` and `server` use the `bjw-s-labs/app-template` chart. +- `mongodb` uses the Bitnami MongoDB chart. +- `redis` uses the Bitnami Redis chart and is disabled by default. +- The parent chart renders shared preflight checks and the `checkmate-secrets` Secret. + +This keeps the chart customizable without copying Kubernetes primitives into local templates. + +## Install ```bash git clone https://github.com/bluewave-labs/checkmate.git cd checkmate/charts/helm/checkmate +helm dependency update +helm install checkmate . -f values.yaml ``` -### 2. Customize values.yaml -Edit `values.yaml` to update: -- `client.ingress.host` and `server.ingress.host` with your domain names -- `server.protocol` (usually http or https) -- **If upgrading**: Migrate persistence settings from flat structure to nested: - - Old: `persistence.mongodbSize` → New: `persistence.mongo.size` - - Old: `persistence.redisSize` → New: `persistence.redis.size` - - Add: `persistence.mongo.storageClass` and `persistence.redis.storageClass` (leave empty for default) -- Secrets under the `secrets` section (`JWT_SECRET`, email credentials, API keys, etc.) — replace all change_me values -- **For TLS/HTTPS**: Configure ingress TLS settings (see section below) - -### 3. Deploy the Helm chart -```bash -helm install checkmate ./charts/helm/checkmate -``` -This will deploy the client, server, MongoDB, and Redis components. +Before installing, replace every `change_me` value in `values.yaml`. -### 4. Verify the deployment -Check pods and services: -```bash -kubectl get pods -kubectl get svc -``` +At minimum, set: -Once all pods are `Running` and `Ready`, you can access Checkmate via the configured ingress hosts. +- `client.ingress.main.hosts[0].host` +- `server.ingress.main.hosts[0].host` +- `client.controllers.main.containers.main.env.UPTIME_APP_API_BASE_URL` +- `client.controllers.main.containers.main.env.UPTIME_APP_CLIENT_HOST` +- `server.controllers.main.containers.main.env.CLIENT_HOST` +- `secrets.JWT_SECRET` -## Enabling TLS/HTTPS with cert-manager +## External MongoDB or Redis -If you have [cert-manager](https://cert-manager.io/) installed in your cluster, you can enable automatic TLS certificate provisioning using Let's Encrypt or other certificate issuers. +Disable bundled dependencies when you provide your own services: + +```yaml +mongodb: + enabled: false -### Prerequisites -- cert-manager installed in your cluster -- A ClusterIssuer or Issuer configured (e.g., `letsencrypt-prod`) +redis: + enabled: false -### Configuration +secrets: + DB_CONNECTION_STRING: "mongodb://external-mongodb:27017/uptime_db" + REDIS_HOST: "external-redis" + REDIS_PORT: "6379" +``` -Edit `values.yaml` to enable TLS (and update protocols to https): +When bundled MongoDB is enabled, the default `DB_CONNECTION_STRING` uses the Helm release name: ```yaml -client: - protocol: https - ingress: - enabled: true - host: checkmate.example.com - className: nginx - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - tls: - enabled: true - secretName: checkmate-client-tls +secrets: + DB_CONNECTION_STRING: "mongodb://{{ .Release.Name }}-mongodb:27017/uptime_db" +``` -server: - protocol: https - ingress: - enabled: true - host: checkmate.example.com - className: nginx - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-prod" - tls: - enabled: true - secretName: checkmate-server-tls +When bundled Redis is enabled, use the Bitnami Redis service name: + +```yaml +redis: + enabled: true + +secrets: + REDIS_HOST: "{{ .Release.Name }}-redis-master" + REDIS_PORT: "6379" ``` -### Alternative: Using --set flags +## Persistence -You can also enable TLS during installation using Helm's `--set` flags: +MongoDB persistence is controlled through the Bitnami MongoDB chart values: -```bash -helm install checkmate ./charts/helm/checkmate \ - --set client.protocol=https \ - --set server.protocol=https \ - --set client.ingress.annotations."cert-manager\.io/cluster-issuer"="letsencrypt-prod" \ - --set client.ingress.tls.enabled=true \ - --set client.ingress.tls.secretName=checkmate-client-tls \ - --set server.ingress.annotations."cert-manager\.io/cluster-issuer"="letsencrypt-prod" \ - --set server.ingress.tls.enabled=true \ - --set server.ingress.tls.secretName=checkmate-server-tls +```yaml +mongodb: + persistence: + enabled: true + size: 5Gi + storageClass: "" ``` -### Verification +Redis persistence is controlled through the Bitnami Redis chart values: -After deployment, cert-manager will automatically create the TLS secrets. You can verify the certificate status: +```yaml +redis: + master: + persistence: + enabled: true + size: 1Gi + storageClass: "" +``` -```bash -# Check certificates -kubectl get certificates +Set `storageClass` to an empty string to use the cluster default. -# Check certificate details -kubectl describe certificate checkmate-client-tls -kubectl describe certificate checkmate-server-tls +## TLS/HTTPS -# Verify the secrets were created -kubectl get secrets | grep checkmate-tls +Ingress settings now follow the app-template value shape. A cert-manager example: + +```yaml +client: + global: + nameOverride: client + controllers: + main: + containers: + main: + env: + UPTIME_APP_API_BASE_URL: "https://api.checkmate.example.com/api/v1" + UPTIME_APP_CLIENT_HOST: "https://checkmate.example.com" + ingress: + main: + className: nginx + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + hosts: + - host: checkmate.example.com + paths: + - path: / + pathType: Prefix + service: + identifier: main + port: http + tls: + - secretName: checkmate-client-tls + hosts: + - checkmate.example.com + +server: + global: + nameOverride: server + controllers: + main: + containers: + main: + env: + CLIENT_HOST: "https://checkmate.example.com" + ingress: + main: + className: nginx + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + hosts: + - host: api.checkmate.example.com + paths: + - path: /api/v1 + pathType: Prefix + service: + identifier: main + port: http + tls: + - secretName: checkmate-server-tls + hosts: + - api.checkmate.example.com ``` -The ingress will automatically use these secrets to enable HTTPS access to your Checkmate instance. +After deployment, verify: + +```bash +kubectl get pods +kubectl get svc +kubectl get ingress +``` diff --git a/charts/helm/checkmate/templates/client-deployment.yaml b/charts/helm/checkmate/templates/client-deployment.yaml deleted file mode 100644 index 381631ef5b..0000000000 --- a/charts/helm/checkmate/templates/client-deployment.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: checkmate-client -spec: - replicas: 1 - selector: - matchLabels: - app: checkmate-client - template: - metadata: - labels: - app: checkmate-client - spec: - {{- with .Values.client.affinity }} - affinity: - {{- tpl ( . | toYaml) $ | nindent 8 }} - {{- end }} - {{- with .Values.client.tolerations }} - tolerations: - {{- tpl ( . | toYaml) $ | nindent 8 }} - {{- end }} - containers: - - name: client - image: {{ .Values.client.image }} - ports: - - containerPort: {{ .Values.client.port }} - env: - - name: UPTIME_APP_API_BASE_URL - value: "{{ .Values.server.protocol }}://{{ .Values.server.ingress.host }}/api/v1" - - name: UPTIME_APP_CLIENT_HOST - value: "{{ .Values.client.protocol }}://{{ .Values.client.ingress.host }}" - volumeMounts: - - name: config-volume - mountPath: /etc/nginx/conf.d/default.conf - subPath: default.conf - {{- with .Values.client.resources }} - resources: - {{- tpl ( . | toYaml) $ | nindent 12 }} - {{- end }} - volumes: - - name: config-volume - configMap: - name: checkmate-server-nginx-cm diff --git a/charts/helm/checkmate/templates/client-ingress.yaml b/charts/helm/checkmate/templates/client-ingress.yaml deleted file mode 100644 index 4fe126ea68..0000000000 --- a/charts/helm/checkmate/templates/client-ingress.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.client.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: checkmate-client-ingress - {{- if .Values.client.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.client.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -spec: - ingressClassName: {{ .Values.client.ingress.className }} - {{- if .Values.client.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.client.ingress.host }} - secretName: {{ default (printf "%s-client-tls" .Release.Name) .Values.client.ingress.tls.secretName }} - {{- end }} - rules: - - host: {{ .Values.client.ingress.host }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: checkmate-client - port: - number: {{ .Values.client.port }} -{{- end }} diff --git a/charts/helm/checkmate/templates/client-service.yaml b/charts/helm/checkmate/templates/client-service.yaml deleted file mode 100644 index b56eaeedfc..0000000000 --- a/charts/helm/checkmate/templates/client-service.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: checkmate-client -spec: - selector: - app: checkmate-client - ports: - - port: {{ .Values.client.port }} diff --git a/charts/helm/checkmate/templates/mongodb-service.yaml b/charts/helm/checkmate/templates/mongodb-service.yaml deleted file mode 100644 index b96fe1a820..0000000000 --- a/charts/helm/checkmate/templates/mongodb-service.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: checkmate-mongodb -spec: - selector: - app: checkmate-mongodb - ports: - - port: {{ .Values.mongodb.port }} \ No newline at end of file diff --git a/charts/helm/checkmate/templates/mongodb-statefulsets.yaml b/charts/helm/checkmate/templates/mongodb-statefulsets.yaml deleted file mode 100644 index 8149b77e28..0000000000 --- a/charts/helm/checkmate/templates/mongodb-statefulsets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: checkmate-mongodb -spec: - replicas: 1 - selector: - matchLabels: - app: checkmate-mongodb - template: - metadata: - labels: - app: checkmate-mongodb - spec: - {{- with .Values.mongodb.affinity }} - affinity: - {{- tpl ( . | toYaml) $ | nindent 8 }} - {{- end }} - {{- with .Values.mongodb.tolerations }} - tolerations: - {{- tpl ( . | toYaml) $ | nindent 8 }} - {{- end }} - containers: - - name: mongodb - image: {{ .Values.mongodb.image }} - ports: - - containerPort: {{ .Values.mongodb.port }} - command: ["mongod", "--quiet", "--bind_ip_all"] - volumeMounts: - - name: checkmate-mongo-persistent-storage - mountPath: /data/db - {{- with .Values.mongodb.resources }} - resources: - {{- tpl ( . | toYaml) $ | nindent 12 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: checkmate-mongo-persistent-storage - spec: - storageClassName: {{ .Values.persistence.mongo.storageClass | quote }} - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: {{ .Values.persistence.mongo.size | default "5Gi" | quote }} \ No newline at end of file diff --git a/charts/helm/checkmate/templates/prechecks.yaml b/charts/helm/checkmate/templates/prechecks.yaml index e2b9ec5c25..04afe2e188 100644 --- a/charts/helm/checkmate/templates/prechecks.yaml +++ b/charts/helm/checkmate/templates/prechecks.yaml @@ -1,48 +1,23 @@ -{{- if eq .Values.client.ingress.host "change_me" }} - {{- fail "client.ingress.host must be overridden and not set to 'change_me'" }} -{{- end }} +{{- if .Values.client.enabled }} + {{- $clientHost := (index .Values.client.ingress.main.hosts 0).host }} -{{- if eq .Values.server.ingress.host "change_me" }} - {{- fail "server.ingress.host must be overridden and not set to 'change_me'" }} -{{- end }} + {{- if eq $clientHost "change_me" }} + {{- fail "client.ingress.main.hosts[0].host must be overridden and not set to 'change_me'" }} + {{- end }} -{{- $serverProtocol := .Values.server.protocol }} -{{- if not (or (eq $serverProtocol "http") (eq $serverProtocol "https")) }} - {{- fail "server.protocol must be either 'http' or 'https'" }} + {{- if or (not .Values.client.controllers.main.containers.main.env.UPTIME_APP_API_BASE_URL) (contains "change_me" .Values.client.controllers.main.containers.main.env.UPTIME_APP_API_BASE_URL) }} + {{- fail "client.controllers.main.containers.main.env.UPTIME_APP_API_BASE_URL must be set to the public server URL" }} + {{- end }} {{- end }} -{{- $clientProtocol := .Values.client.protocol }} -{{- if not (or (eq $clientProtocol "http") (eq $clientProtocol "https")) }} - {{- fail "client.protocol must be either 'http' or 'https'" }} -{{- end }} +{{- if .Values.server.enabled }} + {{- $serverHost := (index .Values.server.ingress.main.hosts 0).host }} -{{/* Enforce protocol when TLS is enabled to avoid mixed-content */}} -{{- if and .Values.client.ingress.tls.enabled (ne $clientProtocol "https") }} - {{- fail "client.ingress.tls.enabled is true but client.protocol is not 'https'. Set client.protocol: https to avoid mixed content." }} -{{- end }} + {{- if eq $serverHost "change_me" }} + {{- fail "server.ingress.main.hosts[0].host must be overridden and not set to 'change_me'" }} + {{- end }} -{{- if and .Values.server.ingress.tls.enabled (ne $serverProtocol "https") }} - {{- fail "server.ingress.tls.enabled is true but server.protocol is not 'https'. Set server.protocol: https to ensure correct API base URL." }} + {{- if or (not .Values.server.controllers.main.containers.main.env.CLIENT_HOST) (contains "change_me" .Values.server.controllers.main.containers.main.env.CLIENT_HOST) }} + {{- fail "server.controllers.main.containers.main.env.CLIENT_HOST must be set to the public client URL" }} + {{- end }} {{- end }} - -{{/* If client runs on https, API must also be https to avoid mixed content */}} -{{- if and (eq $clientProtocol "https") (ne $serverProtocol "https") }} - {{- fail "client.protocol is 'https' but server.protocol is not. Set server.protocol: https to prevent browser mixed-content issues." }} -{{- end }} - -{{/* Fail early if TLS enabled without cert-manager annotations (cluster-issuer or issuer) */}} -{{- $cAnn := .Values.client.ingress.annotations | default dict }} -{{- $sAnn := .Values.server.ingress.annotations | default dict }} - -{{- $clientHasIssuer := or (hasKey $cAnn "cert-manager.io/cluster-issuer") (hasKey $cAnn "cert-manager.io/issuer") }} -{{- $serverHasIssuer := or (hasKey $sAnn "cert-manager.io/cluster-issuer") (hasKey $sAnn "cert-manager.io/issuer") }} - -{{- if and .Values.client.ingress.tls.enabled (not $clientHasIssuer) }} - {{- fail "client.ingress.tls.enabled is true but no cert-manager issuer annotation found. Add 'cert-manager.io/cluster-issuer' or 'cert-manager.io/issuer'." }} -{{- end }} - -{{- if and .Values.server.ingress.tls.enabled (not $serverHasIssuer) }} - {{- fail "server.ingress.tls.enabled is true but no cert-manager issuer annotation found. Add 'cert-manager.io/cluster-issuer' or 'cert-manager.io/issuer'." }} -{{- end }} - -{{/* Secret name can be omitted; we default to -client|server-tls in templates */}} diff --git a/charts/helm/checkmate/templates/redis-service.yaml b/charts/helm/checkmate/templates/redis-service.yaml deleted file mode 100644 index 2720350da5..0000000000 --- a/charts/helm/checkmate/templates/redis-service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.redis.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: checkmate-redis -spec: - selector: - app: checkmate-redis - ports: - - port: {{ .Values.redis.port }} -{{- end }} diff --git a/charts/helm/checkmate/templates/redis-statefulsets.yaml b/charts/helm/checkmate/templates/redis-statefulsets.yaml deleted file mode 100644 index acf7c85a82..0000000000 --- a/charts/helm/checkmate/templates/redis-statefulsets.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.redis.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: checkmate-redis -spec: - replicas: 1 - selector: - matchLabels: - app: checkmate-redis - template: - metadata: - labels: - app: checkmate-redis - spec: - containers: - - name: redis - image: {{ .Values.redis.image }} - ports: - - containerPort: {{ .Values.redis.port }} - volumeMounts: - - name: redis-data - mountPath: /data - volumeClaimTemplates: - - metadata: - name: checkmate-redis-persistent-storage - spec: - storageClassName: {{ .Values.persistence.redis.storageClass | quote }} - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: {{ .Values.persistence.redis.size | default "1Gi" | quote }} -{{- end }} \ No newline at end of file diff --git a/charts/helm/checkmate/templates/secrets.yaml b/charts/helm/checkmate/templates/secrets.yaml index af104e7d11..580c84ac9a 100644 --- a/charts/helm/checkmate/templates/secrets.yaml +++ b/charts/helm/checkmate/templates/secrets.yaml @@ -11,5 +11,5 @@ metadata: type: Opaque stringData: {{- range $key, $value := $secrets }} - {{ $key }}: {{ $value | quote }} -{{- end }} \ No newline at end of file + {{ $key }}: {{ tpl ($value | toString) $ | quote }} +{{- end }} diff --git a/charts/helm/checkmate/templates/server-deployment.yaml b/charts/helm/checkmate/templates/server-deployment.yaml deleted file mode 100644 index 393964ccdc..0000000000 --- a/charts/helm/checkmate/templates/server-deployment.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: checkmate-server -spec: - replicas: 1 - selector: - matchLabels: - app: checkmate-server - template: - metadata: - labels: - app: checkmate-server - spec: - {{- with .Values.server.affinity }} - affinity: - {{- tpl ( . | toYaml) $ | nindent 8 }} - {{- end }} - {{- with .Values.server.tolerations }} - tolerations: - {{- tpl ( . | toYaml) $ | nindent 8 }} - {{- end }} - containers: - - name: server - image: {{ .Values.server.image }} - ports: - - containerPort: {{ .Values.server.port }} - envFrom: - - secretRef: - name: checkmate-secrets - {{- with .Values.server.resources }} - resources: - {{- tpl ( . | toYaml) $ | nindent 12 }} - {{- end }} - env: - - name: CLIENT_HOST - value: "{{ .Values.client.protocol }}://{{ .Values.client.ingress.host }}" diff --git a/charts/helm/checkmate/templates/server-ingress.yaml b/charts/helm/checkmate/templates/server-ingress.yaml deleted file mode 100644 index 34c9ac0dc8..0000000000 --- a/charts/helm/checkmate/templates/server-ingress.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.server.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: checkmate-server-ingress - {{- if .Values.server.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.server.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{/*#annotations: - #nginx.ingress.kubernetes.io/rewrite-target: / - #nginx.ingress.kubernetes.io/enable-cors: "true" - #nginx.ingress.kubernetes.io/cors-allow-origin: "http://{{ .Values.client.ingress.host }},https://{{ .Values.client.ingress.host }}" - #nginx.ingress.kubernetes.io/cors-allow-methods: "GET, PUT, POST, DELETE, PATCH, OPTIONS" - #nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" - #nginx.ingress.kubernetes.io/cors-allow-credentials: "true"*/}} -spec: - ingressClassName: {{ .Values.server.ingress.className }} - {{- if .Values.server.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.server.ingress.host }} - secretName: {{ default (printf "%s-server-tls" .Release.Name) .Values.server.ingress.tls.secretName }} - {{- end }} - rules: - - host: {{ .Values.server.ingress.host }} - http: - paths: - - path: /api/v1 - pathType: Prefix - backend: - service: - name: checkmate-server - port: - number: {{ .Values.server.port }} -{{- end }} diff --git a/charts/helm/checkmate/templates/server-nginx-cm.yaml b/charts/helm/checkmate/templates/server-nginx-cm.yaml deleted file mode 100644 index 84da552991..0000000000 --- a/charts/helm/checkmate/templates/server-nginx-cm.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: checkmate-server-nginx-cm -data: - default.conf: | - server { - listen 80; - listen [::]:80; - - server_name checkmate-demo.bluewavelabs.ca; - server_tokens off; - - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - try_files $uri $uri/ /index.html; - } - - # location /api/ { - # proxy_pass http://{{ .Values.server.ingress.host }}:5000/api/; - # proxy_http_version 1.1; - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # } - - location /api-docs/ { - proxy_pass http://{{ .Values.server.ingress.host }}:5000/api-docs/; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - } \ No newline at end of file diff --git a/charts/helm/checkmate/templates/server-service.yaml b/charts/helm/checkmate/templates/server-service.yaml deleted file mode 100644 index d8a7fbe864..0000000000 --- a/charts/helm/checkmate/templates/server-service.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: checkmate-server -spec: - selector: - app: checkmate-server - ports: - - port: {{ .Values.server.port }} diff --git a/charts/helm/checkmate/values.yaml b/charts/helm/checkmate/values.yaml index 9a586dd542..3fe8a19e1f 100644 --- a/charts/helm/checkmate/values.yaml +++ b/charts/helm/checkmate/values.yaml @@ -1,49 +1,140 @@ client: - image: ghcr.io/bluewave-labs/checkmate-client:v3.2.0 - port: 80 - protocol: http + enabled: true + global: + nameOverride: client + controllers: + main: + containers: + main: + image: + repository: ghcr.io/bluewave-labs/checkmate-client + tag: v3.2.0 + env: + UPTIME_APP_API_BASE_URL: "http://change_me/api/v1" + UPTIME_APP_CLIENT_HOST: "http://change_me" + service: + main: + controller: main + ports: + http: + port: 80 ingress: - enabled: true - host: change_me - className: nginx - annotations: {} - # Example annotations for cert-manager: - # annotations: - # cert-manager.io/cluster-issuer: "letsencrypt-prod" - tls: - enabled: false - # secretName: {{ .Release.Name }}-client-tls # Optional; defaults to -client-tls if omitted - # Note: when enabling TLS, also set client.protocol: https and add - # a cert-manager issuer annotation (e.g. cert-manager.io/cluster-issuer: "letsencrypt-prod"). - # The secret will be automatically created by cert-manager when using the cert-manager.io/cluster-issuer annotation + main: + enabled: true + className: nginx + annotations: {} + hosts: + - host: change_me + paths: + - path: / + pathType: Prefix + service: + identifier: main + port: http + tls: [] + configMaps: + nginx: + enabled: true + data: + default.conf: | + server { + listen 80; + listen [::]:80; + + server_name _; + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } + + location /api-docs/ { + proxy_pass http://{{ .Release.Name }}-server:52345/api-docs/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + persistence: + nginx-config: + enabled: true + type: configMap + identifier: nginx + globalMounts: + - path: /etc/nginx/conf.d/default.conf + subPath: default.conf + resources: {} + affinity: {} + tolerations: [] server: - image: ghcr.io/bluewave-labs/checkmate-backend:v3.2.0 - port: 52345 - protocol: http + enabled: true + global: + nameOverride: server + controllers: + main: + containers: + main: + image: + repository: ghcr.io/bluewave-labs/checkmate-backend + tag: v3.2.0 + env: + CLIENT_HOST: "http://change_me" + envFrom: + - secretRef: + name: checkmate-secrets + service: + main: + controller: main + ports: + http: + port: 52345 ingress: + main: + enabled: true + className: nginx + annotations: {} + hosts: + - host: change_me + paths: + - path: /api/v1 + pathType: Prefix + service: + identifier: main + port: http + tls: [] + resources: {} + affinity: {} + tolerations: [] + +mongodb: + enabled: true + architecture: standalone + auth: + enabled: false + persistence: enabled: true - host: change_me - className: nginx - annotations: {} - # Example annotations for cert-manager: - # annotations: - # cert-manager.io/cluster-issuer: "letsencrypt-prod" - tls: - enabled: false - # secretName: {{ .Release.Name }}-server-tls # Optional; defaults to -server-tls if omitted - # Note: when enabling TLS, also set server.protocol: https and add - # a cert-manager issuer annotation (e.g. cert-manager.io/cluster-issuer: "letsencrypt-prod"). - # The secret will be automatically created by cert-manager when using the cert-manager.io/cluster-issuer annotation + size: 5Gi + storageClass: "" redis: enabled: false - image: redis:7.2 - port: 6379 - -mongodb: - image: ghcr.io/bluewave-labs/checkmate-mongo:v3.2.0 - port: 27017 + architecture: standalone + auth: + enabled: false + master: + persistence: + enabled: true + size: 1Gi + storageClass: "" secrets: JWT_SECRET: change_me @@ -53,18 +144,10 @@ secrets: # SYSTEM_EMAIL_HOST: smtp.example.com # SYSTEM_EMAIL_PORT: "587" # PAGESPEED_API_KEY: change_me - DB_CONNECTION_STRING: mongodb://checkmate-mongodb.namespace.svc:27017/uptime_db - CLIENT_HOST: change_me -# REDIS_HOST: redis + DB_CONNECTION_STRING: "mongodb://{{ .Release.Name }}-mongodb:27017/uptime_db" + CLIENT_HOST: "{{ .Values.server.controllers.main.containers.main.env.CLIENT_HOST }}" +# REDIS_HOST: "{{ .Release.Name }}-redis-master" # REDIS_PORT: "6379" # DB_TYPE: MongoDB # TOKEN_TTL: 99d # REFRESH_TOKEN_TTL: 99d - -persistence: - mongo: - size: 5Gi - storageClass: "" - redis: - size: 1Gi - storageClass: "" \ No newline at end of file