feat: enhance chart (#12)

* feat: enhance chart

* fix(values): spaces

* feat(charts/portals): add maintainers

* fiyx(charts/portals): maintainer name

* fix(ci): remove install test due to missing db

* fix(charts/portals): no fresh migration

* feat(charts/portals): add csv configmap ref

* fix(charts/portals): seed-job

* feat(charts/portals): add hpa

* feat(charts/portals): add app_env_type to match newest image

* fix(charts/portals): migrate seed uses fresh

* feat(charts/portals): adjust and document default values

.github/workflows/test-chart.yaml

@@ -28,9 +28,3 @@ jobs:
       - name: Run chart-testing (lint)
         if: steps.list-changed.outputs.changed == 'true'
         run: ct lint --target-branch ${{ github.event.repository.default_branch }}
-      - name: Create kind cluster
-        if: steps.list-changed.outputs.changed == 'true'
-        uses: helm/[email protected]
-      - name: Run chart-testing (install)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: ct install --target-branch ${{ github.event.repository.default_branch }}

charts/portals/Chart.yaml

@@ -2,6 +2,10 @@ apiVersion: v2
 name: portals
 description: Portals is a group allocation tool for the first week of the Department of Electrical Engineering and Information Technology at the FH Aachen - University of Applied Sciences.
 type: application
-version: 0.0.2
+version: 0.0.3
 appVersion: "2.1.0"
 home: github.com/fsr5-fhaachen/portals
+maintainers:
+  - name: fsr5-fhaachen
+    email: [email protected]
+    url: https://fsr5.de/

charts/portals/README.md

@@ -11,6 +11,14 @@ helm repo add portals https://fsr5-fhaachen.github.io/portals/
 helm upgrade --install portals portals/portals --namespace portals --create-namespace -f values.yaml
 ```
 
+## Database and Redis
+
+The chart does not install a database or redis. You have to install them yourself. 
+
+You could use the [postgresql operator](https://cloudnative-pg.io/) and [redis operator](https://ot-container-kit.github.io/redis-operator/) for kubernetes.
+
+If you want a deployment example, view [our deployment guide](https://github.com/fsr5-fhaachen/portals/blob/main/deploy/README.md) inside the portals repo.
+
 ## Values
 
 You can find the default values in the [values.yaml](values.yaml) file.

charts/portals/templates/NOTES.txt

@@ -0,0 +1,13 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+{{- if .Values.ingress.enabled }}
+You can access your site on your configured domain by visiting {{ index .Values.ingress.hosts 0 }}.
+{{- else }}
+You can access your site by port-forwarding to the service: "kubectl port-forward -n {{ .Release.Namespace }} svc/{{ include "portals.fullname" . }} 8000:8000"
+{{- end }}
+
+
+
+Learn more about portals at https://github.com/fsr5-fhaachen/portals.

charts/portals/templates/deployment.yaml

@@ -26,19 +26,25 @@ spec:
             - name: http
               containerPort: 8000
               protocol: TCP
+          {{- if not .Values.disableLivenessProbe }}
           livenessProbe:
             httpGet:
               path: /
               port: http
+          {{- end }}
+          {{- if not .Values.disableReadinessProbe }}
           readinessProbe:
             httpGet:
               path: /
               port: http
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          envFrom:
-            - secretRef:
-                name: {{ include "portals.fullname" . }}
+          env:
+            {{- range $key, $value := .Values.environment }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/portals/templates/hpa.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.hpa.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "portals.fullname" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "portals.fullname" . }}
+  minReplicas: {{ .Values.hpa.minReplicas }}
+  maxReplicas: {{ .Values.hpa.maxReplicas }}
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.hpa.averageCPUUtilization }}
+{{- end }}

charts/portals/templates/seed-job.yaml

@@ -0,0 +1,59 @@
+{{- if or .Values.migrateJob.onInstall .Values.migrateJob.onUpgrade -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "portals.fullname" . }}-migrate-job
+  labels:
+    {{- include "portals.labels" . | nindent 4 }}
+  annotations:
+    helm.sh/hook: {{ if .Values.migrateJob.onInstall }}pre-install{{ end }}{{ if and .Values.migrateJob.onInstall .Values.migrateJob.onUpgrade }},{{ end }}{{ if .Values.migrateJob.onUpgrade }}pre-upgrade{{ end }}
+    helm.sh/hook-weight: "1"
+    helm.sh/hook-delete-policy: hook-succeeded
+spec:
+  template:
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          env:
+            {{- range $key, $value := .Values.environment }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- if .Values.migrateJob.seed }}
+          command: ["php", "artisan", "migrate:fresh", "--seed", "--no-interaction", "--force"]
+          {{- else }}
+          command: ["php", "artisan", "migrate", "--no-interaction", "--force"]
+          {{- end }}
+          {{- if or (ne .Values.migrateJob.tutorsCsvConfigMapName "") (ne .Values.migrateJob.studentsCsvConfigMapName "") }}
+          volumeMounts:
+            {{- if ne .Values.migrateJob.tutorsCsvConfigMapName "" }}
+            - name: tutors-csv
+              mountPath: /var/www/html/database/seeders/tutors.csv
+              subPath: tutors.csv
+            {{- end }}
+            {{- if ne .Values.migrateJob.studentsCsvConfigMapName "" }}
+            - name: students-csv
+              mountPath: /var/www/html/database/seeders/students.csv
+              subPath: students.csv
+            {{- end }}
+          {{- end }}
+      {{- if or (ne .Values.migrateJob.tutorsCsvConfigMapName "") (ne .Values.migrateJob.studentsCsvConfigMapName "") }}
+      volumes:
+        {{- if ne .Values.migrateJob.tutorsCsvConfigMapName "" }}
+        - name: tutors-csv
+          configMap:
+            name: {{ .Values.migrateJob.tutorsCsvConfigMapName }}
+        {{- end }}
+        {{- if ne .Values.migrateJob.studentsCsvConfigMapName "" }}
+        - name: students-csv
+          configMap:
+            name: {{ .Values.migrateJob.studentsCsvConfigMapName }}
+        {{- end }}
+      {{- end }}
+      restartPolicy: Never
+  backoffLimit: 1
+{{- end }}

charts/portals/values.yaml

@@ -1,5 +1,11 @@
 replicaCount: 1
 
+hpa:
+  enabled: true
+  minReplicas: 1
+  maxReplicas: 10
+  averageCPUUtilization: 90
+
 nameOverride: ""
 fullnameOverride: ""
 
@@ -11,51 +17,67 @@ image:
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
 
-environment: 
+environment:
   APP_NAME: Erstiwoche FB5
-  APP_ENV: local
-  APP_KEY: # insert app key here
+  APP_ENV: production
+  APP_KEY:  # insert app key here
   APP_DEBUG: "false"
+  APP_FORCE_HTTPS: "true"
+  APP_EVENT_TYPE: "demo"
   APP_URL: https://portals.fsr5.de
-  TUTOR_PASSWORD: password # insert secret password here
-  ADMIN_PASSWORD: admin # insert secret password here
+  TUTOR_PASSWORD: password  # insert secret password here
+  ADMIN_PASSWORD: admin  # insert secret password here
   DB_CONNECTION: pgsql
-  DB_HOST: # insert db host here
+  DB_HOST:  # insert db host here
   DB_PORT: "5432"
   DB_DATABASE: postgres
   DB_USERNAME: postgres
-  DB_PASSWORD: # insert db password here
+  DB_PASSWORD:  # insert db password here
   OCTANE_HTTPS: "true"
-  OCTANE_WORKERS: "4"
-  OCTANE_MAX_REQUESTS: "512"
+  OCTANE_WORKERS: "1"  # only one worker per cpu core should be started, see https://laravel.com/docs/10.x/octane#specifying-the-worker-count
+  OCTANE_MAX_REQUESTS: "512"  # set max "open" requests a octane worker can handle, see https://laravel.com/docs/10.x/octane#specifying-the-max-request-count
   WWWGROUP: "1000"
   WWWUSER: "1000"
   CACHE_DRIVER: redis
   SESSION_DRIVER: redis
   SESSION_LIFETIME: "120"
-  REDIS_HOST: # insert redis host here
-  REDIS_PASSWORD: # insert redis password here
+  REDIS_HOST:  # insert redis host here
+  REDIS_PASSWORD:  # insert redis password here
   REDIS_PORT: "6379"
 
 ingress:
   enabled: true
   className: "nginx"
-  annotations:
-    cert-manager.io/issuer: "letsencrypt-prod"
+  annotations: {}
+    # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    # nginx.ingress.kubernetes.io/limit-rps: "500"
   hosts:
     - portals.fsr5.de
   tls: true
 
-resources: {}
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+# default ressources
+# should handle about 6 req/s per pod
+# scales linear with pod count (15 pods = 90 req/s, 30 pods = 180 req/s, ...)
+resources:
+  limits:
+    cpu: 150m
+    memory: 128Mi
+  requests:
+    cpu: 150m
+    memory: 128Mi
 
 nodeSelector: {}
 
 tolerations: []
 
 affinity: {}
+
+migrateJob:
+  onInstall: false  # run on helm install
+  onUpgrade: false  # run on helm upgrade
+  seed: false  # set to true to use migrate:fresh --seed, otherwise only migrate will be executed
+  tutorsCsvConfigMapName: ""
+  studentsCsvConfigMapName: ""
+
+disableReadinessProbe: false  # disable pod readiness probe (used for debugging)
+disableLivenessProbe: false  # disable pod liveness probe (used for debugging)