diff --git a/timetracker-chart/.gitignore b/timetracker-chart/.gitignore new file mode 100644 index 0000000..21a5db7 --- /dev/null +++ b/timetracker-chart/.gitignore @@ -0,0 +1,3 @@ +*.tgz +charts/ +Chart.lock \ No newline at end of file diff --git a/timetracker-chart/Chart.yaml b/timetracker-chart/Chart.yaml new file mode 100644 index 0000000..764c8a5 --- /dev/null +++ b/timetracker-chart/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: timetracker +description: A Helm chart for the TimeTracker application +type: application +version: 1.0.0 +appVersion: "1.0.0" +dependencies: [] \ No newline at end of file diff --git a/timetracker-chart/templates/NOTES.txt b/timetracker-chart/templates/NOTES.txt new file mode 100644 index 0000000..1678295 --- /dev/null +++ b/timetracker-chart/templates/NOTES.txt @@ -0,0 +1,39 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} + - http{{ if .Values.ingress.tls.enabled }}s{{ end }}://{{ (index .Values.ingress.hosts 0).host }} +{{- else if contains "NodePort" .Values.frontend.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "timetracker.fullname" . }}-frontend) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.frontend.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "timetracker.fullname" . }}-frontend' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "timetracker.fullname" . }}-frontend --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP +{{- else if contains "ClusterIP" .Values.frontend.service.type }} + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "timetracker.fullname" . }}-frontend 8080:80 + echo "Visit http://127.0.0.1:8080 to use your application" +{{- end }} + +2. Check the status of the pods: + kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "timetracker.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" + +3. PostgreSQL Credentials: + Username: {{ .Values.postgresql.auth.username }} + Password: {{ .Values.postgresql.auth.password }} + Database: {{ .Values.postgresql.auth.database }} + +IMPORTANT NOTES: +- Make sure to change the OIDC configuration in values.yaml +- Change the SESSION_SECRET from the default value for production +- Configure ingress host and TLS settings for your environment + +OIDC Configuration Required: + issuerUrl: {{ .Values.backend.oidc.issuerUrl | default "NOT SET - REQUIRED" }} + clientId: {{ .Values.backend.oidc.clientId | default "NOT SET - REQUIRED" }} \ No newline at end of file diff --git a/timetracker-chart/templates/_helpers.tpl b/timetracker-chart/templates/_helpers.tpl new file mode 100644 index 0000000..6bd058c --- /dev/null +++ b/timetracker-chart/templates/_helpers.tpl @@ -0,0 +1,110 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "timetracker.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "timetracker.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "timetracker.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "timetracker.labels" -}} +helm.sh/chart: {{ include "timetracker.chart" . }} +{{ include "timetracker.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "timetracker.selectorLabels" -}} +app.kubernetes.io/name: {{ include "timetracker.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "timetracker.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "timetracker.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +PostgreSQL labels +*/}} +{{- define "timetracker.postgresql.labels" -}} +{{ include "timetracker.labels" . }} +app.kubernetes.io/component: postgresql +{{- end }} + +{{/* +Backend labels +*/}} +{{- define "timetracker.backend.labels" -}} +{{ include "timetracker.labels" . }} +app.kubernetes.io/component: backend +{{- end }} + +{{/* +Frontend labels +*/}} +{{- define "timetracker.frontend.labels" -}} +{{ include "timetracker.labels" . }} +app.kubernetes.io/component: frontend +{{- end }} + +{{/* +Backend selector labels +*/}} +{{- define "timetracker.backend.selectorLabels" -}} +{{ include "timetracker.selectorLabels" . }} +app.kubernetes.io/component: backend +{{- end }} + +{{/* +Frontend selector labels +*/}} +{{- define "timetracker.frontend.selectorLabels" -}} +{{ include "timetracker.selectorLabels" . }} +app.kubernetes.io/component: frontend +{{- end }} + +{{/* +PostgreSQL selector labels +*/}} +{{- define "timetracker.postgresql.selectorLabels" -}} +{{ include "timetracker.selectorLabels" . }} +app.kubernetes.io/component: postgresql +{{- end }}','description':'Creates a comprehensive helpers.tpl file with standard Kubernetes naming conventions and label helpers for timetracker application components'}] <|tool_calls_section_begin|><|tool_call_begin|>functions.create_new_file:48<|tool_call_argument_begin|>{ \ No newline at end of file diff --git a/timetracker-chart/templates/backend-deployment.yaml b/timetracker-chart/templates/backend-deployment.yaml new file mode 100644 index 0000000..f05fb27 --- /dev/null +++ b/timetracker-chart/templates/backend-deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "timetracker.fullname" . }}-backend + labels: + {{- include "timetracker.backend.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.backend.replicaCount }} + selector: + matchLabels: + {{- include "timetracker.backend.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "timetracker.backend.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "timetracker.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: backend + image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" + imagePullPolicy: {{ .Values.backend.image.pullPolicy }} + env: + - name: NODE_ENV + value: {{ .Values.backend.env.nodeEnv | quote }} + - name: PORT + value: {{ .Values.backend.env.port | quote }} + - name: DATABASE_URL + value: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ include "timetracker.fullname" . }}-postgresql:5432/{{ .Values.postgresql.auth.database }}" + - name: OIDC_ISSUER_URL + value: {{ .Values.backend.oidc.issuerUrl | quote }} + - name: OIDC_CLIENT_ID + value: {{ .Values.backend.oidc.clientId | quote }} + - name: OIDC_REDIRECT_URI + value: {{ .Values.backend.oidc.redirectUri | quote }} + - name: SESSION_SECRET + value: {{ .Values.backend.session.secret | quote }} + - name: APP_URL + value: {{ (index .Values.ingress.hosts 0).host | printf "https://%s" | quote }} + ports: + - name: http + containerPort: 3001 + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + {{- toYaml .Values.backend.resources | nindent 12 }} \ No newline at end of file diff --git a/timetracker-chart/templates/backend-service.yaml b/timetracker-chart/templates/backend-service.yaml new file mode 100644 index 0000000..c8b4ba4 --- /dev/null +++ b/timetracker-chart/templates/backend-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "timetracker.fullname" . }}-backend + labels: + {{- include "timetracker.backend.labels" . | nindent 4 }} +spec: + type: {{ .Values.backend.service.type }} + ports: + - port: {{ .Values.backend.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "timetracker.backend.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/timetracker-chart/templates/frontend-deployment.yaml b/timetracker-chart/templates/frontend-deployment.yaml new file mode 100644 index 0000000..6633f71 --- /dev/null +++ b/timetracker-chart/templates/frontend-deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "timetracker.fullname" . }}-frontend + labels: + {{- include "timetracker.frontend.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.frontend.replicaCount }} + selector: + matchLabels: + {{- include "timetracker.frontend.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "timetracker.frontend.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "timetracker.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: frontend + image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" + imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} + env: + - name: VITE_API_URL + value: {{ .Values.frontend.env.apiUrl | quote }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} \ No newline at end of file diff --git a/timetracker-chart/templates/frontend-service.yaml b/timetracker-chart/templates/frontend-service.yaml new file mode 100644 index 0000000..c56763f --- /dev/null +++ b/timetracker-chart/templates/frontend-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "timetracker.fullname" . }}-frontend + labels: + {{- include "timetracker.frontend.labels" . | nindent 4 }} +spec: + type: {{ .Values.frontend.service.type }} + ports: + - port: {{ .Values.frontend.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "timetracker.frontend.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/timetracker-chart/templates/ingress.yaml b/timetracker-chart/templates/ingress.yaml new file mode 100644 index 0000000..2ec334c --- /dev/null +++ b/timetracker-chart/templates/ingress.yaml @@ -0,0 +1,54 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "timetracker.fullname" . }} + labels: + {{- include "timetracker.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + # Backend API routes first (more specific) + - path: /api + pathType: Prefix + backend: + service: + name: {{ include "timetracker.fullname" $ }}-backend + port: + number: {{ $.Values.backend.service.port }} + # Auth routes + - path: /auth + pathType: Prefix + backend: + service: + name: {{ include "timetracker.fullname" $ }}-backend + port: + number: {{ $.Values.backend.service.port }} + # Frontend (catch-all) + - path: / + pathType: Prefix + backend: + service: + name: {{ include "timetracker.fullname" $ }}-frontend + port: + number: {{ $.Values.frontend.service.port }} + {{- end }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + {{- range .Values.ingress.hosts }} + - {{ .host | quote }} + {{- end }} + secretName: {{ .Values.ingress.tls.secretName }} + {{- end }} +{{- end }} diff --git a/timetracker-chart/templates/postgres-service.yaml b/timetracker-chart/templates/postgres-service.yaml new file mode 100644 index 0000000..c49d79a --- /dev/null +++ b/timetracker-chart/templates/postgres-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "timetracker.fullname" . }}-postgresql + labels: + {{- include "timetracker.postgresql.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: postgresql + protocol: TCP + name: postgresql + selector: + {{- include "timetracker.postgresql.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/timetracker-chart/templates/postgres-statefulset.yaml b/timetracker-chart/templates/postgres-statefulset.yaml new file mode 100644 index 0000000..38a1c7a --- /dev/null +++ b/timetracker-chart/templates/postgres-statefulset.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "timetracker.fullname" . }}-postgresql + labels: + {{- include "timetracker.postgresql.labels" . | nindent 4 }} +spec: + serviceName: {{ include "timetracker.fullname" . }}-postgresql + replicas: 1 + selector: + matchLabels: + {{- include "timetracker.postgresql.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "timetracker.postgresql.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "timetracker.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: postgresql + image: "{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}" + imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }} + env: + - name: POSTGRES_USER + value: {{ .Values.postgresql.auth.username | quote }} + - name: POSTGRES_PASSWORD + value: {{ .Values.postgresql.auth.password | quote }} + - name: POSTGRES_DB + value: {{ .Values.postgresql.auth.database | quote }} + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + ports: + - name: postgresql + containerPort: 5432 + protocol: TCP + livenessProbe: + exec: + command: + - pg_isready + - -U + - {{ .Values.postgresql.auth.username }} + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + readinessProbe: + exec: + command: + - pg_isready + - -U + - {{ .Values.postgresql.auth.username }} + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + resources: + {{- toYaml .Values.postgresql.resources | nindent 12 }} + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - {{ .Values.postgresql.persistence.accessMode }} + {{- if .Values.postgresql.persistence.storageClass }} + storageClassName: {{ .Values.postgresql.persistence.storageClass }} + {{- end }} + resources: + requests: + storage: {{ .Values.postgresql.persistence.size }} \ No newline at end of file diff --git a/timetracker-chart/templates/serviceaccount.yaml b/timetracker-chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..5da1d76 --- /dev/null +++ b/timetracker-chart/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "timetracker.serviceAccountName" . }} + labels: + {{- include "timetracker.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/timetracker-chart/values.yaml b/timetracker-chart/values.yaml new file mode 100644 index 0000000..b6e0f0d --- /dev/null +++ b/timetracker-chart/values.yaml @@ -0,0 +1,128 @@ +# Default values for timetracker + +# PostgreSQL Configuration +postgresql: + enabled: true + image: + repository: postgres + tag: "16-alpine" + pullPolicy: IfNotPresent + + auth: + username: timetracker + password: timetracker_password + database: timetracker + + persistence: + enabled: true + storageClass: "" + accessMode: ReadWriteOnce + size: 10Gi + + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 250m + memory: 256Mi + +# Backend Configuration +backend: + replicaCount: 1 + + image: + repository: git.simon-franken.de/simonfranken/timetracker-backend + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 3001 + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + + # OIDC Configuration (REQUIRED - must be set) + oidc: + issuerUrl: "" + clientId: "" + redirectUri: "" + + # Session configuration + session: + secret: "change-this-secret-in-production" + + env: + nodeEnv: production + port: 3001 + +# Frontend Configuration +frontend: + replicaCount: 1 + + image: + repository: git.simon-franken.de/simonfranken/timetracker-frontend + tag: latest + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 64Mi + + env: + apiUrl: "/api" + +# Ingress Configuration +ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "true" + + hosts: + - host: timetracker.local + paths: + - path: / + pathType: Prefix + service: frontend + port: 80 + - path: /api + pathType: Prefix + service: backend + port: 3001 + + tls: + enabled: false + secretName: timetracker-tls + +# Image pull secrets +imagePullSecrets: [] + +# Pod annotations +podAnnotations: {} + +# Pod security context +podSecurityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +# Service account +serviceAccount: + create: true + annotations: {} + name: ""