commit bc96a6b4de1979b342a323ea30d28d6aa4f2763b Author: David Barragán Merino Date: Tue Jun 11 13:46:03 2024 +0200 :baby: initial code diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6383441 --- /dev/null +++ b/.gitignore @@ -0,0 +1,14 @@ +.DS_Store +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Dependencies +charts/*.tgz diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..a612ad9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,373 @@ +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. diff --git a/README.md b/README.md new file mode 100644 index 0000000..b536f7b --- /dev/null +++ b/README.md @@ -0,0 +1,36 @@ +# Penpot Helm Chart + +This repository contains the Penpot Helm Chart curated by Penpot. + +## Local Development + +### Requirements: + +- [docker](https://docs.docker.com/engine/install/) +- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation) +- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) +- [helm](https://helm.sh/docs/intro/install/) + +### Usage: + +- Create the cluster `penpot-cluster` with a namespace `penpot`: + ```shell + ./scripts/cluster_create.sh + ``` + +- Download dependencies + ```shell + helm repo add bitnami https://charts.bitnami.com/bitnami + helm dependency build ./charts/penpot + ``` + +- Install the chart + ```shell + helm install penpot ./charts/penpot -f devel/penpot.values.yaml + ``` + +- Access to http://localhost/ + > :bulb: if you disable ingress, you can exposing the app in the port 8888 with: + > ```shell + > kubectl port-forward service/penpot 8888:80 + > ``` diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..e1a6e30 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +Please report security issues to `support@penpot.app` diff --git a/charts/penpot/.helmignore b/charts/penpot/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/penpot/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/penpot/Chart.lock b/charts/penpot/Chart.lock new file mode 100644 index 0000000..fa27b3d --- /dev/null +++ b/charts/penpot/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 15.5.10 +- name: redis + repository: https://charts.bitnami.com/bitnami + version: 19.5.5 +digest: sha256:1987422035eb83d10647c04826d9ee984e5675678a683013864a557301b70a2c +generated: "2024-06-25T17:19:37.004734089+02:00" diff --git a/charts/penpot/Chart.yaml b/charts/penpot/Chart.yaml new file mode 100644 index 0000000..a122561 --- /dev/null +++ b/charts/penpot/Chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +version: 0.1.0 # Chart version +appVersion: "2.0.3" # Penpot version +type: application +name: penpot +description: Helm chart for Penpot, the Open Source design and prototyping platform. +maintainers: +- name: Kaleidos INC + url: https://kaleidos.net +home: https://penpot.app +icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4 +sources: +- https://github.com/penpot/penpot/tree/main +- https://github.com/penpot/penpot-helm/tree/main +keywords: +- kubernetes +- penpot +- penpotapp +- design +- designsystem +- opensource +- ux +- ui +dependencies: +- name: postgresql + version: 15.x.x # appVersion >= 16.2.0 + repository: https://charts.bitnami.com/bitnami + condition: global.postgresqlEnabled +- name: redis + version: 19.x.x # appVersion >= 7.2.4 + repository: https://charts.bitnami.com/bitnami + condition: global.redisEnabled diff --git a/charts/penpot/charts/postgresql-15.5.10.tgz b/charts/penpot/charts/postgresql-15.5.10.tgz new file mode 100644 index 0000000..e099aab Binary files /dev/null and b/charts/penpot/charts/postgresql-15.5.10.tgz differ diff --git a/charts/penpot/charts/redis-19.5.5.tgz b/charts/penpot/charts/redis-19.5.5.tgz new file mode 100644 index 0000000..2c2a24b Binary files /dev/null and b/charts/penpot/charts/redis-19.5.5.tgz differ diff --git a/charts/penpot/templates/NOTES.txt b/charts/penpot/templates/NOTES.txt new file mode 100644 index 0000000..960a5ad --- /dev/null +++ b/charts/penpot/templates/NOTES.txt @@ -0,0 +1,8 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named '{{ .Release.Name }}'. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} diff --git a/charts/penpot/templates/_helpers.tpl b/charts/penpot/templates/_helpers.tpl new file mode 100644 index 0000000..a2e57ab --- /dev/null +++ b/charts/penpot/templates/_helpers.tpl @@ -0,0 +1,75 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "penpot.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "penpot.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "penpot.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "penpot.labels" -}} +helm.sh/chart: {{ include "penpot.chart" . }} +{{ include "penpot.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "penpot.selectorLabels" -}} +app.kubernetes.io/name: {{ include "penpot.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} +{{- define "penpot.frontendSelectorLabels" -}} +app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "penpot.backendSelectorLabels" -}} +app.kubernetes.io/name: {{ include "penpot.name" . }}-backend +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- define "penpot.exporterSelectorLabels" -}} +app.kubernetes.io/name: {{ include "penpot.name" . }}-exporter +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "penpot.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "penpot.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + diff --git a/charts/penpot/templates/assets-persistentvolumeclaim.yml b/charts/penpot/templates/assets-persistentvolumeclaim.yml new file mode 100644 index 0000000..d093f36 --- /dev/null +++ b/charts/penpot/templates/assets-persistentvolumeclaim.yml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "penpot.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: +{{- include "penpot.labels" . | nindent 4 }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end -}} diff --git a/charts/penpot/templates/backend-deployment.yml b/charts/penpot/templates/backend-deployment.yml new file mode 100644 index 0000000..944d501 --- /dev/null +++ b/charts/penpot/templates/backend-deployment.yml @@ -0,0 +1,403 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "penpot.backendSelectorLabels" . | nindent 6 }} + replicas: {{ .Values.backend.replicaCount }} + template: + metadata: + labels: + app: penpot-backend + {{- include "penpot.backendSelectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + {{- if .Values.backend.podSecurityContext.enabled }} + securityContext: + {{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + topologyKey: "kubernetes.io/hostname" + containers: + - name: {{ .Chart.Name }}-backend + image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" + imagePullPolicy: {{ .Values.backend.image.pullPolicy }} + {{- if .Values.backend.containerSecurityContext.enabled }} + securityContext: + {{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + {{/* General settings */}} + - name: PENPOT_PUBLIC_URI + value: {{ .Values.config.publicUri | quote }} + - name: PENPOT_FLAGS + value: "$PENPOT_FLAGS {{ .Values.config.flags }}" + - name: PENPOT_SECRET_KEY + value: {{ .Values.config.apiSecretKey | quote }} + {{- if .Values.config.registrationDomainWhitelist }} + - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST + value: {{ .Values.config.registrationDomainWhitelist | quote }} + {{- end }} + - name: PENPOT_TELEMETRY_ENABLED + value: {{ .Values.config.telemetryEnabled | quote }} + {{- if .Values.backend.service.prepl.enabled }} + - name: PENPOT_PREPL_HOST + value: "0.0.0.0" + {{- end }} + {{/* PosgreSQL connection settings */}} + - name: PENPOT_DATABASE_URI + {{- if .Values.config.postgresql.host }} + value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}" + {{- else }} + value: {{ print "postgresql://" (include "penpot.fullname" .) "-postgresql:" .Values.config.postgresql.port "/" .Values.config.postgresql.database }} + {{- end }} + - name: PENPOT_DATABASE_USERNAME + {{- if not .Values.config.postgresql.secretKeys.usernameKey }} + value: {{ .Values.config.postgresql.username | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.postgresql.existingSecret }} + key: {{ .Values.config.postgresql.secretKeys.usernameKey }} + {{- end }} + - name: PENPOT_DATABASE_PASSWORD + {{- if not .Values.config.postgresql.secretKeys.passwordKey }} + value: {{ .Values.config.postgresql.password | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.postgresql.existingSecret }} + key: {{ .Values.config.postgresql.secretKeys.passwordKey }} + {{- end }} + {{/* Redis connection settings */}} + - name: PENPOT_REDIS_URI + {{- if .Values.config.redis.host }} + value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" + {{- else }} + value: {{ print "redis://" (include "penpot.fullname" .) "-redis-master:" .Values.config.redis.port "/" .Values.config.redis.database }} + {{- end }} + {{/* Assets storage settings */}} + - name: PENPOT_ASSETS_STORAGE_BACKEND + value: {{ .Values.config.assets.storageBackend | quote }} + {{- if eq .Values.config.assets.storageBackend "assets-fs" }} + - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY + value: {{ .Values.config.assets.filesystem.directory | quote }} + {{- else if eq .Values.config.assets.storageBackend "assets-s3" }} + - name: PENPOT_STORAGE_ASSETS_S3_REGION + value: {{ .Values.config.assets.s3.region | quote }} + - name: PENPOT_STORAGE_ASSETS_S3_BUCKET + value: {{ .Values.config.assets.s3.bucket | quote }} + - name: AWS_ACCESS_KEY_ID + {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }} + value: {{ .Values.config.assets.s3.accessKeyID | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }} + {{- end }} + - name: AWS_SECRET_ACCESS_KEY + {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }} + value: {{ .Values.config.assets.s3.secretAccessKey | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }} + {{- end }} + - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT + {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }} + value: {{ .Values.config.assets.s3.endpointURI | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.config.assets.s3.existingSecret }} + key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }} + {{- end }} + {{- end }} + {{/* SMTP settings */}} + {{- if .Values.config.smtp.enabled }} + {{- if .Values.config.smtp.defaultFrom }} + - name: PENPOT_SMTP_DEFAULT_FROM + value: {{ .Values.config.smtp.defaultFrom | quote }} + {{- end }} + {{- if .Values.config.smtp.defaultReplyTo }} + - name: PENPOT_SMTP_DEFAULT_REPLY_TO + value: {{ .Values.config.smtp.defaultReplyTo | quote }} + {{- end }} + {{- if .Values.config.smtp.host }} + - name: PENPOT_SMTP_HOST + value: {{ .Values.config.smtp.host | quote }} + {{- end }} + {{- if .Values.config.smtp.port }} + - name: PENPOT_SMTP_PORT + value: {{ .Values.config.smtp.port | quote }} + {{- end }} + {{- if not .Values.config.smtp.secretKeys.usernameKey }} + - name: PENPOT_SMTP_USERNAME + value: {{ .Values.config.smtp.username | quote }} + {{- else }} + - name: PENPOT_SMTP_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.config.smtp.existingSecret }} + key: {{ .Values.config.smtp.secretKeys.usernameKey }} + {{- end }} + {{- if not .Values.config.smtp.secretKeys.passwordKey }} + - name: PENPOT_SMTP_PASSWORD + value: {{ .Values.config.smtp.password | quote }} + {{- else }} + - name: PENPOT_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.config.smtp.existingSecret }} + key: {{ .Values.config.smtp.secretKeys.passwordKey }} + {{- end }} + {{- if .Values.config.smtp.tls }} + - name: PENPOT_SMTP_TLS + value: {{ .Values.config.smtp.tls | quote }} + {{- end }} + {{- if .Values.config.smtp.ssl }} + - name: PENPOT_SMTP_SSL + value: {{ .Values.config.smtp.ssl | quote }} + {{- end }} + {{- end }} + {{/* Google Auth provider settings */}} + {{- if .Values.config.providers.google.enabled }} + {{- if not .Values.config.providers.secretKeys.googleClientIDKey }} + - name: PENPOT_GOOGLE_CLIENT_ID + value: {{ .Values.config.providers.google.clientID | quote }} + {{- else }} + - name: PENPOT_GOOGLE_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.googleClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}} + - name: PENPOT_GOOGLE_CLIENT_SECRET + value: {{ .Values.config.providers.google.clientSecret | quote }} + {{- else }} + - name: PENPOT_GOOGLE_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }} + {{- end }} + {{- end }} + {{/* Github Auth provider settings */}} + {{- if .Values.config.providers.github.enabled }} + {{- if not .Values.config.providers.secretKeys.githubClientIDKey }} + - name: PENPOT_GITHUB_CLIENT_ID + value: {{ .Values.config.providers.github.clientID | quote }} + {{- else }} + - name: PENPOT_GITHUB_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.githubClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.githubClientSecretKey }} + - name: PENPOT_GITHUB_CLIENT_SECRET + value: {{ .Values.config.providers.github.clientSecret | quote }} + {{- else }} + - name: PENPOT_GITHUB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }} + {{- end }} + {{- end }} + {{/* Gitlab Auth provider settings */}} + {{- if .Values.config.providers.gitlab.enabled }} + {{- if .Values.config.providers.gitlab.baseURI }} + - name: PENPOT_GITLAB_BASE_URI + value: {{ .Values.config.providers.gitlab.baseURI | quote }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }} + - name: PENPOT_GITLAB_CLIENT_ID + value: {{ .Values.config.providers.gitlab.clientID | quote }} + {{- else }} + - name: PENPOT_GITLAB_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }} + - name: PENPOT_GITLAB_CLIENT_SECRET + value: {{ .Values.config.providers.gitlab.clientSecret | quote }} + {{- else }} + - name: PENPOT_GITLAB_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }} + {{- end }} + {{- end }} + {{/* OIDC provider settings */}} + {{- if .Values.config.providers.oidc.enabled }} + {{- if .Values.config.providers.oidc.baseURI }} + - name: PENPOT_OIDC_BASE_URI + value: {{ .Values.config.providers.oidc.baseURI | quote }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }} + - name: PENPOT_OIDC_CLIENT_ID + value: {{ .Values.config.providers.oidc.clientID | quote}} + {{- else }} + - name: PENPOT_OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }} + {{- end }} + {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}} + - name: PENPOT_OIDC_CLIENT_SECRET + value: {{ .Values.config.providers.oidc.clientSecret | quote }} + {{- else }} + - name: PENPOT_OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.config.providers.existingSecret }} + key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }} + {{- end }} + {{- if .Values.config.providers.oidc.authURI }} + - name: PENPOT_OIDC_AUTH_URI + value: {{ .Values.config.providers.oidc.authURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.tokenURI }} + - name: PENPOT_OIDC_TOKEN_URI + value: {{ .Values.config.providers.oidc.tokenURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.userURI }} + - name: PENPOT_OIDC_USER_URI + value: {{ .Values.config.providers.oidc.userURI | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.roles }} + - name: PENPOT_OIDC_ROLES + value: {{ .Values.config.providers.oidc.roles | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.rolesAttribute }} + - name: PENPOT_OIDC_ROLES_ATTR + value: {{ .Values.config.providers.oidc.rolesAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.scopes }} + - name: PENPOT_OIDC_SCOPES + value: {{ .Values.config.providers.oidc.scopes | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.nameAttribute }} + - name: PENPOT_OIDC_NAME_ATTR + value: {{ .Values.config.providers.oidc.nameAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.emailAttribute }} + - name: PENPOT_OIDC_EMAIL_ATTR + value: {{ .Values.config.providers.oidc.emailAttribute | quote }} + {{- end }} + {{- if .Values.config.providers.oidc.userInfoSource }} + - name: PENPOT_OIDC_USER_INFO_SOURCE + value: {{ .Values.config.providers.oidc.userInfoSource | quote }} + {{- end }} + {{- end }} + {{/* LDAP provider settings */}} + {{- if .Values.config.providers.ldap.enabled }} + {{- if .Values.config.providers.ldap.host }} + - name: PENPOT_LDAP_HOST + value: {{ .Values.config.providers.ldap.host | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.port }} + - name: PENPOT_LDAP_PORT + value: {{ .Values.config.providers.ldap.port | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.ssl }} + - name: PENPOT_LDAP_SSL + value: {{ .Values.config.providers.ldap.ssl | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.startTLS }} + - name: PENPOT_LDAP_STARTTLS + value: {{ .Values.config.providers.ldap.startTLS | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.baseDN }} + - name: PENPOT_LDAP_BASE_DN + value: {{ .Values.config.providers.ldap.baseDN | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.bindDN }} + - name: PENPOT_LDAP_BIND_DN + value: {{ .Values.config.providers.ldap.bindDN | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.bindPassword }} + - name: PENPOT_LDAP_BIND_PASSWORD + value: {{ .Values.config.providers.ldap.bindPassword | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.userQuery }} + - name: PENPOT_LDAP_USER_QUERY + value: {{ .Values.config.providers.ldap.userQuery | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesUsername }} + - name: PENPOT_LDAP_ATTRS_USERNAME + value: {{ .Values.config.providers.ldap.attributesUsername | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesEmail }} + - name: PENPOT_LDAP_ATTRS_EMAIL + value: {{ .Values.config.providers.ldap.attributesEmail | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesFullname }} + - name: PENPOT_LDAP_ATTRS_FULLNAME + value: {{ .Values.config.providers.ldap.attributesFullname | quote }} + {{- end }} + {{- if .Values.config.providers.ldap.attributesPhoto }} + - name: PENPOT_LDAP_ATTRS_PHOTO + value: {{ .Values.config.providers.ldap.attributesPhoto | quote }} + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /opt/data/assets + name: app-data + readOnly: false + ports: + - name: http + containerPort: {{ .Values.backend.service.http.port }} + protocol: TCP + {{- if .Values.backend.service.prepl.enabled }} + - name: prepl + containerPort: {{ .Values.backend.service.prepl.port }} + protocol: TCP + {{- end }} + resources: + {{- toYaml .Values.backend.resources | nindent 12 }} + {{- with .Values.backend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.backend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.backend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: app-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} + {{- else }} + emptyDir: {} + {{- end }} diff --git a/charts/penpot/templates/backend-service.yml b/charts/penpot/templates/backend-service.yml new file mode 100644 index 0000000..a245c47 --- /dev/null +++ b/charts/penpot/templates/backend-service.yml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }}-backend + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + selector: + {{- include "penpot.backendSelectorLabels" . | nindent 4 }} + type: {{ .Values.backend.service.http.type }} + ports: + - port: {{ .Values.backend.service.http.port }} + targetPort: {{ .Values.backend.service.http.port }} + protocol: TCP + name: http + +--- + +{{- if .Values.backend.service.prepl.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }}-backend-prepl + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + selector: + {{- include "penpot.backendSelectorLabels" . | nindent 4 }} + type: {{ .Values.backend.service.prepl.type }} + ports: + - port: {{ .Values.backend.service.prepl.port }} + targetPort: {{ .Values.backend.service.prepl.port }} + protocol: TCP + name: prepl +{{- end }} diff --git a/charts/penpot/templates/exporter-deployment.yml b/charts/penpot/templates/exporter-deployment.yml new file mode 100644 index 0000000..bc8b037 --- /dev/null +++ b/charts/penpot/templates/exporter-deployment.yml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-exporter + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.exporter.replicaCount }} + selector: + matchLabels: + {{- include "penpot.exporterSelectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "penpot.exporterSelectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + {{ if .Values.exporter.podSecurityContext.enabled }} + securityContext: + {{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-exporter + image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}" + imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }} + {{ if .Values.exporter.containerSecurityContext.enabled }} + securityContext: + {{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: PENPOT_PUBLIC_URI + value: {{ .Values.config.publicURI | quote }} + - name: PENPOT_REDIS_URI + {{- if .Values.config.redis.host }} + value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" + {{- else }} + value: {{ print "redis://" (include "penpot.fullname" .) "-redis-master:" .Values.config.redis.port "/" .Values.config.redis.database }} + {{- end }} + - name: PENPOT_TEMPDIR + value: "/tmp/penpot-exporter" + volumeMounts: + - mountPath: /tmp/penpot-exporter + name: app-data + readOnly: false + ports: + - name: http + containerPort: {{ .Values.exporter.service.port }} + protocol: TCP + resources: + {{- toYaml .Values.exporter.resources | nindent 12 }} + {{- with .Values.exporter.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.exporter.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.exporter.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: app-data + {{- if .Values.exporter.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.exporter.persistence.existingClaim | default ( printf "%s-%s" ( include "penpot.fullname" . ) "exporter" ) }} + {{- else }} + emptyDir: {} + {{- end }} diff --git a/charts/penpot/templates/exporter-persistentvolumeclaim.yml b/charts/penpot/templates/exporter-persistentvolumeclaim.yml new file mode 100644 index 0000000..fe33192 --- /dev/null +++ b/charts/penpot/templates/exporter-persistentvolumeclaim.yml @@ -0,0 +1,24 @@ +{{- if and .Values.exporter.persistence.enabled (not .Values.exporter.persistence.existingClaim) -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "penpot.fullname" . }}-exporter + namespace: {{ .Release.Namespace }} + labels: +{{- include "penpot.labels" . | nindent 4 }} +{{- if .Values.exporter.persistence.annotations }} + annotations: +{{ toYaml .Values.exporter.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + {{- range .Values.exporter.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.exporter.persistence.size | quote }} +{{- if .Values.exporter.persistence.storageClass }} + storageClassName: "{{ .Values.exporter.persistence.storageClass }}" +{{- end }} +{{- end -}} diff --git a/charts/penpot/templates/exporter-service.yml b/charts/penpot/templates/exporter-service.yml new file mode 100644 index 0000000..e73341a --- /dev/null +++ b/charts/penpot/templates/exporter-service.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }}-exporter + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + type: {{ .Values.exporter.service.type }} + ports: + - port: {{ .Values.exporter.service.port }} + targetPort: {{ .Values.exporter.service.port }} + protocol: TCP + name: http + selector: + {{- include "penpot.exporterSelectorLabels" . | nindent 4 }} + diff --git a/charts/penpot/templates/frontend-deployment.yml b/charts/penpot/templates/frontend-deployment.yml new file mode 100644 index 0000000..d968f56 --- /dev/null +++ b/charts/penpot/templates/frontend-deployment.yml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "penpot.fullname" . }}-frontend + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "penpot.frontendSelectorLabels" . | nindent 6 }} + replicas: {{ .Values.frontend.replicaCount }} + template: + metadata: + labels: + app: penpot-frontend + {{- include "penpot.frontendSelectorLabels" . | nindent 8 }} + spec: + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "penpot.serviceAccountName" . }} + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + topologyKey: "kubernetes.io/hostname" + containers: + - name: {{ .Chart.Name }}-frontend + image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" + imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} + env: + - name: PENPOT_FLAGS + value: "$PENPOT_FLAGS {{ .Values.config.flags }}" + - name: PENPOT_BACKEND_URI + value: {{ print "http://" (include "penpot.fullname" .) "-backend:" .Values.backend.service.http.port }} + - name: PENPOT_EXPORTER_URI + value: {{ print "http://" (include "penpot.fullname" .) "-exporter:" .Values.exporter.service.port }} + volumeMounts: + - mountPath: /opt/data/assets + name: app-data + readOnly: false + ports: + - name: http + containerPort: {{ .Values.frontend.service.port }} + protocol: TCP + resources: + {{- toYaml .Values.frontend.resources | nindent 12 }} + {{- with .Values.frontend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.frontend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.frontend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: app-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} + {{- else }} + emptyDir: {} + {{- end }} diff --git a/charts/penpot/templates/frontend-service.yml b/charts/penpot/templates/frontend-service.yml new file mode 100644 index 0000000..2ceb04f --- /dev/null +++ b/charts/penpot/templates/frontend-service.yml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "penpot.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} +spec: + type: {{ .Values.frontend.service.type }} + ports: + - port: {{ .Values.frontend.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "penpot.frontendSelectorLabels" . | nindent 4 }} diff --git a/charts/penpot/templates/ingress.yml b/charts/penpot/templates/ingress.yml new file mode 100644 index 0000000..4c29dd4 --- /dev/null +++ b/charts/penpot/templates/ingress.yml @@ -0,0 +1,53 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "penpot.fullname" . -}} +{{- $svcPort := .Values.frontend.service.port -}} +{{- $path := .Values.ingress.path }} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "penpot.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- .Values.ingress.tls | toYaml | nindent 4 }} + {{ end }} + rules: + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host | quote }} + http: + paths: + - path: {{ $path }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/penpot/templates/serviceaccount.yml b/charts/penpot/templates/serviceaccount.yml new file mode 100644 index 0000000..8c317c4 --- /dev/null +++ b/charts/penpot/templates/serviceaccount.yml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "penpot.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "penpot.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/penpot/values.yaml b/charts/penpot/values.yaml new file mode 100644 index 0000000..fb495c9 --- /dev/null +++ b/charts/penpot/values.yaml @@ -0,0 +1,516 @@ +## Default values for Penpot + +######################################## +## @section Global parameters +######################################## + +## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration. +## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. +## @param global.imagePullSecrets Global Docker registry secret names as an array. +## +global: + postgresqlEnabled: false + redisEnabled: false + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + +######################################## +## @section Common parameters +######################################## + +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created. +## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. +## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. +## +serviceAccount: + enabled: true + annotations: {} + name: "penpot" + +######################################## +## @section Configuration parameters +######################################## + +config: + ## @param config.publicUri The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. + ## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. + ## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. + ## + publicUri: "http://penpot.example.com" + flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server" + apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg" + ## @param config.postgresql.host The PostgreSQL host to connect to. Empty to use dependencies. + ## @param config.postgresql.port The PostgreSQL host port to use. + ## @param config.postgresql.username The database username to use. + ## @param config.postgresql.password The database password to use. + ## @param config.postgresql.database The PostgreSQL database to use. + ## @param config.postgresql.existingSecret The name of an existing secret. + ## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret. + ## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret. + ## + postgresql: + host: "" # Ex.: "postgresql.penpot.svc.cluster.local" + port: 5432 + username: "penpot" + password: "penpot" + database: "penpot" + existingSecret: "" + secretKeys: + usernameKey: "" + passwordKey: "" + ## @param config.redis.host The Redis host to connect to. Empty to use dependencies + ## @param config.redis.port The Redis host port to use. + ## @param config.redis.database The Redis database to connect to. + ## + redis: + host: "" # Ex.: "redis-headless.penpot.svc.cluster.local" + port: 6379 + database: "0" + ## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. + ## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend. + ## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend. + ## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend. + ## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend. + ## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend. + ## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend. + ## @param config.assets.s3.existingSecret The name of an existing secret. + ## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret. + ## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret. + ## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret. + ## + assets: + storageBackend: "assets-fs" + filesystem: + directory: "/opt/data/assets" + s3: + accessKeyID: "" + secretAccessKey: "" + region: "" + bucket: "" + endpointURI: "" + existingSecret: "" + secretKeys: + accessKeyIDKey: "" + secretAccessKey: "" + endpointURIKey: "" + ## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data. + ## + telemetryEnabled: true + ## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. + ## @param config.smtp.defaultFrom The SMTP default email to send from. + ## @param config.smtp.defaultReplyTo The SMTP default email to reply to. + ## @param config.smtp.host The SMTP host to use. + ## @param config.smtp.port The SMTP host port to use. + ## @param config.smtp.username The SMTP username to use. + ## @param config.smtp.password The SMTP password to use. + ## @param config.smtp.tls Whether to use TLS for the SMTP connection. + ## @param config.smtp.ssl Whether to use SSL for the SMTP connection. + ## @param config.smtp.existingSecret The name of an existing secret. + ## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret. + ## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret. + ## + smtp: + enabled: false + defaultFrom: "" + defaultReplyTo: "" + host: "" + port: "" + username: "" + password: "" + tls: true + ssl: false + existingSecret: "" + secretKeys: + usernameKey: "" + passwordKey: "" + ## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains. + ## + registrationDomainWhitelist: "" + ## Penpot Authentication providers parameters + ## + providers: + ## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. + ## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. + ## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. + ## + google: + enabled: false + clientID: "" + clientSecret: "" + ## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. + ## @param config.providers.github.clientID The GitHub client ID to use. + ## @param config.providers.github.clientSecret The GitHub client secret to use. + ## + github: + enabled: false + clientID: "" + clientSecret: "" + ## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. + ## @param config.providers.gitlab.baseURI The GitLab base URI to use. + ## @param config.providers.gitlab.clientID The GitLab client ID to use. + ## @param config.providers.gitlab.clientSecret The GitLab client secret to use. + ## + gitlab: + enabled: false + baseURI: "https://gitlab.com" + clientID: "" + clientSecret: "" + ## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. + ## @param config.providers.oidc.baseURI The OpenID Connect base URI to use. + ## @param config.providers.oidc.clientID The OpenID Connect client ID to use. + ## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use. + ## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided. + ## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided. + ## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided. + ## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled. + ## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled. + ## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. + ## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. + ## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. + ## + oidc: + enabled: false + baseURI: "" + clientID: "" + clientSecret: "" + authURI: "" + tokenURI: "" + userURI: "" + roles: "role1 role2" + rolesAttribute: "" + scopes: "scope1 scope2" + nameAttribute: "" + emailAttribute: "" + ## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. + ## @param config.providers.ldap.host The LDAP host to use. + ## @param config.providers.ldap.port The LDAP port to use. + ## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection. + ## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection. + ## @param config.providers.ldap.baseDN The LDAP base DN to use. + ## @param config.providers.ldap.bindDN The LDAP bind DN to use. + ## @param config.providers.ldap.bindPassword The LDAP bind password to use. + ## @param config.providers.ldap.userQuery The LDAP user query to use. + ## @param config.providers.ldap.attributesUsername The LDAP attributes username to use. + ## @param config.providers.ldap.attributesEmail The LDAP attributes email to use. + ## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use. + ## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use. + ## + ldap: + enabled: false + host: "ldap" + port: 10389 + ssl: false + startTLS: false + baseDN: "ou=people,dc=planetexpress,dc=com" + bindDN: "cn=admin,dc=planetexpress,dc=com" + bindPassword: "GoodNewsEveryone" + userQuery: "(&(|(uid=:username)(mail=:username))(memberOf=cn=penpot,ou=groups,dc=my-domain,dc=com))" + attributesUsername: "uid" + attributesEmail: "mail" + attributesFullname: "cn" + attributesPhoto: "jpegPhoto" + ## @param config.providers.existingSecret The name of an existing secret to use. + ## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret. + ## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret. + ## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret. + ## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret. + ## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret. + ## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret. + ## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret. + ## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret. + ## + existingSecret: "" + secretKeys: + googleClientIDKey: "" + googleClientSecretKey: "" + githubClientIDKey: "" + githubClientSecretKey: "" + gitlabClientIDKey: "" + gitlabClientSecretKey: "" + oidcClientIDKey: "" + oidcClientSecretKey: "" + +######################################## +## @section Backend parameters +######################################## + +backend: + ## @param backend.image.repository The Docker repository to pull the image from. + ## @param backend.image.tag The image tag to use. + ## @param backend.image.pullPolicy The image pull policy to use. + ## + image: + repository: penpotapp/backend + tag: 2.0.3 + pullPolicy: IfNotPresent + ## @param backend.replicaCount The number of replicas to deploy. + ## + replicaCount: 1 + ## @param backend.service.http.type The http service type to create. + ## @param backend.service.http.port The http service port to use. + ## @param backend.service.prepl.enabled Whether to enable the prepl service in the backend. + ## @param backend.service.prepl.type The prepl service type to create. + ## @param backend.service.prepl.port The prepl service port to use. + service: + http: + type: ClusterIP + port: 6060 + prepl: + enabled: false + type: ClusterIP + port: 6063 + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context + ## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context + ## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser + ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation + ## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped + ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem + ## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + ## @param backend.affinity Affinity for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param backend.nodeSelector Node labels for Penpot pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param backend.tolerations Tolerations for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Penpot backend resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param backend.resources.limits The resources limits for the Penpot backend containers + ## @param backend.resources.requests The requested resources for the Penpot backend containers + ## + resources: + limits: {} + requests: {} + +######################################## +## @section Frontend parameters +######################################## + +frontend: + ## @param frontend.image.repository The Docker repository to pull the image from. + ## @param frontend.image.tag The image tag to use. + ## @param frontend.image.imagePullPolicy The image pull policy to use. + ## + image: + repository: penpotapp/frontend + tag: 2.0.3 + pullPolicy: IfNotPresent + ## @param frontend.replicaCount The number of replicas to deploy. + ## + replicaCount: 1 + ## @param frontend.service.type The service type to create. + ## @param frontend.service.port The service port to use. + ## + service: + type: ClusterIP + port: 80 + ## @param frontend.affinity Affinity for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param frontend.nodeSelector Node labels for Penpot pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param frontend.tolerations Tolerations for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Penpot frontend resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param frontend.resources.limits The resources limits for the Penpot frontend containers + ## @param frontend.resources.requests The requested resources for the Penpot frontend containers + ## + resources: + limits: {} + requests: {} + +######################################## +## @section Exporter parameters +######################################## + +exporter: + ## @param exporter.image.repository The Docker repository to pull the image from. + ## @param exporter.image.tag The image tag to use. + ## @param exporter.image.imagePullPolicy The image pull policy to use. + ## + image: + repository: penpotapp/exporter + tag: 2.0.3 + imagePullPolicy: IfNotPresent + ## @param exporter.replicaCount The number of replicas to deploy. Enable exporter.persistence if you use more than 1 replicaCount + ## + replicaCount: 1 + ## @param exporter.service.type The service type to create. + ## @param exporter.service.port The service port to use. + ## + service: + type: ClusterIP + port: 6061 + + ## @param exporter.persistence.enabled Enable persistence using Persistent Volume Claims. If exporter.replicaCount you have to enable it. + ## @param exporter.persistence.storageClass Persistent Volume storage class. Empty is choosing the default provisioner by the provider. + ## @param exporter.persistence.size Persistent Volume size. + ## @param exporter.persistence.existingClaim The name of an existing PVC to use for persistence. + ## @param exporter.persistence.accessModes Persistent Volume access modes. + ## @param exporter.persistence.annotations Persistent Volume Claim annotations. + ## + persistence: + enabled: false + storageClass: "" + size: 10Gi + existingClaim: "" + accessModes: + - ReadWriteOnce + annotations: {} + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context + ## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context + ## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser + ## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation + ## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped + ## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem + ## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true + ## @param exporter.affinity Affinity for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## @param exporter.nodeSelector Node labels for Penpot pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param exporter.tolerations Tolerations for Penpot pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Penpot exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param exporter.resources.limits The resources limits for the Penpot exporter containers + ## @param exporter.resources.requests The requested resources for the Penpot exporter containers + ## + resources: + limits: {} + requests: {} + + +######################################## +## @section Assets Persistence parameters +######################################## + +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims. + ## + enabled: fals + ## @param persistence.storageClass Persistent Volume storage class. + ## If defined, storageClassName: . + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. + ## + storageClass: "" + ## @param persistence.size Persistent Volume size. + ## + size: 20Gi + ## @param persistence.existingClaim The name of an existing PVC to use for persistence. + ## + existingClaim: "" + ## @param persistence.accessModes Persistent Volume access modes. + ## + accessModes: + - ReadWriteOnce + ## @param persistence.annotations Persistent Volume Claim annotations. + ## + annotations: {} + + +######################################## +## @section Ingress parameters +######################################## + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: "/" + hosts: + - host: penpot.example.com + tls: [] + # - secretName: penpot.example.com-tls + # hosts: + # - penpot.example.com + + +######################################## +## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) +######################################## + +## @param postgresql.auth.username Name for a custom user to create. +## @param postgresql.auth.password Password for the custom user to create. +## @param postgresql.auth.database Name for a custom database to create. +## +postgresql: + auth: + username: "penpot" + password: "penpot" + database: "penpot" + +######################################## +## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) +######################################## + +## @param redis.auth.enabled Whether to enable password authentication. +## +redis: + auth: + enabled: false diff --git a/devel/kind.config.yml b/devel/kind.config.yml new file mode 100644 index 0000000..54d1d07 --- /dev/null +++ b/devel/kind.config.yml @@ -0,0 +1,23 @@ +apiVersion: kind.x-k8s.io/v1alpha4 +kind: Cluster +name: penpot-cluster +nodes: +- role: control-plane + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP +- role: worker +- role: worker +- role: worker +- role: worker +- role: worker diff --git a/devel/penpot-namespace.yml b/devel/penpot-namespace.yml new file mode 100644 index 0000000..1ed7746 --- /dev/null +++ b/devel/penpot-namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: penpot diff --git a/devel/penpot.values.yaml b/devel/penpot.values.yaml new file mode 100644 index 0000000..76cdd26 --- /dev/null +++ b/devel/penpot.values.yaml @@ -0,0 +1,27 @@ +## Default values for Penpot (local setup for development purpose) +global: + postgresqlEnabled: true + redisEnabled: true + +config: + publicUri: "http://localhost" + apiSecretKey: "my-secret-key" + +# backend: +# replicaCount: 2 + +# frontend: +# replicaCount: 2 + +# exporter: +# replicaCount: 2 +# persistence: +# enabled: true + +persistence: + enabled: true + +ingress: + enabled: true + hosts: + - "localhost" diff --git a/scripts/cluster_create.sh b/scripts/cluster_create.sh new file mode 100755 index 0000000..a5120f8 --- /dev/null +++ b/scripts/cluster_create.sh @@ -0,0 +1,12 @@ +#!/usr/bin/bash + +# Create a kind cluster +kind create cluster --name penpot-cluster --config devel/kind.config.yml + +# Create a namespace for Penpot +kubectl apply -f devel/penpot-namespace.yml +kubectl config set-context penpot --namespace=penpot --cluster=kind-penpot-cluster --user=kind-penpot-cluster +kubectl config use-context penpot + +# Setup ingress +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml diff --git a/scripts/cluster_delete.sh b/scripts/cluster_delete.sh new file mode 100755 index 0000000..326ca22 --- /dev/null +++ b/scripts/cluster_delete.sh @@ -0,0 +1,3 @@ +#!/usr/bin/bash + +kind delete clusters penpot-cluster