diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..023d131d3621079eaf02c701177a0f279fdf45d1
--- /dev/null
+++ b/k8s/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: kszkepzes
+description:
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "prod"
diff --git a/k8s/deployment.yml b/k8s/deployment.yml
deleted file mode 100644
index be0e71650ff87f1635d36238bf54d6f09a23d4a5..0000000000000000000000000000000000000000
--- a/k8s/deployment.yml
+++ /dev/null
@@ -1,155 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kszkepzes-backend
- namespace: kszk-kepzes-site
-spec:
- strategy:
- type: Recreate
- replicas: 1
- selector:
- matchLabels:
- app: kszkepzes-backend
- template:
- metadata:
- labels:
- app: kszkepzes-backend
- spec:
- initContainers:
- - name: volume-permission-fix
- image: busybox
- command:
- - "sh"
- - "-c"
- - |
- chown -R 1000:1000 /mediafiles
- chown -R 1000:1000 /staticfiles
- volumeMounts:
- - name: kszkepzes-media-volume
- mountPath: /mediafiles
- - name: kszkepzes-static-volume
- mountPath: /staticfiles
- resources:
- limits:
- memory: 30Mi
- - name: kszkepzes-backend-collectstatic
- image: harbor.sch.bme.hu/kszk/kszkepzes-backend:##IMAGETAG##
- imagePullPolicy: "IfNotPresent"
- command: ["python", "manage.py", "collectstatic", "--noinput"]
- volumeMounts:
- - mountPath: /home/app/kszkepzes-backend/staticfiles
- name: kszkepzes-static-volume
- envFrom:
- - configMapRef:
- name: kszkepzes-config
- - secretRef:
- name: kszkepzes-secret-config
- resources:
- limits:
- memory: 200Mi
- - name: kszkepzes-backend-migrate
- image: harbor.sch.bme.hu/kszk/kszkepzes-backend:##IMAGETAG##
- imagePullPolicy: "IfNotPresent"
- command: ["python", "manage.py", "migrate", "--noinput"]
- envFrom:
- - configMapRef:
- name: kszkepzes-config
- - secretRef:
- name: kszkepzes-secret-config
- resources:
- limits:
- memory: 200Mi
- containers:
- - name: kszkepzes-backend
- image: harbor.sch.bme.hu/kszk/kszkepzes-backend:##IMAGETAG##
- imagePullPolicy: "IfNotPresent"
- volumeMounts:
- - mountPath: /home/app/kszkepzes-backend/mediafiles
- name: kszkepzes-media-volume
- - mountPath: /home/app/kszkepzes-backend/staticfiles
- name: kszkepzes-static-volume
- ports:
- - containerPort: 8000
- envFrom:
- - configMapRef:
- name: kszkepzes-config
- - secretRef:
- name: kszkepzes-secret-config
- resources:
- requests:
- cpu: "80m"
- limits:
- memory: 600Mi
- cpu: "2"
- - name: kszkepzes-files-serve
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- image: halverneus/static-file-server:latest
- imagePullPolicy: "Always"
- volumeMounts:
- - mountPath: /var/www/html/mediafiles
- name: kszkepzes-media-volume
- - mountPath: /var/www/html/staticfiles
- name: kszkepzes-static-volume
- ports:
- - containerPort: 8080
- env:
- - name: PORT
- value: "8080"
- - name: SHOW_LISTING
- value: "false"
- - name: FOLDER
- value: "/var/www/html"
- resources:
- requests:
- cpu: "20m"
- limits:
- memory: 200Mi
- cpu: "2"
- volumes:
- - name: kszkepzes-media-volume
- persistentVolumeClaim:
- claimName: kszkepzes-media-pv-claim
- - name: kszkepzes-static-volume
- persistentVolumeClaim:
- claimName: kszkepzes-static-pv-claim
- imagePullSecrets:
- - name: harbor
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: kszkepzes-backend-worker
- namespace: kszk-kepzes-site
-spec:
- strategy:
- type: Recreate
- replicas: 1
- selector:
- matchLabels:
- app: kszkepzes-backend-worker
- template:
- metadata:
- labels:
- app: kszkepzes-backend-worker
- spec:
- containers:
- - name: worker
- image: harbor.sch.bme.hu/kszk/kszkepzes-backend:##IMAGETAG##
- imagePullPolicy: "IfNotPresent"
- envFrom:
- - configMapRef:
- name: kszkepzes-config
- - secretRef:
- name: kszkepzes-secret-config
- command: ["python3"]
- args: ["-m", "celery", "-A", "kszkepzes", "worker", "-l", "debug"]
- resources:
- requests:
- cpu: "100m"
- limits:
- memory: 600Mi
- cpu: "2"
- imagePullSecrets:
- - name: harbor
diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml
deleted file mode 100644
index bbde98c0f9620b369055de31a1bfeeefa324887c..0000000000000000000000000000000000000000
--- a/k8s/ingress.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- annotations:
- cert-manager.io/cluster-issuer: letsencrypt-prod
- kubernetes.io/ingress.class: nginx
- kubernetes.io/tls-acme: "true"
- nginx.ingress.kubernetes.io/proxy-body-size: 20m
- name: kszkepzes
- namespace: kszk-kepzes-site
-spec:
- rules:
- - host: ujonc.kszk.bme.hu
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: kszkepzes-frontend
- port:
- number: 3000
- - path: /api
- pathType: Prefix
- backend:
- service:
- name: kszkepzes-backend
- port:
- number: 8000
- - path: /admin
- pathType: Prefix
- backend:
- service:
- name: kszkepzes-backend
- port:
- number: 8000
- - path: /staticfiles
- pathType: Prefix
- backend:
- service:
- name: kszkepzes-backend
- port:
- number: 8080
- - path: /mediafiles
- pathType: Prefix
- backend:
- service:
- name: kszkepzes-backend
- port:
- number: 8080
- tls:
- - hosts:
- - ujonc.kszk.bme.hu
- secretName: kszkepzes-cert
diff --git a/k8s/pvc.yaml b/k8s/pvc.yaml
deleted file mode 100644
index f314143c98b4ea9790aff6ac8c46a54ad4dc1cff..0000000000000000000000000000000000000000
--- a/k8s/pvc.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app: kszkepzes
- name: kszkepzes-media-pv-claim
- namespace: kszk-kepzes-site
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 10Gi
- storageClassName: vsphere
-
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- labels:
- app: kszkepzes
- name: kszkepzes-static-pv-claim
- namespace: kszk-kepzes-site
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- storageClassName: vsphere
diff --git a/k8s/redis.values.yaml b/k8s/redis.values.yaml
deleted file mode 100644
index bfcb6b819adb30ea50de9ebddfeca6b879b1992a..0000000000000000000000000000000000000000
--- a/k8s/redis.values.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# https://artifacthub.io/packages/helm/bitnami/redis
-master:
- resources:
- requests:
- memory: 100Mi
- cpu: 80m
- limits:
- memory: 0.75Gi
- cpu: 1
- persistence:
- size: 1Gi
-replica:
- resources:
- requests:
- memory: 100Mi
- cpu: 80m
- limits:
- memory: 0.75Gi
- cpu: 1
- persistence:
- size: 1Gi
diff --git a/k8s/service.yml b/k8s/service.yml
deleted file mode 100644
index f0f2242bb949041f9a50d974cbe6d28b220e6051..0000000000000000000000000000000000000000
--- a/k8s/service.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: kszkepzes-backend
- namespace: kszk-kepzes-site
-spec:
- type: ClusterIP
- ports:
- - port: 8000
- targetPort: 8000
- name: backend
- protocol: TCP
- - port: 8080
- targetPort: 8080
- name: files
- protocol: TCP
- selector:
- app: kszkepzes-backend
diff --git a/k8s/templates/backend.yaml b/k8s/templates/backend.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bd5da3fc962d3cd0ab349fa05cf5851d161acd2b
--- /dev/null
+++ b/k8s/templates/backend.yaml
@@ -0,0 +1,278 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-backend
+spec:
+ strategy:
+ type: Recreate
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ .Release.Name }}-backend
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}-backend
+ spec:
+ initContainers:
+ - name: volume-permission-fix
+ image: busybox
+ command:
+ - "sh"
+ - "-c"
+ - |
+ chown -R 1000:1000 /mediafiles
+ chown -R 1000:1000 /staticfiles
+ volumeMounts:
+ - name: kszkepzes-media-volume
+ mountPath: /mediafiles
+ - name: kszkepzes-static-volume
+ mountPath: /staticfiles
+ resources:
+ limits:
+ memory: 30Mi
+ - name: kszkepzes-backend-collectstatic
+ image: {{ .Values.backend.image }}:{{ .Values.backend.tag }}
+ imagePullPolicy: "Always"
+ command: ["python", "manage.py", "collectstatic", "--noinput"]
+ volumeMounts:
+ - mountPath: /home/app/kszkepzes-backend/staticfiles
+ name: kszkepzes-static-volume
+ envFrom:
+ - configMapRef:
+ name: {{ .Release.Name }}-config
+ - secretRef:
+ name: {{ .Release.Name }}-secret-config
+ resources:
+ limits:
+ memory: 200Mi
+ - name: kszkepzes-backend-migrate
+ image: {{ .Values.backend.image }}:{{ .Values.backend.tag }}
+ imagePullPolicy: "Always"
+ command: ["python", "manage.py", "migrate", "--noinput"]
+ envFrom:
+ - configMapRef:
+ name: {{ .Release.Name }}-config
+ - secretRef:
+ name: {{ .Release.Name }}-secret-config
+ resources:
+ limits:
+ memory: 200Mi
+ containers:
+ - name: kszkepzes-backend
+ image: {{ .Values.backend.image }}:{{ .Values.backend.tag }}
+ imagePullPolicy: "Always"
+ volumeMounts:
+ - mountPath: /home/app/kszkepzes-backend/mediafiles
+ name: kszkepzes-media-volume
+ - mountPath: /home/app/kszkepzes-backend/staticfiles
+ name: kszkepzes-static-volume
+ ports:
+ - containerPort: 8000
+ envFrom:
+ - configMapRef:
+ name: {{ .Release.Name }}-config
+ - secretRef:
+ name: {{ .Release.Name }}-secret-config
+ resources:
+ requests:
+ cpu: "80m"
+ limits:
+ memory: 600Mi
+ cpu: "2"
+ startupProbe:
+ httpGet:
+ path: /healthz/
+ port: 8000
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ failureThreshold: 5
+ timeoutSeconds: 4
+ livenessProbe:
+ httpGet:
+ port: 8000
+ path: /healthz/
+ periodSeconds: 10
+ failureThreshold: 2
+ timeoutSeconds: 4
+ - name: kszkepzes-files-serve
+ securityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ image: halverneus/static-file-server:latest
+ imagePullPolicy: "Always"
+ volumeMounts:
+ - mountPath: /var/www/html/mediafiles
+ name: kszkepzes-media-volume
+ - mountPath: /var/www/html/staticfiles
+ name: kszkepzes-static-volume
+ ports:
+ - containerPort: 8080
+ env:
+ - name: PORT
+ value: "8080"
+ - name: SHOW_LISTING
+ value: "false"
+ - name: FOLDER
+ value: "/var/www/html"
+ resources:
+ requests:
+ cpu: "20m"
+ limits:
+ memory: 200Mi
+ cpu: "2"
+ volumes:
+ - name: kszkepzes-media-volume
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-media-pv-claim
+ - name: kszkepzes-static-volume
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-static-pv-claim
+ imagePullSecrets:
+ - name: {{ .Values.backend.imagePullSecretName }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-backend-worker
+spec:
+ strategy:
+ type: Recreate
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ .Release.Name }}-backend-worker
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}-backend-worker
+ spec:
+ containers:
+ - name: worker
+ image: {{ .Values.backend.image }}:{{ .Values.backend.tag }}
+ imagePullPolicy: "Always"
+ envFrom:
+ - configMapRef:
+ name: {{ .Release.Name }}-config
+ - secretRef:
+ name: {{ .Release.Name }}-secret-config
+ command: ["python3"]
+ args: ["-m", "celery", "-A", "kszkepzes", "worker", "-l", "debug"]
+ livenessProbe:
+ exec:
+ command:
+ - celery
+ - inspect
+ - ping
+ periodSeconds: 10
+ failureThreshold: 2
+ timeoutSeconds: 4
+ startupProbe:
+ exec:
+ command:
+ - celery
+ - inspect
+ - ping
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ failureThreshold: 5
+ timeoutSeconds: 4
+ resources:
+ requests:
+ cpu: "100m"
+ limits:
+ memory: 600Mi
+ cpu: "2"
+ imagePullSecrets:
+ - name: {{ .Values.backend.imagePullSecretName }}
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ labels:
+ app: {{ .Release.Name }}
+ name: {{ .Release.Name }}-media-pv-claim
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
+ storageClassName: {{ .Values.backend.storageClassName }}
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ labels:
+ app: {{ .Release.Name }}
+ name: {{ .Release.Name }}-static-pv-claim
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+ storageClassName: {{ .Values.backend.storageClassName }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-config
+data:
+ # DEBUG: "1"
+ DB_NAME: {{ .Values.db.name }}
+ DB_HOST: {{ .Values.db.host }}
+ CELERY_BROKER_URL: {{ printf "redis://%s-redis:6379" .Release.Name }}
+ DJANGO_SETTINGS_MODULE: "kszkepzes.settings.production"
+
+ {{ if .Values.minio.enabled }}
+ MINIO_EXTERNAL_ENDPOINT: {{ .Values.url }}
+ MINIO_ACCESS_ENDPOINT: {{ .Release.Name }}-minio:9000
+ {{ else }}
+ MINIO_EXTERNAL_ENDPOINT: {{ .Values.minio.MINIO_EXTERNAL_ENDPOINT }}
+ MINIO_ACCESS_ENDPOINT: {{ .Values.minio.MINIO_ACCESS_ENDPOINT }}
+ {{ end }}
+
+ MINIO_STATIC_BUCKET: "kepzes-static"
+ MINIO_MEDIA_BUCKET: "kepzes-media"
+ CSRF_TRUSTED_ORIGINS: {{ printf "https://%s" .Values.url }}
+ SECRET_KEY: {{ .Values.backend.secretKey }}
+ OIDC_CLIENT_ID: {{ .Values.backend.oidc.OIDC_CLIENT_ID }}
+ OIDC_AUTHORIZATION_ENDPOINT: {{ .Values.backend.oidc.OIDC_AUTHORIZATION_ENDPOINT }}
+ OIDC_TOKEN_ENDPOINT: {{ .Values.backend.oidc.OIDC_TOKEN_ENDPOINT }}
+ OIDC_USERINFO_ENDPOINT: {{ .Values.backend.oidc.OIDC_USERINFO_ENDPOINT }}
+ OIDC_JWKS_ENDPOINT: {{ .Values.backend.oidc.OIDC_JWKS_ENDPOINT }}
+ OIDC_SIGN_ALGO: {{ .Values.backend.oidc.OIDC_SIGN_ALGO }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-secret-config
+data:
+ DB_USER: {{ .Values.db.user | b64enc }}
+ DB_PASSWORD: {{ .Values.db.password | b64enc }}
+ MINIO_ACCESS_KEY: {{ .Values.minio.user | b64enc }}
+ MINIO_SECRET_KEY: {{ .Values.minio.password | b64enc }}
+ OIDC_CLIENT_SECRET: {{ .Values.backend.oidc.OIDC_CLIENT_SECRET | b64enc}}
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}-backend
+spec:
+ type: ClusterIP
+ ports:
+ - port: 8000
+ targetPort: 8000
+ name: backend
+ protocol: TCP
+ - port: 8080
+ targetPort: 8080
+ name: files
+ protocol: TCP
+ selector:
+ app: {{ .Release.Name }}-backend
diff --git a/k8s/templates/frontend.yaml b/k8s/templates/frontend.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9ed8fb37eaddb1dcc24af931026bdd5449adf046
--- /dev/null
+++ b/k8s/templates/frontend.yaml
@@ -0,0 +1,42 @@
+{{ if .Values.frontend.enabled}}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-frontend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ .Release.Name }}-frontend
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}-frontend
+ spec:
+ containers:
+ - name: kszkepzes-frontend
+ image: {{ .Values.frontend.image }}:{{ .Values.frontend.tag }}
+ imagePullPolicy: 'Always'
+ ports:
+ - containerPort: 3000
+ resources:
+ limits:
+ memory: 200Mi
+ imagePullSecrets:
+ - name: {{ .Values.frontend.imagePullSecretName }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}-frontend
+spec:
+ type: ClusterIP
+ ports:
+ - port: 3000
+ targetPort: 3000
+ name: front
+ protocol: TCP
+ selector:
+ app: {{ .Release.Name }}-frontend
+{{ end }}
\ No newline at end of file
diff --git a/k8s/templates/ingress.yaml b/k8s/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1c9a1d3fea55ef2a77a31d0dbdfce49d0a07cfc8
--- /dev/null
+++ b/k8s/templates/ingress.yaml
@@ -0,0 +1,101 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt
+ kubernetes.io/tls-acme: "true"
+ name: {{ .Release.Name }}
+spec:
+ rules:
+ - host: {{ .Values.url }}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-frontend
+ port:
+ number: 3000
+ - path: /api
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-backend
+ port:
+ number: 8000
+ - path: /admin
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-backend
+ port:
+ number: 8000
+ - path: /staticfiles
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-backend
+ port:
+ number: 8080
+ - path: /mediafiles
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-backend
+ port:
+ number: 8080
+ - path: /oidc
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-backend
+ port:
+ number: 8000
+ {{ if .Values.minio.enabled }}
+ - path: /kepzes-static
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-minio
+ port:
+ number: 9000
+ - path: /kepzes-media
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-minio
+ port:
+ number: 9000
+ {{end}}
+ tls:
+ - hosts:
+ - {{ .Values.url }}
+ secretName: {{ .Release.Name }}-cert
+
+{{ if .Values.frontend.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+ cert-manager.io/cluster-issuer: letsencrypt
+ kubernetes.io/tls-acme: "true"
+ name: {{ .Release.Name }}-frontend
+spec:
+ rules:
+ - host: {{ .Values.url }}
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: {{ .Release.Name }}-frontend
+ port:
+ number: 3000
+ tls:
+ - hosts:
+ - {{ .Values.url }}
+ secretName: {{ .Release.Name }}-cert
+{{ end }}
\ No newline at end of file
diff --git a/k8s/templates/minio.yaml b/k8s/templates/minio.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..79cd6172fbe0c7d76418b43f4aed4542ecf7ef8c
--- /dev/null
+++ b/k8s/templates/minio.yaml
@@ -0,0 +1,89 @@
+{{ if .Values.minio.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-minio
+spec:
+ selector:
+ matchLabels:
+ app: {{ .Release.Name }}-minio
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}-minio
+ spec:
+ volumes:
+ - name: kszkepzes-minio-volume
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-minio-pvc
+ containers:
+ - name: {{ .Release.Name}}-minio
+ image: {{ .Values.minio.image }}:{{ .Values.minio.tag }}
+ args: ["server", "/data" ,"--console-address", ":9001"]
+ ports:
+ - containerPort: 9000
+ protocol: TCP
+ - containerPort: 9001
+ protocol: TCP
+ env:
+ - name: MINIO_ROOT_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name }}-minio-credentials
+ key: MINIO_ROOT_USER
+ - name: MINIO_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name }}-minio-credentials
+ key: MINIO_ROOT_PASSWORD
+ volumeMounts:
+ - mountPath: /var/lib/minioql/data
+ name: kszkepzes-minio-volume
+ resources:
+ requests:
+ cpu: "200m"
+ memory: 500Mi
+ limits:
+ cpu: "2"
+ memory: 1Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-minio-credentials
+type: Opaque
+data:
+ MINIO_ROOT_USER: {{ .Values.minio.user | b64enc }}
+ MINIO_ROOT_PASSWORD: {{ .Values.minio.password | b64enc }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ .Release.Name }}-minio-pvc
+spec:
+ storageClassName: {{ .Values.minio.storageClassName }}
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 2Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}-minio
+spec:
+ type: ClusterIP
+ ports:
+ - port: 9000
+ targetPort: 9000
+ name: api
+ protocol: TCP
+ - port: 9001
+ targetPort: 9001
+ name: ui
+ protocol: TCP
+ selector:
+ app: {{ .Release.Name }}-minio
+{{ end }}
\ No newline at end of file
diff --git a/k8s/templates/redis.yaml b/k8s/templates/redis.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4ec18fae1bdde405ecb866441bc4207cf8a703f6
--- /dev/null
+++ b/k8s/templates/redis.yaml
@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-redis
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ .Release.Name }}-redis
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}-redis
+ spec:
+ containers:
+ - name: redis
+ image: {{ .Values.redis.image }}:{{ .Values.redis.tag }}
+ ports:
+ - containerPort: 6379
+ args:
+ - "--save"
+ - ""
+ - "--appendonly"
+ - "no"
+ resources:
+ requests:
+ memory: 100Mi
+ cpu: "100m"
+ limits:
+ memory: 750Mi
+ cpu: "1"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}-redis
+spec:
+ type: ClusterIP
+ ports:
+ - port: 6379
+ targetPort: 6379
+ selector:
+ app: {{ .Release.Name }}-redis
\ No newline at end of file
diff --git a/k8s/values.yaml b/k8s/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..960d49561abc5b003f76dff68e94781284b67782
--- /dev/null
+++ b/k8s/values.yaml
@@ -0,0 +1,49 @@
+url: "ujonc.kszk.bme.hu"
+
+backend:
+ image: "harbor.sch.bme.hu/kszk-kepzes/backend"
+ tag: "test"
+ storageClassName: "local-path"
+ imagePullSecretName: "harbor"
+ secretKey: ""
+ oidc:
+ OIDC_CLIENT_ID: "a56088b8-c381-4da6-8e17-d7d129716b5a"
+ OIDC_CLIENT_SECRET: ""
+ OIDC_AUTHORIZATION_ENDPOINT: "https://login.microsoftonline.com/79f0ae63-ef51-49f5-9f51-78a3346e1507/oauth2/v2.0/authorize"
+ OIDC_TOKEN_ENDPOINT: "https://login.microsoftonline.com/79f0ae63-ef51-49f5-9f51-78a3346e1507/oauth2/v2.0/token"
+ OIDC_USERINFO_ENDPOINT: "https://graph.microsoft.com/oidc/userinfo"
+ OIDC_JWKS_ENDPOINT: "https://login.microsoftonline.com/79f0ae63-ef51-49f5-9f51-78a3346e1507/discovery/v2.0/keys"
+ OIDC_SIGN_ALGO: "RS256"
+
+frontend:
+ enabled: false
+ image: "harbor.sch.bme.hu/kszk-kepzes/frontend"
+ tag: "latest"
+ imagePullSecretName: "harbor"
+
+db:
+ host: "dbsch.internal"
+ name: ""
+ user: ""
+ password: ""
+
+minio:
+ # Deployoljon e saját miniot
+ enabled: true
+ # Ha enabled = false, milyen endpoint on érje el a backend a miniot
+ MINIO_ACCESS_ENDPOINT: "1.2.3.4:9000"
+ # Ha enabled = false, milyen (https) endpoint on lehet publikusan elérni a miniot
+ MINIO_EXTERNAL_ENDPOINT: "1.2.3.4:9000"
+ # Helyi vagy külső minio user
+ user: "user"
+ # Helyi vagy külső minio pass
+ password: ""
+
+ # Csak ha enabled = true
+ image: "quay.io/minio/minio"
+ tag: "RELEASE.2024-02-14T21-36-02Z"
+ storageClassName: "local-path"
+
+redis:
+ image: "redis"
+ tag: "latest"
diff --git a/src/kszkepzes/settings/production.py b/src/kszkepzes/settings/production.py
index 82c7207b4f9b6a0def59b1d9ce4b7c3f2954c94a..4d70d696ab206677e8017e425b3905304ff7f480 100644
--- a/src/kszkepzes/settings/production.py
+++ b/src/kszkepzes/settings/production.py
@@ -1,3 +1,5 @@
+from datetime import timedelta
+from typing import List, Tuple
from .base import *
DEBUG = int(os.environ.get("DEBUG", default=0))
@@ -24,6 +26,7 @@ EMAIL_HOST_PASSWORD = os.getenv('SMTP_PASSWORD')
CELERY_BROKER_URL = os.getenv('CELERY_BROKER_URL')
CELERY_RESULT_BACKEND = os.getenv('CELERY_BROKER_URL')
+REDIS_URL = os.getenv('CELERY_BROKER_URL')
CSRF_TRUSTED_ORIGINS = [os.getenv('CSRF_TRUSTED_ORIGINS')]
@@ -39,7 +42,6 @@ MINIO_REGION = 'us-east-1'
MINIO_ACCESS_KEY = os.environ.get("MINIO_ACCESS_KEY")
MINIO_SECRET_KEY = os.environ.get("MINIO_SECRET_KEY")
MINIO_URL_EXPIRY_HOURS = timedelta(hours=2)
-MINIO_CONSISTENCY_CHECK_ON_START = True
MINIO_PUBLIC_BUCKETS = [
os.environ.get('MINIO_STATIC_BUCKET'),
os.environ.get('MINIO_MEDIA_BUCKET')
@@ -50,3 +52,5 @@ MINIO_STATIC_FILES_BUCKET = os.environ.get('MINIO_STATIC_BUCKET')
MINIO_BUCKET_CHECK_ON_SAVE = True
DEFAULT_FILE_STORAGE = 'django_minio_backend.models.MinioBackend'
STATICFILES_STORAGE = 'django_minio_backend.models.MinioBackendStatic'
+
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
\ No newline at end of file