Merge pull request #120 from SparebankenVest/at-add-svai-alz-support

at add svai alz support

stable/svai/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.9
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

stable/svai/templates/deployment.yaml

@@ -32,6 +32,12 @@ spec:
           - name: {{ .nameOfEnvVar }}
             value: {{ .nameInKeyVault }}@azurekeyvault
           {{- end }}
+          {{- range .Values.environment.valuesFrom }}
+          - name: {{ .nameOfEnvVar }}
+            valueFrom:
+              fieldRef:
+                fieldPath: {{ .fieldPath }}
+          {{- end }}
           ports:
             - name: http
               containerPort: {{ .Values.image.containerPort | default 8080  }}

stable/svai/templates/hpa.yaml

@@ -9,7 +9,7 @@ spec:
   scaleTargetRef:
     apiVersion: apps/v1
     kind: Deployment
-    name: {{ include "svai.fullname" . }}
+    name: {{ include "svai.name" . }}
   minReplicas: {{ .Values.autoscaling.minReplicas }}
   maxReplicas: {{ .Values.autoscaling.maxReplicas }}
   metrics:
@@ -26,7 +26,7 @@ spec:
       resource:
         name: memory
         target:
-          type: AverageValue
-          AverageValue: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
     {{- end }}
 {{- end }}

stable/svai/templates/imageRepository.yaml

@@ -0,0 +1,10 @@
+{{- $name := include "svai.name" . -}}
+
+apiVersion: image.toolkit.fluxcd.io/v1beta2
+kind: ImageRepository
+metadata:
+  name: {{ $name }}
+spec:
+  image: {{ .Values.image.repository }}
+  interval: 1m0s
+  provider: azure

stable/svai/templates/imageUpdateAutomation.yaml

@@ -0,0 +1,37 @@
+{{- $name := include "svai.name" . -}}
+
+apiVersion: image.toolkit.fluxcd.io/v1beta1
+kind: ImageUpdateAutomation
+metadata:
+  name: {{ $name }}
+spec:
+  sourceRef:
+    kind: GitRepository
+    name: {{ .Values.gitOps.repoName }}
+    namespace: flux-system
+  git:
+    commit:
+      author:
+        email: [email protected]
+        name: fluxcdbot
+      messageTemplate: |
+       {{` Automated image update
+        [ci skip]
+        Automation name: {{ .AutomationObject }}
+        Files:
+        {{ range $filename, $_ := .Updated.Files -}}
+        - {{ $filename }}
+        {{ end -}}
+        Objects:
+        {{ range $resource, $_ := .Updated.Objects -}}
+        - {{ $resource.Kind }} {{ $resource.Name }}
+        {{ end -}}
+        Images:
+        {{ range .Updated.Images -}}
+        - {{.}}
+        {{ end -}}`}}
+    push:
+      branch: main
+  interval: 1m0s
+  update:
+    strategy: Setters

stable/svai/templates/imagepolicy.yaml

@@ -25,4 +25,8 @@ spec:
 {{- else if and (eq (lower .Values.env) "dev" ) (not .Values.image.automated)}}
   filterTags:
     pattern: {{ .Values.image.tag }}
-{{- end }}  
+{{- end }}  
+
+# TODO Add support for stage and test environments
+# TODO Legge til støtte for image-update automation
+# TODO Legge til støtte for image-repository 

stable/svai/templates/ingress.yaml

@@ -18,7 +18,7 @@ spec:
   tls:
     - hosts:
       - {{ $dns | quote }}
-      secretName: {{ $name }}-tls-certificate
+      secretName: {{ $name  | replace "." "-" }}-tls-certificate
   rules:
     - host: {{ $dns | quote }}
       http:
@@ -33,3 +33,5 @@ spec:
                   number: 80
           {{- end }}
 {{- end }}
+
+

stable/svai/templates/secrets.yaml

@@ -1,3 +1,6 @@
+{{- $name := include "svai.name" . -}}
+{{- $dns := include "svai.dns" . -}}
+
 {{- range .Values.environment.secrets }}
 apiVersion: spv.no/v1alpha1
 kind: AzureKeyVaultSecret
@@ -10,4 +13,28 @@ spec:
       type: secret
       name: {{ .nameInKeyVault }}
 ---
-{{- end }}
+{{- end }}
+{{- if .Values.ingress.acmebot }}
+apiVersion: spv.no/v2beta1
+kind: AzureKeyVaultSecret
+metadata:
+  name: {{ $name }}-tls-certificate-certificate-sync
+spec:
+  vault:
+  {{- if eq (lower .Values.env ) "prod"}}
+    name: common-infra-kv-prod
+  {{- else }}
+    name: common-infra-kv-dev
+  {{- end }}  
+    object:
+      type: certificate
+      name: {{ $dns | replace "." "-" }}
+  output:
+    secret:
+      name: {{ $name | replace "." "-" }}-tls-certificate
+      type: kubernetes.io/tls
+      chainOrder: ensureserverfirst
+{{- end }}
+
+
+# (Legge til støtte for k8s secrets)

stable/svai/templates/service.yaml

@@ -7,7 +7,7 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-    - port: 80
+    - port: {{ .Values.service.port }}
       targetPort: http
       protocol: TCP
       name: http

stable/svai/values-example.yaml

@@ -0,0 +1,75 @@
+# Default values for svai.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+
+autoscaling:
+  enabled: true
+  minReplicas: 2
+  maxReplicas: 10
+  targetCPUUtilizationPercentage: 80
+  targetMemoryUtilizationPercentage: 80
+
+env: dev #prod/dev
+domain: mydomain.no
+#selectorLabes:
+#  app: svai
+image:
+  repository: registry.azurecr.io/registry-name
+  tag: b3543c41-1682426341
+  automated: true
+  containerPort: 8080
+
+nameOverride: "sandbox"
+
+environment:
+  variables:
+    - name: ASPNETCORE_ENVIRONMENT
+      value: produksjon
+  secrets:
+    - nameInKeyVault: my-secret
+      nameOfEnvVar: My__Secret
+      vault: my-keyvault
+  valuesFrom:
+    - nameOfEnvVar: HOST_IP
+      fieldPath: status.hostIP
+
+ingress:
+  acmebot: true
+  enabled: true
+  className: ""
+  annotations:
+     kubernetes.io/ingress.class: nginx
+     kubernetes.io/tls-acme: "true"
+     external-dns.alpha.kubernetes.io/target: "10.0.0.0"
+  paths:
+    - path: /
+      pathType: ImplementationSpecific
+
+#Resources: for memory you can set limit=request, the value can be 25% above the average consumption
+#of the app, remember that if the app execeeds the limit it will be killed and restarted
+#for cpu you can set a request but no limit.
+resources:
+  requests:
+    memory: 128Mi
+    cpu: 100m
+  limits:
+    memory: 128Mi
+containers:
+  startupProbe:
+    enabled: false
+  readinessProbe:
+    enabled: false
+  livenessProbe:
+    enabled: false
+
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+

stable/svai/values.yaml

@@ -5,9 +5,10 @@
 
 autoscaling:
   enabled: true
-  minReplicas: 1
+  minReplicas: 2
   maxReplicas: 10
   targetCPUUtilizationPercentage: 80
+  targetMemoryUtilizationPercentage: 80
 
 env: dev #prod/dev
 domain: mydomain.no
@@ -18,25 +19,25 @@ image:
   tag: b3543c41-1682426341
   automated: true
   containerPort: 8080
-
-nameOverride: "sandbox"
-
+gitOps:
+  repoName: "banking-services-gitops"
 environment:
   variables:
-    - name: ASPNETCORE_ENVIRONMENT
-      value: produksjon
   secrets:
-    - nameInKeyVault: my-secret
-      nameOfEnvVar: My__Secret
-      vault: my-keyvault
+  valuesFrom:
+
+
+service:
+  port: 80
 
 
 ingress:
+  acmebot: true
   enabled: true
   className: ""
   annotations:
      kubernetes.io/ingress.class: nginx
-     kubernetes.io/tls-acme: "true"
+
   paths:
     - path: /
       pathType: ImplementationSpecific