Merge pull request #475 from StatCan/fdi-merge-2015-01

Fdi merge 2015 01

Author: chian-007

stable/fdi-fmr-chart

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

stable/fdi-fmr-chart/.helmignore

@@ -0,0 +1,33 @@
+apiVersion: v2
+name: fdi-fmr-chart
+description: fusionsuite
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 1.16.0
+
+home: https://statcan.gc.ca
+sources:
+- https://repo.private.example.ca/analytics-platform/discovery/fusionsuite-docker-compose
+maintainers:
+- name: sylus
+  email: [email protected]
+- name: Zachary Seguin
+  email: [email protected]
+engine: gotpl

stable/fdi-fmr-chart/Chart.yaml

@@ -0,0 +1 @@
+dependencies:

stable/fdi-fmr-chart/requirements.yaml

@@ -0,0 +1,33 @@
+1. Application URL for Authz:
+
+{{- if .Values.fusionapps.ingress.enabled }}
+
+{{- range $host := .Values.fusionapps.ingress.hosts }}
+
+  {{- range .paths }}
+  http{{ if $.Values.fusionapps.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+
+{{- end }}
+
+{{- else if contains "NodePort" .Values.fusionapps.service.type }}
+
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fusionsuite.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+
+{{- else if contains "LoadBalancer" .Values.fusionapps.service.type }}
+
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fusionsuite.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fusionsuite.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.fusionapps.service.port }}
+
+{{- else if contains "ClusterIP" .Values.fusionapps.service.type }}
+
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fusionsuite.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:8080
+
+{{- end }}
+

stable/fdi-fmr-chart/templates/NOTES.txt

@@ -0,0 +1,64 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fusionsuite.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fusionsuite.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fusionsuite.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "fusionsuite.labels" -}}
+helm.sh/chart: {{ include "fusionsuite.chart" . }}
+{{ include "fusionsuite.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "fusionsuite.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fusionsuite.name" . }}
+app.kubernetes.io/instance: {{ include "fusionsuite.name" . }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "fusionsuite.fusionapps.serviceAccountName" -}}
+{{- if .Values.fusionapps.serviceAccount.create }}
+{{- default (include "fusionsuite.fullname" .) .Values.fusionapps.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.fusionapps.serviceAccount.name }}
+{{- end }}
+{{- end }}
+

stable/fdi-fmr-chart/templates/_helpers.tpl

@@ -0,0 +1,56 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "fusionsuite.fullname" . }}-registry
+data:
+  fmr.properties: | 
+    database.dialect={{ .Values.managed.registry.db_dialect }}
+    database.driver={{ .Values.managed.registry.db_driver }}
+    database.password={{ .Values.managed.registry.db_password }}
+    database.url=jdbc\:{{ .Values.managed.registry.db_jdbc_type }}\://{{ .Values.managed.registry.mssql_host }}\:{{ .Values.managed.registry.mssql_port }};databaseName\={{ .Values.managed.registry.db_name }}
+    database.useCustomString=false
+    database.username={{ .Values.managed.registry.db_username }}
+    encrypt.password ={{ .Values.managed.registry.encrypt_password }}
+    encrypt.salt ={{ .Values.managed.registry.encrypt_salt }}
+    security.password ={{ .Values.managed.registry.security_password }}
+    security.username ={{ .Values.managed.registry.security_username }}
+  fwb_config.json: |
+        {
+          "Properties": {
+              "server.url": "https://{{ .Values.managed.host }}/fwb"
+          },
+          "Environments": [
+    {{- range $key, $value := .Values.fwb }}
+              {
+                  "id": {{ $key | quote }},
+                  "name": {{ $value.name | quote }},
+                  "api": {
+                      "query": {{ $value.api.query | quote }},
+                      {{- if $value.api.delete }}
+                      "delete": {{ $value.api.delete | quote }},
+                      {{- end }}
+                      {{- if $value.api.persist | quote }}
+                      "persist": {{ $value.api.persist | quote }},
+                      {{- end }}
+                      "version": {{ $value.api.version | quote }}
+                  },
+                  "auth": {{ $value.auth | quote }},
+              {{- if $value.oidc }}
+                  "oidc": {
+                    "config": {{ $value.oidc.config | quote }},
+                    "clientId": {{ $value.oidc.clientId | quote }}
+                    {{- if $value.oidc.scope }}
+                    "scope": {{ $value.oidc.scope | quote }}
+                    {{- end }}                 
+                },
+              {{- end }}  
+                  "locale": [{{ $value.locale }}],
+              {{- if $value.agencies }}
+                  "agencies": [{{ $value.agencies }}],
+              {{- end }} 
+                  "format": {{ $value.format | quote }}
+              },
+    {{- end }}  
+            ]
+        }
+

stable/fdi-fmr-chart/templates/cm/registry.yaml

@@ -0,0 +1,80 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "fusionsuite.fullname" . }}-security
+data:
+  fusion-security.properties: | 
+    ######################################################################
+    #     DATABASE CONNECTION                                            #
+    ######################################################################
+    database.security.dialect={{ .Values.managed.security.db_dialect }}
+    database.security.driver={{ .Values.managed.security.db_driver }}
+    database.security.username={{ .Values.managed.security.db_username }}
+    database.security.password={{ .Values.managed.security.db_password }}
+    database.security.url=jdbc:{{ .Values.managed.security.db_jdbc_type }}://{{ .Values.managed.security.mssql_host }}:{{ .Values.managed.security.mssql_port }};databaseName\={{ .Values.managed.security.db_name }};
+    #database.security.url=jdbc:sqlserver://dotstatsuite.database.windows.net:1433;databaseName\={{ .Values.managed.security.db_name }}
+    ######################################################################
+    #     SECURITY (HTTPS PORT REDIRECTION)                              #
+    ######################################################################
+    #Auto Redirect to http:
+    # any - do not auto redirect 
+    # https - auto redirect traffic coming in on http to https, requires port mapping information to be correct
+    requires.channel=any
+
+    #Only required if requires.channel=https
+    port.http=8080
+    port.https=8444
+
+    ######################################################################
+    #     CERTIFICATE AUTHENTICATION                                     #
+    ######################################################################
+    security.p12File=
+    security.p12Pass=
+
+    ######################################################################
+    #     EMAIL SERVER                                                   #
+    ######################################################################
+    mail.smtp={{ .Values.managed.smtp.host }}
+    mail.port={{ .Values.managed.smtp.port }}
+    mail.username={{ .Values.managed.smtp.username }}
+    mail.password={{ .Values.managed.smtp.password }}
+    mail.security=TLS
+    #mail.starttls.enable={{ .Values.managed.smtp.enableSsl }}
+    mail.from={{ .Values.managed.smtp.mailFrom }}
+
+    ######################################################################
+    #     PASSWORD RULES                                                 #
+    ######################################################################
+    security.password.timeouthours=2
+    security.password.disallowed=
+    security.password.minlength=1
+    security.password.minnum=-1
+    security.password.minchar=-1
+    security.password.minlower=-1
+    security.password.minupper=-1
+    security.password.illegalchars=
+    max.login.attempt=3
+    {{- if .Values.fusionapps.ingress.enabled -}}
+     {{- range .Values.fusionapps.ingress.hosts }}
+    ######################################################################
+    #     STRUCTURE WEB SERVICE (ORGANISATION RETRIEVAL)                 #
+    ######################################################################
+    structure.ws=CloudRegistry@https://{{ .host }}/FusionRegistry
+
+    ######################################################################
+    #     GENERAL SETTINGS                                               #
+    ######################################################################
+    server.url=https://{{ .host }}/FusionSecurity
+    {{- end }}
+    {{ else }}
+    ######################################################################
+    #     STRUCTURE WEB SERVICE (ORGANISATION RETRIEVAL)                 #
+    ######################################################################
+    structure.ws=CloudRegistry@https://{{ .Values.managed.host }}:{{ .Values.managed.port }}/FusionRegistry
+
+    ######################################################################
+    #     GENERAL SETTINGS                                               #
+    ######################################################################
+    server.url=https://{{ .Values.managed.host }}:{{ .Values.managed.port }}/FusionSecurity
+
+    {{- end }}

stable/fdi-fmr-chart/templates/cm/security.yaml

@@ -0,0 +1,76 @@
+{{- if .Values.fusionapps.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "fusionsuite.fullname" . }}-fusionapps
+  labels:
+    {{- include "fusionsuite.labels" . | nindent 4 }}-fusionapps
+spec:
+{{- if not .Values.fusionapps.autoscaling.enabled }}
+  replicas: {{ .Values.fusionapps.replicaCount }}
+{{- end }}
+  selector:
+    matchLabels:
+      {{- include "fusionsuite.selectorLabels" . | nindent 6 }}-fusionapps
+  template:
+    metadata:
+      annotations:
+        traffic.sidecar.istio.io/excludeOutboundPorts: '1433'
+    {{- with .Values.fusionapps.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      labels:
+        {{- include "fusionsuite.selectorLabels" . | nindent 8 }}-fusionapps
+    spec:
+      {{- with .Values.fusionapps.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "fusionsuite.fusionapps.serviceAccountName" . }}-fusionapps
+      securityContext:
+        {{- toYaml .Values.fusionapps.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "fusionsuite.fullname" . }}-fusionapps
+          securityContext:
+            {{- toYaml .Values.fusionapps.securityContext | nindent 12 }}
+          image: "{{ .Values.fusionapps.image.repository }}:{{ .Values.fusionapps.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.fusionapps.image.pullPolicy }}
+          env:
+            - name: TOMCAT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "fusionsuite.fullname" . }}-tomcat-password
+                  key: password
+            - name: TOMCAT_USERNAME
+              value: {{ .Values.managed.tomcat.tomcat_username }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - name: {{ include "fusionsuite.fullname" . }}-registry
+              mountPath: /opt/bitnami/tomcat/MetadataTechnology/FusionRegistry
+            - name: {{ include "fusionsuite.fullname" . }}-security
+              mountPath: /opt/bitnami/tomcat/FusionSecurity
+          resources:
+            {{- toYaml .Values.fusionapps.resources | nindent 12 }}
+      {{- with .Values.fusionapps.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.fusionapps.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.fusionapps.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+      - name: {{ include "fusionsuite.fullname" . }}-security
+        configMap:
+          name: {{ include "fusionsuite.fullname" . }}-security  
+      - name: {{ include "fusionsuite.fullname" . }}-registry
+        configMap:
+          name: {{ include "fusionsuite.fullname" . }}-registry  
+{{- end -}}

stable/fdi-fmr-chart/templates/deploy/apps.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.destinationRule.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: DestinationRule
+metadata:
+  name: {{ template "fusionsuite.fullname" . }}
+  labels:
+    app: {{ template "fusionsuite.name" . }}
+    chart: {{ template "fusionsuite.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  host: "*.{{ .Release.Namespace }}.svc.{{ default "cluster.local" .Values.clusterDomain }}"
+  trafficPolicy:
+    tls:
+      mode: "{{ default "DISABLE" .Values.destinationRule.mode }}"
+{{- end }}