Merge pull request #15 from tahzeer/4.0

[G2P-4188] Fix existing and add new charts for bene-protal-api

Author: venky-ganapathy

charts/openg2p-pbms/questions.yaml

@@ -60,6 +60,33 @@ questions:
   group: Background Task Settings
   show_if: "openg2p-pbms-bg-task-celery-workers.enabled=true"
 
+# Portal API Settings
+- variable: staffPortalApi.enabled
+  description: Enable Staff Portal API component
+  type: boolean
+  label: Enable Staff Portal API
+  group: Portal API Settings
+
+- variable: benePortalApi.enabled
+  description: Enable Bene Portal API component
+  type: boolean
+  label: Enable Bene Portal API
+  group: Portal API Settings
+
+- variable: benePortalApi.envVars.COMMON_AUTH_DEFAULT_ISSUERS
+  description: Default list of OIDC issuers for Bene Portal API
+  type: string
+  label: Bene Portal API Default Issuers
+  group: Portal API Settings
+  show_if: "benePortalApi.enabled=true"
+
+- variable: benePortalApi.envVars.COMMON_AUTH_DEFAULT_JWKS_URLS
+  description: Default list of JWKS URLs for Bene Portal API
+  type: string
+  label: Bene Portal API Default JWKS URLs
+  group: Portal API Settings
+  show_if: "benePortalApi.enabled=true"
+
 # Registry settings
 - variable: global.registryDB 
   description: Name of the Registry DB in PostgreSQL 
@@ -85,4 +112,6 @@ questions:
   label: Registry DB Secret Key with User Password
   group: Registry 
 
+
+
 # End of main PBMS/values.yaml-driven questions.

charts/openg2p-pbms/templates/_helper.tpl

@@ -192,5 +192,32 @@ Render Env values section for staff-portal-api
 {{- include "pbms.baseEnvVars" (dict "envVars" $envVars "context" $) }}
 {{- end -}}
 
+{{/*
+Templates for openg2p-pbms-bene-portal-api
+*/}}
 
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "pbms.bene-portal-api.serviceAccountName" -}}
+{{- if .Values.benePortalApi.serviceAccount.create -}}
+{{ default (include "common.names.fullname" .) .Values.benePortalApi.serviceAccount.name }}
+{{- else -}}
+{{ default "default" .Values.benePortalApi.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
 
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "pbms.bene-portal-api.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.benePortalApi.image .Values.benePortalApi.postgresCheckerInit.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Render Env values section for bene-portal-api
+*/}}
+{{- define "pbms.bene-portal-api.envVars" -}}
+{{- $envVars := merge (deepCopy .Values.benePortalApi.envVars) (deepCopy .Values.benePortalApi.envVarsFrom) -}}
+{{- include "pbms.baseEnvVars" (dict "envVars" $envVars "context" $) }}
+{{- end -}}

charts/openg2p-pbms/templates/beat-producers/deployment.yaml

@@ -15,9 +15,11 @@ spec:
   {{- end }}
   selector:
     matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .podLabels "context" $) | nindent 6 }}
+      app.kubernetes.io/component: celery-beat-producer
   template:
     metadata:
       labels: {{- include "common.labels.standard" (dict "customLabels" .podLabels "context" $) | nindent 8 }}
+        app.kubernetes.io/component: celery-beat-producer
       {{- if .podAnnotations }}
       annotations: {{- include "common.tplvalues.render" (dict "value" .podAnnotations "context" $) | nindent 8 }}
       {{- end }}

charts/openg2p-pbms/templates/bene-portal-api/deployment.yaml

@@ -0,0 +1,90 @@
+{{- with .Values.benePortalApi }}
+{{- if .enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" $ }}
+kind: Deployment
+metadata:
+  name: {{ include "common.names.fullname" $ }}-bene-portal-api
+  labels: {{- include "common.labels.standard" (dict "customLabels" .commonLabels "context" $) | nindent 4 }}
+  {{- if .commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: {{ .replicaCount }}
+  {{- if .updateStrategy }}
+  strategy: {{- include "common.tplvalues.render" (dict "value" .updateStrategy "context" $) | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .podLabels "context" $) | nindent 6 }}
+      app.kubernetes.io/component: bene-portal-api
+  template:
+    metadata:
+      labels: {{- include "common.labels.standard" (dict "customLabels" .podLabels "context" $) | nindent 8 }}
+        app.kubernetes.io/component: bene-portal-api
+      {{- if .podAnnotations }}
+      annotations: {{- include "common.tplvalues.render" (dict "value" .podAnnotations "context" $) | nindent 8 }}
+      {{- end }}
+    spec:
+      serviceAccountName: {{ include "pbms.bene-portal-api.serviceAccountName" $ }}
+      {{- include "pbms.bene-portal-api.imagePullSecrets" $ | nindent 6 }}
+      {{- if .hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .podAffinityPreset "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .podAntiAffinityPreset "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .nodeAffinityPreset.type "key" .nodeAffinityPreset.key "values" .nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .tolerations "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .priorityClassName }}
+      priorityClassName: {{ .priorityClassName | quote }}
+      {{- end }}
+      {{- if .podSecurityContext.enabled }}
+      securityContext: {{- include "common.tplvalues.render" (dict "value" (omit .podSecurityContext "enabled") "context" $) | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- if .postgresCheckerInit.enabled }}
+        - name: postgres-checker
+          image: {{ include "common.images.image" (dict "imageRoot" .postgresCheckerInit.image "global" $.Values.global) }}
+          imagePullPolicy: {{ .postgresCheckerInit.image.pullPolicy }}
+          command: {{- include "common.tplvalues.render" (dict "value" .postgresCheckerInit.command "context" $) | nindent 12 }}
+          env: {{- include "pbms.bene-portal-api.envVars" $ | indent 12 }}
+        {{- end }}
+      containers:
+        - name: g2p-pbms-bene-portal-api
+          image: {{ include "common.images.image" (dict "imageRoot" .image "global" $.Values.global) }}
+          imagePullPolicy: {{ .image.pullPolicy }}
+          {{- if .lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .containerSecurityContext.enabled }}
+          securityContext: {{- include "common.tplvalues.render" (dict "value" (omit .containerSecurityContext "enabled") "context" $) | nindent 12 }}
+          {{- end }}
+          env: {{- include "pbms.bene-portal-api.envVars" $ | indent 12 }}
+          ports:
+            - name: http
+              containerPort: {{ .containerPort }}
+          {{- if .resources }}
+          resources: {{- include "common.tplvalues.render" (dict "value" .resources "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .startupProbe "enabled") "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .livenessProbe "enabled") "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .readinessProbe "enabled") "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .sidecars "context" $) | nindent 8 }}
+        {{- end }}
+{{- end }}
+{{- end }}

charts/openg2p-pbms/templates/bene-portal-api/gateway.yaml

@@ -0,0 +1,36 @@
+{{- with .Values.benePortalApi }}
+{{- if and .enabled .istio.enabled .istio.gateway.enabled }}
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ template "common.names.fullname" $ }}-bene-portal-api
+  labels: {{- include "common.labels.standard" (dict "customLabels" .commonLabels "context" $) | nindent 4 }}
+  {{- if .commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  selector: {{- include "common.tplvalues.render" ( dict "value" .istio.gateway.ingressController "context" $) | nindent 4 }}
+  servers:
+  {{- if .istio.gateway.httpEnabled }}
+  - port:
+      name: http2
+      number: 8080
+      protocol: HTTP2
+    hosts:
+      - {{ default $.Values.global.g2pPbmsBgTaskHostname .istio.gateway.host | quote }}
+    {{- if .istio.gateway.httpTlsRedirect }}
+    tls:
+      httpsRedirect: true
+    {{- end }}
+  {{- end }}
+  {{- if .istio.gateway.httpsEnabled }}
+  - port:
+      name: https
+      number: 8443
+      protocol: HTTPS
+    hosts:
+      - {{ default $.Values.global.g2pPbmsBgTaskHostname .istio.gateway.host | quote }}
+    tls: {{- include "common.tplvalues.render" (dict "value" (omit .istio.gateway.tls "enabled") "context" $) | nindent 6 }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/openg2p-pbms/templates/bene-portal-api/hpa.yaml

@@ -0,0 +1,36 @@
+{{- with .Values.benePortalApi }}
+{{- if and .enabled .autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "common.names.fullname" $ }}-bene-portal-api
+  labels: {{- include "common.labels.standard" (dict "customLabels" .commonLabels "context" $) | nindent 4 }}
+  {{- if .commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "common.names.fullname" $ }}-bene-portal-api
+  minReplicas: {{ .autoscaling.minReplicas }}
+  maxReplicas: {{ .autoscaling.maxReplicas }}
+  metrics:
+    {{- if .autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
+{{- end }}

charts/openg2p-pbms/templates/bene-portal-api/service.yaml

@@ -0,0 +1,30 @@
+{{- with .Values.benePortalApi }}
+{{- if .enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "common.names.fullname" $ }}-bene-portal-api
+  labels: {{- include "common.labels.standard" (dict "customLabels" .commonLabels "context" $) | nindent 4 }}
+  {{- if .commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .service.type }}
+  {{- if (or (eq .service.type "LoadBalancer") (eq .service.type "NodePort")) }}
+  externalTrafficPolicy: {{ .service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{ if eq .service.type "LoadBalancer" }}
+  loadBalancerSourceRanges: {{ .service.loadBalancerSourceRanges }}
+  {{ end }}
+  {{- if (and (eq .service.type "LoadBalancer") (not (empty .service.loadBalancerIP))) }}
+  loadBalancerIP: {{ .service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - name: http
+      port: {{ .service.port }}
+      protocol: TCP
+      targetPort: http
+  selector: {{- include "common.labels.matchLabels" (dict "customLabels" .podLabels "context" $) | nindent 4 }}
+    app.kubernetes.io/component: bene-portal-api
+{{- end }}
+{{- end }}

charts/openg2p-pbms/templates/bene-portal-api/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- with .Values.benePortalApi }}
+{{- if and .enabled .serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "pbms.bene-portal-api.serviceAccountName" $ }}
+  labels: {{- include "common.labels.standard" (dict "customLabels" .commonLabels "context" $) | nindent 4 }}
+  {{- if .commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}

charts/openg2p-pbms/templates/bene-portal-api/virtualservice.yaml

@@ -0,0 +1,35 @@
+{{- with .Values.benePortalApi }}
+{{- if and .enabled .istio.enabled .istio.virtualservice.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ template "common.names.fullname" $ }}-bene-portal-api
+  labels: {{- include "common.labels.standard" (dict "customLabels" .commonLabels "context" $) | nindent 4 }}
+  {{- if .commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  hosts:
+  - {{ include "common.tplvalues.render" (dict "value" (default $.Values.global.g2pPbmsBgTaskHostname .istio.virtualservice.host) "context" $) | quote }}
+  gateways:
+  - {{ default (include "common.names.fullname" $) .istio.virtualservice.gateway }}
+  http:
+  - headers:
+      request:
+        set:
+          x-forwarded-host: {{ include "common.tplvalues.render" (dict "value" (default $.Values.global.g2pPbmsBgTaskHostname .istio.virtualservice.host) "context" $) | quote }}
+          x-forwarded-proto: https
+    match:
+    - uri:
+        prefix: {{ include "common.tplvalues.render" (dict "value" .istio.virtualservice.prefix "context" $) }}
+    {{- if .istio.virtualservice.rewriteUri }}
+    rewrite:
+      uri: {{ include "common.tplvalues.render" (dict "value" .istio.virtualservice.rewriteUri "context" $) }}
+    {{- end }}
+    route:
+    - destination:
+        host: {{ template "common.names.fullname" $ }}-bene-portal-api
+        port:
+          number: {{ .service.port }}
+{{- end }}
+{{- end }}

charts/openg2p-pbms/templates/celery-workers/deployment.yaml

@@ -15,9 +15,11 @@ spec:
   {{- end }}
   selector:
     matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" .podLabels "context" $) | nindent 6 }}
+      app.kubernetes.io/component: celery-workers
   template:
     metadata:
       labels: {{- include "common.labels.standard" (dict "customLabels" .podLabels "context" $) | nindent 8 }}
+        app.kubernetes.io/component: celery-workers
       {{- if .podAnnotations }}
       annotations: {{- include "common.tplvalues.render" (dict "value" .podAnnotations "context" $) | nindent 8 }}
       {{- end }}