Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Var helm #9

Merged
merged 2 commits into from
Oct 31, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 11 additions & 33 deletions helm-chart/environments/values-dev.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,42 +16,20 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

milAdapter:
disableBackoffStrategy: true
lockDuration: 20000
asyncResponseTimeout: 20000
milBasePath: https://mil-d-apim.azure-api.net
enableInterceptorLogging: true
logEngineInputVariables: true
restReadTimeout: 20000
restConnectionTmieout: 20000
milAuthRelativePath: /mil-auth/token
milAuthClientCredentials: client_credentials
tokenCacheName: token-cache
tokenCacheMaxEntries: 100

milAuth:
credentialsSecretName: "pagopa-dev-atm-layer-model-mil-auth"
credentialsSecretKeys:
clientId: CLIENT_ID
clientSecret: CLIENT_SECRET

camundaWebUser:
address: http://pagopa-dev-atm-layer-wf-engine.pagopa.svc.cluster.local:8080
credentialsSecretName: "pagopa-dev-atm-layer-model-camunda"
credentialsSecretKeys:
username: WEB_USER
password: WEB_PASSWORD

database:
driver: org.postgresql.Driver
url: jdbc:postgresql://pagopa-dev-atm-layer-rds.cluster-cyezwzpjc2tj.eu-south-1.rds.amazonaws.com:5431
type: postgresql
url: postgresql://pagopa-dev-atm-layer-rds.cluster-cyezwzpjc2tj.eu-south-1.rds.amazonaws.com:5431/pagopadb?search_path=atm_layer_model
db_name: pagopadb
schema: atm_layer_engine
credentialsSecretName: "pagopa-dev-atm-layer-model-database"
credentialsSecretKeys:
username: DB_USERNAME
password: DB_PASSWORD
username: USERNAME_DB
password: PASSWORD_DB

objectStore:
region: eu-south-1
type: AWS_S3
bucket_name: pagopa-dev-atm-layer-s3-model
bpmn_template_path: /BPMN/files/UUID/[uuid]/VERSION/[version]

secretProviderClass:
name: atm-layer-model-secrets
Expand Down Expand Up @@ -83,7 +61,7 @@ deployment:
name: pagopa-dev-atm-layer-model
annotations:
reloader.stakater.com/auto: "true"
secret.reloader.stakater.com/reload: pagopa-dev-atm-layer-mil-adapter-database, pagopa-dev-atm-layer-mil-adapter-camunda, pagopa-dev-atm-layer-mil-adapter-mil-auth
secret.reloader.stakater.com/reload: pagopa-dev-atm-layer-model-database

service:
name: pagopa-dev-atm-layer-model
Expand Down
93 changes: 17 additions & 76 deletions helm-chart/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,7 @@ spec:
spec:
serviceAccountName: {{ include "chart-1.serviceAccountName" . }}
volumes:
- name: secrets-store-inline-1
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: {{ .Values.secretProviderClass.name }}
- name: secrets-store-inline-2
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: {{ .Values.secretProviderClass.name }}
- name: secrets-store-inline-3
- name: secrets-store-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
Expand All @@ -46,80 +34,33 @@ spec:
- containerPort: {{ .Values.service.port }}
imagePullPolicy: Always
env:
- name: MIL_ADAPTER_ENGINE_URL
value: "{{ .Values.camundaWebUser.address }}"
- name: MIL_ADAPTER_DISABLE_BACKOFF_STRATEGY
value: "{{ .Values.milAdapter.disableBackoffStrategy }}"
- name: MIL_ADAPTER_LOCK_DURATION
value: "{{ .Values.milAdapter.lockDuration }}"
- name: MIL_ADAPTER_ASYNC_RESPONSE_TIMEOUT
value: "{{ .Values.milAdapter.asyncResponseTimeout }}"
- name: MIL_ADAPTER_ENGINE_ACCOUNT_USER
valueFrom:
secretKeyRef:
name: {{ .Values.camundaWebUser.credentialsSecretName }}
key: {{ .Values.camundaWebUser.credentialsSecretKeys.username }}
- name: MIL_ADAPTER_ENGINE_ACCOUNT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.camundaWebUser.credentialsSecretName }}
key: {{ .Values.camundaWebUser.credentialsSecretKeys.password }}
- name: MIL_ADAPTER_MIL_BASE_PATH
value: "{{ .Values.milAdapter.milBasePath }}"
- name: MIL_ADAPTER_MIL_AUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.milAuth.credentialsSecretName }}
key: {{ .Values.milAuth.credentialsSecretKeys.clientId }}
- name: MIL_ADAPTER_MIL_AUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.milAuth.credentialsSecretName }}
key: {{ .Values.milAuth.credentialsSecretKeys.clientSecret }}
- name: MIL_ADAPTER_ENGINE_DB_BASE_URL
- name: MODEL_DB_TYPE
value: "{{ .Values.database.type }}"
- name: MODEL_DB_URL
value: "{{ .Values.database.url }}"
- name: MIL_ADAPTER_ENGINE_DB_NAME
value: "{{ .Values.database.db_name }}"
- name: MIL_ADAPTER_ENGINE_DB_SCHEMA
value: "{{ .Values.database.schema }}"
- name: MIL_ADAPTER_ENGINE_DB_USERNAME
- name: MODEL_DB_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.database.credentialsSecretName }}
key: {{ .Values.database.credentialsSecretKeys.username }}
- name: MIL_ADAPTER_ENGINE_DB_PASSWORD
- name: MODEL_DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.credentialsSecretName }}
key: {{ .Values.database.credentialsSecretKeys.password }}
- name: MIL_ADAPTER_ENGINE_DB_DRIVER
value: "{{ .Values.database.driver }}"
- name: MIL_ADAPTER_ENABLE_INTERCEPTOR_LOGGING
value: "{{ .Values.milAdapter.enableInterceptorLogging }}"
- name: MIL_ADAPTER_LOG_ENGINE_INPUT_VARIABLES
value: "{{ .Values.milAdapter.logEngineInputVariables }}"
- name: MIL_ADAPTER_REST_READ_TIMEOUT
value: "{{ .Values.milAdapter.restReadTimeout }}"
- name: MIL_ADAPTER_REST_CONNECTION_TIMEOUT
value: "{{ .Values.milAdapter.restConnectionTmieout }}"
- name: MIL_ADAPTER_MIL_AUTH_RELATIVE_PATH
value: "{{ .Values.milAdapter.milAuthRelativePath }}"
- name: MIL_ADAPTER_MIL_AUTH_CLIENT_CREDENTIALS
value: "{{ .Values.milAdapter.milAuthClientCredentials }}"
- name: MIL_ADAPTER_TOKEN_CACHE_NAME
value: "{{ .Values.milAdapter.tokenCacheName }}"
- name: MIL_ADAPTER_TOKEN_CACHE_MAX_ENTRIES
value: "{{ .Values.milAdapter.tokenCacheMaxEntries }}"
- name: MODEL_OBJECT_STORE_REGION
value: "{{ .Values.objectStore.region }}"
- name: MODEL_OBJECT_STORE_TYPE
value: "{{ .Values.objectStore.type }}"
- name: MODEL_OBJECT_STORE_BUCKET_NAME
value: "{{ .Values.objectStore.bucket_name }}"
- name: MODEL_OBJECT_STORE_BPMN_TEMPLATE_PATH
value: "{{ .Values.objectStore.bpmn_template_path }}"

volumeMounts:
- name: secrets-store-inline-1
- name: secrets-store-inline
mountPath: "/mnt/secrets-store/1"
readOnly: true
- name: secrets-store-inline-2
mountPath: "/mnt/secrets-store/2"
readOnly: true
- name: secrets-store-inline-3
mountPath: "/mnt/secrets-store/3"
readOnly: true

strategy:
type: Recreate
type: Recreate
32 changes: 2 additions & 30 deletions helm-chart/templates/secretproviderclass.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,39 +13,11 @@ spec:
objectAlias: username
- path: password
objectAlias: password
- objectName: "pagopa-dev-atm-layer/camunda/credentials"
objectType: "secretsmanager"
jmesPath:
- path: WEB_USER
objectAlias: WEB_USER
- path: WEB_PASSWORD
objectAlias: WEB_PASSWORD
- objectName: "pagopa-dev-atm-layer/mil-auth/credentials"
objectType: "secretsmanager"
jmesPath:
- path: CLIENT_ID
objectAlias: CLIENT_ID
- path: CLIENT_SECRET
objectAlias: CLIENT_SECRET
secretObjects:
- secretName: {{ .Values.database.credentialsSecretName }}
type: Opaque
data:
- objectName: "username" # reference the corresponding parameter
key: DB_USERNAME
key: {{ .Values.database.credentialsSecretKeys.username }}
- objectName: "password" # reference the corresponding parameter
key: DB_PASSWORD
- secretName: {{ .Values.camundaWebUser.credentialsSecretName }}
type: Opaque
data:
- objectName: "WEB_USER" # reference the corresponding parameter
key: WEB_USER
- objectName: "WEB_PASSWORD" # reference the corresponding parameter
key: WEB_PASSWORD
- secretName: {{ .Values.milAuth.credentialsSecretName }}
type: Opaque
data:
- objectName: "CLIENT_ID" # reference the corresponding parameter
key: CLIENT_ID
- objectName: "CLIENT_SECRET" # reference the corresponding parameter
key: CLIENT_SECRET
key: {{ .Values.database.credentialsSecretKeys.password }}
Loading