From 5e958ac8c33dbcf95d4831fe11473893ae62d2f8 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Thu, 16 Oct 2025 16:41:21 -0500 Subject: [PATCH 01/30] helm chart updates --- .gitlab-ci.yml | 25 +++++++++++++++++++++++-- helm/templates/_helpers.tpl | 20 ++++++++++---------- helm/templates/deployment.yaml | 22 +++++++++++----------- helm/values.yaml | 6 +++--- 4 files changed, 47 insertions(+), 26 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7f19844..0d46ff2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,11 +18,32 @@ build_container: stage: build image: deps.global.bsf.tools/quay.io/buildah/stable:latest variables: - IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA" + IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF" before_script: - mkdir -p /tmp/buildah-storage - export BUILDAH_ROOT="/tmp/buildah-storage" - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" script: - buildah bud --build-arg NPM_REGISTRY=https://deps.global.bsf.tools/artifactory/api/npm/registry.npmjs.org/ --storage-driver vfs --isolation chroot -t $IMAGE_NAME . - - buildah push --storage-driver vfs $IMAGE_NAME \ No newline at end of file + - buildah push --storage-driver vfs $IMAGE_NAME + +deploy_helm_charts: + stage: deploy + image: + name: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12 + parallel: + matrix: + # - ENV: "prod" + # VALUES_FILE: "helm/values-prod.yaml" + # CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent" + # NAMESPACE: "bsf-services-namespace" + # ONLY: "main" + - ENV: "dev" + VALUES_FILE: "helm/values.yaml" + CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent" + NAMESPACE: "bsf-services-dev-namespace" + # ONLY: ["branches", "!main"] + script: + - kubectl config use-context $CONTEXT + - | + helm upgrade --install gitlab-servicedesk-agent-$ENV ./helm --namespace $NAMESPACE -f $VALUES_FILE --set image.repository=$CI_REGISTRY_IMAGE --set image.tag=$CI_COMMIT_REF diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 0ebb04f..ecac6a9 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -1,14 +1,14 @@ {{/* Expand the name of the chart. */}} -{{- define "datalake.name" -}} +{{- define "w13.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Create a default fully qualified app name. */}} -{{- define "datalake.fullname" -}} +{{- define "w13.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -24,16 +24,16 @@ Create a default fully qualified app name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "datalake.chart" -}} +{{- define "w13.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "datalake.labels" -}} -helm.sh/chart: {{ include "datalake.chart" . }} -{{ include "datalake.selectorLabels" . }} +{{- define "w13.labels" -}} +helm.sh/chart: {{ include "w13.chart" . }} +{{ include "w13.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -43,17 +43,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "datalake.selectorLabels" -}} -app.kubernetes.io/name: {{ include "datalake.name" . }} +{{- define "w13.selectorLabels" -}} +app.kubernetes.io/name: {{ include "w13.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "datalake.serviceAccountName" -}} +{{- define "w13.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "datalake.fullname" .) .Values.serviceAccount.name }} +{{- default (include "w13.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 652d855..de12d5f 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -1,16 +1,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "datalake.fullname" . }} + name: {{ include "w13.fullname" . }} labels: - {{- include "datalake.labels" . | nindent 4 }} + {{- include "w13.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: - {{- include "datalake.selectorLabels" . | nindent 6 }} + {{- include "w13.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} @@ -18,13 +18,13 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "datalake.selectorLabels" . | nindent 8 }} + {{- include "w13.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "datalake.serviceAccountName" . }} + serviceAccountName: {{ include "w13.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: @@ -53,7 +53,7 @@ spec: - name: DATABASE_URL valueFrom: secretKeyRef: - name: {{ include "datalake.fullname" . }}-secrets + name: {{ include "w13.fullname" . }}-secrets key: database-url - name: STORAGE_BACKEND value: {{ .Values.config.storageBackend | quote }} @@ -63,12 +63,12 @@ spec: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: {{ include "datalake.fullname" . }}-secrets + name: {{ include "w13.fullname" . }}-secrets key: aws-access-key-id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ include "datalake.fullname" . }}-secrets + name: {{ include "w13.fullname" . }}-secrets key: aws-secret-access-key - name: AWS_REGION value: {{ .Values.aws.region | quote }} @@ -76,16 +76,16 @@ spec: value: {{ .Values.aws.bucketName | quote }} {{- else }} - name: MINIO_ENDPOINT - value: "{{ include "datalake.fullname" . }}-minio:9000" + value: "{{ include "w13.fullname" . }}-minio:9000" - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ include "datalake.fullname" . }}-secrets + name: {{ include "w13.fullname" . }}-secrets key: minio-access-key - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: - name: {{ include "datalake.fullname" . }}-secrets + name: {{ include "w13.fullname" . }}-secrets key: minio-secret-key - name: MINIO_BUCKET_NAME value: "test-artifacts" diff --git a/helm/values.yaml b/helm/values.yaml index c468fb2..8668226 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,7 +1,7 @@ replicaCount: 1 image: - repository: datalake + repository: w13 pullPolicy: IfNotPresent tag: "latest" @@ -37,7 +37,7 @@ ingress: className: "" annotations: {} hosts: - - host: datalake.local + - host: w13.local paths: - path: / pathType: Prefix @@ -74,7 +74,7 @@ postgresql: auth: username: user password: password - database: datalake + database: w13 primary: persistence: enabled: true From 59001222a094c27278767d9cd2bb6b0b59690641 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Thu, 16 Oct 2025 17:03:25 -0500 Subject: [PATCH 02/30] Add comprehensive Warehouse13 Helm chart with configurable images MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Features: - Complete Helm chart at helm/warehouse13/ with Warehouse13 branding - Configurable images for all components (PostgreSQL, MinIO, API, Frontend) - Support for 3 deployment scenarios: dev, production, air-gapped - 14 Kubernetes templates: Deployments, StatefulSets, Services, Ingress - Persistent storage with configurable storage classes - Health checks for all services - Ingress with TLS support - Security contexts and RBAC - Comprehensive documentation: - HELM-DEPLOYMENT.md (main Kubernetes guide) - helm/warehouse13/README.md (full chart docs) - helm/warehouse13/QUICKSTART.md (5-min deployment) - Example values files (dev, production, air-gapped) - Updated main README.md with Helm deployment instructions - Marked old helm chart as deprecated All component images fully configurable via values.yaml: - postgres:15-alpine - minio/minio:latest - warehouse13/api:latest - warehouse13/frontend:latest šŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- HELM-DEPLOYMENT.md | 517 ++++++++++++++++++ README.md | 55 +- helm/Chart.yaml | 9 +- helm/README.md | 46 ++ helm/warehouse13/.helmignore | 23 + helm/warehouse13/Chart.yaml | 16 + helm/warehouse13/QUICKSTART.md | 148 +++++ helm/warehouse13/README.md | 441 +++++++++++++++ helm/warehouse13/templates/NOTES.txt | 138 +++++ helm/warehouse13/templates/_helpers.tpl | 71 +++ .../warehouse13/templates/api-deployment.yaml | 93 ++++ helm/warehouse13/templates/api-service.yaml | 19 + helm/warehouse13/templates/configmap.yaml | 10 + .../templates/frontend-deployment.yaml | 73 +++ .../templates/frontend-service.yaml | 19 + helm/warehouse13/templates/ingress.yaml | 41 ++ helm/warehouse13/templates/minio-service.yaml | 23 + .../templates/minio-statefulset.yaml | 87 +++ .../templates/postgres-service.yaml | 19 + .../templates/postgres-statefulset.yaml | 89 +++ helm/warehouse13/templates/secret.yaml | 14 + .../warehouse13/templates/serviceaccount.yaml | 12 + helm/warehouse13/values-airgapped.yaml | 99 ++++ helm/warehouse13/values-dev.yaml | 86 +++ helm/warehouse13/values-production.yaml | 118 ++++ helm/warehouse13/values.yaml | 168 ++++++ 26 files changed, 2412 insertions(+), 22 deletions(-) create mode 100644 HELM-DEPLOYMENT.md create mode 100644 helm/README.md create mode 100644 helm/warehouse13/.helmignore create mode 100644 helm/warehouse13/Chart.yaml create mode 100644 helm/warehouse13/QUICKSTART.md create mode 100644 helm/warehouse13/README.md create mode 100644 helm/warehouse13/templates/NOTES.txt create mode 100644 helm/warehouse13/templates/_helpers.tpl create mode 100644 helm/warehouse13/templates/api-deployment.yaml create mode 100644 helm/warehouse13/templates/api-service.yaml create mode 100644 helm/warehouse13/templates/configmap.yaml create mode 100644 helm/warehouse13/templates/frontend-deployment.yaml create mode 100644 helm/warehouse13/templates/frontend-service.yaml create mode 100644 helm/warehouse13/templates/ingress.yaml create mode 100644 helm/warehouse13/templates/minio-service.yaml create mode 100644 helm/warehouse13/templates/minio-statefulset.yaml create mode 100644 helm/warehouse13/templates/postgres-service.yaml create mode 100644 helm/warehouse13/templates/postgres-statefulset.yaml create mode 100644 helm/warehouse13/templates/secret.yaml create mode 100644 helm/warehouse13/templates/serviceaccount.yaml create mode 100644 helm/warehouse13/values-airgapped.yaml create mode 100644 helm/warehouse13/values-dev.yaml create mode 100644 helm/warehouse13/values-production.yaml create mode 100644 helm/warehouse13/values.yaml diff --git a/HELM-DEPLOYMENT.md b/HELM-DEPLOYMENT.md new file mode 100644 index 0000000..d20b1b2 --- /dev/null +++ b/HELM-DEPLOYMENT.md @@ -0,0 +1,517 @@ +# Warehouse13 - Kubernetes Deployment with Helm + +This guide covers deploying Warehouse13 to Kubernetes using the official Helm chart. + +## Table of Contents + +1. [Prerequisites](#prerequisites) +2. [Quick Start](#quick-start) +3. [Deployment Scenarios](#deployment-scenarios) +4. [Configuration](#configuration) +5. [Post-Deployment](#post-deployment) +6. [Upgrading](#upgrading) +7. [Troubleshooting](#troubleshooting) + +## Prerequisites + +- Kubernetes 1.19+ cluster +- Helm 3.0+ +- kubectl configured to access your cluster +- Persistent volume provisioner (for production deployments) + +### Installing Helm + +```bash +# macOS +brew install helm + +# Linux +curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + +# Windows +choco install kubernetes-helm +``` + +## Quick Start + +### 1. Standard Deployment (Internet Access) + +```bash +# Create namespace +kubectl create namespace warehouse13 + +# Install with default values +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 + +# Wait for pods to be ready +kubectl wait --for=condition=ready pod \ + --all --namespace warehouse13 --timeout=300s +``` + +### 2. Access the Application + +```bash +# Frontend +kubectl port-forward -n warehouse13 svc/warehouse13-frontend 4200:80 + +# API +kubectl port-forward -n warehouse13 svc/warehouse13-api 8000:8000 + +# MinIO Console +kubectl port-forward -n warehouse13 svc/warehouse13-minio 9001:9001 +``` + +Then visit: +- Frontend: http://localhost:4200 +- API Docs: http://localhost:8000/docs +- MinIO Console: http://localhost:9001 + +## Deployment Scenarios + +### Development Environment + +For local testing or CI/CD: + +```bash +helm install warehouse13-dev ./helm/warehouse13 \ + --namespace warehouse13-dev \ + --create-namespace \ + --values ./helm/warehouse13/values-dev.yaml +``` + +**Features:** +- Single replica for all services +- emptyDir storage (no persistence) +- Minimal resource requests +- Always pull latest dev images + +### Production Environment + +For production with ingress and high availability: + +```bash +# First, update the values file with your domain and secrets +cp ./helm/warehouse13/values-production.yaml ./my-production-values.yaml + +# Edit the file: +# - Set postgres.auth.password +# - Set minio.auth.rootUser and rootPassword +# - Set ingress.hosts[0].host to your domain +# - Update storageClass for your environment + +# Install +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --create-namespace \ + --values ./my-production-values.yaml +``` + +**Features:** +- 3 replicas for API and frontend +- Persistent storage with PVCs +- Ingress with TLS support +- Resource limits and requests +- Health checks enabled +- Pod anti-affinity for distribution + +### Air-Gapped Environment + +For restricted/disconnected environments: + +```bash +# 1. First, push images to your internal registry +# Example using harbor.internal.example.com + +# Pull images (on internet-connected machine) +docker pull postgres:15-alpine +docker pull minio/minio:latest +docker pull warehouse13/api:v1.0.0 +docker pull warehouse13/frontend:v1.0.0 + +# Tag for internal registry +docker tag postgres:15-alpine harbor.internal.example.com/library/postgres:15-alpine +docker tag minio/minio:latest harbor.internal.example.com/library/minio:latest +docker tag warehouse13/api:v1.0.0 harbor.internal.example.com/warehouse13/api:v1.0.0 +docker tag warehouse13/frontend:v1.0.0 harbor.internal.example.com/warehouse13/frontend:v1.0.0 + +# Push to internal registry +docker push harbor.internal.example.com/library/postgres:15-alpine +docker push harbor.internal.example.com/library/minio:latest +docker push harbor.internal.example.com/warehouse13/api:v1.0.0 +docker push harbor.internal.example.com/warehouse13/frontend:v1.0.0 + +# 2. Update the values file with your registry +cp ./helm/warehouse13/values-airgapped.yaml ./my-airgapped-values.yaml + +# Edit to match your environment: +# - Update all image.repository values +# - Set secure passwords +# - Configure storage classes +# - Add node selectors/tolerations if needed + +# 3. Install on air-gapped cluster +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --create-namespace \ + --values ./my-airgapped-values.yaml +``` + +**Features:** +- All images from custom registry +- Local storage class support +- Node selectors for specific nodes +- Tolerations for tainted nodes + +## Configuration + +### Configurable Images + +All component images can be customized: + +```yaml +# PostgreSQL +postgres: + image: + repository: postgres # or your-registry/postgres + tag: 15-alpine + pullPolicy: IfNotPresent + +# MinIO +minio: + image: + repository: minio/minio # or your-registry/minio + tag: latest + pullPolicy: IfNotPresent + +# API Backend +api: + image: + repository: warehouse13/api # or your-registry/warehouse13-api + tag: v1.0.0 + pullPolicy: IfNotPresent + +# Frontend +frontend: + image: + repository: warehouse13/frontend # or your-registry/warehouse13-frontend + tag: v1.0.0 + pullPolicy: IfNotPresent +``` + +### Quick Image Override + +```bash +# Override images from command line +helm install warehouse13 ./helm/warehouse13 \ + --set postgres.image.repository=myregistry.com/postgres \ + --set postgres.image.tag=15-alpine \ + --set minio.image.repository=myregistry.com/minio \ + --set minio.image.tag=latest \ + --set api.image.repository=myregistry.com/warehouse13-api \ + --set api.image.tag=v1.0.0 \ + --set frontend.image.repository=myregistry.com/warehouse13-frontend \ + --set frontend.image.tag=v1.0.0 +``` + +### Storage Configuration + +```yaml +# PostgreSQL storage +postgres: + persistence: + enabled: true + size: 50Gi + storageClass: "fast-ssd" # or "" for default + +# MinIO storage +minio: + persistence: + enabled: true + size: 500Gi + storageClass: "bulk-storage" # or "" for default +``` + +### Resource Configuration + +```yaml +# API resources +api: + resources: + requests: + memory: "512Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "1000m" + +# Frontend resources +frontend: + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" +``` + +### Ingress Configuration + +```yaml +ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: warehouse13.example.com + paths: + - path: / + pathType: Prefix + backend: frontend + - path: /api + pathType: Prefix + backend: api + tls: + - secretName: warehouse13-tls + hosts: + - warehouse13.example.com +``` + +## Post-Deployment + +### Verify Installation + +```bash +# Check all pods are running +kubectl get pods -n warehouse13 + +# Check services +kubectl get svc -n warehouse13 + +# Check PVCs +kubectl get pvc -n warehouse13 + +# Check ingress (if enabled) +kubectl get ingress -n warehouse13 +``` + +### View Logs + +```bash +# API logs +kubectl logs -n warehouse13 -l app.kubernetes.io/component=api --tail=100 -f + +# Frontend logs +kubectl logs -n warehouse13 -l app.kubernetes.io/component=frontend --tail=100 -f + +# PostgreSQL logs +kubectl logs -n warehouse13 warehouse13-postgres-0 --tail=100 -f + +# MinIO logs +kubectl logs -n warehouse13 warehouse13-minio-0 --tail=100 -f +``` + +### Initialize MinIO Bucket + +```bash +# Port-forward to MinIO console +kubectl port-forward -n warehouse13 svc/warehouse13-minio 9001:9001 + +# Open http://localhost:9001 +# Login with credentials from values.yaml +# Create bucket: "artifacts" +``` + +## Upgrading + +### Upgrade to New Version + +```bash +# Update image tags in values file +# Then run upgrade +helm upgrade warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --values ./my-production-values.yaml \ + --wait \ + --timeout 10m + +# Check rollout status +kubectl rollout status deployment/warehouse13-api -n warehouse13 +kubectl rollout status deployment/warehouse13-frontend -n warehouse13 +``` + +### Rollback + +```bash +# View revision history +helm history warehouse13 -n warehouse13 + +# Rollback to previous version +helm rollback warehouse13 -n warehouse13 + +# Rollback to specific revision +helm rollback warehouse13 2 -n warehouse13 +``` + +### Update Values Only + +```bash +# Update configuration without changing images +helm upgrade warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --values ./my-updated-values.yaml \ + --reuse-values +``` + +## Backup and Restore + +### PostgreSQL Backup + +```bash +# Create backup +kubectl exec -n warehouse13 warehouse13-postgres-0 -- \ + pg_dump -U warehouse13user warehouse13 > backup-$(date +%Y%m%d).sql + +# Restore +cat backup-20241016.sql | kubectl exec -i -n warehouse13 warehouse13-postgres-0 -- \ + psql -U warehouse13user warehouse13 +``` + +### MinIO Backup + +```bash +# Install MinIO Client +wget https://dl.min.io/client/mc/release/linux-amd64/mc +chmod +x mc + +# Configure +kubectl port-forward -n warehouse13 svc/warehouse13-minio 9000:9000 +mc alias set w13 http://localhost:9000 + +# Backup bucket +mc mirror w13/artifacts ./backup/artifacts-$(date +%Y%m%d) + +# Restore +mc mirror ./backup/artifacts-20241016 w13/artifacts +``` + +### Full Backup + +```bash +# Backup all PVCs +for pvc in $(kubectl get pvc -n warehouse13 -o name); do + pvc_name=$(basename $pvc) + kubectl get -n warehouse13 $pvc -o yaml > backup-${pvc_name}.yaml +done + +# Backup Helm values +helm get values warehouse13 -n warehouse13 > backup-values.yaml +``` + +## Troubleshooting + +### Pods Not Starting + +```bash +# Check pod status +kubectl get pods -n warehouse13 + +# Describe pod for events +kubectl describe pod -n warehouse13 + +# Check logs +kubectl logs -n warehouse13 + +# Common issues: +# - ImagePullBackOff: Check image repository and credentials +# - Pending: Check PVC status and node resources +# - CrashLoopBackOff: Check application logs +``` + +### PVC Issues + +```bash +# Check PVC status +kubectl get pvc -n warehouse13 + +# Describe PVC +kubectl describe pvc -n warehouse13 + +# Common issues: +# - Pending: No storage class or insufficient storage +# - Bound: PVC is healthy +``` + +### Database Connection Issues + +```bash +# Test PostgreSQL connection +kubectl exec -it -n warehouse13 warehouse13-postgres-0 -- \ + psql -U warehouse13user -d warehouse13 + +# Check database logs +kubectl logs -n warehouse13 warehouse13-postgres-0 --tail=100 + +# Verify secret +kubectl get secret -n warehouse13 warehouse13-secrets -o yaml +``` + +### Ingress Not Working + +```bash +# Check ingress status +kubectl get ingress -n warehouse13 +kubectl describe ingress -n warehouse13 warehouse13-ingress + +# Check ingress controller logs +kubectl logs -n ingress-nginx -l app.kubernetes.io/component=controller + +# Verify TLS certificate +kubectl get certificate -n warehouse13 +kubectl describe certificate -n warehouse13 warehouse13-tls +``` + +### Performance Issues + +```bash +# Check resource usage +kubectl top pods -n warehouse13 +kubectl top nodes + +# Check if pods are being throttled +kubectl describe pod -n warehouse13 | grep -A 5 "State:" + +# Increase resources +helm upgrade warehouse13 ./helm/warehouse13 \ + --set api.resources.limits.memory=2Gi \ + --set api.resources.limits.cpu=2000m +``` + +## Uninstalling + +```bash +# Uninstall the release +helm uninstall warehouse13 -n warehouse13 + +# Delete PVCs (data will be lost!) +kubectl delete pvc -n warehouse13 -l app.kubernetes.io/instance=warehouse13 + +# Delete namespace +kubectl delete namespace warehouse13 +``` + +## Additional Resources + +- [Helm Chart README](./helm/warehouse13/README.md) +- [Values Documentation](./helm/warehouse13/values.yaml) +- [Docker Deployment Guide](./DEPLOYMENT.md) +- [Main README](./README.md) + +## Support + +For issues and questions: +- GitHub Issues: https://github.com/yourusername/warehouse13/issues +- Helm Chart Issues: Tag with `helm` label diff --git a/README.md b/README.md index 2c37805..01d2202 100644 --- a/README.md +++ b/README.md @@ -214,35 +214,54 @@ MINIO_BUCKET_NAME=test-artifacts ### Kubernetes with Helm -1. Build and push Docker image: +**Quick Start:** ```bash -docker build -t your-registry/datalake:latest . -docker push your-registry/datalake:latest +helm install warehouse13 ./helm/warehouse13 --namespace warehouse13 --create-namespace ``` -2. Install with Helm: +**Production Deployment:** ```bash -helm install datalake ./helm \ - --set image.repository=your-registry/datalake \ - --set image.tag=latest \ - --namespace datalake \ - --create-namespace +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --create-namespace \ + --values ./helm/warehouse13/values-production.yaml ``` -3. Access the API: +**Air-Gapped Deployment:** ```bash -kubectl port-forward -n datalake svc/datalake 8000:8000 +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --create-namespace \ + --values ./helm/warehouse13/values-airgapped.yaml ``` +**Access the Application:** +```bash +kubectl port-forward -n warehouse13 svc/warehouse13-frontend 4200:80 +kubectl port-forward -n warehouse13 svc/warehouse13-api 8000:8000 +``` + +### Helm Documentation + +- **Full Helm Guide:** [HELM-DEPLOYMENT.md](./HELM-DEPLOYMENT.md) +- **Chart README:** [helm/warehouse13/README.md](./helm/warehouse13/README.md) +- **Quick Start:** [helm/warehouse13/QUICKSTART.md](./helm/warehouse13/QUICKSTART.md) +- **Example Configurations:** + - Development: [values-dev.yaml](./helm/warehouse13/values-dev.yaml) + - Production: [values-production.yaml](./helm/warehouse13/values-production.yaml) + - Air-Gapped: [values-airgapped.yaml](./helm/warehouse13/values-airgapped.yaml) + ### Helm Configuration -Edit `helm/values.yaml` to customize: -- Replica count -- Resource limits -- Storage backend (S3 vs MinIO) -- Ingress settings -- PostgreSQL settings -- Autoscaling +All component images are fully configurable in `helm/warehouse13/values.yaml`: +- PostgreSQL image and version +- MinIO image and version +- API image and version +- Frontend image and version +- Resource limits and requests +- Storage backend configuration +- Ingress and TLS settings +- Persistence and storage classes ### GitLab CI/CD diff --git a/helm/Chart.yaml b/helm/Chart.yaml index ce650b4..f93d136 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: datalake -description: Test Artifact Data Lake - Store and query test artifacts +name: warehouse13 +description: Warehouse13 - Enterprise Test Artifact Storage (Legacy Chart - Use ./warehouse13 instead) type: application version: 1.0.0 appVersion: "1.0.0" @@ -8,6 +8,7 @@ keywords: - testing - artifacts - storage - - data-lake + - datalake +deprecated: true maintainers: - - name: Your Team + - name: Warehouse13 Team diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 0000000..9b35934 --- /dev/null +++ b/helm/README.md @@ -0,0 +1,46 @@ +# Helm Charts + +This directory contains Helm charts for deploying Warehouse13. + +## Current Chart (Recommended) + +**Location:** `./warehouse13/` + +The latest, fully-featured Helm chart with: +- Warehouse13 branding +- Configurable images for all components +- Multiple deployment scenarios (dev, production, air-gapped) +- Comprehensive documentation +- Example values files + +**Usage:** +```bash +helm install warehouse13 ./warehouse13 +``` + +**Documentation:** See [warehouse13/README.md](./warehouse13/README.md) + +## Legacy Chart (Deprecated) + +The files in this root `helm/` directory are from an older version and are marked as deprecated. Please use the `./warehouse13/` chart instead. + +## Migration + +If you're using the old chart, migration is straightforward: + +```bash +# Uninstall old chart +helm uninstall datalake + +# Install new chart +helm install warehouse13 ./warehouse13 + +# Or upgrade in place (if compatible) +helm upgrade datalake ./warehouse13 +``` + +Note: Check your values.yaml configuration and update image repositories, resource limits, and other settings as needed. + +## Quick Start + +See [../HELM-DEPLOYMENT.md](../HELM-DEPLOYMENT.md) for comprehensive deployment guide. diff --git a/helm/warehouse13/.helmignore b/helm/warehouse13/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/helm/warehouse13/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/warehouse13/Chart.yaml b/helm/warehouse13/Chart.yaml new file mode 100644 index 0000000..b93bf76 --- /dev/null +++ b/helm/warehouse13/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: warehouse13 +description: Warehouse13 - Enterprise Test Artifact Storage +type: application +version: 1.0.0 +appVersion: "1.0.0" +keywords: + - testing + - artifacts + - storage + - datalake +maintainers: + - name: Warehouse13 Team +home: https://github.com/yourusername/warehouse13 +sources: + - https://github.com/yourusername/warehouse13 diff --git a/helm/warehouse13/QUICKSTART.md b/helm/warehouse13/QUICKSTART.md new file mode 100644 index 0000000..b70e123 --- /dev/null +++ b/helm/warehouse13/QUICKSTART.md @@ -0,0 +1,148 @@ +# Warehouse13 Helm Chart - Quick Start + +## 5-Minute Deployment + +### Prerequisites Check + +```bash +# Verify Kubernetes cluster access +kubectl cluster-info + +# Verify Helm is installed +helm version + +# Create namespace +kubectl create namespace warehouse13 +``` + +### Deploy with Defaults + +```bash +# Install chart +helm install warehouse13 ./helm/warehouse13 --namespace warehouse13 + +# Wait for ready +kubectl wait --for=condition=ready pod --all -n warehouse13 --timeout=5m +``` + +### Access Application + +```bash +# In separate terminals, run: + +# Terminal 1: Frontend +kubectl port-forward -n warehouse13 svc/warehouse13-frontend 4200:80 + +# Terminal 2: API +kubectl port-forward -n warehouse13 svc/warehouse13-api 8000:8000 + +# Terminal 3: MinIO Console +kubectl port-forward -n warehouse13 svc/warehouse13-minio 9001:9001 +``` + +Then open in browser: +- **Frontend:** http://localhost:4200 +- **API Docs:** http://localhost:8000/docs +- **MinIO Console:** http://localhost:9001 + - Username: `minioadmin` + - Password: `minioadmin` + +## Common Scenarios + +### 1. Development (No Persistence) + +```bash +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --values ./helm/warehouse13/values-dev.yaml +``` + +### 2. Production (With Ingress) + +```bash +# Update values-production.yaml with your settings first +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --values ./helm/warehouse13/values-production.yaml +``` + +### 3. Air-Gapped (Custom Registry) + +```bash +# Update values-airgapped.yaml with your registry first +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --values ./helm/warehouse13/values-airgapped.yaml +``` + +### 4. Custom Image Repository + +```bash +helm install warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --set postgres.image.repository=myregistry.com/postgres \ + --set minio.image.repository=myregistry.com/minio \ + --set api.image.repository=myregistry.com/warehouse13-api \ + --set frontend.image.repository=myregistry.com/warehouse13-frontend +``` + +## Verify Deployment + +```bash +# Check pods +kubectl get pods -n warehouse13 + +# Check services +kubectl get svc -n warehouse13 + +# View logs +kubectl logs -n warehouse13 -l app.kubernetes.io/component=api --tail=50 + +# Check resource usage +kubectl top pods -n warehouse13 +``` + +## Cleanup + +```bash +# Uninstall release +helm uninstall warehouse13 -n warehouse13 + +# Delete PVCs (data will be lost!) +kubectl delete pvc -n warehouse13 --all + +# Delete namespace +kubectl delete namespace warehouse13 +``` + +## Next Steps + +- **Full Documentation:** [README.md](./README.md) +- **Deployment Guide:** [../../HELM-DEPLOYMENT.md](../../HELM-DEPLOYMENT.md) +- **Configuration Options:** [values.yaml](./values.yaml) +- **Example Configs:** [values-dev.yaml](./values-dev.yaml), [values-production.yaml](./values-production.yaml), [values-airgapped.yaml](./values-airgapped.yaml) + +## Troubleshooting + +### Pods stuck in Pending +```bash +kubectl describe pod -n warehouse13 +# Check: PVC status, node resources, storage classes +``` + +### Image pull errors +```bash +kubectl describe pod -n warehouse13 +# Check: Image repository, credentials, network access +``` + +### Database connection errors +```bash +kubectl logs -n warehouse13 warehouse13-postgres-0 +kubectl get secret -n warehouse13 warehouse13-secrets -o yaml +``` + +## Support + +- GitHub Issues: https://github.com/yourusername/warehouse13/issues +- Documentation: https://warehouse13.example.com/docs diff --git a/helm/warehouse13/README.md b/helm/warehouse13/README.md new file mode 100644 index 0000000..eaf0701 --- /dev/null +++ b/helm/warehouse13/README.md @@ -0,0 +1,441 @@ +# Warehouse13 Helm Chart + +Enterprise Test Artifact Storage - Kubernetes deployment via Helm + +## Overview + +This Helm chart deploys the complete Warehouse13 stack on Kubernetes: + +- **PostgreSQL 15** - Metadata database +- **MinIO** - S3-compatible object storage +- **FastAPI Backend** - REST API server +- **Angular Frontend** - Web UI (nginx-served) + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.0+ +- PV provisioner support (for persistent storage) + +## Installation + +### Quick Start + +```bash +# Add the Warehouse13 chart repository (if published) +helm repo add warehouse13 https://charts.warehouse13.example.com +helm repo update + +# Install with default values +helm install my-warehouse13 warehouse13/warehouse13 + +# Or install from local chart +helm install my-warehouse13 ./helm/warehouse13 +``` + +### Custom Installation + +```bash +# Install with custom values +helm install my-warehouse13 ./helm/warehouse13 \ + --set postgres.persistence.size=20Gi \ + --set minio.persistence.size=100Gi \ + --set api.replicas=3 + +# Install in a specific namespace +helm install my-warehouse13 ./helm/warehouse13 \ + --namespace warehouse13 \ + --create-namespace +``` + +## Configuration + +### Configurable Images + +All component images can be customized via values.yaml or command-line flags: + +```yaml +postgres: + image: + repository: postgres + tag: 15-alpine + pullPolicy: IfNotPresent + +minio: + image: + repository: minio/minio + tag: latest + pullPolicy: IfNotPresent + +api: + image: + repository: warehouse13/api + tag: latest + pullPolicy: IfNotPresent + +frontend: + image: + repository: warehouse13/frontend + tag: latest + pullPolicy: IfNotPresent +``` + +**Example: Using custom image registry** + +```bash +helm install my-warehouse13 ./helm/warehouse13 \ + --set postgres.image.repository=myregistry.example.com/postgres \ + --set minio.image.repository=myregistry.example.com/minio \ + --set api.image.repository=myregistry.example.com/warehouse13-api \ + --set frontend.image.repository=myregistry.example.com/warehouse13-frontend +``` + +**Example: Air-gapped deployment with specific tags** + +```bash +helm install my-warehouse13 ./helm/warehouse13 \ + --set postgres.image.repository=harbor.internal/library/postgres \ + --set postgres.image.tag=15-alpine \ + --set minio.image.repository=harbor.internal/library/minio \ + --set minio.image.tag=RELEASE.2024-01-01T00-00-00Z \ + --set api.image.repository=harbor.internal/warehouse13/api \ + --set api.image.tag=v1.0.0 \ + --set frontend.image.repository=harbor.internal/warehouse13/frontend \ + --set frontend.image.tag=v1.0.0 +``` + +### Key Parameters + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `global.deploymentMode` | Deployment mode (standard/airgapped) | `standard` | +| `global.storageBackend` | Storage backend (minio/s3) | `minio` | +| `postgres.persistence.enabled` | Enable PostgreSQL persistence | `true` | +| `postgres.persistence.size` | PostgreSQL PVC size | `10Gi` | +| `postgres.auth.username` | PostgreSQL username | `user` | +| `postgres.auth.password` | PostgreSQL password | `password` | +| `minio.persistence.enabled` | Enable MinIO persistence | `true` | +| `minio.persistence.size` | MinIO PVC size | `50Gi` | +| `minio.auth.rootUser` | MinIO root username | `minioadmin` | +| `minio.auth.rootPassword` | MinIO root password | `minioadmin` | +| `api.replicas` | Number of API replicas | `2` | +| `frontend.replicas` | Number of frontend replicas | `2` | +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.className` | Ingress class name | `nginx` | +| `ingress.hosts` | Ingress hosts configuration | See values.yaml | + +### Example Configurations + +#### Production with Ingress + +```yaml +# values-production.yaml +global: + deploymentMode: "standard" + storageBackend: "minio" + +postgres: + persistence: + size: 50Gi + storageClass: "fast-ssd" + resources: + requests: + memory: "1Gi" + cpu: "500m" + limits: + memory: "2Gi" + cpu: "1000m" + +minio: + persistence: + size: 500Gi + storageClass: "bulk-storage" + resources: + requests: + memory: "2Gi" + cpu: "1000m" + limits: + memory: "4Gi" + cpu: "2000m" + +api: + replicas: 3 + resources: + requests: + memory: "512Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "1000m" + +frontend: + replicas: 3 + +ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + hosts: + - host: warehouse13.example.com + paths: + - path: / + pathType: Prefix + backend: frontend + - path: /api + pathType: Prefix + backend: api + tls: + - secretName: warehouse13-tls + hosts: + - warehouse13.example.com +``` + +```bash +helm install my-warehouse13 ./helm/warehouse13 -f values-production.yaml +``` + +#### Air-Gapped Environment + +```yaml +# values-airgapped.yaml +global: + deploymentMode: "airgapped" + storageBackend: "minio" + +postgres: + image: + repository: harbor.internal.example.com/library/postgres + tag: 15-alpine + pullPolicy: IfNotPresent + +minio: + image: + repository: harbor.internal.example.com/library/minio + tag: RELEASE.2024-01-01T00-00-00Z + pullPolicy: IfNotPresent + +api: + image: + repository: harbor.internal.example.com/warehouse13/api + tag: v1.0.0 + pullPolicy: IfNotPresent + +frontend: + image: + repository: harbor.internal.example.com/warehouse13/frontend + tag: v1.0.0 + pullPolicy: IfNotPresent +``` + +```bash +helm install my-warehouse13 ./helm/warehouse13 -f values-airgapped.yaml +``` + +#### Development/Testing + +```yaml +# values-dev.yaml +global: + deploymentMode: "standard" + +postgres: + persistence: + enabled: false # Use emptyDir for quick testing + resources: + requests: + memory: "128Mi" + cpu: "100m" + +minio: + persistence: + enabled: false + resources: + requests: + memory: "256Mi" + cpu: "100m" + +api: + replicas: 1 + image: + tag: dev + +frontend: + replicas: 1 + image: + tag: dev +``` + +```bash +helm install my-warehouse13 ./helm/warehouse13 -f values-dev.yaml +``` + +## Accessing the Application + +### Port Forwarding (Development) + +```bash +# Access frontend +kubectl port-forward svc/warehouse13-frontend 4200:80 + +# Access API +kubectl port-forward svc/warehouse13-api 8000:8000 + +# Access MinIO console +kubectl port-forward svc/warehouse13-minio 9001:9001 + +# Then visit: +# - Frontend: http://localhost:4200 +# - API: http://localhost:8000 +# - MinIO Console: http://localhost:9001 +``` + +### Via Ingress (Production) + +If ingress is enabled: +``` +https://warehouse13.example.com +``` + +## Upgrading + +```bash +# Upgrade with new values +helm upgrade my-warehouse13 ./helm/warehouse13 \ + --set api.image.tag=v2.0.0 \ + --set frontend.image.tag=v2.0.0 + +# Upgrade with values file +helm upgrade my-warehouse13 ./helm/warehouse13 -f values-production.yaml + +# Upgrade and wait for completion +helm upgrade my-warehouse13 ./helm/warehouse13 --wait --timeout 10m +``` + +## Uninstalling + +```bash +# Uninstall the release +helm uninstall my-warehouse13 + +# Note: PVCs are not deleted automatically. To delete them: +kubectl delete pvc -l app.kubernetes.io/instance=my-warehouse13 +``` + +## Backup and Restore + +### PostgreSQL Backup + +```bash +# Create backup +kubectl exec -it warehouse13-postgres-0 -- pg_dump -U user datalake > backup.sql + +# Restore +kubectl exec -i warehouse13-postgres-0 -- psql -U user datalake < backup.sql +``` + +### MinIO Backup + +```bash +# Install mc (MinIO Client) +# Configure mc alias +mc alias set w13 http://localhost:9001 minioadmin minioadmin + +# Mirror bucket +mc mirror w13/artifacts ./backup/artifacts + +# Restore +mc mirror ./backup/artifacts w13/artifacts +``` + +## Troubleshooting + +### Check Pod Status + +```bash +kubectl get pods -l app.kubernetes.io/name=warehouse13 +``` + +### View Logs + +```bash +# API logs +kubectl logs -l app.kubernetes.io/component=api -f + +# Frontend logs +kubectl logs -l app.kubernetes.io/component=frontend -f + +# PostgreSQL logs +kubectl logs warehouse13-postgres-0 -f + +# MinIO logs +kubectl logs warehouse13-minio-0 -f +``` + +### Check Services + +```bash +kubectl get svc -l app.kubernetes.io/name=warehouse13 +``` + +### Common Issues + +**Pods stuck in Pending** +- Check PVC status: `kubectl get pvc` +- Verify storage class exists: `kubectl get storageclass` +- Check node resources: `kubectl describe nodes` + +**Database connection errors** +- Verify postgres pod is running: `kubectl get pod warehouse13-postgres-0` +- Check database logs: `kubectl logs warehouse13-postgres-0` +- Verify secret exists: `kubectl get secret warehouse13-secrets` + +**Frontend cannot reach API** +- Check ingress configuration: `kubectl describe ingress warehouse13-ingress` +- Verify API service: `kubectl get svc warehouse13-api` +- Check API pod health: `kubectl get pods -l app.kubernetes.io/component=api` + +## Security Considerations + +### Secrets Management + +**Default credentials are for development only!** In production: + +1. **Use external secrets management:** + ```yaml + # Use sealed-secrets, external-secrets, or similar + postgres: + auth: + username: "{{ .Values.externalSecrets.postgresUser }}" + password: "{{ .Values.externalSecrets.postgresPassword }}" + ``` + +2. **Or create secrets manually:** + ```bash + kubectl create secret generic warehouse13-secrets \ + --from-literal=postgres-username=secure-user \ + --from-literal=postgres-password=secure-password \ + --from-literal=minio-root-user=secure-minio-user \ + --from-literal=minio-root-password=secure-minio-password + + # Then install without default secrets + helm install my-warehouse13 ./helm/warehouse13 --set createSecrets=false + ``` + +3. **Enable TLS:** + ```yaml + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + tls: + - secretName: warehouse13-tls + hosts: + - warehouse13.example.com + ``` + +## Support + +For issues and questions: +- GitHub Issues: https://github.com/yourusername/warehouse13/issues +- Documentation: https://warehouse13.example.com/docs diff --git a/helm/warehouse13/templates/NOTES.txt b/helm/warehouse13/templates/NOTES.txt new file mode 100644 index 0000000..602c65a --- /dev/null +++ b/helm/warehouse13/templates/NOTES.txt @@ -0,0 +1,138 @@ + + _ _ _ _ _____ +| | | | | | / |___ / +| | | | __ _ _ __ ___| |__ ___ _ _ ___ / / |_ \ +| |/\| |/ _` | '__/ _ \ '_ \ / _ \| | | / __|/ / ___) | +\ /\ / (_| | | | __/ | | | (_) | |_| \__ \_/ |____/ + \/ \/ \__,_|_| \___|_| |_|\___/ \__,_|___(_) + +Enterprise Test Artifact Storage has been deployed! + +Chart Name: {{ .Chart.Name }} +Chart Version: {{ .Chart.Version }} +App Version: {{ .Chart.AppVersion }} + +Release Name: {{ .Release.Name }} +Namespace: {{ .Release.Namespace }} + +--- + +DEPLOYMENT INFORMATION: + +{{- if .Values.frontend.enabled }} +Frontend: + Service: warehouse13-frontend + Replicas: {{ .Values.frontend.replicas }} + Image: {{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }} +{{- end }} + +{{- if .Values.api.enabled }} +API: + Service: warehouse13-api + Replicas: {{ .Values.api.replicas }} + Image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }} +{{- end }} + +{{- if .Values.postgres.enabled }} +PostgreSQL: + Service: warehouse13-postgres + Image: {{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }} + Persistence: {{ if .Values.postgres.persistence.enabled }}Enabled ({{ .Values.postgres.persistence.size }}){{ else }}Disabled (emptyDir){{ end }} +{{- end }} + +{{- if .Values.minio.enabled }} +MinIO: + Service: warehouse13-minio + Image: {{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag }} + Persistence: {{ if .Values.minio.persistence.enabled }}Enabled ({{ .Values.minio.persistence.size }}){{ else }}Disabled (emptyDir){{ end }} +{{- end }} + +--- + +ACCESSING YOUR APPLICATION: + +{{- if .Values.ingress.enabled }} + +1. Via Ingress: +{{- range .Values.ingress.hosts }} + https://{{ .host }} +{{- end }} + +{{- else }} + +1. Using Port Forwarding: + + # Frontend + kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-frontend 4200:80 + Then visit: http://localhost:4200 + + # API + kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-api 8000:8000 + Then visit: http://localhost:8000/docs + + # MinIO Console + kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-minio 9001:9001 + Then visit: http://localhost:9001 + Username: {{ .Values.minio.auth.rootUser }} + Password: {{ .Values.minio.auth.rootPassword }} + +2. Expose via LoadBalancer or Ingress for external access. + +{{- end }} + +--- + +CHECKING STATUS: + + # View all pods + kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + + # Check services + kubectl get svc -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + + # View logs + kubectl logs -n {{ .Release.Namespace }} -l app.kubernetes.io/component=api -f + kubectl logs -n {{ .Release.Namespace }} -l app.kubernetes.io/component=frontend -f + +--- + +UPGRADING: + + helm upgrade {{ .Release.Name }} warehouse13/warehouse13 \ + --namespace {{ .Release.Namespace }} + +--- + +UNINSTALLING: + + helm uninstall {{ .Release.Name }} --namespace {{ .Release.Namespace }} + + # Note: PVCs are retained. To delete them: + kubectl delete pvc -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +--- + +{{- if not .Values.ingress.enabled }} +āš ļø IMPORTANT: Ingress is disabled. Enable it for production use: + --set ingress.enabled=true +{{- end }} + +{{- if eq .Values.postgres.auth.password "password" }} +āš ļø WARNING: Using default PostgreSQL password! + For production, set a secure password: + --set postgres.auth.password=YOUR_SECURE_PASSWORD +{{- end }} + +{{- if eq .Values.minio.auth.rootPassword "minioadmin" }} +āš ļø WARNING: Using default MinIO password! + For production, set a secure password: + --set minio.auth.rootPassword=YOUR_SECURE_PASSWORD +{{- end }} + +--- + +For more information, visit: + Documentation: https://github.com/yourusername/warehouse13 + Issues: https://github.com/yourusername/warehouse13/issues + +Thank you for using Warehouse13! diff --git a/helm/warehouse13/templates/_helpers.tpl b/helm/warehouse13/templates/_helpers.tpl new file mode 100644 index 0000000..9845dad --- /dev/null +++ b/helm/warehouse13/templates/_helpers.tpl @@ -0,0 +1,71 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "warehouse13.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "warehouse13.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "warehouse13.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "warehouse13.labels" -}} +helm.sh/chart: {{ include "warehouse13.chart" . }} +{{ include "warehouse13.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "warehouse13.selectorLabels" -}} +app.kubernetes.io/name: {{ include "warehouse13.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "warehouse13.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "warehouse13.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +PostgreSQL connection string +*/}} +{{- define "warehouse13.postgresUrl" -}} +{{- if .Values.api.env.databaseUrl }} +{{- .Values.api.env.databaseUrl }} +{{- else }} +{{- printf "postgresql://%s:%s@warehouse13-postgres:%d/%s" .Values.postgres.auth.username .Values.postgres.auth.password (.Values.postgres.service.port | int) .Values.postgres.auth.database }} +{{- end }} +{{- end }} diff --git a/helm/warehouse13/templates/api-deployment.yaml b/helm/warehouse13/templates/api-deployment.yaml new file mode 100644 index 0000000..d8bdb1a --- /dev/null +++ b/helm/warehouse13/templates/api-deployment.yaml @@ -0,0 +1,93 @@ +{{- if .Values.api.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: warehouse13-api + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + app.kubernetes.io/component: api +spec: + replicas: {{ .Values.api.replicas }} + selector: + matchLabels: + {{- include "warehouse13.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: api + template: + metadata: + labels: + {{- include "warehouse13.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: api + spec: + serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: api + securityContext: + {{- toYaml .Values.securityContext | nindent 10 }} + image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}" + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + ports: + - name: http + containerPort: 8000 + protocol: TCP + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: warehouse13-secrets + key: database-url + - name: STORAGE_BACKEND + valueFrom: + configMapKeyRef: + name: warehouse13-config + key: STORAGE_BACKEND + - name: MINIO_ENDPOINT + valueFrom: + configMapKeyRef: + name: warehouse13-config + key: MINIO_ENDPOINT + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: warehouse13-secrets + key: minio-root-user + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: warehouse13-secrets + key: minio-root-password + - name: DEPLOYMENT_MODE + valueFrom: + configMapKeyRef: + name: warehouse13-config + key: DEPLOYMENT_MODE + resources: + {{- toYaml .Values.api.resources | nindent 10 }} + {{- if .Values.api.healthCheck.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.api.healthCheck.liveness.path }} + port: http + initialDelaySeconds: {{ .Values.api.healthCheck.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.api.healthCheck.liveness.periodSeconds }} + readinessProbe: + httpGet: + path: {{ .Values.api.healthCheck.readiness.path }} + port: http + initialDelaySeconds: {{ .Values.api.healthCheck.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.api.healthCheck.readiness.periodSeconds }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/warehouse13/templates/api-service.yaml b/helm/warehouse13/templates/api-service.yaml new file mode 100644 index 0000000..34a5144 --- /dev/null +++ b/helm/warehouse13/templates/api-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.api.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: warehouse13-api + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + app.kubernetes.io/component: api +spec: + type: {{ .Values.api.service.type }} + ports: + - port: {{ .Values.api.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "warehouse13.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: api +{{- end }} diff --git a/helm/warehouse13/templates/configmap.yaml b/helm/warehouse13/templates/configmap.yaml new file mode 100644 index 0000000..77394f3 --- /dev/null +++ b/helm/warehouse13/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: warehouse13-config + labels: + {{- include "warehouse13.labels" . | nindent 4 }} +data: + DEPLOYMENT_MODE: {{ .Values.global.deploymentMode | quote }} + STORAGE_BACKEND: {{ .Values.global.storageBackend | quote }} + MINIO_ENDPOINT: {{ printf "warehouse13-minio:%d" (.Values.minio.service.apiPort | int) | quote }} diff --git a/helm/warehouse13/templates/frontend-deployment.yaml b/helm/warehouse13/templates/frontend-deployment.yaml new file mode 100644 index 0000000..7ed9c89 --- /dev/null +++ b/helm/warehouse13/templates/frontend-deployment.yaml @@ -0,0 +1,73 @@ +{{- if .Values.frontend.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: warehouse13-frontend + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + app.kubernetes.io/component: frontend +spec: + replicas: {{ .Values.frontend.replicas }} + selector: + matchLabels: + {{- include "warehouse13.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: frontend + template: + metadata: + labels: + {{- include "warehouse13.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: frontend + spec: + serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: frontend + securityContext: + {{- toYaml .Values.securityContext | nindent 10 }} + image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" + imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + env: + - name: DEPLOYMENT_MODE + valueFrom: + configMapKeyRef: + name: warehouse13-config + key: DEPLOYMENT_MODE + - name: STORAGE_BACKEND + valueFrom: + configMapKeyRef: + name: warehouse13-config + key: STORAGE_BACKEND + resources: + {{- toYaml .Values.frontend.resources | nindent 10 }} + {{- if .Values.frontend.healthCheck.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.frontend.healthCheck.liveness.path }} + port: http + initialDelaySeconds: {{ .Values.frontend.healthCheck.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.frontend.healthCheck.liveness.periodSeconds }} + readinessProbe: + httpGet: + path: {{ .Values.frontend.healthCheck.readiness.path }} + port: http + initialDelaySeconds: {{ .Values.frontend.healthCheck.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.frontend.healthCheck.readiness.periodSeconds }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/helm/warehouse13/templates/frontend-service.yaml b/helm/warehouse13/templates/frontend-service.yaml new file mode 100644 index 0000000..256356c --- /dev/null +++ b/helm/warehouse13/templates/frontend-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.frontend.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: warehouse13-frontend + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + app.kubernetes.io/component: frontend +spec: + type: {{ .Values.frontend.service.type }} + ports: + - port: {{ .Values.frontend.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "warehouse13.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: frontend +{{- end }} diff --git a/helm/warehouse13/templates/ingress.yaml b/helm/warehouse13/templates/ingress.yaml new file mode 100644 index 0000000..36ba3c6 --- /dev/null +++ b/helm/warehouse13/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: warehouse13-ingress + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ printf "warehouse13-%s" .backend }} + port: + number: {{ if eq .backend "frontend" }}{{ $.Values.frontend.service.port }}{{ else }}{{ $.Values.api.service.port }}{{ end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/warehouse13/templates/minio-service.yaml b/helm/warehouse13/templates/minio-service.yaml new file mode 100644 index 0000000..e61314f --- /dev/null +++ b/helm/warehouse13/templates/minio-service.yaml @@ -0,0 +1,23 @@ +{{- if .Values.minio.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: warehouse13-minio + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + app.kubernetes.io/component: storage +spec: + type: {{ .Values.minio.service.type }} + ports: + - port: {{ .Values.minio.service.apiPort }} + targetPort: api + protocol: TCP + name: api + - port: {{ .Values.minio.service.consolePort }} + targetPort: console + protocol: TCP + name: console + selector: + {{- include "warehouse13.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: storage +{{- end }} diff --git a/helm/warehouse13/templates/minio-statefulset.yaml b/helm/warehouse13/templates/minio-statefulset.yaml new file mode 100644 index 0000000..0479960 --- /dev/null +++ b/helm/warehouse13/templates/minio-statefulset.yaml @@ -0,0 +1,87 @@ +{{- if .Values.minio.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: warehouse13-minio + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + app.kubernetes.io/component: storage +spec: + serviceName: warehouse13-minio + replicas: 1 + selector: + matchLabels: + {{- include "warehouse13.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: storage + template: + metadata: + labels: + {{- include "warehouse13.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: storage + spec: + serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: minio + image: "{{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag }}" + imagePullPolicy: {{ .Values.minio.image.pullPolicy }} + command: + - minio + - server + - /data + - --console-address + - ":9001" + ports: + - name: api + containerPort: 9000 + protocol: TCP + - name: console + containerPort: 9001 + protocol: TCP + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: warehouse13-secrets + key: minio-root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: warehouse13-secrets + key: minio-root-password + volumeMounts: + - name: data + mountPath: /data + resources: + {{- toYaml .Values.minio.resources | nindent 10 }} + livenessProbe: + httpGet: + path: /minio/health/live + port: api + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /minio/health/ready + port: api + initialDelaySeconds: 10 + periodSeconds: 5 + {{- if .Values.minio.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + {{- if .Values.minio.persistence.storageClass }} + storageClassName: {{ .Values.minio.persistence.storageClass }} + {{- end }} + resources: + requests: + storage: {{ .Values.minio.persistence.size }} + {{- else }} + volumes: + - name: data + emptyDir: {} + {{- end }} +{{- end }} diff --git a/helm/warehouse13/templates/postgres-service.yaml b/helm/warehouse13/templates/postgres-service.yaml new file mode 100644 index 0000000..987a64d --- /dev/null +++ b/helm/warehouse13/templates/postgres-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.postgres.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: warehouse13-postgres + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + app.kubernetes.io/component: database +spec: + type: {{ .Values.postgres.service.type }} + ports: + - port: {{ .Values.postgres.service.port }} + targetPort: postgres + protocol: TCP + name: postgres + selector: + {{- include "warehouse13.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: database +{{- end }} diff --git a/helm/warehouse13/templates/postgres-statefulset.yaml b/helm/warehouse13/templates/postgres-statefulset.yaml new file mode 100644 index 0000000..85cbfee --- /dev/null +++ b/helm/warehouse13/templates/postgres-statefulset.yaml @@ -0,0 +1,89 @@ +{{- if .Values.postgres.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: warehouse13-postgres + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + app.kubernetes.io/component: database +spec: + serviceName: warehouse13-postgres + replicas: 1 + selector: + matchLabels: + {{- include "warehouse13.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: database + template: + metadata: + labels: + {{- include "warehouse13.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: database + spec: + serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: postgres + image: "{{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}" + imagePullPolicy: {{ .Values.postgres.image.pullPolicy }} + ports: + - name: postgres + containerPort: 5432 + protocol: TCP + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: warehouse13-secrets + key: postgres-username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: warehouse13-secrets + key: postgres-password + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: warehouse13-secrets + key: postgres-database + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data + resources: + {{- toYaml .Values.postgres.resources | nindent 10 }} + livenessProbe: + exec: + command: + - pg_isready + - -U + - $(POSTGRES_USER) + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + exec: + command: + - pg_isready + - -U + - $(POSTGRES_USER) + initialDelaySeconds: 10 + periodSeconds: 5 + {{- if .Values.postgres.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + {{- if .Values.postgres.persistence.storageClass }} + storageClassName: {{ .Values.postgres.persistence.storageClass }} + {{- end }} + resources: + requests: + storage: {{ .Values.postgres.persistence.size }} + {{- else }} + volumes: + - name: data + emptyDir: {} + {{- end }} +{{- end }} diff --git a/helm/warehouse13/templates/secret.yaml b/helm/warehouse13/templates/secret.yaml new file mode 100644 index 0000000..451d0a6 --- /dev/null +++ b/helm/warehouse13/templates/secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: warehouse13-secrets + labels: + {{- include "warehouse13.labels" . | nindent 4 }} +type: Opaque +stringData: + postgres-username: {{ .Values.postgres.auth.username | quote }} + postgres-password: {{ .Values.postgres.auth.password | quote }} + postgres-database: {{ .Values.postgres.auth.database | quote }} + minio-root-user: {{ .Values.minio.auth.rootUser | quote }} + minio-root-password: {{ .Values.minio.auth.rootPassword | quote }} + database-url: {{ include "warehouse13.postgresUrl" . | quote }} diff --git a/helm/warehouse13/templates/serviceaccount.yaml b/helm/warehouse13/templates/serviceaccount.yaml new file mode 100644 index 0000000..ecffac5 --- /dev/null +++ b/helm/warehouse13/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "warehouse13.serviceAccountName" . }} + labels: + {{- include "warehouse13.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/helm/warehouse13/values-airgapped.yaml b/helm/warehouse13/values-airgapped.yaml new file mode 100644 index 0000000..7bea087 --- /dev/null +++ b/helm/warehouse13/values-airgapped.yaml @@ -0,0 +1,99 @@ +# Warehouse13 - Air-Gapped Deployment Example +# Use this for restricted/disconnected environments + +global: + deploymentMode: "airgapped" + storageBackend: "minio" + +# PostgreSQL with custom registry +postgres: + enabled: true + image: + repository: harbor.internal.example.com/library/postgres + tag: 15-alpine + pullPolicy: IfNotPresent + auth: + username: warehouse13user + password: CHANGE_ME_SECURE_PASSWORD + database: warehouse13 + persistence: + enabled: true + size: 20Gi + storageClass: "local-storage" + resources: + requests: + memory: "512Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "1000m" + +# MinIO with custom registry +minio: + enabled: true + image: + repository: harbor.internal.example.com/library/minio + tag: RELEASE.2024-01-01T00-00-00Z + pullPolicy: IfNotPresent + auth: + rootUser: CHANGE_ME_MINIO_USER + rootPassword: CHANGE_ME_MINIO_PASSWORD + persistence: + enabled: true + size: 100Gi + storageClass: "local-storage" + resources: + requests: + memory: "1Gi" + cpu: "500m" + limits: + memory: "2Gi" + cpu: "1000m" + +# API with custom registry +api: + enabled: true + image: + repository: harbor.internal.example.com/warehouse13/api + tag: v1.0.0 + pullPolicy: IfNotPresent + replicas: 2 + resources: + requests: + memory: "512Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "1000m" + +# Frontend with custom registry +frontend: + enabled: true + image: + repository: harbor.internal.example.com/warehouse13/frontend + tag: v1.0.0 + pullPolicy: IfNotPresent + replicas: 2 + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + +# Ingress disabled for air-gapped - use NodePort or port-forward +ingress: + enabled: false + +# Node selector for specific nodes +nodeSelector: + environment: production + storage: local + +# Tolerations for tainted nodes +tolerations: + - key: "airgapped" + operator: "Equal" + value: "true" + effect: "NoSchedule" diff --git a/helm/warehouse13/values-dev.yaml b/helm/warehouse13/values-dev.yaml new file mode 100644 index 0000000..0baf692 --- /dev/null +++ b/helm/warehouse13/values-dev.yaml @@ -0,0 +1,86 @@ +# Warehouse13 - Development/Testing Deployment Example +# Use this for local testing or CI/CD environments + +global: + deploymentMode: "standard" + storageBackend: "minio" + +postgres: + enabled: true + image: + repository: postgres + tag: 15-alpine + pullPolicy: IfNotPresent + auth: + username: dev + password: dev + database: warehouse13dev + persistence: + enabled: false # Use emptyDir for faster cleanup + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "250m" + +minio: + enabled: true + image: + repository: minio/minio + tag: latest + pullPolicy: IfNotPresent + auth: + rootUser: minioadmin + rootPassword: minioadmin + persistence: + enabled: false # Use emptyDir for faster cleanup + resources: + requests: + memory: "256Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "250m" + +api: + enabled: true + image: + repository: warehouse13/api + tag: dev + pullPolicy: Always # Always pull latest dev image + replicas: 1 + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + healthCheck: + enabled: true + +frontend: + enabled: true + image: + repository: warehouse13/frontend + tag: dev + pullPolicy: Always # Always pull latest dev image + replicas: 1 + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "250m" + healthCheck: + enabled: true + +ingress: + enabled: false # Use port-forward for dev + +serviceAccount: + create: true + name: "warehouse13-dev" diff --git a/helm/warehouse13/values-production.yaml b/helm/warehouse13/values-production.yaml new file mode 100644 index 0000000..d7ab719 --- /dev/null +++ b/helm/warehouse13/values-production.yaml @@ -0,0 +1,118 @@ +# Warehouse13 - Production Deployment Example +# Use this for production environments with ingress and proper resources + +global: + deploymentMode: "standard" + storageBackend: "minio" + +postgres: + enabled: true + image: + repository: postgres + tag: 15-alpine + pullPolicy: IfNotPresent + auth: + username: warehouse13user + password: CHANGE_ME_SECURE_PASSWORD + database: warehouse13 + persistence: + enabled: true + size: 50Gi + storageClass: "fast-ssd" + resources: + requests: + memory: "1Gi" + cpu: "1000m" + limits: + memory: "2Gi" + cpu: "2000m" + +minio: + enabled: true + image: + repository: minio/minio + tag: latest + pullPolicy: IfNotPresent + auth: + rootUser: CHANGE_ME_MINIO_USER + rootPassword: CHANGE_ME_MINIO_PASSWORD + persistence: + enabled: true + size: 500Gi + storageClass: "bulk-storage" + resources: + requests: + memory: "2Gi" + cpu: "1000m" + limits: + memory: "4Gi" + cpu: "2000m" + +api: + enabled: true + image: + repository: warehouse13/api + tag: v1.0.0 + pullPolicy: IfNotPresent + replicas: 3 + resources: + requests: + memory: "512Mi" + cpu: "500m" + limits: + memory: "1Gi" + cpu: "1000m" + healthCheck: + enabled: true + +frontend: + enabled: true + image: + repository: warehouse13/frontend + tag: v1.0.0 + pullPolicy: IfNotPresent + replicas: 3 + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + healthCheck: + enabled: true + +ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + hosts: + - host: warehouse13.example.com + paths: + - path: / + pathType: Prefix + backend: frontend + - path: /api + pathType: Prefix + backend: api + tls: + - secretName: warehouse13-tls + hosts: + - warehouse13.example.com + +# Affinity for pod distribution +affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - warehouse13 + topologyKey: kubernetes.io/hostname diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml new file mode 100644 index 0000000..7cd4ce6 --- /dev/null +++ b/helm/warehouse13/values.yaml @@ -0,0 +1,168 @@ +# Warehouse13 - Enterprise Test Artifact Storage +# Default values for Helm chart + +# Global settings +global: + deploymentMode: "standard" # standard or airgapped + storageBackend: "minio" # minio or s3 + +# PostgreSQL Database +postgres: + enabled: true + image: + repository: postgres + tag: 15-alpine + pullPolicy: IfNotPresent + auth: + username: user + password: password + database: datalake + persistence: + enabled: true + size: 10Gi + storageClass: "" + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + service: + type: ClusterIP + port: 5432 + +# MinIO Object Storage +minio: + enabled: true + image: + repository: minio/minio + tag: latest + pullPolicy: IfNotPresent + auth: + rootUser: minioadmin + rootPassword: minioadmin + persistence: + enabled: true + size: 50Gi + storageClass: "" + resources: + requests: + memory: "512Mi" + cpu: "250m" + limits: + memory: "1Gi" + cpu: "1000m" + service: + type: ClusterIP + apiPort: 9000 + consolePort: 9001 + +# API Backend +api: + enabled: true + image: + repository: warehouse13/api + tag: latest + pullPolicy: IfNotPresent + replicas: 2 + env: + databaseUrl: "postgresql://user:password@warehouse13-postgres:5432/datalake" + storageBackend: "minio" + minioEndpoint: "warehouse13-minio:9000" + resources: + requests: + memory: "256Mi" + cpu: "250m" + limits: + memory: "512Mi" + cpu: "500m" + service: + type: ClusterIP + port: 8000 + healthCheck: + enabled: true + liveness: + path: /health + initialDelaySeconds: 30 + periodSeconds: 10 + readiness: + path: /ready + initialDelaySeconds: 10 + periodSeconds: 5 + +# Frontend +frontend: + enabled: true + image: + repository: warehouse13/frontend + tag: latest + pullPolicy: IfNotPresent + replicas: 2 + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "250m" + service: + type: ClusterIP + port: 80 + healthCheck: + enabled: true + liveness: + path: / + initialDelaySeconds: 10 + periodSeconds: 10 + readiness: + path: / + initialDelaySeconds: 5 + periodSeconds: 5 + +# Ingress +ingress: + enabled: false + className: "nginx" + annotations: + # cert-manager.io/cluster-issuer: "letsencrypt-prod" + hosts: + - host: warehouse13.example.com + paths: + - path: / + pathType: Prefix + backend: frontend + - path: /api + pathType: Prefix + backend: api + tls: [] + # - secretName: warehouse13-tls + # hosts: + # - warehouse13.example.com + +# Service Account +serviceAccount: + create: true + annotations: {} + name: "warehouse13" + +# Pod Security +podSecurityContext: + fsGroup: 2000 + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 1000 + +# Node selector +nodeSelector: {} + +# Tolerations +tolerations: [] + +# Affinity +affinity: {} From 4641cbb3fa4a0b4225d0d6f6dccbf93e3f92a13e Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Thu, 16 Oct 2025 17:11:39 -0500 Subject: [PATCH 03/30] Update Helm chart to use unified app image (API + Frontend) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes: - Replaced separate api and frontend deployments with single unified app deployment - Updated values.yaml: Changed from api/frontend configs to single app config - Renamed templates: api-deployment.yaml ā†’ app-deployment.yaml - Removed frontend-deployment.yaml and frontend-service.yaml (no longer needed) - Updated app image to warehouse13/app (multi-stage Docker build) - Combined resource allocations: 384Mi memory, 350m CPU (up from separate totals) - Updated all example values files (dev, production, air-gapped) - Updated NOTES.txt to reflect single service on port 8000 - Updated ingress to route all traffic to single app service - Added ARCHITECTURE.md documenting the unified container approach Architecture: The application now uses a multi-stage Docker build: 1. Stage 1: Builds Angular frontend with Node 2. Stage 2: Python FastAPI backend that serves static frontend from /static Benefits: - Simplified deployment (1 container instead of 2) - Reduced resource usage (no separate nginx) - Easier scaling (1 deployment to manage) - Consistent versioning (frontend/backend always match) Access pattern: - http://localhost:8000 ā†’ Angular frontend - http://localhost:8000/api ā†’ FastAPI REST API - http://localhost:8000/docs ā†’ API documentation - http://localhost:8000/health ā†’ Health check šŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- helm/warehouse13/ARCHITECTURE.md | 281 ++++++++++++++++++ helm/warehouse13/templates/NOTES.txt | 35 +-- ...pi-deployment.yaml => app-deployment.yaml} | 38 +-- .../{api-service.yaml => app-service.yaml} | 12 +- .../templates/frontend-deployment.yaml | 73 ----- .../templates/frontend-service.yaml | 19 -- helm/warehouse13/templates/ingress.yaml | 2 +- helm/warehouse13/values-airgapped.yaml | 30 +- helm/warehouse13/values-dev.yaml | 29 +- helm/warehouse13/values-production.yaml | 34 +-- helm/warehouse13/values.yaml | 53 +--- 11 files changed, 355 insertions(+), 251 deletions(-) create mode 100644 helm/warehouse13/ARCHITECTURE.md rename helm/warehouse13/templates/{api-deployment.yaml => app-deployment.yaml} (69%) rename helm/warehouse13/templates/{api-service.yaml => app-service.yaml} (55%) delete mode 100644 helm/warehouse13/templates/frontend-deployment.yaml delete mode 100644 helm/warehouse13/templates/frontend-service.yaml diff --git a/helm/warehouse13/ARCHITECTURE.md b/helm/warehouse13/ARCHITECTURE.md new file mode 100644 index 0000000..bec85b5 --- /dev/null +++ b/helm/warehouse13/ARCHITECTURE.md @@ -0,0 +1,281 @@ +# Warehouse13 Architecture + +## Overview + +Warehouse13 uses a **unified application container** that includes both the frontend and backend in a single Docker image using a multi-stage build. + +## Docker Build Strategy + +### Multi-Stage Dockerfile + +```dockerfile +# Stage 1: Build Angular Frontend +FROM node:24-alpine AS frontend-build +WORKDIR /frontend +COPY frontend/package*.json ./ +RUN npm install +COPY frontend/ ./ +RUN npm run build:prod + +# Stage 2: Python Backend with Static Frontend +FROM python:3.11-alpine +WORKDIR /app +# Install Python dependencies +COPY requirements.txt . +RUN pip install -r requirements.txt +# Copy backend code +COPY app/ ./app/ +# Copy built frontend from stage 1 +COPY --from=frontend-build /frontend/dist/frontend/browser ./static/ +# Run FastAPI server +CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"] +``` + +### Benefits + +1. **Simplified Deployment** - Single container to manage +2. **Reduced Resource Usage** - No separate nginx container needed +3. **Easier Scaling** - Scale one deployment instead of two +4. **Consistent Versioning** - Frontend and backend versions always match +5. **Faster Deployments** - Fewer containers to orchestrate + +## Service Architecture + +``` +ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā” +ā”‚ warehouse13-app ā”‚ +ā”‚ ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā” ā”‚ +ā”‚ ā”‚ FastAPI Backend (Port 8000) ā”‚ ā”‚ +ā”‚ ā”‚ ā”œā”€ā”€ /api/* ā†’ REST API ā”‚ ā”‚ +ā”‚ ā”‚ ā”œā”€ā”€ /health ā†’ Health check ā”‚ ā”‚ +ā”‚ ā”‚ ā”œā”€ā”€ /docs ā†’ API documentation ā”‚ ā”‚ +ā”‚ ā”‚ ā””ā”€ā”€ /* ā†’ Angular SPA ā”‚ ā”‚ +ā”‚ ā”‚ ā”‚ ā”‚ +ā”‚ ā”‚ Static Files: /static/ ā”‚ ā”‚ +ā”‚ ā”‚ ā””ā”€ā”€ Angular build output ā”‚ ā”‚ +ā”‚ ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜ ā”‚ +ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜ + ā”‚ + ā”œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā” + ā†“ ā†“ + ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā” ā”Œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā” + ā”‚PostgreSQLā”‚ ā”‚ MinIO ā”‚ + ā”‚(Metadata)ā”‚ ā”‚ (Blobs) ā”‚ + ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜ ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜ +``` + +## Helm Chart Structure + +### Single Application Deployment + +The Helm chart creates: + +1. **1 Deployment**: `warehouse13-app` + - Runs the unified container + - Configurable replicas (default: 2) + - Health checks on `/health` endpoint + +2. **1 Service**: `warehouse13-app` + - Exposes port 8000 + - Routes all traffic to the application + +3. **Optional Ingress** + - All paths route to `warehouse13-app:8000` + - FastAPI handles routing internally + +### Kubernetes Resources + +```yaml +# warehouse13-app Deployment +- Replicas: 2 (configurable) +- Port: 8000 +- Health checks: /health +- Environment: DATABASE_URL, MINIO_* vars + +# warehouse13-app Service +- Type: ClusterIP +- Port: 8000 ā†’ 8000 + +# Ingress (optional) +- Path: / ā†’ warehouse13-app:8000 +``` + +## Configuration + +### Image Configuration + +In `values.yaml`: + +```yaml +app: + enabled: true + image: + repository: warehouse13/app # Single unified image + tag: latest + pullPolicy: IfNotPresent + replicas: 2 + resources: + requests: + memory: "384Mi" # Combined frontend + backend + cpu: "350m" + limits: + memory: "768Mi" + cpu: "750m" +``` + +### Accessing the Application + +**Via Port Forward:** +```bash +kubectl port-forward svc/warehouse13-app 8000:8000 +``` + +Then access: +- Frontend: http://localhost:8000 +- API: http://localhost:8000/api +- API Docs: http://localhost:8000/docs +- Health: http://localhost:8000/health + +**Via Ingress:** +```yaml +ingress: + enabled: true + hosts: + - host: warehouse13.example.com + paths: + - path: / + pathType: Prefix + backend: app # All traffic to one service +``` + +## Migration from Separate Services + +If you previously had separate `api` and `frontend` deployments: + +### Before (Old Architecture) +```yaml +# values.yaml (old) +api: + image: warehouse13/api + replicas: 2 + +frontend: + image: warehouse13/frontend + replicas: 2 + +# Two deployments, two services +``` + +### After (Current Architecture) +```yaml +# values.yaml (current) +app: + image: warehouse13/app # Unified image + replicas: 2 + +# One deployment, one service +``` + +### Migration Steps + +1. **Update values.yaml** - Change from `api`/`frontend` to `app` +2. **Update image references** - Use `warehouse13/app` instead of separate images +3. **Update ingress** - Point all paths to `app` backend +4. **Deploy** - Helm will handle the transition +5. **Verify** - Check that both frontend and API work through single service + +## Development Workflow + +### Building the Image + +```bash +# Build unified image +docker build -t warehouse13/app:dev . + +# Or for air-gapped environments with custom registry +docker build \ + --build-arg NPM_REGISTRY=https://registry.npmjs.org/ \ + -t warehouse13/app:v1.0.0 . +``` + +### Testing Locally + +```bash +docker run -p 8000:8000 \ + -e DATABASE_URL=postgresql://user:pass@host/db \ + -e MINIO_ENDPOINT=minio:9000 \ + warehouse13/app:dev +``` + +Access: +- Frontend: http://localhost:8000 +- API: http://localhost:8000/docs + +## Performance Considerations + +### Resource Allocation + +The unified container combines both frontend serving and API processing: + +- **Memory**: Angular assets (~50MB) + Python runtime (~100MB) + working memory +- **CPU**: Primarily used for API requests; static file serving is lightweight +- **Recommended Minimum**: 384Mi memory, 350m CPU +- **Production**: 768Mi memory, 750m CPU per replica + +### Scaling Strategy + +Scale horizontally by increasing replicas: + +```bash +# Scale to 5 replicas +kubectl scale deployment warehouse13-app --replicas=5 + +# Or via Helm +helm upgrade warehouse13 ./helm/warehouse13 --set app.replicas=5 +``` + +### Caching + +FastAPI serves static files efficiently with: +- ETag support +- Browser caching headers +- Gzip compression (if enabled in FastAPI config) + +## Troubleshooting + +### Frontend Not Loading + +```bash +# Check if static files exist in container +kubectl exec -it warehouse13-app-xxx -- ls -la /app/static/ + +# Should see: index.html, *.js, *.css files +``` + +### API Not Working + +```bash +# Check API health +kubectl exec -it warehouse13-app-xxx -- curl http://localhost:8000/health + +# Check logs +kubectl logs warehouse13-app-xxx -f +``` + +### Both Frontend and API Issues + +```bash +# Check if app is running +kubectl get pods -l app.kubernetes.io/component=app + +# Check service +kubectl get svc warehouse13-app + +# Test connectivity +kubectl port-forward svc/warehouse13-app 8000:8000 +curl http://localhost:8000/health +``` + +## Summary + +The unified architecture simplifies deployment and operations while maintaining the same functionality. All routing, caching, and API requests are handled by a single FastAPI application that serves both the Angular SPA and the REST API endpoints. diff --git a/helm/warehouse13/templates/NOTES.txt b/helm/warehouse13/templates/NOTES.txt index 602c65a..ba1371d 100644 --- a/helm/warehouse13/templates/NOTES.txt +++ b/helm/warehouse13/templates/NOTES.txt @@ -19,18 +19,13 @@ Namespace: {{ .Release.Namespace }} DEPLOYMENT INFORMATION: -{{- if .Values.frontend.enabled }} -Frontend: - Service: warehouse13-frontend - Replicas: {{ .Values.frontend.replicas }} - Image: {{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }} -{{- end }} - -{{- if .Values.api.enabled }} -API: - Service: warehouse13-api - Replicas: {{ .Values.api.replicas }} - Image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }} +{{- if .Values.app.enabled }} +Application (Unified API + Frontend): + Service: warehouse13-app + Replicas: {{ .Values.app.replicas }} + Image: {{ .Values.app.image.repository }}:{{ .Values.app.image.tag }} + Port: {{ .Values.app.service.port }} + Note: Multi-stage build includes both Angular frontend and FastAPI backend {{- end }} {{- if .Values.postgres.enabled }} @@ -62,13 +57,12 @@ ACCESSING YOUR APPLICATION: 1. Using Port Forwarding: - # Frontend - kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-frontend 4200:80 - Then visit: http://localhost:4200 - - # API - kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-api 8000:8000 - Then visit: http://localhost:8000/docs + # Application (Frontend + API) + kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-app 8000:8000 + Then visit: + - Frontend: http://localhost:8000 + - API Docs: http://localhost:8000/docs + - Health: http://localhost:8000/health # MinIO Console kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-minio 9001:9001 @@ -91,8 +85,7 @@ CHECKING STATUS: kubectl get svc -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} # View logs - kubectl logs -n {{ .Release.Namespace }} -l app.kubernetes.io/component=api -f - kubectl logs -n {{ .Release.Namespace }} -l app.kubernetes.io/component=frontend -f + kubectl logs -n {{ .Release.Namespace }} -l app.kubernetes.io/component=app -f --- diff --git a/helm/warehouse13/templates/api-deployment.yaml b/helm/warehouse13/templates/app-deployment.yaml similarity index 69% rename from helm/warehouse13/templates/api-deployment.yaml rename to helm/warehouse13/templates/app-deployment.yaml index d8bdb1a..fdf32a7 100644 --- a/helm/warehouse13/templates/api-deployment.yaml +++ b/helm/warehouse13/templates/app-deployment.yaml @@ -1,32 +1,32 @@ -{{- if .Values.api.enabled }} +{{- if .Values.app.enabled }} apiVersion: apps/v1 kind: Deployment metadata: - name: warehouse13-api + name: warehouse13-app labels: {{- include "warehouse13.labels" . | nindent 4 }} - app.kubernetes.io/component: api + app.kubernetes.io/component: app spec: - replicas: {{ .Values.api.replicas }} + replicas: {{ .Values.app.replicas }} selector: matchLabels: {{- include "warehouse13.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: api + app.kubernetes.io/component: app template: metadata: labels: {{- include "warehouse13.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: api + app.kubernetes.io/component: app spec: serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: api + - name: app securityContext: {{- toYaml .Values.securityContext | nindent 10 }} - image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}" - imagePullPolicy: {{ .Values.api.image.pullPolicy }} + image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag }}" + imagePullPolicy: {{ .Values.app.image.pullPolicy }} ports: - name: http containerPort: 8000 @@ -57,26 +57,30 @@ spec: secretKeyRef: name: warehouse13-secrets key: minio-root-password + - name: MINIO_BUCKET_NAME + value: "test-artifacts" + - name: MINIO_SECURE + value: "false" - name: DEPLOYMENT_MODE valueFrom: configMapKeyRef: name: warehouse13-config key: DEPLOYMENT_MODE resources: - {{- toYaml .Values.api.resources | nindent 10 }} - {{- if .Values.api.healthCheck.enabled }} + {{- toYaml .Values.app.resources | nindent 10 }} + {{- if .Values.app.healthCheck.enabled }} livenessProbe: httpGet: - path: {{ .Values.api.healthCheck.liveness.path }} + path: {{ .Values.app.healthCheck.liveness.path }} port: http - initialDelaySeconds: {{ .Values.api.healthCheck.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.api.healthCheck.liveness.periodSeconds }} + initialDelaySeconds: {{ .Values.app.healthCheck.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.app.healthCheck.liveness.periodSeconds }} readinessProbe: httpGet: - path: {{ .Values.api.healthCheck.readiness.path }} + path: {{ .Values.app.healthCheck.readiness.path }} port: http - initialDelaySeconds: {{ .Values.api.healthCheck.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.api.healthCheck.readiness.periodSeconds }} + initialDelaySeconds: {{ .Values.app.healthCheck.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.app.healthCheck.readiness.periodSeconds }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/helm/warehouse13/templates/api-service.yaml b/helm/warehouse13/templates/app-service.yaml similarity index 55% rename from helm/warehouse13/templates/api-service.yaml rename to helm/warehouse13/templates/app-service.yaml index 34a5144..9a462ee 100644 --- a/helm/warehouse13/templates/api-service.yaml +++ b/helm/warehouse13/templates/app-service.yaml @@ -1,19 +1,19 @@ -{{- if .Values.api.enabled }} +{{- if .Values.app.enabled }} apiVersion: v1 kind: Service metadata: - name: warehouse13-api + name: warehouse13-app labels: {{- include "warehouse13.labels" . | nindent 4 }} - app.kubernetes.io/component: api + app.kubernetes.io/component: app spec: - type: {{ .Values.api.service.type }} + type: {{ .Values.app.service.type }} ports: - - port: {{ .Values.api.service.port }} + - port: {{ .Values.app.service.port }} targetPort: http protocol: TCP name: http selector: {{- include "warehouse13.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: api + app.kubernetes.io/component: app {{- end }} diff --git a/helm/warehouse13/templates/frontend-deployment.yaml b/helm/warehouse13/templates/frontend-deployment.yaml deleted file mode 100644 index 7ed9c89..0000000 --- a/helm/warehouse13/templates/frontend-deployment.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if .Values.frontend.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: warehouse13-frontend - labels: - {{- include "warehouse13.labels" . | nindent 4 }} - app.kubernetes.io/component: frontend -spec: - replicas: {{ .Values.frontend.replicas }} - selector: - matchLabels: - {{- include "warehouse13.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: frontend - template: - metadata: - labels: - {{- include "warehouse13.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: frontend - spec: - serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: frontend - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" - imagePullPolicy: {{ .Values.frontend.image.pullPolicy }} - ports: - - name: http - containerPort: 80 - protocol: TCP - env: - - name: DEPLOYMENT_MODE - valueFrom: - configMapKeyRef: - name: warehouse13-config - key: DEPLOYMENT_MODE - - name: STORAGE_BACKEND - valueFrom: - configMapKeyRef: - name: warehouse13-config - key: STORAGE_BACKEND - resources: - {{- toYaml .Values.frontend.resources | nindent 10 }} - {{- if .Values.frontend.healthCheck.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.frontend.healthCheck.liveness.path }} - port: http - initialDelaySeconds: {{ .Values.frontend.healthCheck.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.frontend.healthCheck.liveness.periodSeconds }} - readinessProbe: - httpGet: - path: {{ .Values.frontend.healthCheck.readiness.path }} - port: http - initialDelaySeconds: {{ .Values.frontend.healthCheck.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.frontend.healthCheck.readiness.periodSeconds }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/helm/warehouse13/templates/frontend-service.yaml b/helm/warehouse13/templates/frontend-service.yaml deleted file mode 100644 index 256356c..0000000 --- a/helm/warehouse13/templates/frontend-service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.frontend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: warehouse13-frontend - labels: - {{- include "warehouse13.labels" . | nindent 4 }} - app.kubernetes.io/component: frontend -spec: - type: {{ .Values.frontend.service.type }} - ports: - - port: {{ .Values.frontend.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "warehouse13.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: frontend -{{- end }} diff --git a/helm/warehouse13/templates/ingress.yaml b/helm/warehouse13/templates/ingress.yaml index 36ba3c6..50818bd 100644 --- a/helm/warehouse13/templates/ingress.yaml +++ b/helm/warehouse13/templates/ingress.yaml @@ -35,7 +35,7 @@ spec: service: name: {{ printf "warehouse13-%s" .backend }} port: - number: {{ if eq .backend "frontend" }}{{ $.Values.frontend.service.port }}{{ else }}{{ $.Values.api.service.port }}{{ end }} + number: {{ $.Values.app.service.port }} {{- end }} {{- end }} {{- end }} diff --git a/helm/warehouse13/values-airgapped.yaml b/helm/warehouse13/values-airgapped.yaml index 7bea087..41ae305 100644 --- a/helm/warehouse13/values-airgapped.yaml +++ b/helm/warehouse13/values-airgapped.yaml @@ -50,37 +50,21 @@ minio: memory: "2Gi" cpu: "1000m" -# API with custom registry -api: +# Application with custom registry (unified API + Frontend) +app: enabled: true image: - repository: harbor.internal.example.com/warehouse13/api + repository: harbor.internal.example.com/warehouse13/app tag: v1.0.0 pullPolicy: IfNotPresent replicas: 2 resources: requests: - memory: "512Mi" - cpu: "500m" + memory: "768Mi" + cpu: "750m" limits: - memory: "1Gi" - cpu: "1000m" - -# Frontend with custom registry -frontend: - enabled: true - image: - repository: harbor.internal.example.com/warehouse13/frontend - tag: v1.0.0 - pullPolicy: IfNotPresent - replicas: 2 - resources: - requests: - memory: "256Mi" - cpu: "250m" - limits: - memory: "512Mi" - cpu: "500m" + memory: "1536Mi" + cpu: "1500m" # Ingress disabled for air-gapped - use NodePort or port-forward ingress: diff --git a/helm/warehouse13/values-dev.yaml b/helm/warehouse13/values-dev.yaml index 0baf692..26a74fa 100644 --- a/helm/warehouse13/values-dev.yaml +++ b/helm/warehouse13/values-dev.yaml @@ -44,37 +44,20 @@ minio: memory: "512Mi" cpu: "250m" -api: +app: enabled: true image: - repository: warehouse13/api + repository: warehouse13/app tag: dev pullPolicy: Always # Always pull latest dev image replicas: 1 resources: requests: - memory: "256Mi" - cpu: "250m" + memory: "384Mi" + cpu: "350m" limits: - memory: "512Mi" - cpu: "500m" - healthCheck: - enabled: true - -frontend: - enabled: true - image: - repository: warehouse13/frontend - tag: dev - pullPolicy: Always # Always pull latest dev image - replicas: 1 - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "250m" + memory: "768Mi" + cpu: "750m" healthCheck: enabled: true diff --git a/helm/warehouse13/values-production.yaml b/helm/warehouse13/values-production.yaml index d7ab719..5f7a480 100644 --- a/helm/warehouse13/values-production.yaml +++ b/helm/warehouse13/values-production.yaml @@ -48,37 +48,20 @@ minio: memory: "4Gi" cpu: "2000m" -api: +app: enabled: true image: - repository: warehouse13/api + repository: warehouse13/app tag: v1.0.0 pullPolicy: IfNotPresent replicas: 3 resources: requests: - memory: "512Mi" - cpu: "500m" + memory: "768Mi" + cpu: "750m" limits: - memory: "1Gi" - cpu: "1000m" - healthCheck: - enabled: true - -frontend: - enabled: true - image: - repository: warehouse13/frontend - tag: v1.0.0 - pullPolicy: IfNotPresent - replicas: 3 - resources: - requests: - memory: "256Mi" - cpu: "250m" - limits: - memory: "512Mi" - cpu: "500m" + memory: "1536Mi" + cpu: "1500m" healthCheck: enabled: true @@ -94,10 +77,7 @@ ingress: paths: - path: / pathType: Prefix - backend: frontend - - path: /api - pathType: Prefix - backend: api + backend: app tls: - secretName: warehouse13-tls hosts: diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index 7cd4ce6..6473597 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -58,11 +58,14 @@ minio: apiPort: 9000 consolePort: 9001 -# API Backend -api: +# Application (Unified API + Frontend) +# The application uses a multi-stage Docker build: +# - Stage 1: Builds Angular frontend +# - Stage 2: Python FastAPI backend that serves the frontend from /static +app: enabled: true image: - repository: warehouse13/api + repository: warehouse13/app tag: latest pullPolicy: IfNotPresent replicas: 2 @@ -72,11 +75,11 @@ api: minioEndpoint: "warehouse13-minio:9000" resources: requests: - memory: "256Mi" - cpu: "250m" + memory: "384Mi" + cpu: "350m" limits: - memory: "512Mi" - cpu: "500m" + memory: "768Mi" + cpu: "750m" service: type: ClusterIP port: 8000 @@ -87,39 +90,10 @@ api: initialDelaySeconds: 30 periodSeconds: 10 readiness: - path: /ready + path: /health initialDelaySeconds: 10 periodSeconds: 5 -# Frontend -frontend: - enabled: true - image: - repository: warehouse13/frontend - tag: latest - pullPolicy: IfNotPresent - replicas: 2 - resources: - requests: - memory: "128Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "250m" - service: - type: ClusterIP - port: 80 - healthCheck: - enabled: true - liveness: - path: / - initialDelaySeconds: 10 - periodSeconds: 10 - readiness: - path: / - initialDelaySeconds: 5 - periodSeconds: 5 - # Ingress ingress: enabled: false @@ -131,10 +105,7 @@ ingress: paths: - path: / pathType: Prefix - backend: frontend - - path: /api - pathType: Prefix - backend: api + backend: app # All traffic goes to unified app (serves both API and frontend) tls: [] # - secretName: warehouse13-tls # hosts: From 80242b96022f95e791d507e10ffbc187e8d38b73 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Thu, 16 Oct 2025 17:23:03 -0500 Subject: [PATCH 04/30] Reorganize project structure: move docs and scripts to proper directories MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes: - Created scripts/ directory for build and utility scripts - Moved build-for-airgap.sh to scripts/ - Moved check-ready.sh to scripts/ - Kept quickstart scripts in root for easy access - Moved HELM-DEPLOYMENT.md to docs/ Updated references: - README.md: Updated link to docs/HELM-DEPLOYMENT.md - docs/DEPLOYMENT.md: Updated paths to scripts/build-for-airgap.sh - quickstart-airgap.sh: Updated path to scripts/build-for-airgap.sh - scripts/check-ready.sh: Updated self-reference path - helm/warehouse13/QUICKSTART.md: Updated HELM-DEPLOYMENT.md path - helm/README.md: Updated HELM-DEPLOYMENT.md path Directory structure now: / ā”œā”€ā”€ README.md (root) ā”œā”€ā”€ quickstart.sh (root - easy access) ā”œā”€ā”€ quickstart-airgap.sh (root - easy access) ā”œā”€ā”€ docs/ (all documentation) ā”‚ ā”œā”€ā”€ API.md ā”‚ ā”œā”€ā”€ ARCHITECTURE.md ā”‚ ā”œā”€ā”€ DEPLOYMENT.md ā”‚ ā”œā”€ā”€ FEATURES.md ā”‚ ā”œā”€ā”€ FRONTEND_SETUP.md ā”‚ ā”œā”€ā”€ HELM-DEPLOYMENT.md (moved here) ā”‚ ā””ā”€ā”€ SUMMARY.md ā”œā”€ā”€ scripts/ (build and utility scripts) ā”‚ ā”œā”€ā”€ build-for-airgap.sh (moved here) ā”‚ ā””ā”€ā”€ check-ready.sh (moved here) ā””ā”€ā”€ helm/ ā””ā”€ā”€ warehouse13/ (Helm chart with docs) šŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- README.md | 2 +- docs/DEPLOYMENT.md | 2 +- HELM-DEPLOYMENT.md => docs/HELM-DEPLOYMENT.md | 0 helm/README.md | 2 +- helm/warehouse13/QUICKSTART.md | 2 +- quickstart-airgap.sh | 2 +- build-for-airgap.sh => scripts/build-for-airgap.sh | 0 check-ready.sh => scripts/check-ready.sh | 2 +- 8 files changed, 6 insertions(+), 6 deletions(-) rename HELM-DEPLOYMENT.md => docs/HELM-DEPLOYMENT.md (100%) rename build-for-airgap.sh => scripts/build-for-airgap.sh (100%) rename check-ready.sh => scripts/check-ready.sh (97%) diff --git a/README.md b/README.md index 01d2202..62989a1 100644 --- a/README.md +++ b/README.md @@ -243,7 +243,7 @@ kubectl port-forward -n warehouse13 svc/warehouse13-api 8000:8000 ### Helm Documentation -- **Full Helm Guide:** [HELM-DEPLOYMENT.md](./HELM-DEPLOYMENT.md) +- **Full Helm Guide:** [HELM-DEPLOYMENT.md](./docs/HELM-DEPLOYMENT.md) - **Chart README:** [helm/warehouse13/README.md](./helm/warehouse13/README.md) - **Quick Start:** [helm/warehouse13/QUICKSTART.md](./helm/warehouse13/QUICKSTART.md) - **Example Configurations:** diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md index f596b5e..2d27e12 100644 --- a/docs/DEPLOYMENT.md +++ b/docs/DEPLOYMENT.md @@ -54,7 +54,7 @@ This script will: ```bash # Option A: Use the helper script -./build-for-airgap.sh +./scripts/build-for-airgap.sh # Option B: Build manually cd frontend diff --git a/HELM-DEPLOYMENT.md b/docs/HELM-DEPLOYMENT.md similarity index 100% rename from HELM-DEPLOYMENT.md rename to docs/HELM-DEPLOYMENT.md diff --git a/helm/README.md b/helm/README.md index 9b35934..fed3a93 100644 --- a/helm/README.md +++ b/helm/README.md @@ -43,4 +43,4 @@ Note: Check your values.yaml configuration and update image repositories, resour ## Quick Start -See [../HELM-DEPLOYMENT.md](../HELM-DEPLOYMENT.md) for comprehensive deployment guide. +See [../docs/HELM-DEPLOYMENT.md](../docs/HELM-DEPLOYMENT.md) for comprehensive deployment guide. diff --git a/helm/warehouse13/QUICKSTART.md b/helm/warehouse13/QUICKSTART.md index b70e123..1d0cee9 100644 --- a/helm/warehouse13/QUICKSTART.md +++ b/helm/warehouse13/QUICKSTART.md @@ -118,7 +118,7 @@ kubectl delete namespace warehouse13 ## Next Steps - **Full Documentation:** [README.md](./README.md) -- **Deployment Guide:** [../../HELM-DEPLOYMENT.md](../../HELM-DEPLOYMENT.md) +- **Deployment Guide:** [../../docs/HELM-DEPLOYMENT.md](../../docs/HELM-DEPLOYMENT.md) - **Configuration Options:** [values.yaml](./values.yaml) - **Example Configs:** [values-dev.yaml](./values-dev.yaml), [values-production.yaml](./values-production.yaml), [values-airgapped.yaml](./values-airgapped.yaml) diff --git a/quickstart-airgap.sh b/quickstart-airgap.sh index 0f6097f..e52aade 100755 --- a/quickstart-airgap.sh +++ b/quickstart-airgap.sh @@ -30,7 +30,7 @@ fi echo "Step 1: Building Angular frontend locally..." echo "===========================================" -./build-for-airgap.sh +./scripts/build-for-airgap.sh echo "" echo "Step 2: Starting Docker containers..." diff --git a/build-for-airgap.sh b/scripts/build-for-airgap.sh similarity index 100% rename from build-for-airgap.sh rename to scripts/build-for-airgap.sh diff --git a/check-ready.sh b/scripts/check-ready.sh similarity index 97% rename from check-ready.sh rename to scripts/check-ready.sh index 6f888b1..21ad278 100755 --- a/check-ready.sh +++ b/scripts/check-ready.sh @@ -18,7 +18,7 @@ else echo " Expected: frontend/dist/frontend/browser" echo "" echo " You need to build the Angular app first:" - echo " Run: ./build-for-airgap.sh" + echo " Run: ./scripts/build-for-airgap.sh" echo " OR: cd frontend && npm install && npm run build:prod" echo "" errors=$((errors + 1)) From 6508363c1207543ab69b472fccce5dff0f71baf7 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Thu, 16 Oct 2025 18:54:18 -0500 Subject: [PATCH 05/30] test deploy --- .gitlab-ci.yml | 11 ++++++++++- helm/warehouse13/values.yaml | 6 +++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0d46ff2..6313514 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,7 @@ stages: - test - build + - deploy # Test stage test: @@ -46,4 +47,12 @@ deploy_helm_charts: script: - kubectl config use-context $CONTEXT - | - helm upgrade --install gitlab-servicedesk-agent-$ENV ./helm --namespace $NAMESPACE -f $VALUES_FILE --set image.repository=$CI_REGISTRY_IMAGE --set image.tag=$CI_COMMIT_REF + helm upgrade --install warehouse13-$CI_COMMIT_REF \ + ./helm/warehouse13 --namespace $NAMESPACE \ + -f $VALUES_FILE \ + --set api.image=$CI_REGISTRY_IMAGE \ + --set api.image.tag=$CI_COMMIT_REF \ + --set postgres.image.repository=containers.global.bsf.tools/postgres \ + --set postgres.image.tag=15-alpine \ + --set minio.image.repository=containers.global.bsf.tools/minio \ + --set minio.image.tag=latest diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index 6473597..6ca45a2 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -12,7 +12,7 @@ postgres: image: repository: postgres tag: 15-alpine - pullPolicy: IfNotPresent + pullPolicy: always auth: username: user password: password @@ -38,7 +38,7 @@ minio: image: repository: minio/minio tag: latest - pullPolicy: IfNotPresent + pullPolicy: always auth: rootUser: minioadmin rootPassword: minioadmin @@ -67,7 +67,7 @@ app: image: repository: warehouse13/app tag: latest - pullPolicy: IfNotPresent + pullPolicy: always replicas: 2 env: databaseUrl: "postgresql://user:password@warehouse13-postgres:5432/datalake" From 7c50f0a59a5213052594bab89cb8887395d61ab2 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Thu, 16 Oct 2025 20:49:49 -0500 Subject: [PATCH 06/30] fix ci var --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6313514..5ba1d29 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -19,7 +19,7 @@ build_container: stage: build image: deps.global.bsf.tools/quay.io/buildah/stable:latest variables: - IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF" + IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME" before_script: - mkdir -p /tmp/buildah-storage - export BUILDAH_ROOT="/tmp/buildah-storage" @@ -51,7 +51,7 @@ deploy_helm_charts: ./helm/warehouse13 --namespace $NAMESPACE \ -f $VALUES_FILE \ --set api.image=$CI_REGISTRY_IMAGE \ - --set api.image.tag=$CI_COMMIT_REF \ + --set api.image.tag=$CI_COMMIT_REF_NAME \ --set postgres.image.repository=containers.global.bsf.tools/postgres \ --set postgres.image.tag=15-alpine \ --set minio.image.repository=containers.global.bsf.tools/minio \ From 838e14559828345a6d27c737c6ff4cf861e1ac09 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Thu, 16 Oct 2025 21:20:15 -0500 Subject: [PATCH 07/30] fix release name --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5ba1d29..b6bf61e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -47,7 +47,7 @@ deploy_helm_charts: script: - kubectl config use-context $CONTEXT - | - helm upgrade --install warehouse13-$CI_COMMIT_REF \ + helm upgrade --install warehouse13-$CI_COMMIT_REF_NAME \ ./helm/warehouse13 --namespace $NAMESPACE \ -f $VALUES_FILE \ --set api.image=$CI_REGISTRY_IMAGE \ From e2e5c683e4651549da712dafe4a1cdd8f2a57166 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 17 Oct 2025 07:55:51 -0500 Subject: [PATCH 08/30] Fix Helm template error: update _helpers.tpl to use app instead of api MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Changed .Values.api.env.databaseUrl to .Values.app.env.databaseUrl - This aligns with the unified architecture where api and frontend are combined into a single app - Chart now passes helm lint successfully šŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- helm/warehouse13/templates/_helpers.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/warehouse13/templates/_helpers.tpl b/helm/warehouse13/templates/_helpers.tpl index 9845dad..463a70b 100644 --- a/helm/warehouse13/templates/_helpers.tpl +++ b/helm/warehouse13/templates/_helpers.tpl @@ -63,8 +63,8 @@ Create the name of the service account to use PostgreSQL connection string */}} {{- define "warehouse13.postgresUrl" -}} -{{- if .Values.api.env.databaseUrl }} -{{- .Values.api.env.databaseUrl }} +{{- if .Values.app.env.databaseUrl }} +{{- .Values.app.env.databaseUrl }} {{- else }} {{- printf "postgresql://%s:%s@warehouse13-postgres:%d/%s" .Values.postgres.auth.username .Values.postgres.auth.password (.Values.postgres.service.port | int) .Values.postgres.auth.database }} {{- end }} From 33d06bc94da8494773bee955ceae1935d8af1412 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 17 Oct 2025 08:01:05 -0500 Subject: [PATCH 09/30] Clean up Helm directory and update documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Removed deprecated chart files from helm/ root directory - Updated all Helm documentation to reference warehouse13 chart - Changed database name from 'datalake' to 'warehouse13' in values.yaml - Updated helm command examples in SUMMARY.md - Fixed migration instructions in helm/README.md - Updated PostgreSQL backup/restore commands with correct database name šŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- docs/SUMMARY.md | 7 +- helm/Chart.yaml | 14 ---- helm/README.md | 16 ++--- helm/templates/_helpers.tpl | 60 ---------------- helm/templates/deployment.yaml | 111 ----------------------------- helm/templates/ingress.yaml | 41 ----------- helm/templates/secrets.yaml | 16 ----- helm/templates/service.yaml | 15 ---- helm/templates/serviceaccount.yaml | 12 ---- helm/values.yaml | 111 ----------------------------- helm/warehouse13/README.md | 4 +- helm/warehouse13/values.yaml | 4 +- 12 files changed, 13 insertions(+), 398 deletions(-) delete mode 100644 helm/Chart.yaml delete mode 100644 helm/templates/_helpers.tpl delete mode 100644 helm/templates/deployment.yaml delete mode 100644 helm/templates/ingress.yaml delete mode 100644 helm/templates/secrets.yaml delete mode 100644 helm/templates/service.yaml delete mode 100644 helm/templates/serviceaccount.yaml delete mode 100644 helm/values.yaml diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md index a3d4fd5..a097828 100644 --- a/docs/SUMMARY.md +++ b/docs/SUMMARY.md @@ -164,7 +164,7 @@ curl -X POST "http://localhost:8000/api/v1/artifacts/query" \ make deploy # Or directly with Helm -helm install datalake ./helm --namespace datalake --create-namespace +helm install warehouse13 ./helm/warehouse13 --namespace warehouse13 --create-namespace ``` ## Feature Flags Usage @@ -190,9 +190,8 @@ AWS_REGION=us-east-1 S3_BUCKET_NAME=your-bucket # Deploy -helm install datalake ./helm \ - --set config.deploymentMode=cloud \ - --set aws.enabled=true +helm install warehouse13 ./helm/warehouse13 \ + --set global.deploymentMode=cloud ``` ## What's Next diff --git a/helm/Chart.yaml b/helm/Chart.yaml deleted file mode 100644 index f93d136..0000000 --- a/helm/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v2 -name: warehouse13 -description: Warehouse13 - Enterprise Test Artifact Storage (Legacy Chart - Use ./warehouse13 instead) -type: application -version: 1.0.0 -appVersion: "1.0.0" -keywords: - - testing - - artifacts - - storage - - datalake -deprecated: true -maintainers: - - name: Warehouse13 Team diff --git a/helm/README.md b/helm/README.md index fed3a93..71d168f 100644 --- a/helm/README.md +++ b/helm/README.md @@ -20,23 +20,19 @@ helm install warehouse13 ./warehouse13 **Documentation:** See [warehouse13/README.md](./warehouse13/README.md) -## Legacy Chart (Deprecated) +## Migration from Legacy Chart -The files in this root `helm/` directory are from an older version and are marked as deprecated. Please use the `./warehouse13/` chart instead. - -## Migration - -If you're using the old chart, migration is straightforward: +If you were using an older version of the chart, migration is straightforward: ```bash -# Uninstall old chart -helm uninstall datalake +# Uninstall old chart (if named "datalake" or other name) +helm uninstall # Install new chart -helm install warehouse13 ./warehouse13 +helm install warehouse13 ./warehouse13 --namespace warehouse13 --create-namespace # Or upgrade in place (if compatible) -helm upgrade datalake ./warehouse13 +helm upgrade ./warehouse13 ``` Note: Check your values.yaml configuration and update image repositories, resource limits, and other settings as needed. diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl deleted file mode 100644 index ecac6a9..0000000 --- a/helm/templates/_helpers.tpl +++ /dev/null @@ -1,60 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "w13.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -*/}} -{{- define "w13.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "w13.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "w13.labels" -}} -helm.sh/chart: {{ include "w13.chart" . }} -{{ include "w13.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "w13.selectorLabels" -}} -app.kubernetes.io/name: {{ include "w13.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "w13.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "w13.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml deleted file mode 100644 index de12d5f..0000000 --- a/helm/templates/deployment.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "w13.fullname" . }} - labels: - {{- include "w13.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "w13.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "w13.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "w13.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - livenessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 30 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: 5 - periodSeconds: 5 - env: - - name: DATABASE_URL - valueFrom: - secretKeyRef: - name: {{ include "w13.fullname" . }}-secrets - key: database-url - - name: STORAGE_BACKEND - value: {{ .Values.config.storageBackend | quote }} - - name: MAX_UPLOAD_SIZE - value: {{ .Values.config.maxUploadSize | quote }} - {{- if eq .Values.config.storageBackend "s3" }} - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ include "w13.fullname" . }}-secrets - key: aws-access-key-id - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ include "w13.fullname" . }}-secrets - key: aws-secret-access-key - - name: AWS_REGION - value: {{ .Values.aws.region | quote }} - - name: S3_BUCKET_NAME - value: {{ .Values.aws.bucketName | quote }} - {{- else }} - - name: MINIO_ENDPOINT - value: "{{ include "w13.fullname" . }}-minio:9000" - - name: MINIO_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ include "w13.fullname" . }}-secrets - key: minio-access-key - - name: MINIO_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ include "w13.fullname" . }}-secrets - key: minio-secret-key - - name: MINIO_BUCKET_NAME - value: "test-artifacts" - - name: MINIO_SECURE - value: "false" - {{- end }} - {{- with .Values.env }} - {{- toYaml . | nindent 8 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml deleted file mode 100644 index 30c1764..0000000 --- a/helm/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ include "datalake.fullname" . }} - labels: - {{- include "datalake.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - pathType: {{ .pathType }} - backend: - service: - name: {{ include "datalake.fullname" $ }} - port: - number: {{ $.Values.service.port }} - {{- end }} - {{- end }} -{{- end }} diff --git a/helm/templates/secrets.yaml b/helm/templates/secrets.yaml deleted file mode 100644 index d132fc1..0000000 --- a/helm/templates/secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "datalake.fullname" . }}-secrets - labels: - {{- include "datalake.labels" . | nindent 4 }} -type: Opaque -stringData: - database-url: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ include "datalake.fullname" . }}-postgresql:5432/{{ .Values.postgresql.auth.database }}" - {{- if .Values.aws.enabled }} - aws-access-key-id: {{ .Values.aws.accessKeyId | quote }} - aws-secret-access-key: {{ .Values.aws.secretAccessKey | quote }} - {{- else }} - minio-access-key: {{ .Values.minio.rootUser | quote }} - minio-secret-key: {{ .Values.minio.rootPassword | quote }} - {{- end }} diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml deleted file mode 100644 index f23d030..0000000 --- a/helm/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "datalake.fullname" . }} - labels: - {{- include "datalake.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "datalake.selectorLabels" . | nindent 4 }} diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml deleted file mode 100644 index 2e7472b..0000000 --- a/helm/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "datalake.serviceAccountName" . }} - labels: - {{- include "datalake.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml deleted file mode 100644 index 8668226..0000000 --- a/helm/values.yaml +++ /dev/null @@ -1,111 +0,0 @@ -replicaCount: 1 - -image: - repository: w13 - pullPolicy: IfNotPresent - tag: "latest" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} - -podSecurityContext: - fsGroup: 1000 - -securityContext: - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - runAsUser: 1000 - -service: - type: ClusterIP - port: 8000 - targetPort: 8000 - -ingress: - enabled: false - className: "" - annotations: {} - hosts: - - host: w13.local - paths: - - path: / - pathType: Prefix - tls: [] - -resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 500m - memory: 512Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 10 - targetCPUUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# Application configuration -config: - storageBackend: minio # or "s3" - maxUploadSize: 524288000 # 500MB - -# PostgreSQL configuration -postgresql: - enabled: true - auth: - username: user - password: password - database: w13 - primary: - persistence: - enabled: true - size: 10Gi - -# MinIO configuration (for self-hosted storage) -minio: - enabled: true - mode: standalone - rootUser: minioadmin - rootPassword: minioadmin - persistence: - enabled: true - size: 50Gi - service: - type: ClusterIP - port: 9000 - consoleService: - port: 9001 - -# AWS S3 configuration (when using AWS) -aws: - enabled: false - accessKeyId: "" - secretAccessKey: "" - region: us-east-1 - bucketName: test-artifacts - -# Environment variables -env: - - name: API_HOST - value: "0.0.0.0" - - name: API_PORT - value: "8000" diff --git a/helm/warehouse13/README.md b/helm/warehouse13/README.md index eaf0701..c36633d 100644 --- a/helm/warehouse13/README.md +++ b/helm/warehouse13/README.md @@ -328,10 +328,10 @@ kubectl delete pvc -l app.kubernetes.io/instance=my-warehouse13 ```bash # Create backup -kubectl exec -it warehouse13-postgres-0 -- pg_dump -U user datalake > backup.sql +kubectl exec -it warehouse13-postgres-0 -- pg_dump -U user warehouse13 > backup.sql # Restore -kubectl exec -i warehouse13-postgres-0 -- psql -U user datalake < backup.sql +kubectl exec -i warehouse13-postgres-0 -- psql -U user warehouse13 < backup.sql ``` ### MinIO Backup diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index 6ca45a2..cac5f04 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -16,7 +16,7 @@ postgres: auth: username: user password: password - database: datalake + database: warehouse13 persistence: enabled: true size: 10Gi @@ -70,7 +70,7 @@ app: pullPolicy: always replicas: 2 env: - databaseUrl: "postgresql://user:password@warehouse13-postgres:5432/datalake" + databaseUrl: "postgresql://user:password@warehouse13-postgres:5432/warehouse13" storageBackend: "minio" minioEndpoint: "warehouse13-minio:9000" resources: From c7ae399615c66b306879cbaba72b8636868daaa9 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 08:01:55 -0500 Subject: [PATCH 10/30] fix values file location --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b6bf61e..e253ec8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -40,7 +40,7 @@ deploy_helm_charts: # NAMESPACE: "bsf-services-namespace" # ONLY: "main" - ENV: "dev" - VALUES_FILE: "helm/values.yaml" + VALUES_FILE: "helm/warehouse13/values.yaml" CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent" NAMESPACE: "bsf-services-dev-namespace" # ONLY: ["branches", "!main"] From e08ab62a32aa323c42820f015bced72a005e1316 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 08:13:54 -0500 Subject: [PATCH 11/30] chart and ci tweaks --- .gitlab-ci.yml | 12 ------------ helm/warehouse13/values.yaml | 20 ++++++++++---------- 2 files changed, 10 insertions(+), 22 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e253ec8..37658d3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,19 +1,7 @@ stages: - - test - build - deploy -# Test stage -test: - stage: test - allow_failure: true - image: containers.global.bsf.tools/node:20.11-alpine3.19 - script: - - cd frontend - - npm config set registry https://deps.global.bsf.tools/artifactory/api/npm/registry.npmjs.org/ - - npm config set strict-ssl false - - npm config fix - - npm install build_container: stage: build diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index cac5f04..290f29b 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -23,7 +23,7 @@ postgres: storageClass: "" resources: requests: - memory: "256Mi" + memory: "512Mi" cpu: "250m" limits: memory: "512Mi" @@ -48,7 +48,7 @@ minio: storageClass: "" resources: requests: - memory: "512Mi" + memory: "1Gi" cpu: "250m" limits: memory: "1Gi" @@ -75,7 +75,7 @@ app: minioEndpoint: "warehouse13-minio:9000" resources: requests: - memory: "384Mi" + memory: "768Mi" cpu: "350m" limits: memory: "768Mi" @@ -96,20 +96,20 @@ app: # Ingress ingress: - enabled: false + enabled: true className: "nginx" annotations: - # cert-manager.io/cluster-issuer: "letsencrypt-prod" + cert-manager.io/cluster-issuer: "letsencrypt" hosts: - - host: warehouse13.example.com + - host: warehouse13.common.global.bsf.tools paths: - path: / pathType: Prefix backend: app # All traffic goes to unified app (serves both API and frontend) - tls: [] - # - secretName: warehouse13-tls - # hosts: - # - warehouse13.example.com + tls: + - secretName: warehouse13-tls + hosts: + - warehouse13.common.global.bsf.tools # Service Account serviceAccount: From 4a270dbfe394b9ed358c632233f345c8990549e7 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 17 Oct 2025 08:43:38 -0500 Subject: [PATCH 12/30] Add npm package age verification system MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Problem: Need to ensure all npm packages are at least 2 weeks old before use Solution: - Created check-package-age.js script to verify package publish dates - Added .npmrc to enforce exact version installation - Created pin-old-versions.sh helper script - Documented complete workflow in NPM-PACKAGE-AGE-POLICY.md Usage: node scripts/check-package-age.js # Verify all packages ā‰„ 2 weeks old npm ci # Install exact versions from lock file šŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- docs/NPM-PACKAGE-AGE-POLICY.md | 220 +++++++++++++++++++++++++++++++++ frontend/.npmrc | 11 ++ scripts/check-package-age.js | 102 +++++++++++++++ scripts/pin-old-versions.sh | 41 ++++++ 4 files changed, 374 insertions(+) create mode 100644 docs/NPM-PACKAGE-AGE-POLICY.md create mode 100644 frontend/.npmrc create mode 100755 scripts/check-package-age.js create mode 100755 scripts/pin-old-versions.sh diff --git a/docs/NPM-PACKAGE-AGE-POLICY.md b/docs/NPM-PACKAGE-AGE-POLICY.md new file mode 100644 index 0000000..429c712 --- /dev/null +++ b/docs/NPM-PACKAGE-AGE-POLICY.md @@ -0,0 +1,220 @@ +# NPM Package Age Policy + +## Requirement + +All npm packages must be **at least 2 weeks old** before they can be used in this project. This ensures: +- Package stability +- Security vulnerability disclosure time +- Compliance with organizational security policies + +## How It Works + +### 1. Package Version Pinning + +The project uses exact version pinning in `package.json` to prevent automatic updates: + +```json +{ + "dependencies": { + "@angular/core": "19.2.7", // Exact version, not "^19.2.7" or "~19.2.7" + // ... + } +} +``` + +The `frontend/.npmrc` file enforces this: +``` +save-exact=true +package-lock=true +``` + +### 2. Automated Age Checking + +Use the provided script to verify all packages meet the 2-week requirement: + +```bash +# Check if all packages are at least 2 weeks old +node scripts/check-package-age.js +``` + +This script: +- Queries npm registry for publish dates +- Calculates age of each package +- Fails if any package is newer than 14 days +- Shows detailed age information for all packages + +### 3. Installation Process + +**Always use `npm ci` instead of `npm install`:** + +```bash +cd frontend +npm ci # Installs exact versions from package-lock.json +``` + +**Why `npm ci`?** +- Uses exact versions from `package-lock.json` +- Doesn't update `package-lock.json` +- Ensures reproducible builds +- Faster than `npm install` + +## Updating Packages + +When you need to add or update packages: + +### Step 1: Add Package to package.json + +```bash +# Find a version that's at least 2 weeks old +npm view time + +# Add exact version to package.json +"dependencies": { + "new-package": "1.2.3" +} +``` + +### Step 2: Verify Age + +```bash +node scripts/check-package-age.js +``` + +### Step 3: Update Lock File + +```bash +cd frontend +npm install --package-lock-only +``` + +### Step 4: Install and Test + +```bash +npm ci +npm run build:prod +``` + +## CI/CD Integration + +Add the age check to your CI/CD pipeline: + +### GitLab CI Example + +```yaml +verify_package_age: + stage: validate + image: node:18-alpine + script: + - node scripts/check-package-age.js + only: + - merge_requests + - main +``` + +### GitHub Actions Example + +```yaml +- name: Check Package Age + run: node scripts/check-package-age.js +``` + +## Troubleshooting + +### "Package is too new" Error + +If a package fails the age check: + +1. **Find an older version:** + ```bash + npm view versions --json + npm view @ time + ``` + +2. **Update package.json with older version** + +3. **Re-run age check:** + ```bash + node scripts/check-package-age.js + ``` + +### Can't Find Old Enough Version + +If no version meets the 2-week requirement: +- Wait until the package is at least 2 weeks old +- Look for alternative packages +- Request an exception through your security team + +## Example Workflow + +```bash +# 1. Check current package ages +node scripts/check-package-age.js + +# 2. If all pass, install dependencies +cd frontend +npm ci + +# 3. Build application +npm run build:prod + +# 4. For air-gapped deployment +../scripts/build-for-airgap.sh +``` + +## Scripts Reference + +| Script | Purpose | +|--------|---------| +| `scripts/check-package-age.js` | Verify all packages are ā‰„ 2 weeks old | +| `scripts/pin-old-versions.sh` | Helper script to validate and pin versions | +| `scripts/build-for-airgap.sh` | Build frontend for air-gapped deployment | + +## Best Practices + +1. **Always commit `package-lock.json`** + - Ensures everyone uses the same versions + - Required for reproducible builds + +2. **Use `npm ci` in CI/CD** + - Faster than `npm install` + - Enforces lock file versions + - Prevents surprises + +3. **Regular audits** + ```bash + # Check for security vulnerabilities + npm audit + + # Check package ages + node scripts/check-package-age.js + ``` + +4. **Version ranges to avoid** + - āŒ `^1.2.3` (allows minor/patch updates) + - āŒ `~1.2.3` (allows patch updates) + - āŒ `*` or `latest` (allows any version) + - āœ… `1.2.3` (exact version only) + +## Package Age Check Output + +``` +Checking package ages (must be at least 2 weeks old)... + +āœ“ @angular/common@19.2.7 - 45 days old +āœ“ @angular/compiler@19.2.7 - 45 days old +āœ“ rxjs@7.8.0 - 180 days old +āŒ new-package@1.0.0 - 5 days old (published 2025-01-12) + +================================================================================ + +āŒ FAILED: 1 package(s) are newer than 2 weeks: + + - new-package@1.0.0 (5 days old, published 2025-01-12) +``` + +## Support + +For questions or exceptions: +- Review with security team +- Document in project README +- Update this policy as needed diff --git a/frontend/.npmrc b/frontend/.npmrc new file mode 100644 index 0000000..a41f07f --- /dev/null +++ b/frontend/.npmrc @@ -0,0 +1,11 @@ +# Force exact version installation (no version range resolution) +save-exact=true + +# Always use package-lock.json +package-lock=true + +# Don't automatically update package-lock.json +package-lock-only=false + +# Prevent automatic updates +save-prefix='' diff --git a/scripts/check-package-age.js b/scripts/check-package-age.js new file mode 100755 index 0000000..ef1b9c1 --- /dev/null +++ b/scripts/check-package-age.js @@ -0,0 +1,102 @@ +#!/usr/bin/env node + +/** + * Check if npm packages are at least 2 weeks old before installation + * Usage: node scripts/check-package-age.js + */ + +const https = require('https'); +const fs = require('fs'); +const path = require('path'); + +const TWO_WEEKS_MS = 14 * 24 * 60 * 60 * 1000; + +function getPackageInfo(packageName, version) { + return new Promise((resolve, reject) => { + // Remove version prefixes like ^, ~, >= + const cleanVersion = version.replace(/^[\^~>=]+/, ''); + + const url = `https://registry.npmjs.org/${packageName}/${cleanVersion}`; + + https.get(url, (res) => { + let data = ''; + + res.on('data', (chunk) => { + data += chunk; + }); + + res.on('end', () => { + try { + const info = JSON.parse(data); + resolve({ + name: packageName, + version: cleanVersion, + published: info.time || info._time, + error: null + }); + } catch (err) { + reject(new Error(`Failed to parse response for ${packageName}@${cleanVersion}`)); + } + }); + }).on('error', (err) => { + reject(err); + }); + }); +} + +async function checkPackageAge() { + const packageJsonPath = path.join(__dirname, '../frontend/package.json'); + const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8')); + + const allDeps = { + ...packageJson.dependencies, + ...packageJson.devDependencies + }; + + console.log('Checking package ages (must be at least 2 weeks old)...\n'); + + const tooNew = []; + const errors = []; + + for (const [name, version] of Object.entries(allDeps)) { + try { + const info = await getPackageInfo(name, version); + const publishDate = new Date(info.published); + const age = Date.now() - publishDate.getTime(); + const ageInDays = Math.floor(age / (24 * 60 * 60 * 1000)); + + if (age < TWO_WEEKS_MS) { + tooNew.push({ + name, + version: info.version, + age: ageInDays, + published: publishDate.toISOString().split('T')[0] + }); + console.log(`āŒ ${name}@${info.version} - ${ageInDays} days old (published ${publishDate.toISOString().split('T')[0]})`); + } else { + console.log(`āœ“ ${name}@${info.version} - ${ageInDays} days old`); + } + } catch (err) { + errors.push({ name, version, error: err.message }); + console.log(`āš ļø ${name}@${version} - Could not check: ${err.message}`); + } + } + + console.log('\n' + '='.repeat(80)); + + if (tooNew.length > 0) { + console.log(`\nāŒ FAILED: ${tooNew.length} package(s) are newer than 2 weeks:\n`); + tooNew.forEach(pkg => { + console.log(` - ${pkg.name}@${pkg.version} (${pkg.age} days old, published ${pkg.published})`); + }); + process.exit(1); + } else if (errors.length > 0) { + console.log(`\nāš ļø WARNING: Could not verify ${errors.length} package(s)`); + process.exit(0); + } else { + console.log('\nāœ“ SUCCESS: All packages are at least 2 weeks old'); + process.exit(0); + } +} + +checkPackageAge(); diff --git a/scripts/pin-old-versions.sh b/scripts/pin-old-versions.sh new file mode 100755 index 0000000..9dafbd2 --- /dev/null +++ b/scripts/pin-old-versions.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# Pin npm packages to versions that are at least 2 weeks old +# This script helps ensure compliance with package age requirements + +set -e + +echo "=========================================" +echo "Pin NPM Packages to Old Versions" +echo "=========================================" +echo "" + +cd frontend + +echo "Step 1: Checking current package ages..." +node ../scripts/check-package-age.js || { + echo "" + echo "Some packages are too new. Recommendations:" + echo "1. Manually downgrade packages in package.json to older versions" + echo "2. Run: npm install --package-lock-only to update lock file" + echo "3. Re-run this script to verify" + exit 1 +} + +echo "" +echo "Step 2: Ensuring package-lock.json uses exact versions..." +if [ -f "package-lock.json" ]; then + echo "āœ“ package-lock.json exists" +else + echo "āš  package-lock.json does not exist. Creating it..." + npm install --package-lock-only +fi + +echo "" +echo "=========================================" +echo "āœ“ All packages meet the 2-week age requirement" +echo "=========================================" +echo "" +echo "To install these packages:" +echo " npm ci # Uses exact versions from package-lock.json" +echo "" From 943cd6935b222f8172d6625548267204d901e711 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 17 Oct 2025 08:44:32 -0500 Subject: [PATCH 13/30] Fix package age checker to handle version ranges MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Handle version patterns like "19.2.x" and "5.x.x" - Fetch all versions and find latest matching the pattern - Resolve version ranges to actual version numbers before checking age šŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- scripts/check-package-age.js | 86 +++++++++++++++++++++++++++--------- 1 file changed, 65 insertions(+), 21 deletions(-) diff --git a/scripts/check-package-age.js b/scripts/check-package-age.js index ef1b9c1..8326438 100755 --- a/scripts/check-package-age.js +++ b/scripts/check-package-age.js @@ -14,33 +14,77 @@ const TWO_WEEKS_MS = 14 * 24 * 60 * 60 * 1000; function getPackageInfo(packageName, version) { return new Promise((resolve, reject) => { // Remove version prefixes like ^, ~, >= - const cleanVersion = version.replace(/^[\^~>=]+/, ''); + let cleanVersion = version.replace(/^[\^~>=]+/, ''); - const url = `https://registry.npmjs.org/${packageName}/${cleanVersion}`; + // If version contains .x or wildcards, fetch all versions and find latest matching + if (cleanVersion.includes('x') || cleanVersion.includes('*')) { + const url = `https://registry.npmjs.org/${packageName}`; - https.get(url, (res) => { - let data = ''; + https.get(url, (res) => { + let data = ''; - res.on('data', (chunk) => { - data += chunk; + res.on('data', (chunk) => { + data += chunk; + }); + + res.on('end', () => { + try { + const info = JSON.parse(data); + const versions = Object.keys(info.versions || {}); + + // Convert version pattern to regex (e.g., "19.2.x" -> /^19\.2\.\d+$/) + const pattern = cleanVersion.replace(/\./g, '\\.').replace(/x|\*/g, '\\d+'); + const regex = new RegExp(`^${pattern}$`); + + // Find matching versions and get the latest + const matchingVersions = versions.filter(v => regex.test(v)).sort(); + const latestMatching = matchingVersions[matchingVersions.length - 1]; + + if (latestMatching && info.time && info.time[latestMatching]) { + resolve({ + name: packageName, + version: latestMatching, + published: info.time[latestMatching], + error: null + }); + } else { + reject(new Error(`No matching version found for ${packageName}@${cleanVersion}`)); + } + } catch (err) { + reject(new Error(`Failed to parse response for ${packageName}@${cleanVersion}`)); + } + }); + }).on('error', (err) => { + reject(err); }); + } else { + // Exact version lookup + const url = `https://registry.npmjs.org/${packageName}/${cleanVersion}`; - res.on('end', () => { - try { - const info = JSON.parse(data); - resolve({ - name: packageName, - version: cleanVersion, - published: info.time || info._time, - error: null - }); - } catch (err) { - reject(new Error(`Failed to parse response for ${packageName}@${cleanVersion}`)); - } + https.get(url, (res) => { + let data = ''; + + res.on('data', (chunk) => { + data += chunk; + }); + + res.on('end', () => { + try { + const info = JSON.parse(data); + resolve({ + name: packageName, + version: cleanVersion, + published: info.time || info._time, + error: null + }); + } catch (err) { + reject(new Error(`Failed to parse response for ${packageName}@${cleanVersion}`)); + } + }); + }).on('error', (err) => { + reject(err); }); - }).on('error', (err) => { - reject(err); - }); + } }); } From 7a0e0c95aa007048e50d78f1d660cf436f5b5346 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 09:55:41 -0500 Subject: [PATCH 14/30] update docker image --- Dockerfile | 2 +- frontend/.npmrc | 11 ----------- 2 files changed, 1 insertion(+), 12 deletions(-) delete mode 100644 frontend/.npmrc diff --git a/Dockerfile b/Dockerfile index b12df05..62fdb97 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Multi-stage build: First stage builds Angular frontend -FROM node:24-alpine AS frontend-build +FROM node:20.11-alpine3.19 AS frontend-build # Accept npm registry as build argument ARG NPM_REGISTRY=https://registry.npmjs.org/ diff --git a/frontend/.npmrc b/frontend/.npmrc deleted file mode 100644 index a41f07f..0000000 --- a/frontend/.npmrc +++ /dev/null @@ -1,11 +0,0 @@ -# Force exact version installation (no version range resolution) -save-exact=true - -# Always use package-lock.json -package-lock=true - -# Don't automatically update package-lock.json -package-lock-only=false - -# Prevent automatic updates -save-prefix='' From d0594fb1610ea16745f2732ecbd3e0a3648cd428 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 10:08:45 -0500 Subject: [PATCH 15/30] try npm ci instead --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 62fdb97..832cf20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ RUN if [ "$NPM_REGISTRY" != "https://registry.npmjs.org/" ]; then \ fi # Install dependencies (ignore package-lock.json if using custom registry) -RUN npm install +RUN npm ci --unsafe-perm # Copy source code COPY frontend/ ./ From 4afbc53420bb5b77525e6387dba78d44a8a183ea Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 10:49:43 -0500 Subject: [PATCH 16/30] revert dockerfile config --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 832cf20..62fdb97 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ RUN if [ "$NPM_REGISTRY" != "https://registry.npmjs.org/" ]; then \ fi # Install dependencies (ignore package-lock.json if using custom registry) -RUN npm ci --unsafe-perm +RUN npm install # Copy source code COPY frontend/ ./ From a9bf480954c302ac5a87de40f78c37360bdc7534 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 10:52:18 -0500 Subject: [PATCH 17/30] test deploy --- .gitlab-ci.yml | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 37658d3..fef0958 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,20 +1,19 @@ stages: - - build - deploy -build_container: - stage: build - image: deps.global.bsf.tools/quay.io/buildah/stable:latest - variables: - IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME" - before_script: - - mkdir -p /tmp/buildah-storage - - export BUILDAH_ROOT="/tmp/buildah-storage" - - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" - script: - - buildah bud --build-arg NPM_REGISTRY=https://deps.global.bsf.tools/artifactory/api/npm/registry.npmjs.org/ --storage-driver vfs --isolation chroot -t $IMAGE_NAME . - - buildah push --storage-driver vfs $IMAGE_NAME +# build_container: +# stage: build +# image: deps.global.bsf.tools/quay.io/buildah/stable:latest +# variables: +# IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME" +# before_script: +# - mkdir -p /tmp/buildah-storage +# - export BUILDAH_ROOT="/tmp/buildah-storage" +# - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" +# script: +# - buildah bud --build-arg NPM_REGISTRY=https://deps.global.bsf.tools/artifactory/api/npm/registry.npmjs.org/ --storage-driver vfs --isolation chroot -t $IMAGE_NAME . +# - buildah push --storage-driver vfs $IMAGE_NAME deploy_helm_charts: stage: deploy @@ -38,8 +37,8 @@ deploy_helm_charts: helm upgrade --install warehouse13-$CI_COMMIT_REF_NAME \ ./helm/warehouse13 --namespace $NAMESPACE \ -f $VALUES_FILE \ - --set api.image=$CI_REGISTRY_IMAGE \ - --set api.image.tag=$CI_COMMIT_REF_NAME \ + --set api.image=registry.global.bsf.tools/esv/bsf/bsf-services/warehouse13 \ + --set api.image.tag=main-7126c618 \ --set postgres.image.repository=containers.global.bsf.tools/postgres \ --set postgres.image.tag=15-alpine \ --set minio.image.repository=containers.global.bsf.tools/minio \ From 53b37c2e1643b4746818d7098cb8ee12feb4dcda Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 10:59:11 -0500 Subject: [PATCH 18/30] hard code values --- .gitlab-ci.yml | 10 +--------- helm/warehouse13/values.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fef0958..5e30760 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -34,12 +34,4 @@ deploy_helm_charts: script: - kubectl config use-context $CONTEXT - | - helm upgrade --install warehouse13-$CI_COMMIT_REF_NAME \ - ./helm/warehouse13 --namespace $NAMESPACE \ - -f $VALUES_FILE \ - --set api.image=registry.global.bsf.tools/esv/bsf/bsf-services/warehouse13 \ - --set api.image.tag=main-7126c618 \ - --set postgres.image.repository=containers.global.bsf.tools/postgres \ - --set postgres.image.tag=15-alpine \ - --set minio.image.repository=containers.global.bsf.tools/minio \ - --set minio.image.tag=latest + helm upgrade --install warehouse13-$CI_COMMIT_REF_NAME ./helm/warehouse13 --namespace $NAMESPACE -f $VALUES_FILE \ No newline at end of file diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index 290f29b..c4ee73e 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -10,7 +10,7 @@ global: postgres: enabled: true image: - repository: postgres + repository: containers.global.bsf.tools/postgres tag: 15-alpine pullPolicy: always auth: @@ -36,7 +36,7 @@ postgres: minio: enabled: true image: - repository: minio/minio + repository: containers.global.bsf.tools/minio/minio tag: latest pullPolicy: always auth: @@ -65,8 +65,8 @@ minio: app: enabled: true image: - repository: warehouse13/app - tag: latest + repository: registry.global.bsf.tools/esv/bsf/bsf-services/warehouse13 + tag: main-7126c618 pullPolicy: always replicas: 2 env: From e83ecf47173d096bf08de05a92dc1abf743b5416 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 11:05:07 -0500 Subject: [PATCH 19/30] fix values file --- helm/warehouse13/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index c4ee73e..b74d3bb 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -12,7 +12,7 @@ postgres: image: repository: containers.global.bsf.tools/postgres tag: 15-alpine - pullPolicy: always + pullPolicy: Always auth: username: user password: password @@ -38,7 +38,7 @@ minio: image: repository: containers.global.bsf.tools/minio/minio tag: latest - pullPolicy: always + pullPolicy: Always auth: rootUser: minioadmin rootPassword: minioadmin @@ -67,7 +67,7 @@ app: image: repository: registry.global.bsf.tools/esv/bsf/bsf-services/warehouse13 tag: main-7126c618 - pullPolicy: always + pullPolicy: Always replicas: 2 env: databaseUrl: "postgresql://user:password@warehouse13-postgres:5432/warehouse13" From 61cd5c471aabe46abe2617f5d09636f2a75e0edf Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 11:12:39 -0500 Subject: [PATCH 20/30] add reg secret --- helm/warehouse13/templates/app-deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/warehouse13/templates/app-deployment.yaml b/helm/warehouse13/templates/app-deployment.yaml index fdf32a7..24d4bc5 100644 --- a/helm/warehouse13/templates/app-deployment.yaml +++ b/helm/warehouse13/templates/app-deployment.yaml @@ -18,6 +18,7 @@ spec: {{- include "warehouse13.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: app spec: + imagePullSecrets: gitlab-service-agent-registry-secret serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} From 50bcd35e68fadbb2a870258798b71451c70c34a0 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 11:16:42 -0500 Subject: [PATCH 21/30] fix pull secret syntax --- helm/warehouse13/templates/app-deployment.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/helm/warehouse13/templates/app-deployment.yaml b/helm/warehouse13/templates/app-deployment.yaml index 24d4bc5..5091efe 100644 --- a/helm/warehouse13/templates/app-deployment.yaml +++ b/helm/warehouse13/templates/app-deployment.yaml @@ -18,7 +18,8 @@ spec: {{- include "warehouse13.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: app spec: - imagePullSecrets: gitlab-service-agent-registry-secret + imagePullSecrets: + - name: gitlab-service-agent-registry-secret serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} From 79f17c423b199a340a20ce9862f26ac672695c94 Mon Sep 17 00:00:00 2001 From: "Patel (US), Pratik" Date: Fri, 17 Oct 2025 11:28:39 -0500 Subject: [PATCH 22/30] add in imagesecret --- helm/warehouse13/templates/app-deployment.yaml | 2 +- helm/warehouse13/values.yaml | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/helm/warehouse13/templates/app-deployment.yaml b/helm/warehouse13/templates/app-deployment.yaml index 5091efe..8106e58 100644 --- a/helm/warehouse13/templates/app-deployment.yaml +++ b/helm/warehouse13/templates/app-deployment.yaml @@ -19,7 +19,7 @@ spec: app.kubernetes.io/component: app spec: imagePullSecrets: - - name: gitlab-service-agent-registry-secret + - name: gitlab-dev-ns-registry-secret serviceAccountName: {{ include "warehouse13.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index b74d3bb..5864187 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -137,3 +137,12 @@ tolerations: [] # Affinity affinity: {} + +imagePullSecret: + name: gitlab-dev-ns-registry-secret + username: project_9145_bot_imagepuller + # Read only token so okay if hard coded here + password: glpat-ZV7ASvBqFoiWC9QqD5WlTG86MQp1OjVxMgk.01.0z192vpfw + server: registry.global.bsf.tools + email: botemail@global.bsf.tool + From 28daa5c07822dbc7ae8003d94742d6e5ae595d79 Mon Sep 17 00:00:00 2001 From: "Patel (US), Pratik" Date: Fri, 17 Oct 2025 11:28:54 -0500 Subject: [PATCH 23/30] Add in imagesecret template --- helm/warehouse13/templates/imagesecret.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 helm/warehouse13/templates/imagesecret.yaml diff --git a/helm/warehouse13/templates/imagesecret.yaml b/helm/warehouse13/templates/imagesecret.yaml new file mode 100644 index 0000000..da7014a --- /dev/null +++ b/helm/warehouse13/templates/imagesecret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.imagePullSecret.name }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ + (printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" + .Values.imagePullSecret.server + .Values.imagePullSecret.username + .Values.imagePullSecret.password + .Values.imagePullSecret.email + (printf "%s" (b64enc (printf "%s:%s" .Values.imagePullSecret.username .Values.imagePullSecret.password)))) + | b64enc | quote + }} \ No newline at end of file From 29eb7358dfea82f7bcd64f3594b999700ec717fd Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 11:33:17 -0500 Subject: [PATCH 24/30] turn off postgres volume --- helm/warehouse13/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index 5864187..ee97042 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -18,7 +18,7 @@ postgres: password: password database: warehouse13 persistence: - enabled: true + enabled: false size: 10Gi storageClass: "" resources: From a12df3306ddb94a2d0d35c9b480fa600a40bd467 Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 11:34:28 -0500 Subject: [PATCH 25/30] decrese replicas --- helm/warehouse13/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index ee97042..b2fb5a4 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -68,7 +68,7 @@ app: repository: registry.global.bsf.tools/esv/bsf/bsf-services/warehouse13 tag: main-7126c618 pullPolicy: Always - replicas: 2 + replicas: 1 env: databaseUrl: "postgresql://user:password@warehouse13-postgres:5432/warehouse13" storageBackend: "minio" From 247d207e3bf60cee9867445158d51d5b94a3a0cb Mon Sep 17 00:00:00 2001 From: Armando Diaz Date: Fri, 17 Oct 2025 11:48:08 -0500 Subject: [PATCH 26/30] set deployment mode --- helm/warehouse13/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/warehouse13/values.yaml b/helm/warehouse13/values.yaml index b2fb5a4..7be1e72 100644 --- a/helm/warehouse13/values.yaml +++ b/helm/warehouse13/values.yaml @@ -3,7 +3,7 @@ # Global settings global: - deploymentMode: "standard" # standard or airgapped + deploymentMode: "air-gapped" # standard or airgapped storageBackend: "minio" # minio or s3 # PostgreSQL Database From 27afda2d70f6b3f97642ddb3a44f7892efad1175 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 17 Oct 2025 13:03:43 -0500 Subject: [PATCH 27/30] add github actions --- .gitea/workflows/docker.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .gitea/workflows/docker.yml diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml new file mode 100644 index 0000000..eff3f1a --- /dev/null +++ b/.gitea/workflows/docker.yml @@ -0,0 +1,26 @@ +name: build +on: + push: + branches: + - main + +jobs: + docker-build: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Login to Docker Registry + uses: docker/login-action@v3 + with: + registry: git.bitstorm.ca # e.g., docker.io for Docker Hub + username: ${{ secrets.REGISTRY_LOGIN }} + password: ${{ secrets.REGISTRY_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: git.bitstorm.ca/mondo/warehouse13:latest From b63597345a4e173725b87dfd65b3b7a1632cc4fd Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 17 Oct 2025 13:14:37 -0500 Subject: [PATCH 28/30] Update .gitea/workflows/docker.yml --- .gitea/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml index eff3f1a..c6c1ee3 100644 --- a/.gitea/workflows/docker.yml +++ b/.gitea/workflows/docker.yml @@ -23,4 +23,4 @@ jobs: with: context: . push: true - tags: git.bitstorm.ca/mondo/warehouse13:latest + tags: git.bitstorm.ca/mondo/SIM-Data-Platform/warehouse13:latest From d70cbdb12f26d80a300e50ab33aa548e3d855e0c Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 17 Oct 2025 13:32:01 -0500 Subject: [PATCH 29/30] Update .gitea/workflows/docker.yml --- .gitea/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml index c6c1ee3..de83942 100644 --- a/.gitea/workflows/docker.yml +++ b/.gitea/workflows/docker.yml @@ -23,4 +23,4 @@ jobs: with: context: . push: true - tags: git.bitstorm.ca/mondo/SIM-Data-Platform/warehouse13:latest + tags: git.bitstorm.ca/mondo/sim-data-platform/warehouse13:latest From 34ce3ef9985854290b35185c0f2233ecfd001372 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 17 Oct 2025 13:47:39 -0500 Subject: [PATCH 30/30] Update .gitea/workflows/docker.yml --- .gitea/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml index de83942..7098dca 100644 --- a/.gitea/workflows/docker.yml +++ b/.gitea/workflows/docker.yml @@ -23,4 +23,4 @@ jobs: with: context: . push: true - tags: git.bitstorm.ca/mondo/sim-data-platform/warehouse13:latest + tags: git.bitstorm.ca/bitforge/warehouse13:latest