bitforge/warehouse13
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bitforge:7126c618ea1bb40d645de75ef4253eef9ca75d05
Branches Tags
bitforge:main bitforge:pipeline
...
compare: bitforge:a4e4cb4c5ff040b5759c7a8998c6be885d7b294c
Branches Tags
bitforge:main bitforge:pipeline

34 Commits
7126c618ea ... a4e4cb4c5f

Author SHA1 Message Date
pratik
a4e4cb4c5f Merge branch 'main' into f/sidebar 2025-10-17 14:00:59 -05:00
pratik
ec5d9916ba add sidebar and various component 2025-10-17 14:00:32 -05:00
Mondo Diaz
34ce3ef998 Update .gitea/workflows/docker.yml
All checks were successful
build / docker-build (push) Successful in 58s
Details
2025-10-17 13:47:39 -05:00
Mondo Diaz
d70cbdb12f Update .gitea/workflows/docker.yml
All checks were successful
build / docker-build (push) Successful in 1m7s
Details
2025-10-17 13:32:01 -05:00
Mondo Diaz
b63597345a Update .gitea/workflows/docker.yml
Some checks failed
build / docker-build (push) Failing after 9s
Details
2025-10-17 13:14:37 -05:00
Mondo Diaz
a910b8270a Merge pull request 'pipeline' (#5) from pipeline into main
Some checks failed
build / docker-build (push) Failing after 9s
Details 
Reviewed-on: mondo/SIM-Data-Platform#5
 2025-10-17 13:13:14 -05:00
Mondo Diaz
27afda2d70 add github actions 2025-10-17 13:04:21 -05:00
Armando Diaz
247d207e3b set deployment mode 2025-10-17 11:48:08 -05:00
Armando Diaz
a12df3306d decrese replicas 2025-10-17 11:34:28 -05:00
Armando Diaz
29eb7358df turn off postgres volume 2025-10-17 11:33:17 -05:00
Patel (US), Pratik
28daa5c078 Add in imagesecret template 2025-10-17 11:28:54 -05:00
Patel (US), Pratik
79f17c423b add in imagesecret 2025-10-17 11:28:39 -05:00
Armando Diaz
50bcd35e68 fix pull secret syntax 2025-10-17 11:16:42 -05:00
Armando Diaz
61cd5c471a add reg secret 2025-10-17 11:12:39 -05:00
Armando Diaz
e83ecf4717 fix values file 2025-10-17 11:05:07 -05:00
Armando Diaz
53b37c2e16 hard code values 2025-10-17 10:59:11 -05:00
Armando Diaz
a9bf480954 test deploy 2025-10-17 10:52:18 -05:00
Armando Diaz
4afbc53420 revert dockerfile config 2025-10-17 10:49:43 -05:00
Armando Diaz
d0594fb161 try npm ci instead 2025-10-17 10:08:45 -05:00
Armando Diaz
7a0e0c95aa update docker image 2025-10-17 09:55:41 -05:00
Mondo Diaz
943cd6935b Fix package age checker to handle version ranges 
- Handle version patterns like "19.2.x" and "5.x.x"
- Fetch all versions and find latest matching the pattern
- Resolve version ranges to actual version numbers before checking age

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-17 08:44:32 -05:00
Mondo Diaz
4a270dbfe3 Add npm package age verification system 
Problem: Need to ensure all npm packages are at least 2 weeks old before use

Solution:
- Created check-package-age.js script to verify package publish dates
- Added .npmrc to enforce exact version installation
- Created pin-old-versions.sh helper script
- Documented complete workflow in NPM-PACKAGE-AGE-POLICY.md

Usage:
  node scripts/check-package-age.js  # Verify all packages ≥ 2 weeks old
  npm ci                              # Install exact versions from lock file

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-17 08:43:38 -05:00
Armando Diaz
e08ab62a32 chart and ci tweaks 2025-10-17 08:13:54 -05:00
Armando Diaz
c7ae399615 fix values file location 2025-10-17 08:01:55 -05:00
Mondo Diaz
33d06bc94d Clean up Helm directory and update documentation 
- Removed deprecated chart files from helm/ root directory
- Updated all Helm documentation to reference warehouse13 chart
- Changed database name from 'datalake' to 'warehouse13' in values.yaml
- Updated helm command examples in SUMMARY.md
- Fixed migration instructions in helm/README.md
- Updated PostgreSQL backup/restore commands with correct database name

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-17 08:01:05 -05:00
Mondo Diaz
e2e5c683e4 Fix Helm template error: update _helpers.tpl to use app instead of api 
- Changed .Values.api.env.databaseUrl to .Values.app.env.databaseUrl
- This aligns with the unified architecture where api and frontend are combined into a single app
- Chart now passes helm lint successfully

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-17 07:55:51 -05:00
Armando Diaz
838e145598 fix release name 2025-10-16 21:20:15 -05:00
Mondo Diaz
15e0f886d7 Merge pull request 'main' (#4) from main into pipeline 
Reviewed-on: mondo/SIM-Data-Platform#4
 2025-10-16 21:14:55 -05:00
Armando Diaz
7c50f0a59a fix ci var 2025-10-16 20:49:49 -05:00
Armando Diaz
6508363c12 test deploy 2025-10-16 18:54:18 -05:00
Mondo Diaz
80242b9602 Reorganize project structure: move docs and scripts to proper directories 
Changes:
- Created scripts/ directory for build and utility scripts
- Moved build-for-airgap.sh to scripts/
- Moved check-ready.sh to scripts/
- Kept quickstart scripts in root for easy access
- Moved HELM-DEPLOYMENT.md to docs/

Updated references:
- README.md: Updated link to docs/HELM-DEPLOYMENT.md
- docs/DEPLOYMENT.md: Updated paths to scripts/build-for-airgap.sh
- quickstart-airgap.sh: Updated path to scripts/build-for-airgap.sh
- scripts/check-ready.sh: Updated self-reference path
- helm/warehouse13/QUICKSTART.md: Updated HELM-DEPLOYMENT.md path
- helm/README.md: Updated HELM-DEPLOYMENT.md path

Directory structure now:
/
├── README.md (root)
├── quickstart.sh (root - easy access)
├── quickstart-airgap.sh (root - easy access)
├── docs/ (all documentation)
│   ├── API.md
│   ├── ARCHITECTURE.md
│   ├── DEPLOYMENT.md
│   ├── FEATURES.md
│   ├── FRONTEND_SETUP.md
│   ├── HELM-DEPLOYMENT.md (moved here)
│   └── SUMMARY.md
├── scripts/ (build and utility scripts)
│   ├── build-for-airgap.sh (moved here)
│   └── check-ready.sh (moved here)
└── helm/
    └── warehouse13/ (Helm chart with docs)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-16 17:23:03 -05:00
Mondo Diaz
4641cbb3fa Update Helm chart to use unified app image (API + Frontend) 
Changes:
- Replaced separate api and frontend deployments with single unified app deployment
- Updated values.yaml: Changed from api/frontend configs to single app config
- Renamed templates: api-deployment.yaml → app-deployment.yaml
- Removed frontend-deployment.yaml and frontend-service.yaml (no longer needed)
- Updated app image to warehouse13/app (multi-stage Docker build)
- Combined resource allocations: 384Mi memory, 350m CPU (up from separate totals)
- Updated all example values files (dev, production, air-gapped)
- Updated NOTES.txt to reflect single service on port 8000
- Updated ingress to route all traffic to single app service
- Added ARCHITECTURE.md documenting the unified container approach

Architecture:
The application now uses a multi-stage Docker build:
1. Stage 1: Builds Angular frontend with Node
2. Stage 2: Python FastAPI backend that serves static frontend from /static

Benefits:
- Simplified deployment (1 container instead of 2)
- Reduced resource usage (no separate nginx)
- Easier scaling (1 deployment to manage)
- Consistent versioning (frontend/backend always match)

Access pattern:
- http://localhost:8000     → Angular frontend
- http://localhost:8000/api → FastAPI REST API
- http://localhost:8000/docs → API documentation
- http://localhost:8000/health → Health check

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-16 17:11:39 -05:00
Mondo Diaz
59001222a0 Add comprehensive Warehouse13 Helm chart with configurable images 
Features:
- Complete Helm chart at helm/warehouse13/ with Warehouse13 branding
- Configurable images for all components (PostgreSQL, MinIO, API, Frontend)
- Support for 3 deployment scenarios: dev, production, air-gapped
- 14 Kubernetes templates: Deployments, StatefulSets, Services, Ingress
- Persistent storage with configurable storage classes
- Health checks for all services
- Ingress with TLS support
- Security contexts and RBAC
- Comprehensive documentation:
  - HELM-DEPLOYMENT.md (main Kubernetes guide)
  - helm/warehouse13/README.md (full chart docs)
  - helm/warehouse13/QUICKSTART.md (5-min deployment)
  - Example values files (dev, production, air-gapped)
- Updated main README.md with Helm deployment instructions
- Marked old helm chart as deprecated

All component images fully configurable via values.yaml:
- postgres:15-alpine
- minio/minio:latest
- warehouse13/api:latest
- warehouse13/frontend:latest

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-10-16 17:04:12 -05:00
Armando Diaz
5e958ac8c3 helm chart updates 2025-10-16 16:41:21 -05:00
53 changed files with 4413 additions and 357 deletions
Expand all files Collapse all files

26
.gitea/workflows/docker.yml Normal file
View File

@@ -0,0 +1,26 @@
name: build
on:
push:
branches:
- main
jobs:
docker-build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Login to Docker Registry
uses: docker/login-action@v3
with:
registry: git.bitstorm.ca # e.g., docker.io for Docker Hub
username: ${{ secrets.REGISTRY_LOGIN }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: git.bitstorm.ca/bitforge/warehouse13:latest

57
.gitlab-ci.yml
View File

@@ -1,28 +1,37 @@
stages:
- test
- build
- deploy
# Test stage
test:
stage: test
allow_failure: true
image: containers.global.bsf.tools/node:20.11-alpine3.19
script:
- cd frontend
- npm config set registry https://deps.global.bsf.tools/artifactory/api/npm/registry.npmjs.org/
- npm config set strict-ssl false
- npm config fix
- npm install
build_container:
stage: build
image: deps.global.bsf.tools/quay.io/buildah/stable:latest
variables:
IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA"
before_script:
- mkdir -p /tmp/buildah-storage
- export BUILDAH_ROOT="/tmp/buildah-storage"
- echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
# build_container:
# stage: build
# image: deps.global.bsf.tools/quay.io/buildah/stable:latest
# variables:
# IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"
# before_script:
# - mkdir -p /tmp/buildah-storage
# - export BUILDAH_ROOT="/tmp/buildah-storage"
# - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
# script:
# - buildah bud --build-arg NPM_REGISTRY=https://deps.global.bsf.tools/artifactory/api/npm/registry.npmjs.org/ --storage-driver vfs --isolation chroot -t $IMAGE_NAME .
# - buildah push --storage-driver vfs $IMAGE_NAME
deploy_helm_charts:
stage: deploy
image:
name: deps.global.bsf.tools/registry-1.docker.io/alpine/k8s:1.29.12
parallel:
matrix:
# - ENV: "prod"
# VALUES_FILE: "helm/values-prod.yaml"
# CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent"
# NAMESPACE: "bsf-services-namespace"
# ONLY: "main"
- ENV: "dev"
VALUES_FILE: "helm/warehouse13/values.yaml"
CONTEXT: "esv/bsf/bsf-services/gitlab-kaas-agent-config:services-prod-agent"
NAMESPACE: "bsf-services-dev-namespace"
# ONLY: ["branches", "!main"]
script:
- buildah bud --build-arg NPM_REGISTRY=https://deps.global.bsf.tools/artifactory/api/npm/registry.npmjs.org/ --storage-driver vfs --isolation chroot -t $IMAGE_NAME .
- buildah push --storage-driver vfs $IMAGE_NAME
- kubectl config use-context $CONTEXT
- |
helm upgrade --install warehouse13-$CI_COMMIT_REF_NAME ./helm/warehouse13 --namespace $NAMESPACE -f $VALUES_FILE

2
Dockerfile
View File

@@ -1,5 +1,5 @@
# Multi-stage build: First stage builds Angular frontend
FROM node:24-alpine AS frontend-build
FROM node:20.11-alpine3.19 AS frontend-build
# Accept npm registry as build argument
ARG NPM_REGISTRY=https://registry.npmjs.org/

55
README.md
View File

@@ -214,35 +214,54 @@ MINIO_BUCKET_NAME=test-artifacts
### Kubernetes with Helm
1. Build and push Docker image:
**Quick Start:**
```bash
docker build -t your-registry/datalake:latest .
docker push your-registry/datalake:latest
helm install warehouse13 ./helm/warehouse13 --namespace warehouse13 --create-namespace
```
2. Install with Helm:
**Production Deployment:**
```bash
helm install datalake ./helm \
--set image.repository=your-registry/datalake \
--set image.tag=latest \
--namespace datalake \
--create-namespace
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--create-namespace \
--values ./helm/warehouse13/values-production.yaml
```
3. Access the API:
**Air-Gapped Deployment:**
```bash
kubectl port-forward -n datalake svc/datalake 8000:8000
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--create-namespace \
--values ./helm/warehouse13/values-airgapped.yaml
```
**Access the Application:**
```bash
kubectl port-forward -n warehouse13 svc/warehouse13-frontend 4200:80
kubectl port-forward -n warehouse13 svc/warehouse13-api 8000:8000
```
### Helm Documentation
- **Full Helm Guide:** [HELM-DEPLOYMENT.md](./docs/HELM-DEPLOYMENT.md)
- **Chart README:** [helm/warehouse13/README.md](./helm/warehouse13/README.md)
- **Quick Start:** [helm/warehouse13/QUICKSTART.md](./helm/warehouse13/QUICKSTART.md)
- **Example Configurations:**
- Development: [values-dev.yaml](./helm/warehouse13/values-dev.yaml)
- Production: [values-production.yaml](./helm/warehouse13/values-production.yaml)
- Air-Gapped: [values-airgapped.yaml](./helm/warehouse13/values-airgapped.yaml)
### Helm Configuration
Edit `helm/values.yaml` to customize:
- Replica count
- Resource limits
- Storage backend (S3 vs MinIO)
- Ingress settings
- PostgreSQL settings
- Autoscaling
All component images are fully configurable in `helm/warehouse13/values.yaml`:
- PostgreSQL image and version
- MinIO image and version
- API image and version
- Frontend image and version
- Resource limits and requests
- Storage backend configuration
- Ingress and TLS settings
- Persistence and storage classes
### GitLab CI/CD

2
docs/DEPLOYMENT.md
View File

@@ -54,7 +54,7 @@ This script will:
```bash
# Option A: Use the helper script
./build-for-airgap.sh
./scripts/build-for-airgap.sh
# Option B: Build manually
cd frontend

517
docs/HELM-DEPLOYMENT.md Normal file
View File

@@ -0,0 +1,517 @@
# Warehouse13 - Kubernetes Deployment with Helm
This guide covers deploying Warehouse13 to Kubernetes using the official Helm chart.
## Table of Contents
1. [Prerequisites](#prerequisites)
2. [Quick Start](#quick-start)
3. [Deployment Scenarios](#deployment-scenarios)
4. [Configuration](#configuration)
5. [Post-Deployment](#post-deployment)
6. [Upgrading](#upgrading)
7. [Troubleshooting](#troubleshooting)
## Prerequisites
- Kubernetes 1.19+ cluster
- Helm 3.0+
- kubectl configured to access your cluster
- Persistent volume provisioner (for production deployments)
### Installing Helm
```bash
# macOS
brew install helm
# Linux
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# Windows
choco install kubernetes-helm
```
## Quick Start
### 1. Standard Deployment (Internet Access)
```bash
# Create namespace
kubectl create namespace warehouse13
# Install with default values
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13
# Wait for pods to be ready
kubectl wait --for=condition=ready pod \
--all --namespace warehouse13 --timeout=300s
```
### 2. Access the Application
```bash
# Frontend
kubectl port-forward -n warehouse13 svc/warehouse13-frontend 4200:80
# API
kubectl port-forward -n warehouse13 svc/warehouse13-api 8000:8000
# MinIO Console
kubectl port-forward -n warehouse13 svc/warehouse13-minio 9001:9001
```
Then visit:
- Frontend: http://localhost:4200
- API Docs: http://localhost:8000/docs
- MinIO Console: http://localhost:9001
## Deployment Scenarios
### Development Environment
For local testing or CI/CD:
```bash
helm install warehouse13-dev ./helm/warehouse13 \
--namespace warehouse13-dev \
--create-namespace \
--values ./helm/warehouse13/values-dev.yaml
```
**Features:**
- Single replica for all services
- emptyDir storage (no persistence)
- Minimal resource requests
- Always pull latest dev images
### Production Environment
For production with ingress and high availability:
```bash
# First, update the values file with your domain and secrets
cp ./helm/warehouse13/values-production.yaml ./my-production-values.yaml
# Edit the file:
# - Set postgres.auth.password
# - Set minio.auth.rootUser and rootPassword
# - Set ingress.hosts[0].host to your domain
# - Update storageClass for your environment
# Install
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--create-namespace \
--values ./my-production-values.yaml
```
**Features:**
- 3 replicas for API and frontend
- Persistent storage with PVCs
- Ingress with TLS support
- Resource limits and requests
- Health checks enabled
- Pod anti-affinity for distribution
### Air-Gapped Environment
For restricted/disconnected environments:
```bash
# 1. First, push images to your internal registry
# Example using harbor.internal.example.com
# Pull images (on internet-connected machine)
docker pull postgres:15-alpine
docker pull minio/minio:latest
docker pull warehouse13/api:v1.0.0
docker pull warehouse13/frontend:v1.0.0
# Tag for internal registry
docker tag postgres:15-alpine harbor.internal.example.com/library/postgres:15-alpine
docker tag minio/minio:latest harbor.internal.example.com/library/minio:latest
docker tag warehouse13/api:v1.0.0 harbor.internal.example.com/warehouse13/api:v1.0.0
docker tag warehouse13/frontend:v1.0.0 harbor.internal.example.com/warehouse13/frontend:v1.0.0
# Push to internal registry
docker push harbor.internal.example.com/library/postgres:15-alpine
docker push harbor.internal.example.com/library/minio:latest
docker push harbor.internal.example.com/warehouse13/api:v1.0.0
docker push harbor.internal.example.com/warehouse13/frontend:v1.0.0
# 2. Update the values file with your registry
cp ./helm/warehouse13/values-airgapped.yaml ./my-airgapped-values.yaml
# Edit to match your environment:
# - Update all image.repository values
# - Set secure passwords
# - Configure storage classes
# - Add node selectors/tolerations if needed
# 3. Install on air-gapped cluster
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--create-namespace \
--values ./my-airgapped-values.yaml
```
**Features:**
- All images from custom registry
- Local storage class support
- Node selectors for specific nodes
- Tolerations for tainted nodes
## Configuration
### Configurable Images
All component images can be customized:
```yaml
# PostgreSQL
postgres:
image:
repository: postgres # or your-registry/postgres
tag: 15-alpine
pullPolicy: IfNotPresent
# MinIO
minio:
image:
repository: minio/minio # or your-registry/minio
tag: latest
pullPolicy: IfNotPresent
# API Backend
api:
image:
repository: warehouse13/api # or your-registry/warehouse13-api
tag: v1.0.0
pullPolicy: IfNotPresent
# Frontend
frontend:
image:
repository: warehouse13/frontend # or your-registry/warehouse13-frontend
tag: v1.0.0
pullPolicy: IfNotPresent
```
### Quick Image Override
```bash
# Override images from command line
helm install warehouse13 ./helm/warehouse13 \
--set postgres.image.repository=myregistry.com/postgres \
--set postgres.image.tag=15-alpine \
--set minio.image.repository=myregistry.com/minio \
--set minio.image.tag=latest \
--set api.image.repository=myregistry.com/warehouse13-api \
--set api.image.tag=v1.0.0 \
--set frontend.image.repository=myregistry.com/warehouse13-frontend \
--set frontend.image.tag=v1.0.0
```
### Storage Configuration
```yaml
# PostgreSQL storage
postgres:
persistence:
enabled: true
size: 50Gi
storageClass: "fast-ssd" # or "" for default
# MinIO storage
minio:
persistence:
enabled: true
size: 500Gi
storageClass: "bulk-storage" # or "" for default
```
### Resource Configuration
```yaml
# API resources
api:
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1Gi"
cpu: "1000m"
# Frontend resources
frontend:
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
```
### Ingress Configuration
```yaml
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: warehouse13.example.com
paths:
- path: /
pathType: Prefix
backend: frontend
- path: /api
pathType: Prefix
backend: api
tls:
- secretName: warehouse13-tls
hosts:
- warehouse13.example.com
```
## Post-Deployment
### Verify Installation
```bash
# Check all pods are running
kubectl get pods -n warehouse13
# Check services
kubectl get svc -n warehouse13
# Check PVCs
kubectl get pvc -n warehouse13
# Check ingress (if enabled)
kubectl get ingress -n warehouse13
```
### View Logs
```bash
# API logs
kubectl logs -n warehouse13 -l app.kubernetes.io/component=api --tail=100 -f
# Frontend logs
kubectl logs -n warehouse13 -l app.kubernetes.io/component=frontend --tail=100 -f
# PostgreSQL logs
kubectl logs -n warehouse13 warehouse13-postgres-0 --tail=100 -f
# MinIO logs
kubectl logs -n warehouse13 warehouse13-minio-0 --tail=100 -f
```
### Initialize MinIO Bucket
```bash
# Port-forward to MinIO console
kubectl port-forward -n warehouse13 svc/warehouse13-minio 9001:9001
# Open http://localhost:9001
# Login with credentials from values.yaml
# Create bucket: "artifacts"
```
## Upgrading
### Upgrade to New Version
```bash
# Update image tags in values file
# Then run upgrade
helm upgrade warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--values ./my-production-values.yaml \
--wait \
--timeout 10m
# Check rollout status
kubectl rollout status deployment/warehouse13-api -n warehouse13
kubectl rollout status deployment/warehouse13-frontend -n warehouse13
```
### Rollback
```bash
# View revision history
helm history warehouse13 -n warehouse13
# Rollback to previous version
helm rollback warehouse13 -n warehouse13
# Rollback to specific revision
helm rollback warehouse13 2 -n warehouse13
```
### Update Values Only
```bash
# Update configuration without changing images
helm upgrade warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--values ./my-updated-values.yaml \
--reuse-values
```
## Backup and Restore
### PostgreSQL Backup
```bash
# Create backup
kubectl exec -n warehouse13 warehouse13-postgres-0 -- \
pg_dump -U warehouse13user warehouse13 > backup-$(date +%Y%m%d).sql
# Restore
cat backup-20241016.sql | kubectl exec -i -n warehouse13 warehouse13-postgres-0 -- \
psql -U warehouse13user warehouse13
```
### MinIO Backup
```bash
# Install MinIO Client
wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
# Configure
kubectl port-forward -n warehouse13 svc/warehouse13-minio 9000:9000
mc alias set w13 http://localhost:9000 <access-key> <secret-key>
# Backup bucket
mc mirror w13/artifacts ./backup/artifacts-$(date +%Y%m%d)
# Restore
mc mirror ./backup/artifacts-20241016 w13/artifacts
```
### Full Backup
```bash
# Backup all PVCs
for pvc in $(kubectl get pvc -n warehouse13 -o name); do
pvc_name=$(basename $pvc)
kubectl get -n warehouse13 $pvc -o yaml > backup-${pvc_name}.yaml
done
# Backup Helm values
helm get values warehouse13 -n warehouse13 > backup-values.yaml
```
## Troubleshooting
### Pods Not Starting
```bash
# Check pod status
kubectl get pods -n warehouse13
# Describe pod for events
kubectl describe pod <pod-name> -n warehouse13
# Check logs
kubectl logs <pod-name> -n warehouse13
# Common issues:
# - ImagePullBackOff: Check image repository and credentials
# - Pending: Check PVC status and node resources
# - CrashLoopBackOff: Check application logs
```
### PVC Issues
```bash
# Check PVC status
kubectl get pvc -n warehouse13
# Describe PVC
kubectl describe pvc <pvc-name> -n warehouse13
# Common issues:
# - Pending: No storage class or insufficient storage
# - Bound: PVC is healthy
```
### Database Connection Issues
```bash
# Test PostgreSQL connection
kubectl exec -it -n warehouse13 warehouse13-postgres-0 -- \
psql -U warehouse13user -d warehouse13
# Check database logs
kubectl logs -n warehouse13 warehouse13-postgres-0 --tail=100
# Verify secret
kubectl get secret -n warehouse13 warehouse13-secrets -o yaml
```
### Ingress Not Working
```bash
# Check ingress status
kubectl get ingress -n warehouse13
kubectl describe ingress -n warehouse13 warehouse13-ingress
# Check ingress controller logs
kubectl logs -n ingress-nginx -l app.kubernetes.io/component=controller
# Verify TLS certificate
kubectl get certificate -n warehouse13
kubectl describe certificate -n warehouse13 warehouse13-tls
```
### Performance Issues
```bash
# Check resource usage
kubectl top pods -n warehouse13
kubectl top nodes
# Check if pods are being throttled
kubectl describe pod <pod-name> -n warehouse13 | grep -A 5 "State:"
# Increase resources
helm upgrade warehouse13 ./helm/warehouse13 \
--set api.resources.limits.memory=2Gi \
--set api.resources.limits.cpu=2000m
```
## Uninstalling
```bash
# Uninstall the release
helm uninstall warehouse13 -n warehouse13
# Delete PVCs (data will be lost!)
kubectl delete pvc -n warehouse13 -l app.kubernetes.io/instance=warehouse13
# Delete namespace
kubectl delete namespace warehouse13
```
## Additional Resources
- [Helm Chart README](./helm/warehouse13/README.md)
- [Values Documentation](./helm/warehouse13/values.yaml)
- [Docker Deployment Guide](./DEPLOYMENT.md)
- [Main README](./README.md)
## Support
For issues and questions:
- GitHub Issues: https://github.com/yourusername/warehouse13/issues
- Helm Chart Issues: Tag with `helm` label

220
docs/NPM-PACKAGE-AGE-POLICY.md Normal file
View File

@@ -0,0 +1,220 @@
# NPM Package Age Policy
## Requirement
All npm packages must be **at least 2 weeks old** before they can be used in this project. This ensures:
- Package stability
- Security vulnerability disclosure time
- Compliance with organizational security policies
## How It Works
### 1. Package Version Pinning
The project uses exact version pinning in `package.json` to prevent automatic updates:
```json
{
"dependencies": {
"@angular/core": "19.2.7", // Exact version, not "^19.2.7" or "~19.2.7"
// ...
}
}
```
The `frontend/.npmrc` file enforces this:
```
save-exact=true
package-lock=true
```
### 2. Automated Age Checking
Use the provided script to verify all packages meet the 2-week requirement:
```bash
# Check if all packages are at least 2 weeks old
node scripts/check-package-age.js
```
This script:
- Queries npm registry for publish dates
- Calculates age of each package
- Fails if any package is newer than 14 days
- Shows detailed age information for all packages
### 3. Installation Process
**Always use `npm ci` instead of `npm install`:**
```bash
cd frontend
npm ci # Installs exact versions from package-lock.json
```
**Why `npm ci`?**
- Uses exact versions from `package-lock.json`
- Doesn't update `package-lock.json`
- Ensures reproducible builds
- Faster than `npm install`
## Updating Packages
When you need to add or update packages:
### Step 1: Add Package to package.json
```bash
# Find a version that's at least 2 weeks old
npm view <package-name> time
# Add exact version to package.json
"dependencies": {
"new-package": "1.2.3"
}
```
### Step 2: Verify Age
```bash
node scripts/check-package-age.js
```
### Step 3: Update Lock File
```bash
cd frontend
npm install --package-lock-only
```
### Step 4: Install and Test
```bash
npm ci
npm run build:prod
```
## CI/CD Integration
Add the age check to your CI/CD pipeline:
### GitLab CI Example
```yaml
verify_package_age:
stage: validate
image: node:18-alpine
script:
- node scripts/check-package-age.js
only:
- merge_requests
- main
```
### GitHub Actions Example
```yaml
- name: Check Package Age
run: node scripts/check-package-age.js
```
## Troubleshooting
### "Package is too new" Error
If a package fails the age check:
1. **Find an older version:**
```bash
npm view <package-name> versions --json
npm view <package-name>@<older-version> time
```
2. **Update package.json with older version**
3. **Re-run age check:**
```bash
node scripts/check-package-age.js
```
### Can't Find Old Enough Version
If no version meets the 2-week requirement:
- Wait until the package is at least 2 weeks old
- Look for alternative packages
- Request an exception through your security team
## Example Workflow
```bash
# 1. Check current package ages
node scripts/check-package-age.js
# 2. If all pass, install dependencies
cd frontend
npm ci
# 3. Build application
npm run build:prod
# 4. For air-gapped deployment
../scripts/build-for-airgap.sh
```
## Scripts Reference
| Script | Purpose |
|--------|---------|
| `scripts/check-package-age.js` | Verify all packages are ≥ 2 weeks old |
| `scripts/pin-old-versions.sh` | Helper script to validate and pin versions |
| `scripts/build-for-airgap.sh` | Build frontend for air-gapped deployment |
## Best Practices
1. **Always commit `package-lock.json`**
- Ensures everyone uses the same versions
- Required for reproducible builds
2. **Use `npm ci` in CI/CD**
- Faster than `npm install`
- Enforces lock file versions
- Prevents surprises
3. **Regular audits**
```bash
# Check for security vulnerabilities
npm audit
# Check package ages
node scripts/check-package-age.js
```
4. **Version ranges to avoid**
- ❌ `^1.2.3` (allows minor/patch updates)
- ❌ `~1.2.3` (allows patch updates)
- ❌ `*` or `latest` (allows any version)
- ✅ `1.2.3` (exact version only)
## Package Age Check Output
```
Checking package ages (must be at least 2 weeks old)...
✓ @angular/common@19.2.7 - 45 days old
✓ @angular/compiler@19.2.7 - 45 days old
✓ rxjs@7.8.0 - 180 days old
❌ new-package@1.0.0 - 5 days old (published 2025-01-12)
================================================================================
❌ FAILED: 1 package(s) are newer than 2 weeks:
- new-package@1.0.0 (5 days old, published 2025-01-12)
```
## Support
For questions or exceptions:
- Review with security team
- Document in project README
- Update this policy as needed

7
docs/SUMMARY.md
View File

@@ -164,7 +164,7 @@ curl -X POST "http://localhost:8000/api/v1/artifacts/query" \
make deploy
# Or directly with Helm
helm install datalake ./helm --namespace datalake --create-namespace
helm install warehouse13 ./helm/warehouse13 --namespace warehouse13 --create-namespace
```
## Feature Flags Usage
@@ -190,9 +190,8 @@ AWS_REGION=us-east-1
S3_BUCKET_NAME=your-bucket
# Deploy
helm install datalake ./helm \
--set config.deploymentMode=cloud \
--set aws.enabled=true
helm install warehouse13 ./helm/warehouse13 \
--set global.deploymentMode=cloud
```
## What's Next

134
frontend/src/app/app.css
View File

@@ -0,0 +1,134 @@
/* App Layout */
.app-layout {
display: flex;
min-height: 100vh;
background: #0f172a;
color: #e2e8f0;
}
.main-content {
flex: 1;
display: flex;
flex-direction: column;
margin-right: 280px;
transition: margin-right 0.3s cubic-bezier(0.4, 0, 0.2, 1);
}
.main-content.sidebar-collapsed {
margin-right: 80px;
}
/* Top Header */
.top-header {
display: flex;
align-items: center;
justify-content: space-between;
padding: 16px 32px;
background: #1e293b;
border-bottom: 1px solid rgba(255, 255, 255, 0.1);
position: sticky;
top: 0;
z-index: 100;
}
.top-header h1 {
display: flex;
align-items: center;
gap: 12px;
font-size: 20px;
font-weight: 600;
color: #f1f5f9;
margin: 0;
}
.logo {
font-family: 'Courier New', monospace;
color: #3b82f6;
font-weight: 700;
letter-spacing: -1px;
}
.header-info {
display: flex;
gap: 12px;
align-items: center;
}
.badge {
padding: 6px 14px;
background: rgba(59, 130, 246, 0.1);
color: #3b82f6;
border-radius: 12px;
font-size: 12px;
font-weight: 500;
border: 1px solid rgba(59, 130, 246, 0.2);
}
/* Content Area */
.content-area {
flex: 1;
padding: 24px;
overflow-y: auto;
}
/* Responsive Adjustments */
@media (max-width: 1024px) {
.main-content {
margin-right: 240px;
}
}
@media (max-width: 768px) {
.main-content {
margin-right: 0;
}
.top-header {
padding: 12px 16px;
}
.top-header h1 {
font-size: 18px;
}
.content-area {
padding: 16px;
}
.header-info {
flex-direction: column;
gap: 6px;
align-items: flex-end;
}
}
/* Smooth Scrolling */
.content-area::-webkit-scrollbar {
width: 8px;
}
.content-area::-webkit-scrollbar-thumb {
background: rgba(59, 130, 246, 0.3);
border-radius: 4px;
}
.content-area::-webkit-scrollbar-track {
background: rgba(0, 0, 0, 0.1);
}
/* Global Material Icons Sizing */
.material-icons.md-16 {
font-size: 16px;
}
.material-icons.md-18 {
font-size: 18px;
}
.material-icons.md-20 {
font-size: 20px;
}
.material-icons.md-24 {
font-size: 24px;
}

6
frontend/src/app/app.routes.ts
View File

@@ -2,10 +2,14 @@ import { Routes } from '@angular/router';
import { ArtifactsListComponent } from './components/artifacts-list/artifacts-list';
import { UploadFormComponent } from './components/upload-form/upload-form';
import { QueryFormComponent } from './components/query-form/query-form';
import { SettingsComponent } from './components/settings/settings';
import { ProfileComponent } from './components/profile/profile';
export const routes: Routes = [
{ path: '', redirectTo: '/artifacts', pathMatch: 'full' },
{ path: 'artifacts', component: ArtifactsListComponent },
{ path: 'upload', component: UploadFormComponent },
{ path: 'query', component: QueryFormComponent }
{ path: 'query', component: QueryFormComponent },
{ path: 'settings', component: SettingsComponent },
{ path: 'profile', component: ProfileComponent }
];

47
frontend/src/app/app.ts
View File

@@ -1,36 +1,30 @@
import { Component, OnInit } from '@angular/core';
import { CommonModule } from '@angular/common';
import { RouterOutlet, RouterLink, RouterLinkActive } from '@angular/router';
import { provideHttpClient } from '@angular/common/http';
import { RouterOutlet } from '@angular/router';
import { ArtifactService } from './services/artifact';
import { NavSidebarComponent } from './components/nav-sidebar/nav-sidebar';
@Component({
selector: 'app-root',
standalone: true,
imports: [CommonModule, RouterOutlet, RouterLink, RouterLinkActive],
imports: [CommonModule, RouterOutlet, NavSidebarComponent],
template: `
<div class="container">
<header>
<h1><span class="logo">[W13]</span></h1>
<div class="header-info">
<span class="badge">{{ deploymentMode }}</span>
<span class="badge">{{ storageBackend }}</span>
<div class="app-layout">
<app-nav-sidebar (sidebarToggled)="onSidebarToggle($event)"></app-nav-sidebar>
<main class="main-content" [class.sidebar-collapsed]="isSidebarCollapsed">
<header class="top-header">
<h1><span class="logo">[W13]</span> Warehouse13</h1>
<div class="header-info">
<span class="badge">{{ deploymentMode }}</span>
<span class="badge">{{ storageBackend }}</span>
</div>
</header>
<div class="content-area">
<router-outlet></router-outlet>
</div>
</header>
<nav class="tabs">
<a routerLink="/artifacts" routerLinkActive="active" class="tab-button">
<span class="material-icons md-16">storage</span> Artifacts
</a>
<a routerLink="/upload" routerLinkActive="active" class="tab-button">
<span class="material-icons md-16">upload</span> Upload
</a>
<a routerLink="/query" routerLinkActive="active" class="tab-button">
<span class="material-icons md-16">search</span> Query
</a>
</nav>
<router-outlet></router-outlet>
</main>
</div>
`,
styleUrls: ['./app.css']
@@ -38,6 +32,7 @@ import { ArtifactService } from './services/artifact';
export class AppComponent implements OnInit {
deploymentMode: string = '';
storageBackend: string = '';
isSidebarCollapsed: boolean = false;
constructor(private artifactService: ArtifactService) {}
@@ -50,4 +45,8 @@ export class AppComponent implements OnInit {
error: (err) => console.error('Failed to load API info:', err)
});
}
onSidebarToggle(isCollapsed: boolean) {
this.isSidebarCollapsed = isCollapsed;
}
}

276
frontend/src/app/components/nav-sidebar/nav-sidebar.css Normal file
View File

@@ -0,0 +1,276 @@
.sidebar {
position: fixed;
right: 0;
top: 0;
height: 100vh;
background: linear-gradient(180deg, #1e293b 0%, #0f172a 100%);
box-shadow: -4px 0 24px rgba(0, 0, 0, 0.3);
transition: width 0.3s cubic-bezier(0.4, 0, 0.2, 1);
width: 280px;
display: flex;
flex-direction: column;
z-index: 1000;
overflow: hidden;
}
.sidebar.collapsed {
width: 80px;
}
/* Toggle Button */
.toggle-btn {
position: absolute;
left: -18px;
top: 20px;
width: 36px;
height: 36px;
border-radius: 50%;
background: #3b82f6;
border: 2px solid #0f172a;
color: white;
cursor: pointer;
display: flex;
align-items: center;
justify-content: center;
box-shadow: 0 2px 12px rgba(59, 130, 246, 0.5);
transition: all 0.2s ease;
z-index: 1001;
overflow: visible;
}
.toggle-btn:hover {
background: #2563eb;
transform: scale(1.1);
box-shadow: 0 4px 16px rgba(59, 130, 246, 0.6);
}
.toggle-btn .material-icons {
font-size: 22px;
line-height: 1;
display: flex;
align-items: center;
justify-content: center;
}
/* User Section */
.user-section {
padding: 24px 16px;
border-bottom: 1px solid rgba(255, 255, 255, 0.1);
display: flex;
flex-direction: column;
align-items: center;
gap: 12px;
margin-top: 40px;
}
.sidebar.collapsed .user-section {
padding: 24px 8px;
}
.user-avatar {
width: 56px;
height: 56px;
border-radius: 50%;
background: linear-gradient(135deg, #3b82f6 0%, #8b5cf6 100%);
display: flex;
align-items: center;
justify-content: center;
flex-shrink: 0;
transition: all 0.3s ease;
}
.sidebar.collapsed .user-avatar {
width: 48px;
height: 48px;
}
.avatar-text {
font-size: 20px;
font-weight: 600;
color: white;
letter-spacing: 1px;
}
.user-info {
text-align: center;
width: 100%;
overflow: hidden;
}
.user-name {
font-size: 16px;
font-weight: 600;
color: #f1f5f9;
margin-bottom: 4px;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
}
.user-email {
font-size: 12px;
color: #94a3b8;
margin-bottom: 6px;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
}
.user-role {
font-size: 11px;
color: #3b82f6;
background: rgba(59, 130, 246, 0.1);
padding: 4px 12px;
border-radius: 12px;
display: inline-block;
}
/* Navigation Items */
.nav-items {
flex: 1;
padding: 16px 8px;
overflow-y: auto;
overflow-x: hidden;
}
.nav-items::-webkit-scrollbar {
width: 6px;
}
.nav-items::-webkit-scrollbar-thumb {
background: rgba(255, 255, 255, 0.2);
border-radius: 3px;
}
.nav-items::-webkit-scrollbar-track {
background: transparent;
}
.nav-item {
display: flex;
align-items: center;
gap: 16px;
padding: 12px 16px;
margin-bottom: 4px;
border-radius: 8px;
color: #cbd5e1;
text-decoration: none;
transition: all 0.2s ease;
cursor: pointer;
position: relative;
}
.sidebar.collapsed .nav-item {
justify-content: center;
padding: 12px 8px;
}
.nav-item:hover {
background: rgba(59, 130, 246, 0.1);
color: #3b82f6;
}
.nav-item.active {
background: rgba(59, 130, 246, 0.15);
color: #3b82f6;
}
.nav-item.active::before {
content: '';
position: absolute;
left: 0;
top: 50%;
transform: translateY(-50%);
width: 4px;
height: 24px;
background: #3b82f6;
border-radius: 0 4px 4px 0;
}
.nav-icon {
font-size: 24px;
flex-shrink: 0;
}
.nav-label {
font-size: 14px;
font-weight: 500;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
}
.sidebar.collapsed .nav-label {
display: none;
}
/* Footer */
.sidebar-footer {
padding: 16px;
border-top: 1px solid rgba(255, 255, 255, 0.1);
}
.app-info {
text-align: center;
}
.app-name {
font-size: 14px;
font-weight: 600;
color: #f1f5f9;
margin-bottom: 4px;
}
.app-version {
font-size: 11px;
color: #64748b;
}
/* Responsive Design */
@media (max-width: 1024px) {
.sidebar {
width: 240px;
}
.sidebar.collapsed {
width: 70px;
}
}
@media (max-width: 768px) {
.sidebar {
width: 100%;
transform: translateX(100%);
}
.sidebar:not(.collapsed) {
transform: translateX(0);
}
.sidebar.collapsed {
width: 60px;
transform: translateX(0);
}
.toggle-btn {
left: auto;
right: 16px;
}
}
/* Animations */
@keyframes slideIn {
from {
opacity: 0;
transform: translateX(20px);
}
to {
opacity: 1;
transform: translateX(0);
}
}
.nav-label,
.user-info {
animation: slideIn 0.3s ease;
}

40
frontend/src/app/components/nav-sidebar/nav-sidebar.html Normal file
View File

@@ -0,0 +1,40 @@
<aside class="sidebar" [class.collapsed]="isCollapsed">
<!-- Toggle Button -->
<button class="toggle-btn" (click)="toggleSidebar()" aria-label="Toggle sidebar">
<span class="material-icons">{{ isCollapsed ? 'chevron_right' : 'chevron_left' }}</span>
</button>
<!-- User Profile Section -->
<div class="user-section">
<div class="user-avatar">
<span class="avatar-text">{{ user.avatar }}</span>
</div>
<div class="user-info" *ngIf="!isCollapsed">
<div class="user-name">{{ user.name }}</div>
<div class="user-email">{{ user.email }}</div>
<div class="user-role">{{ user.role }}</div>
</div>
</div>
<!-- Navigation Items -->
<nav class="nav-items">
<a
*ngFor="let item of navItems"
[routerLink]="item.route"
routerLinkActive="active"
class="nav-item"
[attr.aria-label]="item.label"
>
<span class="material-icons nav-icon">{{ item.icon }}</span>
<span class="nav-label" *ngIf="!isCollapsed">{{ item.label }}</span>
</a>
</nav>
<!-- App Info Footer -->
<div class="sidebar-footer" *ngIf="!isCollapsed">
<div class="app-info">
<div class="app-name">Warehouse13</div>
<div class="app-version">v1.0.0</div>
</div>
</div>
</aside>

43
frontend/src/app/components/nav-sidebar/nav-sidebar.ts Normal file
View File

@@ -0,0 +1,43 @@
import { Component, Output, EventEmitter } from '@angular/core';
import { CommonModule } from '@angular/common';
import { RouterLink, RouterLinkActive } from '@angular/router';
interface NavItem {
route: string;
label: string;
icon: string;
}
@Component({
selector: 'app-nav-sidebar',
standalone: true,
imports: [CommonModule, RouterLink, RouterLinkActive],
templateUrl: './nav-sidebar.html',
styleUrls: ['./nav-sidebar.css']
})
export class NavSidebarComponent {
isCollapsed = false;
@Output() sidebarToggled = new EventEmitter<boolean>();
// Hardcoded user data for now (will be replaced with OAuth)
user = {
name: 'John Doe',
email: 'john.doe@warehouse13.com',
avatar: 'JD',
role: 'Administrator'
};
navItems: NavItem[] = [
{ route: '/artifacts', label: 'Artifacts', icon: 'inventory_2' },
{ route: '/upload', label: 'Upload', icon: 'cloud_upload' },
{ route: '/query', label: 'Query', icon: 'search' },
{ route: '/profile', label: 'Profile', icon: 'person' },
{ route: '/settings', label: 'Settings', icon: 'settings' }
];
toggleSidebar() {
this.isCollapsed = !this.isCollapsed;
this.sidebarToggled.emit(this.isCollapsed);
}
}

395
frontend/src/app/components/profile/profile.css Normal file
View File

@@ -0,0 +1,395 @@
.profile-container {
max-width: 1000px;
margin: 0 auto;
padding: 24px;
}
.page-header {
margin-bottom: 32px;
}
.page-header h1 {
display: flex;
align-items: center;
gap: 12px;
font-size: 28px;
font-weight: 600;
color: #f1f5f9;
margin: 0 0 8px 0;
}
.page-header h1 .material-icons {
font-size: 32px;
color: #3b82f6;
}
.subtitle {
color: #94a3b8;
margin: 0;
}
.profile-content {
display: flex;
flex-direction: column;
gap: 24px;
}
/* Profile Card */
.profile-card {
background: #1e293b;
border-radius: 12px;
padding: 32px;
border: 1px solid rgba(255, 255, 255, 0.1);
}
.profile-header {
display: flex;
align-items: flex-start;
gap: 24px;
margin-bottom: 32px;
}
.profile-avatar-large {
width: 100px;
height: 100px;
border-radius: 50%;
background: linear-gradient(135deg, #3b82f6 0%, #8b5cf6 100%);
display: flex;
align-items: center;
justify-content: center;
flex-shrink: 0;
box-shadow: 0 4px 24px rgba(59, 130, 246, 0.3);
}
.avatar-text {
font-size: 36px;
font-weight: 600;
color: white;
letter-spacing: 2px;
}
.profile-info {
flex: 1;
}
.profile-info h2 {
font-size: 24px;
font-weight: 600;
color: #f1f5f9;
margin: 0 0 8px 0;
}
.email {
color: #94a3b8;
margin: 0 0 12px 0;
font-size: 14px;
}
.profile-meta {
display: flex;
align-items: center;
gap: 16px;
}
.badge-role {
padding: 6px 14px;
border-radius: 12px;
font-size: 12px;
font-weight: 500;
background: rgba(59, 130, 246, 0.1);
color: #3b82f6;
}
.department {
display: flex;
align-items: center;
gap: 6px;
color: #cbd5e1;
font-size: 13px;
}
.department .material-icons {
font-size: 18px;
}
.btn-edit {
padding: 10px 20px;
border-radius: 8px;
border: 1px solid #3b82f6;
background: transparent;
color: #3b82f6;
cursor: pointer;
transition: all 0.2s ease;
display: flex;
align-items: center;
gap: 8px;
font-size: 14px;
}
.btn-edit:hover {
background: rgba(59, 130, 246, 0.1);
}
.profile-details {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
gap: 24px;
padding-top: 24px;
border-top: 1px solid rgba(255, 255, 255, 0.1);
}
.detail-item {
display: flex;
align-items: flex-start;
gap: 12px;
}
.detail-item > .material-icons {
font-size: 20px;
color: #64748b;
margin-top: 2px;
}
.detail-item label {
display: block;
font-size: 12px;
color: #94a3b8;
margin-bottom: 4px;
}
.detail-item span {
display: block;
font-size: 14px;
color: #f1f5f9;
}
/* Stats Grid */
.stats-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
gap: 16px;
}
.stat-card {
background: #1e293b;
border-radius: 12px;
padding: 20px;
border: 1px solid rgba(255, 255, 255, 0.1);
display: flex;
align-items: center;
gap: 16px;
transition: all 0.2s ease;
}
.stat-card:hover {
border-color: #3b82f6;
transform: translateY(-2px);
}
.stat-icon {
font-size: 36px;
color: #3b82f6;
}
.stat-info {
flex: 1;
}
.stat-value {
font-size: 24px;
font-weight: 600;
color: #f1f5f9;
margin-bottom: 4px;
}
.stat-label {
font-size: 12px;
color: #94a3b8;
}
/* Activity Section */
.activity-section,
.security-section {
background: #1e293b;
border-radius: 12px;
padding: 24px;
border: 1px solid rgba(255, 255, 255, 0.1);
}
.activity-section h2,
.security-section h2 {
display: flex;
align-items: center;
gap: 12px;
font-size: 18px;
font-weight: 600;
color: #f1f5f9;
margin: 0 0 20px 0;
padding-bottom: 12px;
border-bottom: 1px solid rgba(255, 255, 255, 0.1);
}
.activity-section h2 .material-icons,
.security-section h2 .material-icons {
font-size: 24px;
color: #3b82f6;
}
.activity-list {
display: flex;
flex-direction: column;
gap: 16px;
}
.activity-item {
display: flex;
align-items: center;
gap: 16px;
padding: 12px;
background: rgba(15, 23, 42, 0.5);
border-radius: 8px;
transition: all 0.2s ease;
}
.activity-item:hover {
background: rgba(59, 130, 246, 0.05);
}
.activity-icon {
width: 40px;
height: 40px;
border-radius: 8px;
background: rgba(59, 130, 246, 0.1);
display: flex;
align-items: center;
justify-content: center;
flex-shrink: 0;
}
.activity-icon .material-icons {
font-size: 20px;
color: #3b82f6;
}
.activity-details {
flex: 1;
}
.activity-action {
font-size: 14px;
color: #f1f5f9;
margin-bottom: 4px;
}
.activity-file {
font-size: 12px;
color: #94a3b8;
}
.activity-time {
font-size: 12px;
color: #64748b;
white-space: nowrap;
}
/* Security Section */
.security-content {
display: flex;
flex-direction: column;
gap: 16px;
}
.security-item {
display: flex;
align-items: center;
justify-content: space-between;
padding: 16px;
background: rgba(15, 23, 42, 0.5);
border-radius: 8px;
}
.security-info {
display: flex;
align-items: flex-start;
gap: 16px;
flex: 1;
}
.security-info > .material-icons {
font-size: 24px;
color: #64748b;
margin-top: 2px;
}
.security-info h3 {
font-size: 15px;
font-weight: 500;
color: #f1f5f9;
margin: 0 0 4px 0;
}
.security-info p {
font-size: 13px;
color: #94a3b8;
margin: 0;
}
.btn-secondary {
padding: 8px 16px;
border-radius: 8px;
border: 1px solid #334155;
background: transparent;
color: #cbd5e1;
cursor: pointer;
transition: all 0.2s ease;
font-size: 13px;
}
.btn-secondary:hover {
background: rgba(59, 130, 246, 0.1);
border-color: #3b82f6;
color: #3b82f6;
}
/* Responsive */
@media (max-width: 768px) {
.profile-container {
padding: 16px;
}
.profile-header {
flex-direction: column;
text-align: center;
}
.profile-avatar-large {
margin: 0 auto;
}
.profile-info {
text-align: center;
}
.profile-meta {
justify-content: center;
}
.btn-edit {
width: 100%;
justify-content: center;
}
.stats-grid {
grid-template-columns: 1fr;
}
.security-item {
flex-direction: column;
align-items: flex-start;
gap: 12px;
}
.btn-secondary {
width: 100%;
}
}

128
frontend/src/app/components/profile/profile.html Normal file
View File

@@ -0,0 +1,128 @@
<div class="profile-container">
<header class="page-header">
<h1>
<span class="material-icons">person</span>
Profile
</h1>
<p class="subtitle">Manage your account information</p>
</header>
<div class="profile-content">
<!-- User Info Card -->
<section class="profile-card">
<div class="profile-header">
<div class="profile-avatar-large">
<span class="avatar-text">{{ user.avatar }}</span>
</div>
<div class="profile-info">
<h2>{{ user.name }}</h2>
<p class="email">{{ user.email }}</p>
<div class="profile-meta">
<span class="badge badge-role">{{ user.role }}</span>
<span class="department">
<span class="material-icons">business</span>
{{ user.department }}
</span>
</div>
</div>
<button class="btn-edit">
<span class="material-icons">edit</span>
Edit Profile
</button>
</div>
<div class="profile-details">
<div class="detail-item">
<span class="material-icons">event</span>
<div>
<label>Joined</label>
<span>{{ user.joinDate }}</span>
</div>
</div>
<div class="detail-item">
<span class="material-icons">schedule</span>
<div>
<label>Last Login</label>
<span>{{ user.lastLogin }}</span>
</div>
</div>
</div>
</section>
<!-- Stats Grid -->
<section class="stats-grid">
<div class="stat-card" *ngFor="let stat of stats">
<span class="material-icons stat-icon">{{ stat.icon }}</span>
<div class="stat-info">
<div class="stat-value">{{ stat.value }}</div>
<div class="stat-label">{{ stat.label }}</div>
</div>
</div>
</section>
<!-- Recent Activity -->
<section class="activity-section">
<h2>
<span class="material-icons">history</span>
Recent Activity
</h2>
<div class="activity-list">
<div class="activity-item" *ngFor="let activity of recentActivity">
<div class="activity-icon">
<span class="material-icons">{{
activity.action.includes('Uploaded') ? 'cloud_upload' :
activity.action.includes('query') ? 'search' :
activity.action.includes('Downloaded') ? 'cloud_download' :
'settings'
}}</span>
</div>
<div class="activity-details">
<div class="activity-action">{{ activity.action }}</div>
<div class="activity-file">{{ activity.file }}</div>
</div>
<div class="activity-time">{{ activity.time }}</div>
</div>
</div>
</section>
<!-- Security Section -->
<section class="security-section">
<h2>
<span class="material-icons">security</span>
Security
</h2>
<div class="security-content">
<div class="security-item">
<div class="security-info">
<span class="material-icons">lock</span>
<div>
<h3>Password</h3>
<p>Last changed 3 months ago</p>
</div>
</div>
<button class="btn-secondary">Change Password</button>
</div>
<div class="security-item">
<div class="security-info">
<span class="material-icons">verified_user</span>
<div>
<h3>Two-Factor Authentication</h3>
<p>Add an extra layer of security</p>
</div>
</div>
<button class="btn-secondary">Enable 2FA</button>
</div>
<div class="security-item">
<div class="security-info">
<span class="material-icons">devices</span>
<div>
<h3>Active Sessions</h3>
<p>Manage your active login sessions</p>
</div>
</div>
<button class="btn-secondary">View Sessions</button>
</div>
</div>
</section>
</div>
</div>

36
frontend/src/app/components/profile/profile.ts Normal file
View File

@@ -0,0 +1,36 @@
import { Component } from '@angular/core';
import { CommonModule } from '@angular/common';
@Component({
selector: 'app-profile',
standalone: true,
imports: [CommonModule],
templateUrl: './profile.html',
styleUrls: ['./profile.css']
})
export class ProfileComponent {
// Hardcoded user data (will be replaced with OAuth integration)
user = {
name: 'John Doe',
email: 'john.doe@warehouse13.com',
avatar: 'JD',
role: 'Administrator',
department: 'Engineering',
joinDate: 'January 15, 2024',
lastLogin: 'October 16, 2025, 2:30 PM'
};
stats = [
{ label: 'Artifacts Uploaded', value: '1,234', icon: 'cloud_upload' },
{ label: 'Queries Run', value: '567', icon: 'search' },
{ label: 'Storage Used', value: '45.2 GB', icon: 'storage' },
{ label: 'Active Since', value: '9 months', icon: 'schedule' }
];
recentActivity = [
{ action: 'Uploaded artifact', file: 'test_results.csv', time: '2 hours ago' },
{ action: 'Ran query', file: 'integration tests', time: '5 hours ago' },
{ action: 'Downloaded artifact', file: 'performance_metrics.json', time: '1 day ago' },
{ action: 'Updated settings', file: 'notification preferences', time: '2 days ago' }
];
}

227
frontend/src/app/components/settings/settings.css Normal file
View File

@@ -0,0 +1,227 @@
.settings-container {
max-width: 900px;
margin: 0 auto;
padding: 24px;
}
.page-header {
margin-bottom: 32px;
}
.page-header h1 {
display: flex;
align-items: center;
gap: 12px;
font-size: 28px;
font-weight: 600;
color: #f1f5f9;
margin: 0 0 8px 0;
}
.page-header h1 .material-icons {
font-size: 32px;
color: #3b82f6;
}
.subtitle {
color: #94a3b8;
margin: 0;
}
.settings-content {
display: flex;
flex-direction: column;
gap: 24px;
}
.settings-section {
background: #1e293b;
border-radius: 12px;
padding: 24px;
border: 1px solid rgba(255, 255, 255, 0.1);
}
.settings-section h2 {
font-size: 18px;
font-weight: 600;
color: #f1f5f9;
margin: 0 0 20px 0;
padding-bottom: 12px;
border-bottom: 1px solid rgba(255, 255, 255, 0.1);
}
.setting-item {
display: flex;
align-items: center;
justify-content: space-between;
padding: 16px 0;
border-bottom: 1px solid rgba(255, 255, 255, 0.05);
}
.setting-item:last-child {
border-bottom: none;
}
.setting-info {
display: flex;
align-items: flex-start;
gap: 16px;
flex: 1;
}
.setting-info > .material-icons {
font-size: 24px;
color: #64748b;
margin-top: 2px;
}
.setting-info h3 {
font-size: 15px;
font-weight: 500;
color: #f1f5f9;
margin: 0 0 4px 0;
}
.setting-info p {
font-size: 13px;
color: #94a3b8;
margin: 0;
}
.setting-control {
display: flex;
align-items: center;
gap: 12px;
}
/* Toggle Switch */
.toggle-switch {
position: relative;
display: inline-block;
width: 48px;
height: 26px;
}
.toggle-switch input {
opacity: 0;
width: 0;
height: 0;
}
.slider {
position: absolute;
cursor: pointer;
top: 0;
left: 0;
right: 0;
bottom: 0;
background-color: #334155;
transition: 0.3s;
border-radius: 26px;
}
.slider:before {
position: absolute;
content: "";
height: 20px;
width: 20px;
left: 3px;
bottom: 3px;
background-color: white;
transition: 0.3s;
border-radius: 50%;
}
input:checked + .slider {
background-color: #3b82f6;
}
input:checked + .slider:before {
transform: translateX(22px);
}
/* Theme Buttons */
.theme-btn {
padding: 8px 20px;
border-radius: 8px;
border: 1px solid #334155;
background: transparent;
color: #cbd5e1;
cursor: pointer;
transition: all 0.2s ease;
font-size: 14px;
}
.theme-btn:hover {
background: rgba(59, 130, 246, 0.1);
border-color: #3b82f6;
color: #3b82f6;
}
.theme-btn.active {
background: #3b82f6;
border-color: #3b82f6;
color: white;
}
/* Buttons */
.btn-secondary {
padding: 8px 16px;
border-radius: 8px;
border: 1px solid #334155;
background: transparent;
color: #cbd5e1;
cursor: pointer;
transition: all 0.2s ease;
font-size: 13px;
text-decoration: none;
display: inline-block;
}
.btn-secondary:hover {
background: rgba(59, 130, 246, 0.1);
border-color: #3b82f6;
color: #3b82f6;
}
/* Badge */
.badge {
padding: 4px 12px;
border-radius: 12px;
font-size: 12px;
font-weight: 500;
}
.badge-success {
background: rgba(34, 197, 94, 0.1);
color: #22c55e;
}
/* Code */
.endpoint {
padding: 6px 12px;
background: #0f172a;
border: 1px solid #334155;
border-radius: 6px;
font-family: 'Courier New', monospace;
font-size: 13px;
color: #3b82f6;
}
/* Responsive */
@media (max-width: 768px) {
.settings-container {
padding: 16px;
}
.setting-item {
flex-direction: column;
align-items: flex-start;
gap: 12px;
}
.setting-control {
width: 100%;
justify-content: flex-end;
}
}

167
frontend/src/app/components/settings/settings.html Normal file
View File

@@ -0,0 +1,167 @@
<div class="settings-container">
<header class="page-header">
<h1>
<span class="material-icons">settings</span>
Settings
</h1>
<p class="subtitle">Manage your Warehouse13 preferences</p>
</header>
<div class="settings-content">
<!-- General Settings -->
<section class="settings-section">
<h2>General</h2>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">palette</span>
<div>
<h3>Theme</h3>
<p>Choose your preferred color scheme</p>
</div>
</div>
<div class="setting-control">
<button
[class.active]="settings.theme === 'dark'"
(click)="changeTheme('dark')"
class="theme-btn">
Dark
</button>
<button
[class.active]="settings.theme === 'light'"
(click)="changeTheme('light')"
class="theme-btn">
Light
</button>
</div>
</div>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">notifications</span>
<div>
<h3>Notifications</h3>
<p>Enable desktop notifications for updates</p>
</div>
</div>
<div class="setting-control">
<label class="toggle-switch">
<input
type="checkbox"
[checked]="settings.notifications"
(change)="toggleNotifications()">
<span class="slider"></span>
</label>
</div>
</div>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">refresh</span>
<div>
<h3>Auto Refresh</h3>
<p>Automatically refresh artifact list</p>
</div>
</div>
<div class="setting-control">
<label class="toggle-switch">
<input
type="checkbox"
[checked]="settings.autoRefresh"
(change)="toggleAutoRefresh()">
<span class="slider"></span>
</label>
</div>
</div>
</section>
<!-- Storage Settings -->
<section class="settings-section">
<h2>Storage</h2>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">storage</span>
<div>
<h3>Default Storage Backend</h3>
<p>Currently using: MinIO</p>
</div>
</div>
<div class="setting-control">
<span class="badge badge-success">Connected</span>
</div>
</div>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">cloud</span>
<div>
<h3>Upload Limit</h3>
<p>Maximum file size: 500MB</p>
</div>
</div>
</div>
</section>
<!-- API Settings -->
<section class="settings-section">
<h2>API</h2>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">link</span>
<div>
<h3>API Endpoint</h3>
<p>Backend service endpoint</p>
</div>
</div>
<div class="setting-control">
<code class="endpoint">/api/v1</code>
</div>
</div>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">key</span>
<div>
<h3>API Keys</h3>
<p>Manage API authentication tokens</p>
</div>
</div>
<div class="setting-control">
<button class="btn-secondary">Manage Keys</button>
</div>
</div>
</section>
<!-- About Section -->
<section class="settings-section">
<h2>About</h2>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">info</span>
<div>
<h3>Version</h3>
<p>Warehouse13 v1.0.0</p>
</div>
</div>
</div>
<div class="setting-item">
<div class="setting-info">
<span class="material-icons">description</span>
<div>
<h3>Documentation</h3>
<p>View API documentation and guides</p>
</div>
</div>
<div class="setting-control">
<a href="/docs" target="_blank" class="btn-secondary">
View Docs
</a>
</div>
</div>
</section>
</div>
</div>

30
frontend/src/app/components/settings/settings.ts Normal file
View File

@@ -0,0 +1,30 @@
import { Component } from '@angular/core';
import { CommonModule } from '@angular/common';
@Component({
selector: 'app-settings',
standalone: true,
imports: [CommonModule],
templateUrl: './settings.html',
styleUrls: ['./settings.css']
})
export class SettingsComponent {
settings = {
theme: 'dark',
notifications: true,
autoRefresh: false,
refreshInterval: 30
};
toggleNotifications() {
this.settings.notifications = !this.settings.notifications;
}
toggleAutoRefresh() {
this.settings.autoRefresh = !this.settings.autoRefresh;
}
changeTheme(theme: string) {
this.settings.theme = theme;
}
}

13
helm/Chart.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v2
name: datalake
description: Test Artifact Data Lake - Store and query test artifacts
type: application
version: 1.0.0
appVersion: "1.0.0"
keywords:
- testing
- artifacts
- storage
- data-lake
maintainers:
- name: Your Team

42
helm/README.md Normal file
View File

@@ -0,0 +1,42 @@
# Helm Charts
This directory contains Helm charts for deploying Warehouse13.
## Current Chart (Recommended)
**Location:** `./warehouse13/`
The latest, fully-featured Helm chart with:
- Warehouse13 branding
- Configurable images for all components
- Multiple deployment scenarios (dev, production, air-gapped)
- Comprehensive documentation
- Example values files
**Usage:**
```bash
helm install warehouse13 ./warehouse13
```
**Documentation:** See [warehouse13/README.md](./warehouse13/README.md)
## Migration from Legacy Chart
If you were using an older version of the chart, migration is straightforward:
```bash
# Uninstall old chart (if named "datalake" or other name)
helm uninstall <old-release-name>
# Install new chart
helm install warehouse13 ./warehouse13 --namespace warehouse13 --create-namespace
# Or upgrade in place (if compatible)
helm upgrade <old-release-name> ./warehouse13
```
Note: Check your values.yaml configuration and update image repositories, resource limits, and other settings as needed.
## Quick Start
See [../docs/HELM-DEPLOYMENT.md](../docs/HELM-DEPLOYMENT.md) for comprehensive deployment guide.

111
helm/templates/deployment.yaml
View File

@@ -1,111 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "datalake.fullname" . }}
labels:
{{- include "datalake.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "datalake.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "datalake.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "datalake.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.targetPort }}
protocol: TCP
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: {{ include "datalake.fullname" . }}-secrets
key: database-url
- name: STORAGE_BACKEND
value: {{ .Values.config.storageBackend | quote }}
- name: MAX_UPLOAD_SIZE
value: {{ .Values.config.maxUploadSize | quote }}
{{- if eq .Values.config.storageBackend "s3" }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ include "datalake.fullname" . }}-secrets
key: aws-access-key-id
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "datalake.fullname" . }}-secrets
key: aws-secret-access-key
- name: AWS_REGION
value: {{ .Values.aws.region | quote }}
- name: S3_BUCKET_NAME
value: {{ .Values.aws.bucketName | quote }}
{{- else }}
- name: MINIO_ENDPOINT
value: "{{ include "datalake.fullname" . }}-minio:9000"
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ include "datalake.fullname" . }}-secrets
key: minio-access-key
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ include "datalake.fullname" . }}-secrets
key: minio-secret-key
- name: MINIO_BUCKET_NAME
value: "test-artifacts"
- name: MINIO_SECURE
value: "false"
{{- end }}
{{- with .Values.env }}
{{- toYaml . | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

16
helm/templates/secrets.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "datalake.fullname" . }}-secrets
labels:
{{- include "datalake.labels" . | nindent 4 }}
type: Opaque
stringData:
database-url: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ include "datalake.fullname" . }}-postgresql:5432/{{ .Values.postgresql.auth.database }}"
{{- if .Values.aws.enabled }}
aws-access-key-id: {{ .Values.aws.accessKeyId | quote }}
aws-secret-access-key: {{ .Values.aws.secretAccessKey | quote }}
{{- else }}
minio-access-key: {{ .Values.minio.rootUser | quote }}
minio-secret-key: {{ .Values.minio.rootPassword | quote }}
{{- end }}

15
helm/templates/service.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "datalake.fullname" . }}
labels:
{{- include "datalake.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "datalake.selectorLabels" . | nindent 4 }}

111
helm/values.yaml
View File

@@ -1,111 +0,0 @@
replicaCount: 1
image:
repository: datalake
pullPolicy: IfNotPresent
tag: "latest"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
create: true
annotations: {}
name: ""
podAnnotations: {}
podSecurityContext:
fsGroup: 1000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
service:
type: ClusterIP
port: 8000
targetPort: 8000
ingress:
enabled: false
className: ""
annotations: {}
hosts:
- host: datalake.local
paths:
- path: /
pathType: Prefix
tls: []
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 512Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
# Application configuration
config:
storageBackend: minio # or "s3"
maxUploadSize: 524288000 # 500MB
# PostgreSQL configuration
postgresql:
enabled: true
auth:
username: user
password: password
database: datalake
primary:
persistence:
enabled: true
size: 10Gi
# MinIO configuration (for self-hosted storage)
minio:
enabled: true
mode: standalone
rootUser: minioadmin
rootPassword: minioadmin
persistence:
enabled: true
size: 50Gi
service:
type: ClusterIP
port: 9000
consoleService:
port: 9001
# AWS S3 configuration (when using AWS)
aws:
enabled: false
accessKeyId: ""
secretAccessKey: ""
region: us-east-1
bucketName: test-artifacts
# Environment variables
env:
- name: API_HOST
value: "0.0.0.0"
- name: API_PORT
value: "8000"

23
helm/warehouse13/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

281
helm/warehouse13/ARCHITECTURE.md Normal file
View File

@@ -0,0 +1,281 @@
# Warehouse13 Architecture
## Overview
Warehouse13 uses a **unified application container** that includes both the frontend and backend in a single Docker image using a multi-stage build.
## Docker Build Strategy
### Multi-Stage Dockerfile
```dockerfile
# Stage 1: Build Angular Frontend
FROM node:24-alpine AS frontend-build
WORKDIR /frontend
COPY frontend/package*.json ./
RUN npm install
COPY frontend/ ./
RUN npm run build:prod
# Stage 2: Python Backend with Static Frontend
FROM python:3.11-alpine
WORKDIR /app
# Install Python dependencies
COPY requirements.txt .
RUN pip install -r requirements.txt
# Copy backend code
COPY app/ ./app/
# Copy built frontend from stage 1
COPY --from=frontend-build /frontend/dist/frontend/browser ./static/
# Run FastAPI server
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
```
### Benefits
1. **Simplified Deployment** - Single container to manage
2. **Reduced Resource Usage** - No separate nginx container needed
3. **Easier Scaling** - Scale one deployment instead of two
4. **Consistent Versioning** - Frontend and backend versions always match
5. **Faster Deployments** - Fewer containers to orchestrate
## Service Architecture
```
┌─────────────────────────────────────────┐
│ warehouse13-app │
│ ┌────────────────────────────────────┐ │
│ │ FastAPI Backend (Port 8000) │ │
│ │ ├── /api/* → REST API │ │
│ │ ├── /health → Health check │ │
│ │ ├── /docs → API documentation │ │
│ │ └── /* → Angular SPA │ │
│ │ │ │
│ │ Static Files: /static/ │ │
│ │ └── Angular build output │ │
│ └────────────────────────────────────┘ │
└─────────────────────────────────────────┘
├────────────────┐
↓ ↓
┌──────────┐ ┌────────────┐
│PostgreSQL│ │ MinIO │
│(Metadata)│ │ (Blobs) │
└──────────┘ └────────────┘
```
## Helm Chart Structure
### Single Application Deployment
The Helm chart creates:
1. **1 Deployment**: `warehouse13-app`
- Runs the unified container
- Configurable replicas (default: 2)
- Health checks on `/health` endpoint
2. **1 Service**: `warehouse13-app`
- Exposes port 8000
- Routes all traffic to the application
3. **Optional Ingress**
- All paths route to `warehouse13-app:8000`
- FastAPI handles routing internally
### Kubernetes Resources
```yaml
# warehouse13-app Deployment
- Replicas: 2 (configurable)
- Port: 8000
- Health checks: /health
- Environment: DATABASE_URL, MINIO_* vars
# warehouse13-app Service
- Type: ClusterIP
- Port: 8000 → 8000
# Ingress (optional)
- Path: / → warehouse13-app:8000
```
## Configuration
### Image Configuration
In `values.yaml`:
```yaml
app:
enabled: true
image:
repository: warehouse13/app # Single unified image
tag: latest
pullPolicy: IfNotPresent
replicas: 2
resources:
requests:
memory: "384Mi" # Combined frontend + backend
cpu: "350m"
limits:
memory: "768Mi"
cpu: "750m"
```
### Accessing the Application
**Via Port Forward:**
```bash
kubectl port-forward svc/warehouse13-app 8000:8000
```
Then access:
- Frontend: http://localhost:8000
- API: http://localhost:8000/api
- API Docs: http://localhost:8000/docs
- Health: http://localhost:8000/health
**Via Ingress:**
```yaml
ingress:
enabled: true
hosts:
- host: warehouse13.example.com
paths:
- path: /
pathType: Prefix
backend: app # All traffic to one service
```
## Migration from Separate Services
If you previously had separate `api` and `frontend` deployments:
### Before (Old Architecture)
```yaml
# values.yaml (old)
api:
image: warehouse13/api
replicas: 2
frontend:
image: warehouse13/frontend
replicas: 2
# Two deployments, two services
```
### After (Current Architecture)
```yaml
# values.yaml (current)
app:
image: warehouse13/app # Unified image
replicas: 2
# One deployment, one service
```
### Migration Steps
1. **Update values.yaml** - Change from `api`/`frontend` to `app`
2. **Update image references** - Use `warehouse13/app` instead of separate images
3. **Update ingress** - Point all paths to `app` backend
4. **Deploy** - Helm will handle the transition
5. **Verify** - Check that both frontend and API work through single service
## Development Workflow
### Building the Image
```bash
# Build unified image
docker build -t warehouse13/app:dev .
# Or for air-gapped environments with custom registry
docker build \
--build-arg NPM_REGISTRY=https://registry.npmjs.org/ \
-t warehouse13/app:v1.0.0 .
```
### Testing Locally
```bash
docker run -p 8000:8000 \
-e DATABASE_URL=postgresql://user:pass@host/db \
-e MINIO_ENDPOINT=minio:9000 \
warehouse13/app:dev
```
Access:
- Frontend: http://localhost:8000
- API: http://localhost:8000/docs
## Performance Considerations
### Resource Allocation
The unified container combines both frontend serving and API processing:
- **Memory**: Angular assets (~50MB) + Python runtime (~100MB) + working memory
- **CPU**: Primarily used for API requests; static file serving is lightweight
- **Recommended Minimum**: 384Mi memory, 350m CPU
- **Production**: 768Mi memory, 750m CPU per replica
### Scaling Strategy
Scale horizontally by increasing replicas:
```bash
# Scale to 5 replicas
kubectl scale deployment warehouse13-app --replicas=5
# Or via Helm
helm upgrade warehouse13 ./helm/warehouse13 --set app.replicas=5
```
### Caching
FastAPI serves static files efficiently with:
- ETag support
- Browser caching headers
- Gzip compression (if enabled in FastAPI config)
## Troubleshooting
### Frontend Not Loading
```bash
# Check if static files exist in container
kubectl exec -it warehouse13-app-xxx -- ls -la /app/static/
# Should see: index.html, *.js, *.css files
```
### API Not Working
```bash
# Check API health
kubectl exec -it warehouse13-app-xxx -- curl http://localhost:8000/health
# Check logs
kubectl logs warehouse13-app-xxx -f
```
### Both Frontend and API Issues
```bash
# Check if app is running
kubectl get pods -l app.kubernetes.io/component=app
# Check service
kubectl get svc warehouse13-app
# Test connectivity
kubectl port-forward svc/warehouse13-app 8000:8000
curl http://localhost:8000/health
```
## Summary
The unified architecture simplifies deployment and operations while maintaining the same functionality. All routing, caching, and API requests are handled by a single FastAPI application that serves both the Angular SPA and the REST API endpoints.

16
helm/warehouse13/Chart.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v2
name: warehouse13
description: Warehouse13 - Enterprise Test Artifact Storage
type: application
version: 1.0.0
appVersion: "1.0.0"
keywords:
- testing
- artifacts
- storage
- datalake
maintainers:
- name: Warehouse13 Team
home: https://github.com/yourusername/warehouse13
sources:
- https://github.com/yourusername/warehouse13

148
helm/warehouse13/QUICKSTART.md Normal file
View File

@@ -0,0 +1,148 @@
# Warehouse13 Helm Chart - Quick Start
## 5-Minute Deployment
### Prerequisites Check
```bash
# Verify Kubernetes cluster access
kubectl cluster-info
# Verify Helm is installed
helm version
# Create namespace
kubectl create namespace warehouse13
```
### Deploy with Defaults
```bash
# Install chart
helm install warehouse13 ./helm/warehouse13 --namespace warehouse13
# Wait for ready
kubectl wait --for=condition=ready pod --all -n warehouse13 --timeout=5m
```
### Access Application
```bash
# In separate terminals, run:
# Terminal 1: Frontend
kubectl port-forward -n warehouse13 svc/warehouse13-frontend 4200:80
# Terminal 2: API
kubectl port-forward -n warehouse13 svc/warehouse13-api 8000:8000
# Terminal 3: MinIO Console
kubectl port-forward -n warehouse13 svc/warehouse13-minio 9001:9001
```
Then open in browser:
- **Frontend:** http://localhost:4200
- **API Docs:** http://localhost:8000/docs
- **MinIO Console:** http://localhost:9001
- Username: `minioadmin`
- Password: `minioadmin`
## Common Scenarios
### 1. Development (No Persistence)
```bash
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--values ./helm/warehouse13/values-dev.yaml
```
### 2. Production (With Ingress)
```bash
# Update values-production.yaml with your settings first
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--values ./helm/warehouse13/values-production.yaml
```
### 3. Air-Gapped (Custom Registry)
```bash
# Update values-airgapped.yaml with your registry first
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--values ./helm/warehouse13/values-airgapped.yaml
```
### 4. Custom Image Repository
```bash
helm install warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--set postgres.image.repository=myregistry.com/postgres \
--set minio.image.repository=myregistry.com/minio \
--set api.image.repository=myregistry.com/warehouse13-api \
--set frontend.image.repository=myregistry.com/warehouse13-frontend
```
## Verify Deployment
```bash
# Check pods
kubectl get pods -n warehouse13
# Check services
kubectl get svc -n warehouse13
# View logs
kubectl logs -n warehouse13 -l app.kubernetes.io/component=api --tail=50
# Check resource usage
kubectl top pods -n warehouse13
```
## Cleanup
```bash
# Uninstall release
helm uninstall warehouse13 -n warehouse13
# Delete PVCs (data will be lost!)
kubectl delete pvc -n warehouse13 --all
# Delete namespace
kubectl delete namespace warehouse13
```
## Next Steps
- **Full Documentation:** [README.md](./README.md)
- **Deployment Guide:** [../../docs/HELM-DEPLOYMENT.md](../../docs/HELM-DEPLOYMENT.md)
- **Configuration Options:** [values.yaml](./values.yaml)
- **Example Configs:** [values-dev.yaml](./values-dev.yaml), [values-production.yaml](./values-production.yaml), [values-airgapped.yaml](./values-airgapped.yaml)
## Troubleshooting
### Pods stuck in Pending
```bash
kubectl describe pod <pod-name> -n warehouse13
# Check: PVC status, node resources, storage classes
```
### Image pull errors
```bash
kubectl describe pod <pod-name> -n warehouse13
# Check: Image repository, credentials, network access
```
### Database connection errors
```bash
kubectl logs -n warehouse13 warehouse13-postgres-0
kubectl get secret -n warehouse13 warehouse13-secrets -o yaml
```
## Support
- GitHub Issues: https://github.com/yourusername/warehouse13/issues
- Documentation: https://warehouse13.example.com/docs

441
helm/warehouse13/README.md Normal file
View File

@@ -0,0 +1,441 @@
# Warehouse13 Helm Chart
Enterprise Test Artifact Storage - Kubernetes deployment via Helm
## Overview
This Helm chart deploys the complete Warehouse13 stack on Kubernetes:
- **PostgreSQL 15** - Metadata database
- **MinIO** - S3-compatible object storage
- **FastAPI Backend** - REST API server
- **Angular Frontend** - Web UI (nginx-served)
## Prerequisites
- Kubernetes 1.19+
- Helm 3.0+
- PV provisioner support (for persistent storage)
## Installation
### Quick Start
```bash
# Add the Warehouse13 chart repository (if published)
helm repo add warehouse13 https://charts.warehouse13.example.com
helm repo update
# Install with default values
helm install my-warehouse13 warehouse13/warehouse13
# Or install from local chart
helm install my-warehouse13 ./helm/warehouse13
```
### Custom Installation
```bash
# Install with custom values
helm install my-warehouse13 ./helm/warehouse13 \
--set postgres.persistence.size=20Gi \
--set minio.persistence.size=100Gi \
--set api.replicas=3
# Install in a specific namespace
helm install my-warehouse13 ./helm/warehouse13 \
--namespace warehouse13 \
--create-namespace
```
## Configuration
### Configurable Images
All component images can be customized via values.yaml or command-line flags:
```yaml
postgres:
image:
repository: postgres
tag: 15-alpine
pullPolicy: IfNotPresent
minio:
image:
repository: minio/minio
tag: latest
pullPolicy: IfNotPresent
api:
image:
repository: warehouse13/api
tag: latest
pullPolicy: IfNotPresent
frontend:
image:
repository: warehouse13/frontend
tag: latest
pullPolicy: IfNotPresent
```
**Example: Using custom image registry**
```bash
helm install my-warehouse13 ./helm/warehouse13 \
--set postgres.image.repository=myregistry.example.com/postgres \
--set minio.image.repository=myregistry.example.com/minio \
--set api.image.repository=myregistry.example.com/warehouse13-api \
--set frontend.image.repository=myregistry.example.com/warehouse13-frontend
```
**Example: Air-gapped deployment with specific tags**
```bash
helm install my-warehouse13 ./helm/warehouse13 \
--set postgres.image.repository=harbor.internal/library/postgres \
--set postgres.image.tag=15-alpine \
--set minio.image.repository=harbor.internal/library/minio \
--set minio.image.tag=RELEASE.2024-01-01T00-00-00Z \
--set api.image.repository=harbor.internal/warehouse13/api \
--set api.image.tag=v1.0.0 \
--set frontend.image.repository=harbor.internal/warehouse13/frontend \
--set frontend.image.tag=v1.0.0
```
### Key Parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| `global.deploymentMode` | Deployment mode (standard/airgapped) | `standard` |
| `global.storageBackend` | Storage backend (minio/s3) | `minio` |
| `postgres.persistence.enabled` | Enable PostgreSQL persistence | `true` |
| `postgres.persistence.size` | PostgreSQL PVC size | `10Gi` |
| `postgres.auth.username` | PostgreSQL username | `user` |
| `postgres.auth.password` | PostgreSQL password | `password` |
| `minio.persistence.enabled` | Enable MinIO persistence | `true` |
| `minio.persistence.size` | MinIO PVC size | `50Gi` |
| `minio.auth.rootUser` | MinIO root username | `minioadmin` |
| `minio.auth.rootPassword` | MinIO root password | `minioadmin` |
| `api.replicas` | Number of API replicas | `2` |
| `frontend.replicas` | Number of frontend replicas | `2` |
| `ingress.enabled` | Enable ingress | `false` |
| `ingress.className` | Ingress class name | `nginx` |
| `ingress.hosts` | Ingress hosts configuration | See values.yaml |
### Example Configurations
#### Production with Ingress
```yaml
# values-production.yaml
global:
deploymentMode: "standard"
storageBackend: "minio"
postgres:
persistence:
size: 50Gi
storageClass: "fast-ssd"
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1000m"
minio:
persistence:
size: 500Gi
storageClass: "bulk-storage"
resources:
requests:
memory: "2Gi"
cpu: "1000m"
limits:
memory: "4Gi"
cpu: "2000m"
api:
replicas: 3
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1Gi"
cpu: "1000m"
frontend:
replicas: 3
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: warehouse13.example.com
paths:
- path: /
pathType: Prefix
backend: frontend
- path: /api
pathType: Prefix
backend: api
tls:
- secretName: warehouse13-tls
hosts:
- warehouse13.example.com
```
```bash
helm install my-warehouse13 ./helm/warehouse13 -f values-production.yaml
```
#### Air-Gapped Environment
```yaml
# values-airgapped.yaml
global:
deploymentMode: "airgapped"
storageBackend: "minio"
postgres:
image:
repository: harbor.internal.example.com/library/postgres
tag: 15-alpine
pullPolicy: IfNotPresent
minio:
image:
repository: harbor.internal.example.com/library/minio
tag: RELEASE.2024-01-01T00-00-00Z
pullPolicy: IfNotPresent
api:
image:
repository: harbor.internal.example.com/warehouse13/api
tag: v1.0.0
pullPolicy: IfNotPresent
frontend:
image:
repository: harbor.internal.example.com/warehouse13/frontend
tag: v1.0.0
pullPolicy: IfNotPresent
```
```bash
helm install my-warehouse13 ./helm/warehouse13 -f values-airgapped.yaml
```
#### Development/Testing
```yaml
# values-dev.yaml
global:
deploymentMode: "standard"
postgres:
persistence:
enabled: false # Use emptyDir for quick testing
resources:
requests:
memory: "128Mi"
cpu: "100m"
minio:
persistence:
enabled: false
resources:
requests:
memory: "256Mi"
cpu: "100m"
api:
replicas: 1
image:
tag: dev
frontend:
replicas: 1
image:
tag: dev
```
```bash
helm install my-warehouse13 ./helm/warehouse13 -f values-dev.yaml
```
## Accessing the Application
### Port Forwarding (Development)
```bash
# Access frontend
kubectl port-forward svc/warehouse13-frontend 4200:80
# Access API
kubectl port-forward svc/warehouse13-api 8000:8000
# Access MinIO console
kubectl port-forward svc/warehouse13-minio 9001:9001
# Then visit:
# - Frontend: http://localhost:4200
# - API: http://localhost:8000
# - MinIO Console: http://localhost:9001
```
### Via Ingress (Production)
If ingress is enabled:
```
https://warehouse13.example.com
```
## Upgrading
```bash
# Upgrade with new values
helm upgrade my-warehouse13 ./helm/warehouse13 \
--set api.image.tag=v2.0.0 \
--set frontend.image.tag=v2.0.0
# Upgrade with values file
helm upgrade my-warehouse13 ./helm/warehouse13 -f values-production.yaml
# Upgrade and wait for completion
helm upgrade my-warehouse13 ./helm/warehouse13 --wait --timeout 10m
```
## Uninstalling
```bash
# Uninstall the release
helm uninstall my-warehouse13
# Note: PVCs are not deleted automatically. To delete them:
kubectl delete pvc -l app.kubernetes.io/instance=my-warehouse13
```
## Backup and Restore
### PostgreSQL Backup
```bash
# Create backup
kubectl exec -it warehouse13-postgres-0 -- pg_dump -U user warehouse13 > backup.sql
# Restore
kubectl exec -i warehouse13-postgres-0 -- psql -U user warehouse13 < backup.sql
```
### MinIO Backup
```bash
# Install mc (MinIO Client)
# Configure mc alias
mc alias set w13 http://localhost:9001 minioadmin minioadmin
# Mirror bucket
mc mirror w13/artifacts ./backup/artifacts
# Restore
mc mirror ./backup/artifacts w13/artifacts
```
## Troubleshooting
### Check Pod Status
```bash
kubectl get pods -l app.kubernetes.io/name=warehouse13
```
### View Logs
```bash
# API logs
kubectl logs -l app.kubernetes.io/component=api -f
# Frontend logs
kubectl logs -l app.kubernetes.io/component=frontend -f
# PostgreSQL logs
kubectl logs warehouse13-postgres-0 -f
# MinIO logs
kubectl logs warehouse13-minio-0 -f
```
### Check Services
```bash
kubectl get svc -l app.kubernetes.io/name=warehouse13
```
### Common Issues
**Pods stuck in Pending**
- Check PVC status: `kubectl get pvc`
- Verify storage class exists: `kubectl get storageclass`
- Check node resources: `kubectl describe nodes`
**Database connection errors**
- Verify postgres pod is running: `kubectl get pod warehouse13-postgres-0`
- Check database logs: `kubectl logs warehouse13-postgres-0`
- Verify secret exists: `kubectl get secret warehouse13-secrets`
**Frontend cannot reach API**
- Check ingress configuration: `kubectl describe ingress warehouse13-ingress`
- Verify API service: `kubectl get svc warehouse13-api`
- Check API pod health: `kubectl get pods -l app.kubernetes.io/component=api`
## Security Considerations
### Secrets Management
**Default credentials are for development only!** In production:
1. **Use external secrets management:**
```yaml
# Use sealed-secrets, external-secrets, or similar
postgres:
auth:
username: "{{ .Values.externalSecrets.postgresUser }}"
password: "{{ .Values.externalSecrets.postgresPassword }}"
```
2. **Or create secrets manually:**
```bash
kubectl create secret generic warehouse13-secrets \
--from-literal=postgres-username=secure-user \
--from-literal=postgres-password=secure-password \
--from-literal=minio-root-user=secure-minio-user \
--from-literal=minio-root-password=secure-minio-password
# Then install without default secrets
helm install my-warehouse13 ./helm/warehouse13 --set createSecrets=false
```
3. **Enable TLS:**
```yaml
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
tls:
- secretName: warehouse13-tls
hosts:
- warehouse13.example.com
```
## Support
For issues and questions:
- GitHub Issues: https://github.com/yourusername/warehouse13/issues
- Documentation: https://warehouse13.example.com/docs

131
helm/warehouse13/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,131 @@
_ _ _ _ _____
| | | | | | / |___ /
| | | | __ _ _ __ ___| |__ ___ _ _ ___ / / |_ \
| |/\| |/ _` | '__/ _ \ '_ \ / _ \| | | / __|/ / ___) |
\ /\ / (_| | | | __/ | | | (_) | |_| \__ \_/ |____/
\/ \/ \__,_|_| \___|_| |_|\___/ \__,_|___(_)
Enterprise Test Artifact Storage has been deployed!
Chart Name: {{ .Chart.Name }}
Chart Version: {{ .Chart.Version }}
App Version: {{ .Chart.AppVersion }}
Release Name: {{ .Release.Name }}
Namespace: {{ .Release.Namespace }}
---
DEPLOYMENT INFORMATION:
{{- if .Values.app.enabled }}
Application (Unified API + Frontend):
Service: warehouse13-app
Replicas: {{ .Values.app.replicas }}
Image: {{ .Values.app.image.repository }}:{{ .Values.app.image.tag }}
Port: {{ .Values.app.service.port }}
Note: Multi-stage build includes both Angular frontend and FastAPI backend
{{- end }}
{{- if .Values.postgres.enabled }}
PostgreSQL:
Service: warehouse13-postgres
Image: {{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}
Persistence: {{ if .Values.postgres.persistence.enabled }}Enabled ({{ .Values.postgres.persistence.size }}){{ else }}Disabled (emptyDir){{ end }}
{{- end }}
{{- if .Values.minio.enabled }}
MinIO:
Service: warehouse13-minio
Image: {{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag }}
Persistence: {{ if .Values.minio.persistence.enabled }}Enabled ({{ .Values.minio.persistence.size }}){{ else }}Disabled (emptyDir){{ end }}
{{- end }}
---
ACCESSING YOUR APPLICATION:
{{- if .Values.ingress.enabled }}
1. Via Ingress:
{{- range .Values.ingress.hosts }}
https://{{ .host }}
{{- end }}
{{- else }}
1. Using Port Forwarding:
# Application (Frontend + API)
kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-app 8000:8000
Then visit:
- Frontend: http://localhost:8000
- API Docs: http://localhost:8000/docs
- Health: http://localhost:8000/health
# MinIO Console
kubectl port-forward -n {{ .Release.Namespace }} svc/warehouse13-minio 9001:9001
Then visit: http://localhost:9001
Username: {{ .Values.minio.auth.rootUser }}
Password: {{ .Values.minio.auth.rootPassword }}
2. Expose via LoadBalancer or Ingress for external access.
{{- end }}
---
CHECKING STATUS:
# View all pods
kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
# Check services
kubectl get svc -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
# View logs
kubectl logs -n {{ .Release.Namespace }} -l app.kubernetes.io/component=app -f
---
UPGRADING:
helm upgrade {{ .Release.Name }} warehouse13/warehouse13 \
--namespace {{ .Release.Namespace }}
---
UNINSTALLING:
helm uninstall {{ .Release.Name }} --namespace {{ .Release.Namespace }}
# Note: PVCs are retained. To delete them:
kubectl delete pvc -n {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
---
{{- if not .Values.ingress.enabled }}
⚠️ IMPORTANT: Ingress is disabled. Enable it for production use:
--set ingress.enabled=true
{{- end }}
{{- if eq .Values.postgres.auth.password "password" }}
⚠️ WARNING: Using default PostgreSQL password!
For production, set a secure password:
--set postgres.auth.password=YOUR_SECURE_PASSWORD
{{- end }}
{{- if eq .Values.minio.auth.rootPassword "minioadmin" }}
⚠️ WARNING: Using default MinIO password!
For production, set a secure password:
--set minio.auth.rootPassword=YOUR_SECURE_PASSWORD
{{- end }}
---
For more information, visit:
Documentation: https://github.com/yourusername/warehouse13
Issues: https://github.com/yourusername/warehouse13/issues
Thank you for using Warehouse13!

31
helm/templates/_helpers.tpl → helm/warehouse13/templates/_helpers.tpl
View File

@@ -1,14 +1,14 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "datalake.name" -}}
{{- define "warehouse13.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
*/}}
{{- define "datalake.fullname" -}}
{{- define "warehouse13.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
@@ -24,16 +24,16 @@ Create a default fully qualified app name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "datalake.chart" -}}
{{- define "warehouse13.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "datalake.labels" -}}
helm.sh/chart: {{ include "datalake.chart" . }}
{{ include "datalake.selectorLabels" . }}
{{- define "warehouse13.labels" -}}
helm.sh/chart: {{ include "warehouse13.chart" . }}
{{ include "warehouse13.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
@@ -43,18 +43,29 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/*
Selector labels
*/}}
{{- define "datalake.selectorLabels" -}}
app.kubernetes.io/name: {{ include "datalake.name" . }}
{{- define "warehouse13.selectorLabels" -}}
app.kubernetes.io/name: {{ include "warehouse13.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "datalake.serviceAccountName" -}}
{{- define "warehouse13.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "datalake.fullname" .) .Values.serviceAccount.name }}
{{- default (include "warehouse13.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
PostgreSQL connection string
*/}}
{{- define "warehouse13.postgresUrl" -}}
{{- if .Values.app.env.databaseUrl }}
{{- .Values.app.env.databaseUrl }}
{{- else }}
{{- printf "postgresql://%s:%s@warehouse13-postgres:%d/%s" .Values.postgres.auth.username .Values.postgres.auth.password (.Values.postgres.service.port | int) .Values.postgres.auth.database }}
{{- end }}
{{- end }}

99
helm/warehouse13/templates/app-deployment.yaml Normal file
View File

@@ -0,0 +1,99 @@
{{- if .Values.app.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: warehouse13-app
labels:
{{- include "warehouse13.labels" . | nindent 4 }}
app.kubernetes.io/component: app
spec:
replicas: {{ .Values.app.replicas }}
selector:
matchLabels:
{{- include "warehouse13.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: app
template:
metadata:
labels:
{{- include "warehouse13.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: app
spec:
imagePullSecrets:
- name: gitlab-dev-ns-registry-secret
serviceAccountName: {{ include "warehouse13.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: app
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag }}"
imagePullPolicy: {{ .Values.app.image.pullPolicy }}
ports:
- name: http
containerPort: 8000
protocol: TCP
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: warehouse13-secrets
key: database-url
- name: STORAGE_BACKEND
valueFrom:
configMapKeyRef:
name: warehouse13-config
key: STORAGE_BACKEND
- name: MINIO_ENDPOINT
valueFrom:
configMapKeyRef:
name: warehouse13-config
key: MINIO_ENDPOINT
- name: MINIO_ACCESS_KEY
valueFrom:
secretKeyRef:
name: warehouse13-secrets
key: minio-root-user
- name: MINIO_SECRET_KEY
valueFrom:
secretKeyRef:
name: warehouse13-secrets
key: minio-root-password
- name: MINIO_BUCKET_NAME
value: "test-artifacts"
- name: MINIO_SECURE
value: "false"
- name: DEPLOYMENT_MODE
valueFrom:
configMapKeyRef:
name: warehouse13-config
key: DEPLOYMENT_MODE
resources:
{{- toYaml .Values.app.resources | nindent 10 }}
{{- if .Values.app.healthCheck.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.app.healthCheck.liveness.path }}
port: http
initialDelaySeconds: {{ .Values.app.healthCheck.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.app.healthCheck.liveness.periodSeconds }}
readinessProbe:
httpGet:
path: {{ .Values.app.healthCheck.readiness.path }}
port: http
initialDelaySeconds: {{ .Values.app.healthCheck.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.app.healthCheck.readiness.periodSeconds }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

19
helm/warehouse13/templates/app-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.app.enabled }}
apiVersion: v1
kind: Service
metadata:
name: warehouse13-app
labels:
{{- include "warehouse13.labels" . | nindent 4 }}
app.kubernetes.io/component: app
spec:
type: {{ .Values.app.service.type }}
ports:
- port: {{ .Values.app.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "warehouse13.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: app
{{- end }}

10
helm/warehouse13/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: warehouse13-config
labels:
{{- include "warehouse13.labels" . | nindent 4 }}
data:
DEPLOYMENT_MODE: {{ .Values.global.deploymentMode | quote }}
STORAGE_BACKEND: {{ .Values.global.storageBackend | quote }}
MINIO_ENDPOINT: {{ printf "warehouse13-minio:%d" (.Values.minio.service.apiPort | int) | quote }}

15
helm/warehouse13/templates/imagesecret.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.imagePullSecret.name }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{
(printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}"
.Values.imagePullSecret.server
.Values.imagePullSecret.username
.Values.imagePullSecret.password
.Values.imagePullSecret.email
(printf "%s" (b64enc (printf "%s:%s" .Values.imagePullSecret.username .Values.imagePullSecret.password))))
| b64enc | quote
}}

8
helm/templates/ingress.yaml → helm/warehouse13/templates/ingress.yaml
View File

@@ -2,9 +2,9 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "datalake.fullname" . }}
name: warehouse13-ingress
labels:
{{- include "datalake.labels" . | nindent 4 }}
{{- include "warehouse13.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
@@ -33,9 +33,9 @@ spec:
pathType: {{ .pathType }}
backend:
service:
name: {{ include "datalake.fullname" $ }}
name: {{ printf "warehouse13-%s" .backend }}
port:
number: {{ $.Values.service.port }}
number: {{ $.Values.app.service.port }}
{{- end }}
{{- end }}
{{- end }}

23
helm/warehouse13/templates/minio-service.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.minio.enabled }}
apiVersion: v1
kind: Service
metadata:
name: warehouse13-minio
labels:
{{- include "warehouse13.labels" . | nindent 4 }}
app.kubernetes.io/component: storage
spec:
type: {{ .Values.minio.service.type }}
ports:
- port: {{ .Values.minio.service.apiPort }}
targetPort: api
protocol: TCP
name: api
- port: {{ .Values.minio.service.consolePort }}
targetPort: console
protocol: TCP
name: console
selector:
{{- include "warehouse13.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: storage
{{- end }}

87
helm/warehouse13/templates/minio-statefulset.yaml Normal file
View File

@@ -0,0 +1,87 @@
{{- if .Values.minio.enabled }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: warehouse13-minio
labels:
{{- include "warehouse13.labels" . | nindent 4 }}
app.kubernetes.io/component: storage
spec:
serviceName: warehouse13-minio
replicas: 1
selector:
matchLabels:
{{- include "warehouse13.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: storage
template:
metadata:
labels:
{{- include "warehouse13.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: storage
spec:
serviceAccountName: {{ include "warehouse13.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: minio
image: "{{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag }}"
imagePullPolicy: {{ .Values.minio.image.pullPolicy }}
command:
- minio
- server
- /data
- --console-address
- ":9001"
ports:
- name: api
containerPort: 9000
protocol: TCP
- name: console
containerPort: 9001
protocol: TCP
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: warehouse13-secrets
key: minio-root-user
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: warehouse13-secrets
key: minio-root-password
volumeMounts:
- name: data
mountPath: /data
resources:
{{- toYaml .Values.minio.resources | nindent 10 }}
livenessProbe:
httpGet:
path: /minio/health/live
port: api
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /minio/health/ready
port: api
initialDelaySeconds: 10
periodSeconds: 5
{{- if .Values.minio.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
{{- if .Values.minio.persistence.storageClass }}
storageClassName: {{ .Values.minio.persistence.storageClass }}
{{- end }}
resources:
requests:
storage: {{ .Values.minio.persistence.size }}
{{- else }}
volumes:
- name: data
emptyDir: {}
{{- end }}
{{- end }}

19
helm/warehouse13/templates/postgres-service.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.postgres.enabled }}
apiVersion: v1
kind: Service
metadata:
name: warehouse13-postgres
labels:
{{- include "warehouse13.labels" . | nindent 4 }}
app.kubernetes.io/component: database
spec:
type: {{ .Values.postgres.service.type }}
ports:
- port: {{ .Values.postgres.service.port }}
targetPort: postgres
protocol: TCP
name: postgres
selector:
{{- include "warehouse13.selectorLabels" . | nindent 4 }}
app.kubernetes.io/component: database
{{- end }}

89
helm/warehouse13/templates/postgres-statefulset.yaml Normal file
View File

@@ -0,0 +1,89 @@
{{- if .Values.postgres.enabled }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: warehouse13-postgres
labels:
{{- include "warehouse13.labels" . | nindent 4 }}
app.kubernetes.io/component: database
spec:
serviceName: warehouse13-postgres
replicas: 1
selector:
matchLabels:
{{- include "warehouse13.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: database
template:
metadata:
labels:
{{- include "warehouse13.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: database
spec:
serviceAccountName: {{ include "warehouse13.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: postgres
image: "{{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}"
imagePullPolicy: {{ .Values.postgres.image.pullPolicy }}
ports:
- name: postgres
containerPort: 5432
protocol: TCP
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: warehouse13-secrets
key: postgres-username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: warehouse13-secrets
key: postgres-password
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: warehouse13-secrets
key: postgres-database
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
resources:
{{- toYaml .Values.postgres.resources | nindent 10 }}
livenessProbe:
exec:
command:
- pg_isready
- -U
- $(POSTGRES_USER)
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
exec:
command:
- pg_isready
- -U
- $(POSTGRES_USER)
initialDelaySeconds: 10
periodSeconds: 5
{{- if .Values.postgres.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
{{- if .Values.postgres.persistence.storageClass }}
storageClassName: {{ .Values.postgres.persistence.storageClass }}
{{- end }}
resources:
requests:
storage: {{ .Values.postgres.persistence.size }}
{{- else }}
volumes:
- name: data
emptyDir: {}
{{- end }}
{{- end }}

14
helm/warehouse13/templates/secret.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: Secret
metadata:
name: warehouse13-secrets
labels:
{{- include "warehouse13.labels" . | nindent 4 }}
type: Opaque
stringData:
postgres-username: {{ .Values.postgres.auth.username | quote }}
postgres-password: {{ .Values.postgres.auth.password | quote }}
postgres-database: {{ .Values.postgres.auth.database | quote }}
minio-root-user: {{ .Values.minio.auth.rootUser | quote }}
minio-root-password: {{ .Values.minio.auth.rootPassword | quote }}
database-url: {{ include "warehouse13.postgresUrl" . | quote }}

4
helm/templates/serviceaccount.yaml → helm/warehouse13/templates/serviceaccount.yaml
View File

@@ -2,9 +2,9 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "datalake.serviceAccountName" . }}
name: {{ include "warehouse13.serviceAccountName" . }}
labels:
{{- include "datalake.labels" . | nindent 4 }}
{{- include "warehouse13.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}

83
helm/warehouse13/values-airgapped.yaml Normal file
View File

@@ -0,0 +1,83 @@
# Warehouse13 - Air-Gapped Deployment Example
# Use this for restricted/disconnected environments
global:
deploymentMode: "airgapped"
storageBackend: "minio"
# PostgreSQL with custom registry
postgres:
enabled: true
image:
repository: harbor.internal.example.com/library/postgres
tag: 15-alpine
pullPolicy: IfNotPresent
auth:
username: warehouse13user
password: CHANGE_ME_SECURE_PASSWORD
database: warehouse13
persistence:
enabled: true
size: 20Gi
storageClass: "local-storage"
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1Gi"
cpu: "1000m"
# MinIO with custom registry
minio:
enabled: true
image:
repository: harbor.internal.example.com/library/minio
tag: RELEASE.2024-01-01T00-00-00Z
pullPolicy: IfNotPresent
auth:
rootUser: CHANGE_ME_MINIO_USER
rootPassword: CHANGE_ME_MINIO_PASSWORD
persistence:
enabled: true
size: 100Gi
storageClass: "local-storage"
resources:
requests:
memory: "1Gi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "1000m"
# Application with custom registry (unified API + Frontend)
app:
enabled: true
image:
repository: harbor.internal.example.com/warehouse13/app
tag: v1.0.0
pullPolicy: IfNotPresent
replicas: 2
resources:
requests:
memory: "768Mi"
cpu: "750m"
limits:
memory: "1536Mi"
cpu: "1500m"
# Ingress disabled for air-gapped - use NodePort or port-forward
ingress:
enabled: false
# Node selector for specific nodes
nodeSelector:
environment: production
storage: local
# Tolerations for tainted nodes
tolerations:
- key: "airgapped"
operator: "Equal"
value: "true"
effect: "NoSchedule"

69
helm/warehouse13/values-dev.yaml Normal file
View File

@@ -0,0 +1,69 @@
# Warehouse13 - Development/Testing Deployment Example
# Use this for local testing or CI/CD environments
global:
deploymentMode: "standard"
storageBackend: "minio"
postgres:
enabled: true
image:
repository: postgres
tag: 15-alpine
pullPolicy: IfNotPresent
auth:
username: dev
password: dev
database: warehouse13dev
persistence:
enabled: false # Use emptyDir for faster cleanup
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "250m"
minio:
enabled: true
image:
repository: minio/minio
tag: latest
pullPolicy: IfNotPresent
auth:
rootUser: minioadmin
rootPassword: minioadmin
persistence:
enabled: false # Use emptyDir for faster cleanup
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "250m"
app:
enabled: true
image:
repository: warehouse13/app
tag: dev
pullPolicy: Always # Always pull latest dev image
replicas: 1
resources:
requests:
memory: "384Mi"
cpu: "350m"
limits:
memory: "768Mi"
cpu: "750m"
healthCheck:
enabled: true
ingress:
enabled: false # Use port-forward for dev
serviceAccount:
create: true
name: "warehouse13-dev"

98
helm/warehouse13/values-production.yaml Normal file
View File

@@ -0,0 +1,98 @@
# Warehouse13 - Production Deployment Example
# Use this for production environments with ingress and proper resources
global:
deploymentMode: "standard"
storageBackend: "minio"
postgres:
enabled: true
image:
repository: postgres
tag: 15-alpine
pullPolicy: IfNotPresent
auth:
username: warehouse13user
password: CHANGE_ME_SECURE_PASSWORD
database: warehouse13
persistence:
enabled: true
size: 50Gi
storageClass: "fast-ssd"
resources:
requests:
memory: "1Gi"
cpu: "1000m"
limits:
memory: "2Gi"
cpu: "2000m"
minio:
enabled: true
image:
repository: minio/minio
tag: latest
pullPolicy: IfNotPresent
auth:
rootUser: CHANGE_ME_MINIO_USER
rootPassword: CHANGE_ME_MINIO_PASSWORD
persistence:
enabled: true
size: 500Gi
storageClass: "bulk-storage"
resources:
requests:
memory: "2Gi"
cpu: "1000m"
limits:
memory: "4Gi"
cpu: "2000m"
app:
enabled: true
image:
repository: warehouse13/app
tag: v1.0.0
pullPolicy: IfNotPresent
replicas: 3
resources:
requests:
memory: "768Mi"
cpu: "750m"
limits:
memory: "1536Mi"
cpu: "1500m"
healthCheck:
enabled: true
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
hosts:
- host: warehouse13.example.com
paths:
- path: /
pathType: Prefix
backend: app
tls:
- secretName: warehouse13-tls
hosts:
- warehouse13.example.com
# Affinity for pod distribution
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- warehouse13
topologyKey: kubernetes.io/hostname

148
helm/warehouse13/values.yaml Normal file
View File

@@ -0,0 +1,148 @@
# Warehouse13 - Enterprise Test Artifact Storage
# Default values for Helm chart
# Global settings
global:
deploymentMode: "air-gapped" # standard or airgapped
storageBackend: "minio" # minio or s3
# PostgreSQL Database
postgres:
enabled: true
image:
repository: containers.global.bsf.tools/postgres
tag: 15-alpine
pullPolicy: Always
auth:
username: user
password: password
database: warehouse13
persistence:
enabled: false
size: 10Gi
storageClass: ""
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
service:
type: ClusterIP
port: 5432
# MinIO Object Storage
minio:
enabled: true
image:
repository: containers.global.bsf.tools/minio/minio
tag: latest
pullPolicy: Always
auth:
rootUser: minioadmin
rootPassword: minioadmin
persistence:
enabled: true
size: 50Gi
storageClass: ""
resources:
requests:
memory: "1Gi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "1000m"
service:
type: ClusterIP
apiPort: 9000
consolePort: 9001
# Application (Unified API + Frontend)
# The application uses a multi-stage Docker build:
# - Stage 1: Builds Angular frontend
# - Stage 2: Python FastAPI backend that serves the frontend from /static
app:
enabled: true
image:
repository: registry.global.bsf.tools/esv/bsf/bsf-services/warehouse13
tag: main-7126c618
pullPolicy: Always
replicas: 1
env:
databaseUrl: "postgresql://user:password@warehouse13-postgres:5432/warehouse13"
storageBackend: "minio"
minioEndpoint: "warehouse13-minio:9000"
resources:
requests:
memory: "768Mi"
cpu: "350m"
limits:
memory: "768Mi"
cpu: "750m"
service:
type: ClusterIP
port: 8000
healthCheck:
enabled: true
liveness:
path: /health
initialDelaySeconds: 30
periodSeconds: 10
readiness:
path: /health
initialDelaySeconds: 10
periodSeconds: 5
# Ingress
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt"
hosts:
- host: warehouse13.common.global.bsf.tools
paths:
- path: /
pathType: Prefix
backend: app # All traffic goes to unified app (serves both API and frontend)
tls:
- secretName: warehouse13-tls
hosts:
- warehouse13.common.global.bsf.tools
# Service Account
serviceAccount:
create: true
annotations: {}
name: "warehouse13"
# Pod Security
podSecurityContext:
fsGroup: 2000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
# Node selector
nodeSelector: {}
# Tolerations
tolerations: []
# Affinity
affinity: {}
imagePullSecret:
name: gitlab-dev-ns-registry-secret
username: project_9145_bot_imagepuller
# Read only token so okay if hard coded here
password: glpat-ZV7ASvBqFoiWC9QqD5WlTG86MQp1OjVxMgk.01.0z192vpfw
server: registry.global.bsf.tools
email: botemail@global.bsf.tool

2
quickstart-airgap.sh
View File

@@ -30,7 +30,7 @@ fi
echo "Step 1: Building Angular frontend locally..."
echo "==========================================="
./build-for-airgap.sh
./scripts/build-for-airgap.sh
echo ""
echo "Step 2: Starting Docker containers..."

0
build-for-airgap.sh → scripts/build-for-airgap.sh
View File

146
scripts/check-package-age.js Executable file
View File

@@ -0,0 +1,146 @@
#!/usr/bin/env node
/**
* Check if npm packages are at least 2 weeks old before installation
* Usage: node scripts/check-package-age.js
*/
const https = require('https');
const fs = require('fs');
const path = require('path');
const TWO_WEEKS_MS = 14 * 24 * 60 * 60 * 1000;
function getPackageInfo(packageName, version) {
return new Promise((resolve, reject) => {
// Remove version prefixes like ^, ~, >=
let cleanVersion = version.replace(/^[\^~>=]+/, '');
// If version contains .x or wildcards, fetch all versions and find latest matching
if (cleanVersion.includes('x') || cleanVersion.includes('*')) {
const url = `https://registry.npmjs.org/${packageName}`;
https.get(url, (res) => {
let data = '';
res.on('data', (chunk) => {
data += chunk;
});
res.on('end', () => {
try {
const info = JSON.parse(data);
const versions = Object.keys(info.versions || {});
// Convert version pattern to regex (e.g., "19.2.x" -> /^19\.2\.\d+$/)
const pattern = cleanVersion.replace(/\./g, '\\.').replace(/x|\*/g, '\\d+');
const regex = new RegExp(`^${pattern}$`);
// Find matching versions and get the latest
const matchingVersions = versions.filter(v => regex.test(v)).sort();
const latestMatching = matchingVersions[matchingVersions.length - 1];
if (latestMatching && info.time && info.time[latestMatching]) {
resolve({
name: packageName,
version: latestMatching,
published: info.time[latestMatching],
error: null
});
} else {
reject(new Error(`No matching version found for ${packageName}@${cleanVersion}`));
}
} catch (err) {
reject(new Error(`Failed to parse response for ${packageName}@${cleanVersion}`));
}
});
}).on('error', (err) => {
reject(err);
});
} else {
// Exact version lookup
const url = `https://registry.npmjs.org/${packageName}/${cleanVersion}`;
https.get(url, (res) => {
let data = '';
res.on('data', (chunk) => {
data += chunk;
});
res.on('end', () => {
try {
const info = JSON.parse(data);
resolve({
name: packageName,
version: cleanVersion,
published: info.time || info._time,
error: null
});
} catch (err) {
reject(new Error(`Failed to parse response for ${packageName}@${cleanVersion}`));
}
});
}).on('error', (err) => {
reject(err);
});
}
});
}
async function checkPackageAge() {
const packageJsonPath = path.join(__dirname, '../frontend/package.json');
const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
const allDeps = {
...packageJson.dependencies,
...packageJson.devDependencies
};
console.log('Checking package ages (must be at least 2 weeks old)...\n');
const tooNew = [];
const errors = [];
for (const [name, version] of Object.entries(allDeps)) {
try {
const info = await getPackageInfo(name, version);
const publishDate = new Date(info.published);
const age = Date.now() - publishDate.getTime();
const ageInDays = Math.floor(age / (24 * 60 * 60 * 1000));
if (age < TWO_WEEKS_MS) {
tooNew.push({
name,
version: info.version,
age: ageInDays,
published: publishDate.toISOString().split('T')[0]
});
console.log(`${name}@${info.version} - ${ageInDays} days old (published ${publishDate.toISOString().split('T')[0]})`);
} else {
console.log(`${name}@${info.version} - ${ageInDays} days old`);
}
} catch (err) {
errors.push({ name, version, error: err.message });
console.log(`⚠️ ${name}@${version} - Could not check: ${err.message}`);
}
}
console.log('\n' + '='.repeat(80));
if (tooNew.length > 0) {
console.log(`\n❌ FAILED: ${tooNew.length} package(s) are newer than 2 weeks:\n`);
tooNew.forEach(pkg => {
console.log(` - ${pkg.name}@${pkg.version} (${pkg.age} days old, published ${pkg.published})`);
});
process.exit(1);
} else if (errors.length > 0) {
console.log(`\n⚠️ WARNING: Could not verify ${errors.length} package(s)`);
process.exit(0);
} else {
console.log('\n✓ SUCCESS: All packages are at least 2 weeks old');
process.exit(0);
}
}
checkPackageAge();

2
check-ready.sh → scripts/check-ready.sh
View File

@@ -18,7 +18,7 @@ else
echo " Expected: frontend/dist/frontend/browser"
echo ""
echo " You need to build the Angular app first:"
echo " Run: ./build-for-airgap.sh"
echo " Run: ./scripts/build-for-airgap.sh"
echo " OR: cd frontend && npm install && npm run build:prod"
echo ""
errors=$((errors + 1))

41
scripts/pin-old-versions.sh Executable file
View File

@@ -0,0 +1,41 @@
#!/bin/bash
# Pin npm packages to versions that are at least 2 weeks old
# This script helps ensure compliance with package age requirements
set -e
echo "========================================="
echo "Pin NPM Packages to Old Versions"
echo "========================================="
echo ""
cd frontend
echo "Step 1: Checking current package ages..."
node ../scripts/check-package-age.js || {
echo ""
echo "Some packages are too new. Recommendations:"
echo "1. Manually downgrade packages in package.json to older versions"
echo "2. Run: npm install --package-lock-only to update lock file"
echo "3. Re-run this script to verify"
exit 1
}
echo ""
echo "Step 2: Ensuring package-lock.json uses exact versions..."
if [ -f "package-lock.json" ]; then
echo "✓ package-lock.json exists"
else
echo "⚠ package-lock.json does not exist. Creating it..."
npm install --package-lock-only
fi
echo ""
echo "========================================="
echo "✓ All packages meet the 2-week age requirement"
echo "========================================="
echo ""
echo "To install these packages:"
echo " npm ci # Uses exact versions from package-lock.json"
echo ""