From fd514c7d3209d73d3b756e88019cb8b5f55a08ab Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Tue, 10 Dec 2019 11:35:16 +0100 Subject: [PATCH 1/9] Test voor certbot --- .env | 13 +++ api/config/packages/twig.yaml | 7 ++ api/helm/templates/ingress.yaml | 100 +++++++++++++++---- api/helm/templates/lets-encrypt-job.yaml | 39 ++++++++ api/helm/templates/lets-encrypt-secret.yaml | 12 +++ api/helm/templates/lets-encrypt-service.yaml | 16 +++ api/templates/helm/Values.yaml.twig | 1 + 7 files changed, 167 insertions(+), 21 deletions(-) create mode 100644 api/helm/templates/lets-encrypt-job.yaml create mode 100644 api/helm/templates/lets-encrypt-secret.yaml create mode 100644 api/helm/templates/lets-encrypt-service.yaml diff --git a/.env b/.env index edfba23..d2f0c4c 100644 --- a/.env +++ b/.env @@ -27,6 +27,19 @@ APP_DESCRIPTION='Naast deze JSON rest API is er ook een [graphql](/graphql) inte TRUSTED_PROXIES=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 TRUSTED_HOSTS=^(.+\.)?conduction\.nl$|^(.+\.)?huwelijksplanner\.online$|^(.+\.)?larping\.eu$|^(.+\.)?common-ground\.nl$|^(.+\.)?trouwplanner\.online$|^(.+\.)?zaakonline\.nl$|localhost +################################################## +# Orgization details +################################################## + +# The following details describe your organisations and are used for both certificate creation and common-ground.dev + +ORGANIZATION_NAME=Conduction +ORGANIZATION_EMAIL_ADDRESS=info@conduction.nl +ORGANIZATION_COUNTRY_NAME=Netherlands +ORGANIZATION_STATE=Noord-Holland +ORGANIZATION_LOCALITY=Amsterdam +ORGANIZATION_UNIT_NAME=Common-Ground + ################################################## # Documentation settings ################################################## diff --git a/api/config/packages/twig.yaml b/api/config/packages/twig.yaml index 8284abd..26f0617 100644 --- a/api/config/packages/twig.yaml +++ b/api/config/packages/twig.yaml @@ -8,6 +8,13 @@ twig: container_registry_base: '%env(CONTAINER_REGISTRY_BASE)%' container_project_name: '%env(CONTAINER_PROJECT_NAME)%' + + organization_name: '%env(ORGANIZATION_NAME)%' + organization_email: '%env(ORGANIZATION_EMAIL_ADDRESS)%' + organization_country: '%env(ORGANIZATION_COUNTRY_NAME)%' + organization_state: '%env(ORGANIZATION_STATE)%' + organization_locality: '%env(ORGANIZATION_LOCALITY)%' + organization_unit: '%env(ORGANIZATION_UNIT_NAME)%' app_name: '%env(APP_NAME)%' app_title: '%env(APP_TITLE)%' diff --git a/api/helm/templates/ingress.yaml b/api/helm/templates/ingress.yaml index ad27ed0..d7cd7d4 100644 --- a/api/helm/templates/ingress.yaml +++ b/api/helm/templates/ingress.yaml @@ -13,16 +13,14 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ .host | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} + - hosts: + {{- if eq .Values.settings.env "prod" }} + - {{ .Values.settings.domain }} + {{- else }} + - {{ .Values.settings.env }}.{{ .Values.settings.domain }} + {{- end }} + secretName: {{ include "name" . }}-certs rules: # - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.{{ .Values.settings.domain }} # http: @@ -34,74 +32,134 @@ spec: - host: {{ .Values.settings.name }}.{{ .Values.settings.domain }} http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.huwelijksplanner.online http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.trouwplanner.online http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.common-ground.nl http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.larping.eu http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.zaakonline.eu http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 {{- else }} - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.{{ .Values.settings.domain }} http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.huwelijksplanner.online http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.trouwplanner.online http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.common-ground.nl http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.larping.eu http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.zaakonline.nl http: paths: - - backend: + - path: /.well-known/* + backend: + serviceName: {{ include "name" . }}-letsencrypt + servicePort: 80 + - path: /* + backend: serviceName: {{ include "name" . }} servicePort: 80 {{- end }} diff --git a/api/helm/templates/lets-encrypt-job.yaml b/api/helm/templates/lets-encrypt-job.yaml new file mode 100644 index 0000000..ee55da0 --- /dev/null +++ b/api/helm/templates/lets-encrypt-job.yaml @@ -0,0 +1,39 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "name" . }}-letsencrypt-job + labels: + app.kubernetes.io/name: {{ include "name" . }} + app.kubernetes.io/part-of: {{ include "name" . }} + helm.sh/chart: {{ include "chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + template: + metadata: + name: {{ include "name" . }}-letsencrypt + labels: + app: {{ include "name" . }}-letsencrypt + spec: + containers: + # Bash script that starts an http server and launches certbot + # Fork of github.com/sjenning/kube-nginx-letsencrypt + - image: quay.io/hiphipjorge/kube-nginx-letsencrypt:latest + name: letsencrypt + imagePullPolicy: Always + ports: + - name: letsencrypt + containerPort: 80 + env: + {{- if eq .Values.settings.env "prod" }} + - name: DOMAINS + value: { .Values.settings.domain }} + {{- else }} + - name: DOMAINS + value: {{ .Values.settings.env }}.{{ .Values.settings.domain }} + {{- end }} + - name: EMAIL + value: {{ .Values.settings.email }} + - name: SECRET + value: {{ include "name" . }}-letsencrypt-certs + restartPolicy: Never \ No newline at end of file diff --git a/api/helm/templates/lets-encrypt-secret.yaml b/api/helm/templates/lets-encrypt-secret.yaml new file mode 100644 index 0000000..4ea2960 --- /dev/null +++ b/api/helm/templates/lets-encrypt-secret.yaml @@ -0,0 +1,12 @@ +# An empty secret (with no data) in order for the update to work +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "fullname" . }}-letsencrypt-certs + labels: + app.kubernetes.io/name: {{ include "name" . }} + app.kubernetes.io/part-of: {{ include "name" . }} + helm.sh/chart: {{ include "chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque \ No newline at end of file diff --git a/api/helm/templates/lets-encrypt-service.yaml b/api/helm/templates/lets-encrypt-service.yaml new file mode 100644 index 0000000..48247ae --- /dev/null +++ b/api/helm/templates/lets-encrypt-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "name" . }}-letsencrypt + labels: + app.kubernetes.io/name: {{ include "name" . }} + app.kubernetes.io/part-of: {{ include "name" . }} + helm.sh/chart: {{ include "chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + selector: + app: {{ include "name" . }}-letsencrypt + ports: + - protocol: "TCP" + port: 80 \ No newline at end of file diff --git a/api/templates/helm/Values.yaml.twig b/api/templates/helm/Values.yaml.twig index 8a8e6ae..e9b2879 100644 --- a/api/templates/helm/Values.yaml.twig +++ b/api/templates/helm/Values.yaml.twig @@ -11,6 +11,7 @@ settings: description: '{{ app_description }}' repro: '{{ app_repro }}' domain: {{ app_domain }} + email: {{ organization_email }} demo: {{ app_demo }} env: {{ app_env }} debug: {{ app_debug }} From f0681520ce5f9b3fb972391c7c3a34bab6ac97aa Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Tue, 10 Dec 2019 14:47:53 +0100 Subject: [PATCH 2/9] Fixed certbot --- INSTALLATION.md | 42 ++++++++- api/helm/templates/cert-issuer.yaml | 16 ++++ api/helm/templates/certificate.yaml | 22 +++++ api/helm/templates/ingress.yaml | 96 ++++---------------- api/helm/templates/lets-encrypt-job.yaml | 39 -------- api/helm/templates/lets-encrypt-secret.yaml | 12 --- api/helm/templates/lets-encrypt-service.yaml | 16 ---- 7 files changed, 93 insertions(+), 150 deletions(-) create mode 100644 api/helm/templates/cert-issuer.yaml create mode 100644 api/helm/templates/certificate.yaml delete mode 100644 api/helm/templates/lets-encrypt-job.yaml delete mode 100644 api/helm/templates/lets-encrypt-secret.yaml delete mode 100644 api/helm/templates/lets-encrypt-service.yaml diff --git a/INSTALLATION.md b/INSTALLATION.md index 2e8410d..5ed0a96 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -35,10 +35,19 @@ Now that we've installed both Helm components, we're ready to use helm to instal ## Setting up ingress We need at least one nginx controller per kubernetes kluster, doh optionally we could set on up on a per namebase basis -helm install stable/nginx-ingress --name loadbalancer --kubeconfig="kubeconfig.yaml" +```CLI +$ helm install stable/nginx-ingress --name loadbalancer --kubeconfig="kubeconfig.yaml" +``` + +We can check that out with + +```CLI +$ kubectl describe ingress pc-dev-ingress -n=kube-system --kubeconfig="kubeconfig.yaml" +``` ## Setting up Kubernetes Dashboard After we installed helm and tiller we can easily use both to install kubernetes dashboard + ```CLI $ helm install stable/kubernetes-dashboard --name dashboard --kubeconfig="kubeconfig.yaml" --namespace="kube-system" ``` @@ -57,7 +66,7 @@ $ kubectl -n kube-system describe secrets tiller-token-xxxxx --kubeconfig="kube This should return the token, copy it to somewhere save (just the token not the other returned information) and start up a dashboard connection ```CLI -$kubectl proxy --kubeconfig="kubeconfig.yaml" +$ kubectl proxy --kubeconfig="kubeconfig.yaml" ``` This should proxy our dashboard to helm making it available trough our favorite browser and a simple link @@ -65,6 +74,29 @@ This should proxy our dashboard to helm making it available trough our favorite http://localhost:8001/api/v1/namespaces/kube-system/services/https:dashboard-kubernetes-dashboard:https/proxy/#!/login ``` + +## Cert Manager +https://cert-manager.io/docs/installation/kubernetes/ + +```CLI +$ kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.12/deploy/manifests/00-crds.yaml --kubeconfig="kubeconfig.yaml" +$ kubectl create namespace cert-manager --kubeconfig="kubeconfig.yaml" +``` + + The we need tp deploy the cert manager to our cluster + +```CLI +$ helm repo add jetstack https://charts.jetstack.io +$ helm install --name cert-manager --namespace cert-manager --version v0.12.0 \ jetstack/cert-manager --kubeconfig="kubeconfig.yaml" +``` + +lets check if everything is working + +```CLI +$ kubectl get pods --namespace cert-manager --kubeconfig="kubeconfig.yaml" +$ kubectl describe certificate -n dev --kubeconfig="kubeconfig.yaml" +``` + ## Deploying trough helm First we always need to update our dependencies ```CLI @@ -86,9 +118,9 @@ $ helm upgrade pc-prod ./api/helm --kubeconfig="api/helm/kubeconfig.yaml" --name Or del if you want to delete an existing one ```CLI -$ helm del pc-dev --purge --kubeconfig="api/helm/kubeconfig.yaml --namespace=dev" -$ helm del pc-stag --purge --kubeconfig="api/helm/kubeconfig.yaml --namespace=stag" -$ helm del pp-prod --purge --kubeconfig="api/helm/kubeconfig.yaml --namespace=prod" +$ helm del pc-dev --purge --kubeconfig="api/helm/kubeconfig.yaml" +$ helm del pc-stag --purge --kubeconfig="api/helm/kubeconfig.yaml" +$ helm del pc-prod --purge --kubeconfig="api/helm/kubeconfig.yaml" ``` Note that you can replace common ground with the namespace that you want to use (normally the name of your component). diff --git a/api/helm/templates/cert-issuer.yaml b/api/helm/templates/cert-issuer.yaml new file mode 100644 index 0000000..804486a --- /dev/null +++ b/api/helm/templates/cert-issuer.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: ClusterIssuer +metadata: + name: {{ include "name" . }}-{{ .Values.settings.env }}-letsencrypt +spec: + acme: + email: {{ .Values.settings.email }} + http01: {} + privateKeySecretRef: + name: letsencrypt-private-key + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - selector: {} + http01: + ingress: + class: nginx \ No newline at end of file diff --git a/api/helm/templates/certificate.yaml b/api/helm/templates/certificate.yaml new file mode 100644 index 0000000..43dacaf --- /dev/null +++ b/api/helm/templates/certificate.yaml @@ -0,0 +1,22 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: {{ include "name" . }}-acme-cert +spec: + secretName: {{ include "name" . }}-tls-cert + duration: 24h + renewBefore: 12h + {{- if eq .Values.settings.env "prod" }} + commonName: {{ .Values.settings.name }}.{{ .Values.settings.domain }} + {{- else }} + commonName: {{ .Values.settings.name }}.{{ .Values.settings.env }}.{{ .Values.settings.domain }} + {{- end }} + dnsNames: + {{- if eq .Values.settings.env "prod" }} + - {{ .Values.settings.name }}.{{ .Values.settings.domain }} + {{- else }} + - {{ .Values.settings.name }}.{{ .Values.settings.env }}.{{ .Values.settings.domain }} + {{- end }} + issuerRef: + name: {{ include "name" . }}-{{ .Values.settings.env }}-letsencrypt + kind: ClusterIssuer \ No newline at end of file diff --git a/api/helm/templates/ingress.yaml b/api/helm/templates/ingress.yaml index d7cd7d4..5c76e03 100644 --- a/api/helm/templates/ingress.yaml +++ b/api/helm/templates/ingress.yaml @@ -1,6 +1,10 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: + annotations: + # add an annotation indicating the issuer to use. + cert-manager.io/acme-challenge-type: http01 + cert-manager.io/cluster-issuer: {{ include "name" . }}-{{ .Values.settings.env }}-letsencrypt name: {{ include "name" . }}-{{ .Values.settings.env }}-ingress labels: app.kubernetes.io/name: {{ include "name" . }}-ingress @@ -13,14 +17,10 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - tls: + tls: - hosts: - {{- if eq .Values.settings.env "prod" }} - {{ .Values.settings.domain }} - {{- else }} - - {{ .Values.settings.env }}.{{ .Values.settings.domain }} - {{- end }} - secretName: {{ include "name" . }}-certs + secretName: {{ include "name" . }}-tls-cert rules: # - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.{{ .Values.settings.domain }} # http: @@ -32,134 +32,74 @@ spec: - host: {{ .Values.settings.name }}.{{ .Values.settings.domain }} http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.huwelijksplanner.online http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.trouwplanner.online http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.common-ground.nl http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.larping.eu http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.zaakonline.eu http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 {{- else }} - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.{{ .Values.settings.domain }} http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.huwelijksplanner.online http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.trouwplanner.online http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.common-ground.nl http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.larping.eu http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 - host: {{ .Values.settings.name }}.{{ .Values.settings.env }}.zaakonline.nl http: paths: - - path: /.well-known/* - backend: - serviceName: {{ include "name" . }}-letsencrypt - servicePort: 80 - - path: /* - backend: + - backend: serviceName: {{ include "name" . }} servicePort: 80 {{- end }} diff --git a/api/helm/templates/lets-encrypt-job.yaml b/api/helm/templates/lets-encrypt-job.yaml deleted file mode 100644 index ee55da0..0000000 --- a/api/helm/templates/lets-encrypt-job.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "name" . }}-letsencrypt-job - labels: - app.kubernetes.io/name: {{ include "name" . }} - app.kubernetes.io/part-of: {{ include "name" . }} - helm.sh/chart: {{ include "chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - template: - metadata: - name: {{ include "name" . }}-letsencrypt - labels: - app: {{ include "name" . }}-letsencrypt - spec: - containers: - # Bash script that starts an http server and launches certbot - # Fork of github.com/sjenning/kube-nginx-letsencrypt - - image: quay.io/hiphipjorge/kube-nginx-letsencrypt:latest - name: letsencrypt - imagePullPolicy: Always - ports: - - name: letsencrypt - containerPort: 80 - env: - {{- if eq .Values.settings.env "prod" }} - - name: DOMAINS - value: { .Values.settings.domain }} - {{- else }} - - name: DOMAINS - value: {{ .Values.settings.env }}.{{ .Values.settings.domain }} - {{- end }} - - name: EMAIL - value: {{ .Values.settings.email }} - - name: SECRET - value: {{ include "name" . }}-letsencrypt-certs - restartPolicy: Never \ No newline at end of file diff --git a/api/helm/templates/lets-encrypt-secret.yaml b/api/helm/templates/lets-encrypt-secret.yaml deleted file mode 100644 index 4ea2960..0000000 --- a/api/helm/templates/lets-encrypt-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# An empty secret (with no data) in order for the update to work -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "fullname" . }}-letsencrypt-certs - labels: - app.kubernetes.io/name: {{ include "name" . }} - app.kubernetes.io/part-of: {{ include "name" . }} - helm.sh/chart: {{ include "chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -type: Opaque \ No newline at end of file diff --git a/api/helm/templates/lets-encrypt-service.yaml b/api/helm/templates/lets-encrypt-service.yaml deleted file mode 100644 index 48247ae..0000000 --- a/api/helm/templates/lets-encrypt-service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "name" . }}-letsencrypt - labels: - app.kubernetes.io/name: {{ include "name" . }} - app.kubernetes.io/part-of: {{ include "name" . }} - helm.sh/chart: {{ include "chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - selector: - app: {{ include "name" . }}-letsencrypt - ports: - - protocol: "TCP" - port: 80 \ No newline at end of file From 75e28298b02939271a483a684fedf564b1b4b906 Mon Sep 17 00:00:00 2001 From: Robert Zondervan Date: Tue, 10 Dec 2019 14:51:37 +0100 Subject: [PATCH 3/9] Replaced deprecated interface --- api/src/Repository/ExampleEntityRepository.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/src/Repository/ExampleEntityRepository.php b/api/src/Repository/ExampleEntityRepository.php index 7baa698..692bece 100644 --- a/api/src/Repository/ExampleEntityRepository.php +++ b/api/src/Repository/ExampleEntityRepository.php @@ -4,7 +4,7 @@ use App\Entity\ExampleEntity; use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository; -use Symfony\Bridge\Doctrine\RegistryInterface; +use Doctrine\Common\Persistence\ManagerRegistry; /** * @method ExampleEntity|null find($id, $lockMode = null, $lockVersion = null) @@ -14,7 +14,7 @@ */ class ExampleEntityRepository extends ServiceEntityRepository { - public function __construct(RegistryInterface $registry) + public function __construct(ManagerRegistry $registry) { parent::__construct($registry, ExampleEntity::class); } From ae03943e0c16bac86d1cf2ae1f22161b21f62ab5 Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Tue, 10 Dec 2019 13:56:48 +0000 Subject: [PATCH 4/9] Apply fixes from StyleCI --- api/config/bundles.php | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/api/config/bundles.php b/api/config/bundles.php index 32cd19d..b3f9617 100644 --- a/api/config/bundles.php +++ b/api/config/bundles.php @@ -1,20 +1,20 @@ ['all' => true], - Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true], - Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true], - Symfony\Bundle\MercureBundle\MercureBundle::class => ['all' => true], - Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true], - Doctrine\Bundle\DoctrineCacheBundle\DoctrineCacheBundle::class => ['all' => true], - Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true], - ApiPlatform\Core\Bridge\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true], - Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true], - Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true], - Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true], - Conduction\CommonGroundBundle\CommonGroundBundle::class => ['all' => true], - Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true], + Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true], + Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle::class => ['all' => true], + Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true], + Symfony\Bundle\MercureBundle\MercureBundle::class => ['all' => true], + Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true], + Doctrine\Bundle\DoctrineCacheBundle\DoctrineCacheBundle::class => ['all' => true], + Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true], + ApiPlatform\Core\Bridge\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true], + Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true], + Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true], + Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true], + Conduction\CommonGroundBundle\CommonGroundBundle::class => ['all' => true], + Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true], Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle::class => ['all' => true], - Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['all' => true], - Tbbc\MoneyBundle\TbbcMoneyBundle::class => ['all' => true], + Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['all' => true], + Tbbc\MoneyBundle\TbbcMoneyBundle::class => ['all' => true], ]; From 06bc6bc194b643c8a09d43f287ce8b98a3d3f00d Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Tue, 10 Dec 2019 15:47:56 +0100 Subject: [PATCH 5/9] Fix on .env variable and an increase of the php containers to 3 --- api/helm/templates/configmap.yaml | 7 ++++++ api/helm/templates/php-deployment.yaml | 32 +++++++++++++++++++++++--- api/templates/helm/Values.yaml.twig | 7 +++++- 3 files changed, 42 insertions(+), 4 deletions(-) diff --git a/api/helm/templates/configmap.yaml b/api/helm/templates/configmap.yaml index d3b9745..39c5e99 100644 --- a/api/helm/templates/configmap.yaml +++ b/api/helm/templates/configmap.yaml @@ -25,6 +25,13 @@ data: app-health: {{ .Values.settings.healthEnabled | quote }} app-archive: {{ .Values.settings.archiveEnabled | quote }} + organization-name: {{ .Values.settings.organisationMame | quote }} + organization-email: {{ .Values.settings.email | quote }} + organization-country: {{ .Values.settings.country | quote }} + organization-state: {{ .Values.settings.state | quote }} + organization-locality: {{ .Values.settings.locality | quote }} + organization-unit: {{ .Values.settings.unit | quote }} + env: {{ .Values.settings.env | quote }} debug: {{ .Values.settings.debug | quote }} cors-allow-origin: {{ .Values.settings.corsAllowOrigin | quote }} diff --git a/api/helm/templates/php-deployment.yaml b/api/helm/templates/php-deployment.yaml index 3f09ef5..611e5d3 100644 --- a/api/helm/templates/php-deployment.yaml +++ b/api/helm/templates/php-deployment.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: - replicas: {{ .Values.php.replicaCount }} + replicas: 3 template: metadata: labels: @@ -82,11 +82,37 @@ spec: configMapKeyRef: name: {{ template "fullname" . }} key: app-domain - - name: APP_REPRO + # organization + - name: ORGANIZATION_NAME valueFrom: configMapKeyRef: name: {{ template "fullname" . }} - key: app-repro + key: organization-name + - name: ORGANIZATION_EMAIL_ADDRESS + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }} + key: organization-email + - name: ORGANIZATION_COUNTRY_NAME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }} + key: organization-country + - name: ORGANIZATION_STATE + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }} + key: organization-state + - name: ORGANIZATION_LOCALITY + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }} + key: organization-locality + - name: ORGANIZATION_UNIT_NAME + valueFrom: + configMapKeyRef: + name: {{ template "fullname" . }} + key: organization-unit # config - name: AUTH_ENABLED valueFrom: diff --git a/api/templates/helm/Values.yaml.twig b/api/templates/helm/Values.yaml.twig index e9b2879..616c3f7 100644 --- a/api/templates/helm/Values.yaml.twig +++ b/api/templates/helm/Values.yaml.twig @@ -10,8 +10,13 @@ settings: version: {{ app_version }} description: '{{ app_description }}' repro: '{{ app_repro }}' - domain: {{ app_domain }} + domain: {{ app_domain }} + organisationName: {{ organization_name }} email: {{ organization_email }} + country: {{ organization_country }} + state: {{ organization_state }} + locality: {{ organization_locality }} + unit: {{ unit }} demo: {{ app_demo }} env: {{ app_env }} debug: {{ app_debug }} From 0d1fe68c642413f8bfb9b105ab376c415658c76d Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Tue, 10 Dec 2019 15:57:22 +0100 Subject: [PATCH 6/9] Added missing .env variables --- docker-compose.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 51c9655..4d7436b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -40,6 +40,12 @@ services: - APP_DEMO=${APP_DEMO} - APP_REPRO=${APP_REPRO} - APP_DESCRIPTION=${APP_DESCRIPTION} + - ORGANIZATION_NAME=${ORGANIZATION_NAME} + - ORGANIZATION_EMAIL_ADDRESS=${ORGANIZATION_EMAIL_ADDRESS} + - ORGANIZATION_COUNTRY_NAME=${ORGANIZATION_COUNTRY_NAME} + - ORGANIZATION_STATE=${ORGANIZATION_STATE} + - ORGANIZATION_LOCALITY=${ORGANIZATION_LOCALITY} + - ORGANIZATION_UNIT_NAME=${ORGANIZATION_UNIT_NAME} - TRUSTED_PROXIES=${TRUSTED_PROXIES} - TRUSTED_HOSTS=${TRUSTED_HOSTS} - AUTH_ENABLED=${AUTH_ENABLED} From 43c9ea0bede798d6479df097991299ce0db00f83 Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Tue, 10 Dec 2019 16:07:30 +0100 Subject: [PATCH 7/9] Fix on organisation unit --- api/templates/helm/Values.yaml.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/templates/helm/Values.yaml.twig b/api/templates/helm/Values.yaml.twig index 616c3f7..37ec612 100644 --- a/api/templates/helm/Values.yaml.twig +++ b/api/templates/helm/Values.yaml.twig @@ -16,7 +16,7 @@ settings: country: {{ organization_country }} state: {{ organization_state }} locality: {{ organization_locality }} - unit: {{ unit }} + unit: {{ organization_unit }} demo: {{ app_demo }} env: {{ app_env }} debug: {{ app_debug }} From 4ef9753fbe70b5abec418ef99f2708aa75f22526 Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Tue, 10 Dec 2019 17:04:04 +0100 Subject: [PATCH 8/9] Added doctrine shema check to ci/cd --- .github/workflows/dockerimage.yml | 2 ++ api/helm/values.yaml | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 4f8b430..e5ca75c 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -63,6 +63,8 @@ jobs: run: docker-compose logs - name: Security Checks run: docker-compose exec -T php composer req sensiolabs/security-checker + - name: Database Check + run: docker-compose exec -T php bin/console doctrine:schema:validate - name: Chores run: docker-compose down - name: Login to DockerHub Registry diff --git a/api/helm/values.yaml b/api/helm/values.yaml index 7f4d307..18c2d9e 100644 --- a/api/helm/values.yaml +++ b/api/helm/values.yaml @@ -10,7 +10,13 @@ settings: version: V.0.1 description: ''Naast deze JSON rest API is er ook een [graphql](/graphql) interface beschikbaar.'' repro: 'https://github.com/ConductionNL/Proto-component-commonground' - domain: conduction.nl + domain: conduction.nl + organisationName: Conduction + email: info@conduction.nl + country: Netherlands + state: Noord-Holland + locality: Amsterdam + unit: Common-Ground demo: pc.zaakonline.nl env: dev debug: 1 From 3c801ea5aa06204a66d6268bf88c332d8fedd414 Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Tue, 10 Dec 2019 17:38:58 +0100 Subject: [PATCH 9/9] Add database update to ci/cd --- .github/workflows/dockerimage.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index e5ca75c..3be28c0 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -63,6 +63,8 @@ jobs: run: docker-compose logs - name: Security Checks run: docker-compose exec -T php composer req sensiolabs/security-checker + - name: Database Update + run: docker-compose exec -T php bin/console doctrine:schema:update --force - name: Database Check run: docker-compose exec -T php bin/console doctrine:schema:validate - name: Chores