diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9ca86133..b916fff7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Release Charts on: push: branches: - - master + - main # Environment variables available to all jobs and steps in this workflow env: @@ -61,7 +61,7 @@ jobs: - name: Test Drupal Helm Chart run: | - cd drupal + cd charts/drupal helm install drupal -f values.yaml . --timeout=600s - name: Configure Git @@ -81,7 +81,7 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.4.0 with: - charts_dir: . + charts_dir: ./charts env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_SKIP_EXISTING: 'true' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7c3a0082..a31ab359 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,7 +2,7 @@ name: Test Helm Charts on: pull_request: branches: - - master + - main # Environment variables available to all jobs and steps in this workflow env: @@ -56,5 +56,5 @@ jobs: - name: Test Drupal Helm Chart run: | - cd drupal + cd charts/drupal helm install drupal -f values.yaml . --timeout=600s diff --git a/.gitignore b/.gitignore index e0008230..2f842da3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ packages index.yaml + +tpl/ +values-*.yaml +!values-example-*.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 161bccca..afb2d8ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,31 @@ +## 1.0.0-beta1 + +- Breaking Changes + - Drupal 7 Chart has been removed + - The _helpers.tpl has been leveraged more to reduce duplication + - Switches to leverage an unprivileged nginx execution +- Regular Changes + - Varnish chart now exists inside this repository + - All charts have been moved under the charts folder + - Network Policies have been added + - Chart has been tested against an OpenShift deployment model + +Upgrade Path: + +> The best way for this is to simply run helm template, store the rendered manifests in git +> then run helm template again on the main branch of the repo and compare the output. + +```sh +git checkout --branch master https://github.com/drupalwxt/helm-drupal +cd helm-drupal/drupal +helm template . -f values-override.yaml --output-dir ../tpl/override +cd ../tpl/override && git init && git add . && git commit -m "feat(initial): Initial commit" +cd ../../ +git checkout main +cd charts/drupal +helm template . -f values-override.yaml --output-dir ../tpl/override +``` + ## 0.20.1-beta3 - Enable all of the WxT extension modules for default site install (drupal.extensions.enabled) diff --git a/LICENSE.md b/LICENSE.md index 8fb31687..2d75441b 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,6 +1,6 @@ ## MIT License -Copyright (c) 2022 Drupal WxT +Copyright (c) 2023 Drupal WxT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 79e5e130..c8832e1b 100644 --- a/README.md +++ b/README.md @@ -8,18 +8,18 @@ This chart will deploy a highly available and performant enterprise Drupal site - MySQL configured with ProxySQL - PostgreSQL configured with PGBouncer - Redis +- Solr - Varnish Please consult our **Architectural Diagram** for a recommended setup on Azure: -- **[Architectural Diagram][architectural_diagram]** +- **[Architectural Diagram][diagram]** ## Individual Charts Further documentation can be found at the individual chart level: -- **[Drupal 9][drupal9]** -- **[Drupal 7][drupal7]** +- **[Drupal 9/10][drupal]** ## Development @@ -29,8 +29,7 @@ You can consult the `values.yaml` file for the full range of options available t > **Note:** We try out best to follow `https://semver.org` so that it's clear patch, minor and major releases for breaking changes. -[architectural_diagram]: https://github.com/drupalwxt/helm-drupal/blob/master/docs/diagram-drupal.pdf -[drupal7]: drupal7/README.md -[drupal9]: drupal/README.md +[diagram]: https://github.com/drupalwxt/helm-drupal/blob/master/docs/diagram-drupal.pdf +[drupal]: drupal/README.md [helm]: https://helm.sh/ [wxt]: https://drupalwxt.github.io diff --git a/drupal/.helmignore b/charts/drupal/.helmignore similarity index 99% rename from drupal/.helmignore rename to charts/drupal/.helmignore index f0c13194..b6a3eb5b 100644 --- a/drupal/.helmignore +++ b/charts/drupal/.helmignore @@ -2,6 +2,7 @@ # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store + # Common VCS dirs .git/ .gitignore @@ -10,11 +11,13 @@ .hg/ .hgignore .svn/ + # Common backup files *.swp *.bak *.tmp *~ + # Various IDEs .project .idea/ diff --git a/drupal7/Chart.lock b/charts/drupal/Chart.lock similarity index 56% rename from drupal7/Chart.lock rename to charts/drupal/Chart.lock index 8e355963..84f6585d 100644 --- a/drupal7/Chart.lock +++ b/charts/drupal/Chart.lock @@ -8,8 +8,8 @@ dependencies: - name: redis repository: https://charts.bitnami.com/bitnami version: 16.13.2 -- name: varnish - repository: https://statcan.github.io/charts - version: 0.2.2 -digest: sha256:eff9b22832514728f66d261ff5cac8a31b399b52171bf06c821fdf5fca3f7fb3 -generated: "2023-01-16T08:45:02.67443-05:00" +- name: solr + repository: https://charts.bitnami.com/bitnami + version: 7.5.1 +digest: sha256:e15fab8d13baf578d5c6a36fa9a9cc1d852be8de47ed68064852c56e1512fc6b +generated: "2023-12-02T22:05:14.382491-05:00" diff --git a/drupal/Chart.yaml b/charts/drupal/Chart.yaml similarity index 79% rename from drupal/Chart.yaml rename to charts/drupal/Chart.yaml index be1e34b4..79a56557 100644 --- a/drupal/Chart.yaml +++ b/charts/drupal/Chart.yaml @@ -1,9 +1,9 @@ name: drupal apiVersion: v2 type: application -version: 0.20.1-beta8 +version: 1.0.0-beta1 appVersion: 5.0.1 -description: Drupal 8/9 variant of the Web Experience Toolkit (WxT). +description: Drupal 9/10 variant of the Web Experience Toolkit (WxT). keywords: - drupal - cms @@ -35,7 +35,7 @@ dependencies: version: 16.13.2 repository: https://charts.bitnami.com/bitnami condition: redis.enabled - - name: varnish - version: 0.2.2 - repository: https://statcan.github.io/charts - condition: varnish.enabled + - name: solr + version: 7.5.1 + repository: https://charts.bitnami.com/bitnami + condition: solr.enabled diff --git a/drupal/README.md b/charts/drupal/README.md similarity index 55% rename from drupal/README.md rename to charts/drupal/README.md index 396f4c24..24da85f9 100644 --- a/drupal/README.md +++ b/charts/drupal/README.md @@ -1,8 +1,8 @@ # drupal -![Version: 0.20.1-beta7](https://img.shields.io/badge/Version-0.20.1--beta7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.5.3](https://img.shields.io/badge/AppVersion-4.5.3-informational?style=flat-square) +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.1](https://img.shields.io/badge/AppVersion-5.0.1-informational?style=flat-square) -Drupal 8/9 variant of the Web Experience Toolkit (WxT). +Drupal 9/10 variant of the Web Experience Toolkit (WxT). **Homepage:** @@ -24,12 +24,12 @@ Drupal 8/9 variant of the Web Experience Toolkit (WxT). | https://charts.bitnami.com/bitnami | mysql | 9.1.7 | | https://charts.bitnami.com/bitnami | postgresql | 11.6.6 | | https://charts.bitnami.com/bitnami | redis | 16.13.2 | -| https://statcan.github.io/charts | varnish | 0.2.2 | +| https://charts.bitnami.com/bitnami | solr | 7.5.1 | ## Prerequisites -- Kubernetes 1.7+ -- Helm v3.0.0+ +- Kubernetes 1.21+ +- Helm v3.10.0+ ## Installing the Chart @@ -48,8 +48,7 @@ Optionally you can git clone the helm chart and select the appropriate values fi ```sh git clone https://github.com/drupalwxt/helm-drupal cd helm-drupal/drupal -cp values-azurefile.yaml values-override.yaml -helm install --name drupal -f values-override.yaml +helm install --name drupal -f values-.yaml ``` ## Ingress @@ -67,6 +66,7 @@ helm install --name drupal -f values-override.yaml | Key | Type | Default | Description | |-----|------|---------|-------------| | drupal.additionalCrons | object | `{}` | | +| drupal.args | list | `[]` | | | drupal.autoscaling.enabled | bool | `false` | | | drupal.autoscaling.maxReplicas | int | `11` | | | drupal.autoscaling.minReplicas | int | `1` | | @@ -79,16 +79,18 @@ helm install --name drupal -f values-override.yaml | drupal.backup.sqlDumpArgs | string | `""` | | | drupal.backup.volume | object | `{}` | | | drupal.cacheRebuildBeforeDatabaseMigration | bool | `true` | | +| drupal.command | list | `[]` | | | drupal.configSplit.enabled | bool | `false` | | | drupal.configSync.directory | string | `"/private/config/sync"` | | | drupal.cron.enabled | bool | `true` | | +| drupal.cron.failedJobsHistoryLimit | int | `1` | | +| drupal.cron.preInstallScripts | string | `""` | | | drupal.cron.schedule | string | `"0 * * * *"` | | +| drupal.cron.successfulJobsHistoryLimit | int | `3` | | | drupal.dbAvailabilityScript | string | `"until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done\necho DB available"` | default script used to detect when the DB is ready | | drupal.disableDefaultFilesMount | bool | `false` | | | drupal.extensions.enabled | bool | `true` | | -| drupal.extraInstallScripts | string | `""` | | | drupal.extraSettings | string | `""` | | -| drupal.extraUpgradeScripts | string | `""` | | | drupal.healthcheck.enabled | bool | `true` | | | drupal.image | string | `"drupalwxt/site-wxt"` | | | drupal.imagePullPolicy | string | `"IfNotPresent"` | | @@ -99,8 +101,13 @@ helm install --name drupal -f values-override.yaml | drupal.persistence.annotations | object | `{}` | | | drupal.persistence.enabled | bool | `false` | | | drupal.persistence.size | string | `"8Gi"` | | +| drupal.php.fpm | string | `"pm.max_children = 50\npm.start_servers = 5\npm.min_spare_servers = 5\npm.max_spare_servers = 35"` | | | drupal.php.ini | object | `{}` | | | drupal.podAnnotations | object | `{}` | | +| drupal.postInstallScripts | string | `""` | | +| drupal.postUpgradeScripts | string | `""` | | +| drupal.preInstallScripts | string | `""` | | +| drupal.preUpgradeScripts | string | `""` | | | drupal.profile | string | `"wxt"` | | | drupal.reconfigure | bool | `true` | | | drupal.replicas | int | `1` | | @@ -112,9 +119,11 @@ helm install --name drupal -f values-override.yaml | drupal.restore.name | string | `"latest"` | | | drupal.restore.suppressTarErrors | bool | `false` | | | drupal.restore.volume | object | `{}` | | -| drupal.securityContext.fsGroup | int | `82` | | -| drupal.securityContext.runAsGroup | int | `82` | | -| drupal.securityContext.runAsUser | int | `82` | | +| drupal.securityContext | object | `{}` | | +| drupal.serviceAccount.annotations | object | `{}` | | +| drupal.serviceAccount.automountServiceAccountToken | bool | `true` | | +| drupal.serviceAccount.create | bool | `true` | | +| drupal.serviceAccount.name | string | `""` | | | drupal.serviceType | string | `"ClusterIP"` | | | drupal.services | string | `""` | | | drupal.siteEmail | string | `"admin@example.com"` | | @@ -127,6 +136,7 @@ helm install --name drupal -f values-override.yaml | drupal.smtp.host | string | `"mail"` | | | drupal.smtp.starttls | bool | `true` | | | drupal.smtp.tls | bool | `true` | | +| drupal.theme | string | `"theme-gcweb"` | | | drupal.tolerations | list | `[]` | | | drupal.updateDBBeforeDatabaseMigration | bool | `true` | | | drupal.username | string | `"admin"` | | @@ -134,8 +144,6 @@ helm install --name drupal -f values-override.yaml | drupal.volumeMounts | string | `nil` | | | drupal.volumePermissions.enabled | bool | `false` | | | drupal.volumes | string | `nil` | | -| drupal.wxtTheme | string | `"theme-gcweb"` | | -| drupal.wxtUpdate | bool | `false` | | ## Nginx @@ -155,8 +163,8 @@ helm install --name drupal -f values-override.yaml | nginx.real_ip_header | string | `"X-Forwarded-For"` | | | nginx.replicas | int | `1` | | | nginx.resolver | string | `"kube-dns.kube-system.svc.cluster.local"` | | -| nginx.securityContext.enabled | bool | `true` | | -| nginx.securityContext.fsGroup | int | `33` | | +| nginx.resources | object | `{}` | | +| nginx.securityContext | object | `{}` | | | nginx.serviceType | string | `"ClusterIP"` | | | nginx.tolerations | list | `[]` | | | nginx.volumeMounts | string | `nil` | | @@ -172,7 +180,7 @@ helm install --name drupal -f values-override.yaml | mysql.auth.username | string | `"wxt"` | | | mysql.enabled | bool | `true` | | | mysql.image.tag | string | `"8.0.29-debian-11-r3"` | | -| mysql.primary.configuration | string | `"[mysqld]\ndefault_authentication_plugin=mysql_native_password\nskip-name-resolve\nexplicit_defaults_for_timestamp\nbasedir=/opt/bitnami/mysql\nplugin_dir=/opt/bitnami/mysql/lib/plugin\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndatadir=/bitnami/mysql/data\ntmpdir=/opt/bitnami/mysql/tmp\nmax_allowed_packet=16M\nbind-address=0.0.0.0\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid\nlog-error=/opt/bitnami/mysql/logs/mysqld.log\ncharacter-set-server=UTF8\ncollation-server=utf8_general_ci\nslow_query_log=0\nslow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log\nlong_query_time=10.0\n\nmax_allowed_packet = 256M\ninnodb_buffer_pool_size = 4096M\ninnodb_buffer_pool_instances = 4\ntable_definition_cache = 4096\ntable_open_cache = 8192\ninnodb_flush_log_at_trx_commit=2\n[client]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndefault-character-set=UTF8\nplugin_dir=/opt/bitnami/mysql/lib/plugin\n[manager]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid"` | | +| mysql.primary.configuration | string | `"[mysqld]\ndefault_authentication_plugin=mysql_native_password\nskip-name-resolve\nexplicit_defaults_for_timestamp\nbasedir=/opt/bitnami/mysql\nplugin_dir=/opt/bitnami/mysql/lib/plugin\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndatadir=/bitnami/mysql/data\ntmpdir=/opt/bitnami/mysql/tmp\nmax_allowed_packet=16M\nbind-address=0.0.0.0\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid\nlog-error=/opt/bitnami/mysql/logs/mysqld.log\ncharacter-set-server=UTF8\ncollation-server=utf8_general_ci\nslow_query_log=0\nslow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log\nlong_query_time=10.0\ntransaction_isolation=\"READ-COMMITTED\"\n\nmax_allowed_packet = 256M\ninnodb_buffer_pool_size = 4096M\ninnodb_buffer_pool_instances = 4\ntable_definition_cache = 4096\ntable_open_cache = 8192\ninnodb_flush_log_at_trx_commit=2\n\n[client]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndefault-character-set=UTF8\nplugin_dir=/opt/bitnami/mysql/lib/plugin\n\n[manager]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid"` | | | mysql.primary.persistence.enabled | bool | `true` | | | mysql.primary.persistence.size | string | `"128Gi"` | | | mysql.volumePermissions.enabled | bool | `true` | | @@ -284,7 +292,7 @@ helm install --name drupal -f values-override.yaml | varnish.service.port | int | `80` | | | varnish.service.type | string | `"ClusterIP"` | | | varnish.tolerations | list | `[]` | | -| varnish.varnishConfigContent | string | `"vcl 4.0;\n\nimport std;\nimport directors;\n\nbackend nginx {\n .host = \"{{ include \"backend.fullname\" . }}-nginx\";\n .host_header = \"{{ include \"backend.fullname\" . }}-nginx\";\n .port = \"80\";\n}\n\nsub vcl_init {\n new backends = directors.round_robin();\n backends.add_backend(nginx);\n}\n\nsub vcl_recv {\n set req.http.X-Forwarded-Host = req.http.Host;\n if (!req.http.X-Forwarded-Proto) {\n set req.http.X-Forwarded-Proto = \"http\";\n }\n\n # Answer healthcheck\n if (req.url == \"/_healthcheck\" || req.url == \"/healthcheck.txt\") {\n return (synth(700, \"HEALTHCHECK\"));\n }\n set req.backend_hint = backends.backend();\n\n # Answer healthcheck\n if (req.url == \"/_healthcheck\" || req.url == \"/healthcheck.txt\") {\n return (synth(700, \"HEALTHCHECK\"));\n }\n set req.backend_hint = backends.backend();\n\n # Always cache certain file types\n # Remove cookies that Drupal doesn't care about\n if (req.url ~ \"(?i)\\.(asc|dat|tgz|png|gif|jpeg|jpg|ico|swf|css|js)(\\?.*)?$\") {\n unset req.http.Cookie;\n } else if (req.http.Cookie) {\n set req.http.Cookie = \";\" + req.http.Cookie;\n set req.http.Cookie = regsuball(req.http.Cookie, \"; +\", \";\");\n set req.http.Cookie = regsuball(req.http.Cookie, \";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=\", \"; \\1=\");\n set req.http.Cookie = regsuball(req.http.Cookie, \";[^ ][^;]*\", \"\");\n set req.http.Cookie = regsuball(req.http.Cookie, \"^[; ]+|[; ]+$\", \"\");\n if (req.http.Cookie == \"\") {\n unset req.http.Cookie;\n } else {\n return (pass);\n }\n }\n # If POST, PUT or DELETE, then don't cache\n if (req.method == \"POST\" || req.method == \"PUT\" || req.method == \"DELETE\") {\n return (pass);\n }\n # Happens before we check if we have this in cache already.\n #\n # Typically you clean up the request here, removing cookies you don't need,\n # rewriting the request, etc.\n return (hash);\n #return (pass);\n}\n\nsub vcl_backend_fetch {\n # NEW\n set bereq.http.Host = \"{{ include \"backend.fullname\" . }}-nginx\";\n\n # Don't add 127.0.0.1 to X-Forwarded-For\n set bereq.http.X-Forwarded-For = regsub(bereq.http.X-Forwarded-For, \"(, )?127\\.0\\.0\\.1$\", \"\");\n}\n\nsub vcl_backend_response {\n if (beresp.http.Location) {\n set beresp.http.Location = regsub(\n beresp.http.Location,\n \"^https?://[^/]+/\",\n bereq.http.X-Forwarded-Proto + \"://\" + bereq.http.X-Forwarded-Host + \"/\"\n );\n }\n # Only cache select response codes\n if (beresp.status == 200 || beresp.status == 203 || beresp.status == 204 || beresp.status == 206 || beresp.status == 300 || beresp.status == 301 || beresp.status == 404 || beresp.status == 405 || beresp.status == 410 || beresp.status == 414 || beresp.status == 501) {\n # Cache for 5 minutes\n set beresp.ttl = 5m;\n set beresp.grace = 12h;\n set beresp.keep = 24h;\n } else {\n set beresp.ttl = 0s;\n }\n}\n\nsub vcl_deliver {\n # Remove identifying information\n unset resp.http.Server;\n unset resp.http.X-Powered-By;\n unset resp.http.X-Varnish;\n unset resp.http.Via;\n\n # Comment these for easier Drupal cache tag debugging in development.\n unset resp.http.Cache-Tags;\n unset resp.http.X-Drupal-Cache-Contexts;\n\n # Add Content-Security-Policy\n # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net data:; font-src 'self' *.example.ca https://fonts.gstatic.com\";\n\n # Add CORS Headers\n # if (req.http.Origin ~ \"(?i)\\.example\\.ca$\") {\n # if (req.url ~ \"\\.(ttd|woff|woff2)(\\?.*)?$\") {\n # set resp.http.Access-Control-Allow-Origin = \"*\";\n # set resp.http.Access-Control-Allow-Methods = \"GET\";\n # }\n # }\n\n # Add X-Frame-Options\n if (req.url ~ \"^/livechat\" || req.url ~ \"^/(en/|fr/)?entity-browser/\") {\n set resp.http.X-Frame-Options = \"SAMEORIGIN\";\n } else {\n set resp.http.X-Frame-Options = \"DENY\";\n }\n\n set resp.http.X-Content-Type-Options = \"nosniff\";\n set resp.http.X-XSS-Protection = \"1; mode=block\";\n\n # Happens when we have all the pieces we need, and are about to send the\n # response to the client.\n #\n # You can do accounting or modifying the final object here.\n if (obj.hits > 0) {\n set resp.http.X-Cache = \"HIT\";\n } else {\n set resp.http.X-Cache = \"MISS\";\n }\n # Handle errors\n if ( (resp.status >= 500 && resp.status <= 599)\n || resp.status == 400\n || resp.status == 401\n || resp.status == 403\n || resp.status == 404) {\n return (synth(resp.status));\n }\n}\n\nsub vcl_synth {\n # Remove identifying information\n unset resp.http.Server;\n unset resp.http.X-Powered-By;\n unset resp.http.X-Varnish;\n unset resp.http.Via;\n\n # Add Content-Security-Policy\n # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca data:;\";\n # set resp.http.X-Content-Type-Options = \"nosniff\";\n # set resp.http.X-Frame-Options = \"DENY\";\n # set resp.http.X-XSS-Protection = \"1; mode=block\";\n\n # if (resp.status >= 500 && resp.status <= 599) {\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n # return (deliver);\n # } elseif (resp.status == 400) { # 400 - Bad Request\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/400.html\"));\n # return (deliver);\n # } elseif (resp.status == 401) { # 401 - Unauthorized\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/401.html\"));\n # return (deliver);\n # } elseif (resp.status == 403) { # 403 - Forbidden\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/403.html\"));\n # return (deliver);\n # } elseif (resp.status == 404) { # 404 - Not Found\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/404.html\"));\n # return (deliver);\n # } else\n if (resp.status == 700) { # Respond to healthcheck\n set resp.status = 200;\n set resp.http.Content-Type = \"text/plain\";\n synthetic ( {\"OK\"} );\n return (deliver);\n }\n}\n\n##\n# ERROR HANDLING\n##\n# sub vcl_backend_error {\n# set beresp.http.Content-Type = \"text/html; charset=utf-8\";\n# synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n# return (deliver);\n# }\n"` | | +| varnish.varnishConfigContent | string | `"vcl 4.0;\n\nimport std;\nimport directors;\n\nbackend nginx {\n .host = \"{{ include \"backend.fullname\" . }}-nginx\";\n .host_header = \"{{ include \"backend.fullname\" . }}-nginx\";\n .port = \"8080\";\n}\n\nsub vcl_init {\n new backends = directors.round_robin();\n backends.add_backend(nginx);\n}\n\nsub vcl_recv {\n set req.http.X-Forwarded-Host = req.http.Host;\n if (!req.http.X-Forwarded-Proto) {\n set req.http.X-Forwarded-Proto = \"http\";\n }\n\n # Answer healthcheck\n if (req.url == \"/_healthcheck\" || req.url == \"/healthcheck.txt\") {\n return (synth(700, \"HEALTHCHECK\"));\n }\n\n # Answer splashpage\n # if (req.url == \"/\") {\n # return (synth(701, \"SPLASH\"));\n # }\n\n set req.backend_hint = backends.backend();\n\n # Always cache certain file types\n # Remove cookies that Drupal doesn't care about\n if (req.url ~ \"(?i)\\.(asc|dat|tgz|png|gif|jpeg|jpg|ico|swf|css|js)(\\?.*)?$\") {\n unset req.http.Cookie;\n } else if (req.http.Cookie) {\n set req.http.Cookie = \";\" + req.http.Cookie;\n set req.http.Cookie = regsuball(req.http.Cookie, \"; +\", \";\");\n set req.http.Cookie = regsuball(req.http.Cookie, \";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=\", \"; \\1=\");\n set req.http.Cookie = regsuball(req.http.Cookie, \";[^ ][^;]*\", \"\");\n set req.http.Cookie = regsuball(req.http.Cookie, \"^[; ]+|[; ]+$\", \"\");\n if (req.http.Cookie == \"\") {\n unset req.http.Cookie;\n } else {\n return (pass);\n }\n }\n # If POST, PUT or DELETE, then don't cache\n if (req.method == \"POST\" || req.method == \"PUT\" || req.method == \"DELETE\") {\n return (pass);\n }\n # Happens before we check if we have this in cache already.\n #\n # Typically you clean up the request here, removing cookies you don't need,\n # rewriting the request, etc.\n return (hash);\n #return (pass);\n}\n\nsub vcl_backend_fetch {\n # NEW\n set bereq.http.Host = \"{{ include \"backend.fullname\" . }}-nginx\";\n\n # Don't add 127.0.0.1 to X-Forwarded-For\n set bereq.http.X-Forwarded-For = regsub(bereq.http.X-Forwarded-For, \"(, )?127\\.0\\.0\\.\\d$\", \"\");\n}\n\nsub vcl_backend_response {\n if (beresp.http.Location && beresp.http.Location !~ \"^https://api.twitter.com/\") {\n set beresp.http.Location = regsub(\n beresp.http.Location,\n \"^https?://[^/]+/\",\n bereq.http.X-Forwarded-Proto + \"://\" + bereq.http.X-Forwarded-Host + \"/\"\n );\n }\n # Only cache select response codes\n if (beresp.status == 200 || beresp.status == 203 || beresp.status == 204 || beresp.status == 206 || beresp.status == 300 || beresp.status == 301 || beresp.status == 404 || beresp.status == 405 || beresp.status == 410 || beresp.status == 414 || beresp.status == 501) {\n # Cache for 5 minutes\n set beresp.ttl = 5m;\n set beresp.grace = 12h;\n set beresp.keep = 24h;\n } else {\n set beresp.ttl = 0s;\n }\n}\n\nsub vcl_deliver {\n # Remove identifying information\n unset resp.http.Server;\n unset resp.http.X-Powered-By;\n unset resp.http.X-Varnish;\n unset resp.http.Via;\n\n # Comment these for easier Drupal cache tag debugging in development.\n unset resp.http.Cache-Tags;\n unset resp.http.X-Drupal-Cache-Contexts;\n\n # Add Content-Security-Policy\n # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net data:; font-src 'self' *.example.ca https://fonts.gstatic.com\";\n\n # Add CORS Headers\n # if (req.http.Origin ~ \"(?i)\\.example\\.ca$\") {\n # if (req.url ~ \"\\.(ttd|woff|woff2)(\\?.*)?$\") {\n # set resp.http.Access-Control-Allow-Origin = \"*\";\n # set resp.http.Access-Control-Allow-Methods = \"GET\";\n # }\n # }\n\n # Add X-Frame-Options\n # if (req.url ~ \"^/(en/|fr/)?media/\") {\n # set resp.http.X-Frame-Options = \"SAMEORIGIN\";\n # } else {\n # set resp.http.X-Frame-Options = \"DENY\";\n # }\n\n set resp.http.X-Content-Type-Options = \"nosniff\";\n set resp.http.X-XSS-Protection = \"1; mode=block\";\n set resp.http.Strict-Transport-Security = \"max-age=2629800\";\n\n if (req.http.host ~ \"site.example.ca\") {\n set resp.http.X-Robots-Tag = \"noindex, nofollow\";\n }\n\n if (req.url ~ \"^/(en/|fr/)?(search/|recherche/)site/\") {\n set resp.http.X-Robots-Tag = \"noindex, nofollow\";\n }\n\n # Happens when we have all the pieces we need, and are about to send the\n # response to the client.\n #\n # You can do accounting or modifying the final object here.\n if (obj.hits > 0) {\n set resp.http.X-Cache = \"HIT\";\n } else {\n set resp.http.X-Cache = \"MISS\";\n }\n # Handle errors\n if ( (resp.status >= 500 && resp.status <= 599)\n || resp.status == 400\n || resp.status == 401\n || resp.status == 403\n || resp.status == 404) {\n return (synth(resp.status));\n }\n}\n\nsub vcl_synth {\n # Remove identifying information\n unset resp.http.Server;\n unset resp.http.X-Powered-By;\n unset resp.http.X-Varnish;\n unset resp.http.Via;\n\n # Add Content-Security-Policy\n # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca data:;\";\n # set resp.http.X-Content-Type-Options = \"nosniff\";\n # set resp.http.X-Frame-Options = \"DENY\";\n # set resp.http.X-XSS-Protection = \"1; mode=block\";\n\n set resp.http.Strict-Transport-Security = \"max-age=2629800\";\n\n # if (resp.status >= 500 && resp.status <= 599) {\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n # return (deliver);\n # } elseif (resp.status == 400) { # 400 - Bad Request\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/400.html\"));\n # return (deliver);\n # } elseif (resp.status == 401) { # 401 - Unauthorized\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/401.html\"));\n # return (deliver);\n # } elseif (resp.status == 403) { # 403 - Forbidden\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/403.html\"));\n # return (deliver);\n # } elseif (resp.status == 404) { # 404 - Not Found\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/404.html\"));\n # return (deliver);\n # } else\n if (resp.status == 700) { # Respond to healthcheck\n set resp.status = 200;\n set resp.http.Content-Type = \"text/plain\";\n synthetic ( {\"OK\"} );\n return (deliver);\n }\n # elseif (resp.status == 701) { # Respond to splash\n # set resp.status = 200;\n # set resp.http.Content-Type = \"text/html\";\n # synthetic(std.fileread(\"/splash/index.html\"));\n # return (deliver);\n # }\n}\n\n##\n# ERROR HANDLING\n##\n# sub vcl_backend_error {\n# set beresp.http.Content-Type = \"text/html; charset=utf-8\";\n# synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n# return (deliver);\n# }\n"` | | | varnish.varnishd.image | string | `"varnish"` | | | varnish.varnishd.imagePullPolicy | string | `"IfNotPresent"` | | | varnish.varnishd.tag | string | `"6.5.1"` | | @@ -292,4 +300,4 @@ helm install --name drupal -f values-override.yaml ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) +Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) diff --git a/drupal/README.md.gotmpl b/charts/drupal/README.md.gotmpl similarity index 97% rename from drupal/README.md.gotmpl rename to charts/drupal/README.md.gotmpl index 5e263b39..a48e439f 100644 --- a/drupal/README.md.gotmpl +++ b/charts/drupal/README.md.gotmpl @@ -16,8 +16,8 @@ ## Prerequisites -- Kubernetes 1.7+ -- Helm v3.0.0+ +- Kubernetes 1.21+ +- Helm v3.10.0+ ## Installing the Chart @@ -36,8 +36,7 @@ Optionally you can git clone the helm chart and select the appropriate values fi ```sh git clone https://github.com/drupalwxt/helm-drupal cd helm-drupal/drupal -cp values-azurefile.yaml values-override.yaml -helm install --name drupal -f values-override.yaml +helm install --name drupal -f values-.yaml ``` ## Ingress @@ -140,7 +139,6 @@ helm install --name drupal -f values-override.yaml {{- end }} {{- end }} - ## Redis | Key | Type | Default | Description | diff --git a/drupal/charts/.gitkeep b/charts/drupal/charts/.gitkeep similarity index 100% rename from drupal/charts/.gitkeep rename to charts/drupal/charts/.gitkeep diff --git a/drupal/charts/mysql-9.1.7.tgz b/charts/drupal/charts/mysql-9.1.7.tgz similarity index 100% rename from drupal/charts/mysql-9.1.7.tgz rename to charts/drupal/charts/mysql-9.1.7.tgz diff --git a/drupal/charts/postgresql-11.6.6.tgz b/charts/drupal/charts/postgresql-11.6.6.tgz similarity index 100% rename from drupal/charts/postgresql-11.6.6.tgz rename to charts/drupal/charts/postgresql-11.6.6.tgz diff --git a/drupal/charts/redis-16.13.2.tgz b/charts/drupal/charts/redis-16.13.2.tgz similarity index 100% rename from drupal/charts/redis-16.13.2.tgz rename to charts/drupal/charts/redis-16.13.2.tgz diff --git a/charts/drupal/charts/solr-7.5.1.tgz b/charts/drupal/charts/solr-7.5.1.tgz new file mode 100644 index 00000000..dd0f8e13 Binary files /dev/null and b/charts/drupal/charts/solr-7.5.1.tgz differ diff --git a/drupal/conf/nginx.conf b/charts/drupal/conf/nginx.conf similarity index 92% rename from drupal/conf/nginx.conf rename to charts/drupal/conf/nginx.conf index 5b41b45d..687ec67f 100644 --- a/drupal/conf/nginx.conf +++ b/charts/drupal/conf/nginx.conf @@ -1,6 +1,5 @@ error_log /proc/self/fd/2; -pid /var/run/nginx.pid; -user root; +pid /tmp/nginx.pid; worker_processes auto; worker_rlimit_nofile 500000; @@ -30,8 +29,8 @@ http { include /etc/nginx/mime.types; index index.html index.htm; keepalive_timeout 240; - proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:8m max_size=3000m inactive=600m; - proxy_temp_path /var/tmp; + proxy_cache_path /tmp/cache_temp levels=1:2 keys_zone=one:8m max_size=3000m inactive=600m; + proxy_temp_path /tmp/proxy_temp; sendfile on; server_tokens off; tcp_nopush on; @@ -42,10 +41,10 @@ http { server { #IPv4 - listen 80; + listen 8080; #IPv6 - listen [::]:80; + listen [::]:8080; # Filesystem root of the site and index with fallback. {{- if not (eq .Values.drupal.siteRoot "/") }} diff --git a/drupal/conf/opcache-recommended.ini b/charts/drupal/conf/opcache-recommended.ini similarity index 100% rename from drupal/conf/opcache-recommended.ini rename to charts/drupal/conf/opcache-recommended.ini diff --git a/drupal/conf/pgbouncer.ini b/charts/drupal/conf/pgbouncer.ini similarity index 100% rename from drupal/conf/pgbouncer.ini rename to charts/drupal/conf/pgbouncer.ini diff --git a/drupal/conf/php.ini b/charts/drupal/conf/php.ini similarity index 100% rename from drupal/conf/php.ini rename to charts/drupal/conf/php.ini diff --git a/drupal/conf/proxysql.conf b/charts/drupal/conf/proxysql.conf similarity index 100% rename from drupal/conf/proxysql.conf rename to charts/drupal/conf/proxysql.conf diff --git a/charts/drupal/conf/settings.d10.php b/charts/drupal/conf/settings.d10.php new file mode 100644 index 00000000..b780ad18 --- /dev/null +++ b/charts/drupal/conf/settings.d10.php @@ -0,0 +1,1093 @@ + 'databasename', + * 'username' => 'sqlusername', + * 'password' => 'sqlpassword', + * 'host' => 'localhost', + * 'port' => '3306', + * 'driver' => 'mysql', + * 'prefix' => '', + * 'collation' => 'utf8mb4_general_ci', + * ]; + * @endcode + */ +{{- if .Values.external.enabled }} +$databases['default']['default'] = [ + 'database' => {{ .Values.external.database | quote }}, + 'username' => {{ .Values.external.user | quote }}, + 'password' => getenv('EXTERNAL_PASSWORD') ?: '', + {{- if .Values.proxysql.enabled }} + 'host' => '127.0.0.1', + {{- else if .Values.postgresql.enabled }} + 'host' => 'localhost', + {{- else }} + 'host' => {{ .Values.external.host | quote }}, + {{- end }} + 'port' => {{ .Values.external.port }}, + 'prefix' => '', + 'namespace' => 'Drupal\Core\Database\Driver\{{ .Values.external.driver }}', + 'driver' => '{{ .Values.external.driver }}', + 'collation' => 'utf8mb4_general_ci', + {{- if .Values.external.initCommands }} + 'init_commands' => [ + {{- range .Values.external.initCommands }} + {{- range $key, $value := . }} + '{{ $key }}' => {{ $value | quote }}, + {{- end }} + {{- end }} + ], + {{- end }} + {{- if .Values.external.pdo }} + 'pdo' => [ + {{- range .Values.external.pdo }} + {{- range $key, $value := . }} + {{ $key }} => {{ $value | quote }}, + {{- end }} + {{- end }} + ], + {{- end }} +]; +{{- else if .Values.mysql.enabled }} +$databases['default']['default'] = [ + 'database' => {{ .Values.mysql.auth.database | quote }}, + 'username' => {{ .Values.mysql.auth.username | quote }}, + 'password' => getenv('MYSQL_PASSWORD') ?: '', + {{- if .Values.proxysql.enabled }} + 'host' => '127.0.0.1', + {{- else }} + 'host' => '{{ .Release.Name }}-mysql', + {{- end }} + 'port' => {{ .Values.mysql.primary.service.ports.mysql | quote }}, + 'prefix' => '', + 'namespace' => 'Drupal\Core\Database\Driver\mysql', + 'driver' => 'mysql', + 'collation' => 'utf8mb4_general_ci', +]; +{{- else if .Values.postgresql.enabled }} +$databases['default']['default'] = [ + 'database' => {{ .Values.postgresql.auth.database | quote }}, + 'username' => {{ .Values.postgresql.auth.username | quote }}, + 'password' => getenv('POSTGRES_PASSWORD') ?: '', + {{- if .Values.pgbouncer.enabled }} + 'host' => 'localhost', + {{- else }} + 'host' => '{{ .Release.Name }}-postgresql', + {{- end }} + 'port' => {{ .Values.postgresql.primary.service.ports.postgresql | quote }}, + 'prefix' => '', + 'namespace' => 'Drupal\Core\Database\Driver\pgsql', + 'driver' => 'pgsql', + 'collation' => 'utf8mb4_general_ci', +]; +{{- end }} + +/** + * Customizing database settings. + * + * Many of the values of the $databases array can be customized for your + * particular database system. Refer to the sample in the section above as a + * starting point. + * + * The "driver" property indicates what Drupal database driver the + * connection should use. This is usually the same as the name of the + * database type, such as mysql or sqlite, but not always. The other + * properties will vary depending on the driver. For SQLite, you must + * specify a database file name in a directory that is writable by the + * webserver. For most other drivers, you must specify a + * username, password, host, and database name. + * + * Drupal core implements drivers for mysql, pgsql, and sqlite. Other drivers + * can be provided by contributed or custom modules. To use a contributed or + * custom driver, the "namespace" property must be set to the namespace of the + * driver. The code in this namespace must be autoloadable prior to connecting + * to the database, and therefore, prior to when module root namespaces are + * added to the autoloader. To add the driver's namespace to the autoloader, + * set the "autoload" property to the PSR-4 base directory of the driver's + * namespace. This is optional for projects managed with Composer if the + * driver's namespace is in Composer's autoloader. + * + * For each database, you may optionally specify multiple "target" databases. + * A target database allows Drupal to try to send certain queries to a + * different database if it can but fall back to the default connection if not. + * That is useful for primary/replica replication, as Drupal may try to connect + * to a replica server when appropriate and if one is not available will simply + * fall back to the single primary server (The terms primary/replica are + * traditionally referred to as master/slave in database server documentation). + * + * The general format for the $databases array is as follows: + * @code + * $databases['default']['default'] = $info_array; + * $databases['default']['replica'][] = $info_array; + * $databases['default']['replica'][] = $info_array; + * $databases['extra']['default'] = $info_array; + * @endcode + * + * In the above example, $info_array is an array of settings described above. + * The first line sets a "default" database that has one primary database + * (the second level default). The second and third lines create an array + * of potential replica databases. Drupal will select one at random for a given + * request as needed. The fourth line creates a new database with a name of + * "extra". + * + * For MySQL, MariaDB or equivalent databases the 'isolation_level' option can + * be set. The recommended transaction isolation level for Drupal sites is + * 'READ COMMITTED'. The 'REPEATABLE READ' option is supported but can result + * in deadlocks, the other two options are 'READ UNCOMMITTED' and 'SERIALIZABLE'. + * They are available but not supported; use them at your own risk. For more + * info: + * https://dev.mysql.com/doc/refman/5.7/en/innodb-transaction-isolation-levels.html + * + * On your settings.php, change the isolation level: + * @code + * $databases['default']['default']['init_commands'] = [ + * 'isolation_level' => 'SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED', + * ]; + * @endcode + * + * You can optionally set a prefix for all database table names by using the + * 'prefix' setting. If a prefix is specified, the table name will be prepended + * with its value. Be sure to use valid database characters only, usually + * alphanumeric and underscore. If no prefix is desired, do not set the 'prefix' + * key or set its value to an empty string ''. + * + * For example, to have all database table prefixed with 'main_', set: + * @code + * 'prefix' => 'main_', + * @endcode + * + * Advanced users can add or override initial commands to execute when + * connecting to the database server, as well as PDO connection settings. For + * example, to enable MySQL SELECT queries to exceed the max_join_size system + * variable, and to reduce the database connection timeout to 5 seconds: + * @code + * $databases['default']['default'] = [ + * 'init_commands' => [ + * 'big_selects' => 'SET SQL_BIG_SELECTS=1', + * ], + * 'pdo' => [ + * PDO::ATTR_TIMEOUT => 5, + * ], + * ]; + * @endcode + * + * WARNING: The above defaults are designed for database portability. Changing + * them may cause unexpected behavior, including potential data loss. See + * https://www.drupal.org/developing/api/database/configuration for more + * information on these defaults and the potential issues. + * + * More details can be found in the constructor methods for each driver: + * - \Drupal\mysql\Driver\Database\mysql\Connection::__construct() + * - \Drupal\pgsql\Driver\Database\pgsql\Connection::__construct() + * - \Drupal\sqlite\Driver\Database\sqlite\Connection::__construct() + * + * Sample Database configuration format for PostgreSQL (pgsql): + * @code + * $databases['default']['default'] = [ + * 'driver' => 'pgsql', + * 'database' => 'databasename', + * 'username' => 'sqlusername', + * 'password' => 'sqlpassword', + * 'host' => 'localhost', + * 'prefix' => '', + * ]; + * @endcode + * + * Sample Database configuration format for SQLite (sqlite): + * @code + * $databases['default']['default'] = [ + * 'driver' => 'sqlite', + * 'database' => '/path/to/databasefilename', + * ]; + * @endcode + * + * Sample Database configuration format for a driver in a contributed module: + * @code + * $databases['default']['default'] = [ + * 'driver' => 'my_driver', + * 'namespace' => 'Drupal\my_module\Driver\Database\my_driver', + * 'autoload' => 'modules/my_module/src/Driver/Database/my_driver/', + * 'database' => 'databasename', + * 'username' => 'sqlusername', + * 'password' => 'sqlpassword', + * 'host' => 'localhost', + * 'prefix' => '', + * ]; + * @endcode + */ + +/** + * Location of the site configuration files. + * + * The $settings['config_sync_directory'] specifies the location of file system + * directory used for syncing configuration data. On install, the directory is + * created. This is used for configuration imports. + * + * The default location for this directory is inside a randomly-named + * directory in the public files path. The setting below allows you to set + * its location. + */ +# $settings['config_sync_directory'] = '/directory/outside/webroot'; + +/** + * Settings: + * + * $settings contains environment-specific configuration, such as the files + * directory and reverse proxy address, and temporary configuration, such as + * security overrides. + * + * @see \Drupal\Core\Site\Settings::get() + */ + +/** + * Salt for one-time login links, cancel links, form tokens, etc. + * + * This variable will be set to a random value by the installer. All one-time + * login links will be invalidated if the value is changed. Note that if your + * site is deployed on a cluster of web servers, you must ensure that this + * variable has the same value on each server. + * + * For enhanced security, you may set this variable to the contents of a file + * outside your document root, and vary the value across environments (like + * production and development); you should also ensure that this file is not + * stored with backups of your database. + * + * Example: + * @code + * $settings['hash_salt'] = file_get_contents('/home/example/salt.txt'); + * @endcode + */ +$settings['hash_salt'] = 'default'; + +/** + * Deployment identifier. + * + * Drupal's dependency injection container will be automatically invalidated and + * rebuilt when the Drupal core version changes. When updating contributed or + * custom code that changes the container, changing this identifier will also + * allow the container to be invalidated as soon as code is deployed. + */ +# $settings['deployment_identifier'] = \Drupal::VERSION; + +/** + * Access control for update.php script. + * + * If you are updating your Drupal installation using the update.php script but + * are not logged in using either an account with the "Administer software + * updates" permission or the site maintenance account (the account that was + * created during installation), you will need to modify the access check + * statement below. Change the FALSE to a TRUE to disable the access check. + * After finishing the upgrade, be sure to open this file again and change the + * TRUE back to a FALSE! + */ +$settings['update_free_access'] = FALSE; + +/** + * Fallback to HTTP for Update Manager and for fetching security advisories. + * + * If your site fails to connect to updates.drupal.org over HTTPS (either when + * fetching data on available updates, or when fetching the feed of critical + * security announcements), you may uncomment this setting and set it to TRUE to + * allow an insecure fallback to HTTP. Note that doing so will open your site up + * to a potential man-in-the-middle attack. You should instead attempt to + * resolve the issues before enabling this option. + * @see https://www.drupal.org/docs/system-requirements/php-requirements#openssl + * @see https://en.wikipedia.org/wiki/Man-in-the-middle_attack + * @see \Drupal\update\UpdateFetcher + * @see \Drupal\system\SecurityAdvisories\SecurityAdvisoriesFetcher + */ +# $settings['update_fetch_with_http_fallback'] = TRUE; + +/** + * External access proxy settings: + * + * If your site must access the Internet via a web proxy then you can enter the + * proxy settings here. Set the full URL of the proxy, including the port, in + * variables: + * - $settings['http_client_config']['proxy']['http']: The proxy URL for HTTP + * requests. + * - $settings['http_client_config']['proxy']['https']: The proxy URL for HTTPS + * requests. + * You can pass in the user name and password for basic authentication in the + * URLs in these settings. + * + * You can also define an array of host names that can be accessed directly, + * bypassing the proxy, in $settings['http_client_config']['proxy']['no']. + */ +# $settings['http_client_config']['proxy']['http'] = 'http://proxy_user:proxy_pass@example.com:8080'; +# $settings['http_client_config']['proxy']['https'] = 'http://proxy_user:proxy_pass@example.com:8080'; +# $settings['http_client_config']['proxy']['no'] = ['127.0.0.1', 'localhost']; + +/** + * Reverse Proxy Configuration: + * + * Reverse proxy servers are often used to enhance the performance + * of heavily visited sites and may also provide other site caching, + * security, or encryption benefits. In an environment where Drupal + * is behind a reverse proxy, the real IP address of the client should + * be determined such that the correct client IP address is available + * to Drupal's logging, statistics, and access management systems. In + * the most simple scenario, the proxy server will add an + * X-Forwarded-For header to the request that contains the client IP + * address. However, HTTP headers are vulnerable to spoofing, where a + * malicious client could bypass restrictions by setting the + * X-Forwarded-For header directly. Therefore, Drupal's proxy + * configuration requires the IP addresses of all remote proxies to be + * specified in $settings['reverse_proxy_addresses'] to work correctly. + * + * Enable this setting to get Drupal to determine the client IP from the + * X-Forwarded-For header. If you are unsure about this setting, do not have a + * reverse proxy, or Drupal operates in a shared hosting environment, this + * setting should remain commented out. + * + * In order for this setting to be used you must specify every possible + * reverse proxy IP address in $settings['reverse_proxy_addresses']. + * If a complete list of reverse proxies is not available in your + * environment (for example, if you use a CDN) you may set the + * $_SERVER['REMOTE_ADDR'] variable directly in settings.php. + * Be aware, however, that it is likely that this would allow IP + * address spoofing unless more advanced precautions are taken. + */ +$settings['reverse_proxy'] = TRUE; + +/** + * Reverse proxy addresses. + * + * Specify every reverse proxy IP address in your environment, as an array of + * IPv4/IPv6 addresses or subnets in CIDR notation. This setting is required if + * $settings['reverse_proxy'] is TRUE. + */ +$settings['reverse_proxy_addresses'] = ['0.0.0.0/0']; + +/** + * Reverse proxy trusted headers. + * + * Sets which headers to trust from your reverse proxy. + * + * Common values are: + * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR + * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST + * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT + * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO + * - \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED + * + * Note the default value of + * @code + * \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED + * @endcode + * is not secure by default. The value should be set to only the specific + * headers the reverse proxy uses. For example: + * @code + * \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO + * @endcode + * This would trust the following headers: + * - X_FORWARDED_FOR + * - X_FORWARDED_HOST + * - X_FORWARDED_PROTO + * - X_FORWARDED_PORT + * + * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR + * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST + * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT + * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO + * @see \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED + * @see \Symfony\Component\HttpFoundation\Request::setTrustedProxies + */ +# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED; + + +/** + * Page caching: + * + * By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page + * views. This tells a HTTP proxy that it may return a page from its local + * cache without contacting the web server, if the user sends the same Cookie + * header as the user who originally requested the cached page. Without "Vary: + * Cookie", authenticated users would also be served the anonymous page from + * the cache. If the site has mostly anonymous users except a few known + * editors/administrators, the Vary header can be omitted. This allows for + * better caching in HTTP proxies (including reverse proxies), i.e. even if + * clients send different cookies, they still get content served from the cache. + * However, authenticated users should access the site directly (i.e. not use an + * HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid + * getting cached pages from the proxy. + */ +# $settings['omit_vary_cookie'] = TRUE; + + +/** + * Cache TTL for client error (4xx) responses. + * + * Items cached per-URL tend to result in a large number of cache items, and + * this can be problematic on 404 pages which by their nature are unbounded. A + * fixed TTL can be set for these items, defaulting to one hour, so that cache + * backends which do not support LRU can purge older entries. To disable caching + * of client error responses set the value to 0. Currently applies only to + * page_cache module. + */ +# $settings['cache_ttl_4xx'] = 3600; + +/** + * Expiration of cached forms. + * + * Drupal's Form API stores details of forms in a cache and these entries are + * kept for at least 6 hours by default. Expired entries are cleared by cron. + * + * @see \Drupal\Core\Form\FormCache::setCache() + */ +# $settings['form_cache_expiration'] = 21600; + +/** + * Class Loader. + * + * If the APCu extension is detected, the classloader will be optimized to use + * it. Set to FALSE to disable this. + * + * @see https://getcomposer.org/doc/articles/autoloader-optimization.md + */ +# $settings['class_loader_auto_detect'] = FALSE; + +/** + * Authorized file system operations: + * + * The Update Manager module included with Drupal provides a mechanism for + * site administrators to securely install missing updates for the site + * directly through the web user interface. On securely-configured servers, + * the Update manager will require the administrator to provide SSH or FTP + * credentials before allowing the installation to proceed; this allows the + * site to update the new files as the user who owns all the Drupal files, + * instead of as the user the webserver is running as. On servers where the + * webserver user is itself the owner of the Drupal files, the administrator + * will not be prompted for SSH or FTP credentials (note that these server + * setups are common on shared hosting, but are inherently insecure). + * + * Some sites might wish to disable the above functionality, and only update + * the code directly via SSH or FTP themselves. This setting completely + * disables all functionality related to these authorized file operations. + * + * @see https://www.drupal.org/node/244924 + * + * Remove the leading hash signs to disable. + */ +# $settings['allow_authorize_operations'] = FALSE; + +/** + * Default mode for directories and files written by Drupal. + * + * Value should be in PHP Octal Notation, with leading zero. + */ +# $settings['file_chmod_directory'] = 0775; +# $settings['file_chmod_file'] = 0664; + +/** + * Optimized assets path: + * + * A local file system path where optimized assets will be stored. This directory + * must exist and be writable by Drupal. This directory must be relative to + * the Drupal installation directory and be accessible over the web. + */ +# $settings['file_assets_path'] = 'sites/default/files'; + +/** + * Public file base URL: + * + * An alternative base URL to be used for serving public files. This must + * include any leading directory path. + * + * A different value from the domain used by Drupal to be used for accessing + * public files. This can be used for a simple CDN integration, or to improve + * security by serving user-uploaded files from a different domain or subdomain + * pointing to the same server. Do not include a trailing slash. + */ +# $settings['file_public_base_url'] = 'http://downloads.example.com/files'; + +/** + * Public file path: + * + * A local file system path where public files will be stored. This directory + * must exist and be writable by Drupal. This directory must be relative to + * the Drupal installation directory and be accessible over the web. + */ +# $settings['file_public_path'] = 'sites/default/files'; + +/** + * Additional public file schemes: + * + * Public schemes are URI schemes that allow download access to all users for + * all files within that scheme. + * + * The "public" scheme is always public, and the "private" scheme is always + * private, but other schemes, such as "https", "s3", "example", or others, + * can be either public or private depending on the site. By default, they're + * private, and access to individual files is controlled via + * hook_file_download(). + * + * Typically, if a scheme should be public, a module makes it public by + * implementing hook_file_download(), and granting access to all users for all + * files. This could be either the same module that provides the stream wrapper + * for the scheme, or a different module that decides to make the scheme + * public. However, in cases where a site needs to make a scheme public, but + * is unable to add code in a module to do so, the scheme may be added to this + * variable, the result of which is that system_file_download() grants public + * access to all files within that scheme. + */ +# $settings['file_additional_public_schemes'] = ['example']; + +/** + * File schemes whose paths should not be normalized: + * + * Normally, Drupal normalizes '/./' and '/../' segments in file URIs in order + * to prevent unintended file access. For example, 'private://css/../image.png' + * is normalized to 'private://image.png' before checking access to the file. + * + * On Windows, Drupal also replaces '\' with '/' in URIs for the local + * filesystem. + * + * If file URIs with one or more scheme should not be normalized like this, then + * list the schemes here. For example, if 'porcelain://china/./plate.png' should + * not be normalized to 'porcelain://china/plate.png', then add 'porcelain' to + * this array. In this case, make sure that the module providing the 'porcelain' + * scheme does not allow unintended file access when using '/../' to move up the + * directory tree. + */ +# $settings['file_sa_core_2023_005_schemes'] = ['porcelain']; + +/** + * Configuration for phpinfo() admin status report. + * + * Drupal's admin UI includes a report at admin/reports/status/php which shows + * the output of phpinfo(). The full output can contain sensitive information + * so by default Drupal removes some sections. + * + * This behaviour can be configured by setting this variable to a different + * value corresponding to the flags parameter of phpinfo(). + * + * If you need to expose more information in the report - for example to debug a + * problem - consider doing so temporarily. + * + * @see https://www.php.net/manual/function.phpinfo.php + */ +# $settings['sa_core_2023_004_phpinfo_flags'] = ~ (INFO_VARIABLES | INFO_ENVIRONMENT); + +/** + * Private file path: + * + * A local file system path where private files will be stored. This directory + * must be absolute, outside of the Drupal installation directory and not + * accessible over the web. + * + * Note: Caches need to be cleared when this value is changed to make the + * private:// stream wrapper available to the system. + * + * See https://www.drupal.org/documentation/modules/file for more information + * about securing private files. + */ +$settings['file_private_path'] = '/private'; + +/** + * Temporary file path: + * + * A local file system path where temporary files will be stored. This directory + * must be absolute, outside of the Drupal installation directory and not + * accessible over the web. + * + * If this is not set, the default for the operating system will be used. + * + * @see \Drupal\Component\FileSystem\FileSystem::getOsTemporaryDirectory() + */ +# $settings['file_temp_path'] = '/tmp'; + +/** + * Session write interval: + * + * Set the minimum interval between each session write to database. + * For performance reasons it defaults to 180. + */ +# $settings['session_write_interval'] = 180; + +/** + * String overrides: + * + * To override specific strings on your site with or without enabling the Locale + * module, add an entry to this list. This functionality allows you to change + * a small number of your site's default English language interface strings. + * + * Remove the leading hash signs to enable. + * + * The "en" part of the variable name, is dynamic and can be any langcode of + * any added language. (eg locale_custom_strings_de for german). + */ +# $settings['locale_custom_strings_en'][''] = [ +# 'Home' => 'Front page', +# '@count min' => '@count minutes', +# ]; + +/** + * A custom theme for the offline page: + * + * This applies when the site is explicitly set to maintenance mode through the + * administration page or when the database is inactive due to an error. + * The template file should also be copied into the theme. It is located inside + * 'core/modules/system/templates/maintenance-page.html.twig'. + * + * Note: This setting does not apply to installation and update pages. + */ +# $settings['maintenance_theme'] = 'claro'; + +/** + * PHP settings: + * + * To see what PHP settings are possible, including whether they can be set at + * runtime (by using ini_set()), read the PHP documentation: + * http://php.net/manual/ini.list.php + * See \Drupal\Core\DrupalKernel::bootEnvironment() for required runtime + * settings and the .htaccess file for non-runtime settings. + * Settings defined there should not be duplicated here so as to avoid conflict + * issues. + */ + +/** + * If you encounter a situation where users post a large amount of text, and + * the result is stripped out upon viewing but can still be edited, Drupal's + * output filter may not have sufficient memory to process it. If you + * experience this issue, you may wish to uncomment the following two lines + * and increase the limits of these variables. For more information, see + * http://php.net/manual/pcre.configuration.php. + */ +# ini_set('pcre.backtrack_limit', 200000); +# ini_set('pcre.recursion_limit', 200000); + +/** + * Configuration overrides. + * + * To globally override specific configuration values for this site, + * set them here. You usually don't need to use this feature. This is + * useful in a configuration file for a vhost or directory, rather than + * the default settings.php. + * + * Note that any values you provide in these variable overrides will not be + * viewable from the Drupal administration interface. The administration + * interface displays the values stored in configuration so that you can stage + * changes to other environments that don't have the overrides. + * + * There are particular configuration values that are risky to override. For + * example, overriding the list of installed modules in 'core.extension' is not + * supported as module install or uninstall has not occurred. Other examples + * include field storage configuration, because it has effects on database + * structure, and 'core.menu.static_menu_link_overrides' since this is cached in + * a way that is not config override aware. Also, note that changing + * configuration values in settings.php will not fire any of the configuration + * change events. + */ +# $config['system.site']['name'] = 'My Drupal site'; +# $config['user.settings']['anonymous'] = 'Visitor'; + +/** + * Load services definition file. + */ +$settings['container_yamls'][] = $app_root . '/' . $site_path . '/services.yml'; + +/** + * Override the default service container class. + * + * This is useful for example to trace the service container for performance + * tracking purposes, for testing a service container with an error condition or + * to test a service container that throws an exception. + */ +# $settings['container_base_class'] = '\Drupal\Core\DependencyInjection\Container'; + +/** + * Override the default yaml parser class. + * + * Provide a fully qualified class name here if you would like to provide an + * alternate implementation YAML parser. The class must implement the + * \Drupal\Component\Serialization\SerializationInterface interface. + */ +# $settings['yaml_parser_class'] = NULL; + +/** + * Trusted host configuration. + * + * Drupal core can use the Symfony trusted host mechanism to prevent HTTP Host + * header spoofing. + * + * To enable the trusted host mechanism, you enable your allowable hosts + * in $settings['trusted_host_patterns']. This should be an array of regular + * expression patterns, without delimiters, representing the hosts you would + * like to allow. + * + * For example: + * @code + * $settings['trusted_host_patterns'] = [ + * '^www\.example\.com$', + * ]; + * @endcode + * will allow the site to only run from www.example.com. + * + * If you are running multisite, or if you are running your site from + * different domain names (eg, you don't redirect http://www.example.com to + * http://example.com), you should specify all of the host patterns that are + * allowed by your site. + * + * For example: + * @code + * $settings['trusted_host_patterns'] = [ + * '^example\.com$', + * '^.+\.example\.com$', + * '^example\.org$', + * '^.+\.example\.org$', + * ]; + * @endcode + * will allow the site to run off of all variants of example.com and + * example.org, with all subdomains included. + * + * @see https://www.drupal.org/docs/installing-drupal/trusted-host-settings + */ +# $settings['trusted_host_patterns'] = []; + +/** + * The default list of directories that will be ignored by Drupal's file API. + * + * By default ignore node_modules and bower_components folders to avoid issues + * with common frontend tools and recursive scanning of directories looking for + * extensions. + * + * @see \Drupal\Core\File\FileSystemInterface::scanDirectory() + * @see \Drupal\Core\Extension\ExtensionDiscovery::scanDirectory() + */ +$settings['file_scan_ignore_directories'] = [ + 'node_modules', + 'bower_components', +]; + +/** + * The default number of entities to update in a batch process. + * + * This is used by update and post-update functions that need to go through and + * change all the entities on a site, so it is useful to increase this number + * if your hosting configuration (i.e. RAM allocation, CPU speed) allows for a + * larger number of entities to be processed in a single batch run. + */ +$settings['entity_update_batch_size'] = 50; + +/** + * Entity update backup. + * + * This is used to inform the entity storage handler that the backup tables as + * well as the original entity type and field storage definitions should be + * retained after a successful entity update process. + */ +$settings['entity_update_backup'] = TRUE; + +/** + * Node migration type. + * + * This is used to force the migration system to use the classic node migrations + * instead of the default complete node migrations. The migration system will + * use the classic node migration only if there are existing migrate_map tables + * for the classic node migrations and they contain data. These tables may not + * exist if you are developing custom migrations and do not want to use the + * complete node migrations. Set this to TRUE to force the use of the classic + * node migrations. + */ +$settings['migrate_node_migrate_type_classic'] = FALSE; + +/** + * The default settings for migration sources. + * + * These settings are used as the default settings on the Credential form at + * /upgrade/credentials. + * + * - migrate_source_version - The version of the source database. This can be + * '6' or '7'. Defaults to '7'. + * - migrate_source_connection - The key in the $databases array for the source + * site. + * - migrate_file_public_path - The location of the source Drupal 6 or Drupal 7 + * public files. This can be a local file directory containing the source + * Drupal 6 or Drupal 7 site (e.g /var/www/docroot), or the site address + * (e.g http://example.com). + * - migrate_file_private_path - The location of the source Drupal 7 private + * files. This can be a local file directory containing the source Drupal 7 + * site (e.g /var/www/docroot), or empty to use the same value as Public + * files directory. + * + * Sample configuration for a drupal 6 source site with the source files in a + * local directory. + * + * @code + * $settings['migrate_source_version'] = '6'; + * $settings['migrate_source_connection'] = 'migrate'; + * $settings['migrate_file_public_path'] = '/var/www/drupal6'; + * @endcode + * + * Sample configuration for a drupal 7 source site with public source files on + * the source site and the private files in a local directory. + * + * @code + * $settings['migrate_source_version'] = '7'; + * $settings['migrate_source_connection'] = 'migrate'; + * $settings['migrate_file_public_path'] = 'https://drupal7.com'; + * $settings['migrate_file_private_path'] = '/var/www/drupal7'; + * @endcode + */ +# $settings['migrate_source_connection'] = ''; +# $settings['migrate_source_version'] = ''; +# $settings['migrate_file_public_path'] = ''; +# $settings['migrate_file_private_path'] = ''; + +/** + * Load local development override configuration, if available. + * + * Create a settings.local.php file to override variables on secondary (staging, + * development, etc.) installations of this site. + * + * Typical uses of settings.local.php include: + * - Disabling caching. + * - Disabling JavaScript/CSS compression. + * - Rerouting outgoing emails. + * + * Keep this code block at the end of this file to take full effect. + */ +# +# if (file_exists($app_root . '/' . $site_path . '/settings.local.php')) { +# include $app_root . '/' . $site_path . '/settings.local.php'; +# } + +$settings["config_sync_directory"] = '{{ .Values.drupal.configSync.directory }}'; + +{{- if .Values.drupal.configSplit.enabled }} +/** + * Configuration Split for Configuration Management + * + * WxT is following the best practices given by Acquia for configuration + * management. The "default" configuration directory should be shared between + * all multi-sites, and each multisite will override this selectively using + * configuration splits. + * + * To disable this functionality simply set the following parameters: + * $wxt_override_config_dirs = FALSE; + * $settings['config_sync_directory'] = $dir . "/private/config/$site_dir"; + * + * See https://github.com/acquia/blt/blob/12.x/settings/config.settings.php + * for more information. + */ + +use Drupal\wxt\Robo\Common\EnvironmentDetector; + +if (!isset($wxt_override_config_dirs)) { + $wxt_override_config_dirs = TRUE; +} +if ($wxt_override_config_dirs) { + $config_directories['sync'] = $repo_root . "/private/config/default"; + $settings['config_sync_directory'] = $repo_root . "/private/config/default"; +} +$split_filename_prefix = 'config_split.config_split'; +if (isset($config_directories['sync'])) { + $split_filepath_prefix = $config_directories['sync'] . '/' . $split_filename_prefix; +} +else { + $split_filepath_prefix = $settings['config_sync_directory'] . '/' . $split_filename_prefix; +} + +/** + * Set environment splits. + */ +$split_envs = [ + 'local', + 'dev', + 'test', + 'qa', + 'prod', + 'ci', +]; +foreach ($split_envs as $split_env) { + $config["$split_filename_prefix.$split_env"]['status'] = FALSE; +} +if (!isset($split)) { + $split = 'none'; + if (EnvironmentDetector::isLocalEnv()) { + $split = 'local'; + } + if (EnvironmentDetector::isCiEnv()) { + $split = 'ci'; + } + if (EnvironmentDetector::isDevEnv()) { + $split = 'dev'; + } + elseif (EnvironmentDetector::isTestEnv()) { + $split = 'test'; + } + elseif (EnvironmentDetector::isQaEnv()) { + $split = 'qa'; + } + elseif (EnvironmentDetector::isProdEnv()) { + $split = 'prod'; + } +} +if ($split != 'none') { + $config["$split_filename_prefix.$split"]['status'] = TRUE; +} + +/** + * Set multisite split. + */ +// $config["$split_filename_prefix.SITENAME"]['status'] = TRUE; +{{- end }} + +{{- if .Values.redis.enabled }} +if (extension_loaded('redis')) { + // Set Redis as the default backend for any cache bin not otherwise specified. + $settings['cache']['default'] = 'cache.backend.redis'; + $settings['redis.connection']['interface'] = '{{ default "PhpRedis" .Values.redis.clientInterface }}'; + $settings['redis.connection']['scheme'] = 'http'; + {{- if .Values.redis.sentinel.enabled }} + $settings['redis.connection']['host'] = ['{{ .Release.Name }}-redis:{{ .Values.redis.sentinel.service.sentinelPort }}']; + $settings['redis.connection']['instance'] = '{{ .Values.redis.sentinel.masterSet }}'; + {{- else }} + $settings['redis.connection']['host'] = '{{ .Release.Name }}-redis-master'; + $settings['redis.connection']['port'] = '{{ .Values.redis.master.service.ports.redis }}'; + {{- end }} + $settings['redis.connection']['password'] = getenv('REDIS_PASSWORD') ?: ''; + $settings['redis.connection']['persistent'] = FALSE; + + // Allow the services to work before the Redis module itself is enabled. + $settings['container_yamls'][] = 'modules/contrib/redis/example.services.yml'; + $settings['container_yamls'][] = 'modules/contrib/redis/redis.services.yml'; + + // Manually add the classloader path, this is required for the container cache bin definition below + // and allows to use it without the redis module being enabled. + $class_loader->addPsr4('Drupal\\redis\\', 'modules/contrib/redis/src'); + + $settings['bootstrap_container_definition'] = [ + 'parameters' => [], + 'services' => [ + 'redis.factory' => [ + 'class' => 'Drupal\redis\ClientFactory', + ], + 'cache.backend.redis' => [ + 'class' => 'Drupal\redis\Cache\CacheBackendFactory', + 'arguments' => ['@redis.factory', '@cache_tags_provider.container', '@serialization.phpserialize'], + ], + 'cache.container' => [ + 'class' => '\Drupal\redis\Cache\PhpRedis', + 'factory' => ['@cache.backend.redis', 'get'], + 'arguments' => ['container'], + ], + 'cache_tags_provider.container' => [ + 'class' => 'Drupal\redis\Cache\RedisCacheTagsChecksum', + 'arguments' => ['@redis.factory'], + ], + 'serialization.phpserialize' => [ + 'class' => 'Drupal\Component\Serialization\PhpSerialize', + ], + ], + ]; + + /** Optional prefix for cache entries */ + $settings['cache_prefix'] = 'drupal_'; + + // Always set the fast backend for bootstrap, discover and config, otherwise + // this gets lost when redis is enabled. + $settings['cache']['bins']['bootstrap'] = 'cache.backend.chainedfast'; + $settings['cache']['bins']['discovery'] = 'cache.backend.chainedfast'; + $settings['cache']['bins']['config'] = 'cache.backend.chainedfast'; + + // Use for all bins otherwise specified. + $settings['cache']['default'] = 'cache.backend.redis'; + + // Use for all queues unless otherwise specified for a specific queue. + $settings['queue_default'] = 'queue.redis'; + + // Or if you want to use reliable queue implementation. + // $settings['queue_default'] = 'queue.redis_reliable'; + + // Use this to only use Redis for a specific queue. + // $settings['queue_service_aggregator_feeds'] = 'queue.redis'; + + // Use this to use reliable queue implementation. + // $settings['queue_service_aggregator_feeds'] = 'queue.redis_reliable'; +} +{{- end }} + +// As recommended in the S3FS docs, change the twig storage directory +$settings['php_storage']['twig']['directory'] = '/cache/twig'; + +if (is_file(__DIR__ . '/extra.settings.php')) { + include __DIR__ . '/extra.settings.php'; +} diff --git a/drupal/conf/settings.d9.php b/charts/drupal/conf/settings.d9.php similarity index 100% rename from drupal/conf/settings.d9.php rename to charts/drupal/conf/settings.d9.php diff --git a/drupal/conf/ssmtp.conf b/charts/drupal/conf/ssmtp.conf similarity index 100% rename from drupal/conf/ssmtp.conf rename to charts/drupal/conf/ssmtp.conf diff --git a/drupal/conf/userlist.txt b/charts/drupal/conf/userlist.txt similarity index 100% rename from drupal/conf/userlist.txt rename to charts/drupal/conf/userlist.txt diff --git a/charts/drupal/conf/www.conf b/charts/drupal/conf/www.conf new file mode 100644 index 00000000..bef0c6fa --- /dev/null +++ b/charts/drupal/conf/www.conf @@ -0,0 +1,5 @@ +[www] +user = www-data +group = www-data +listen = 127.0.0.1:9000 +pm = dynamic diff --git a/drupal/templates/NOTES.txt b/charts/drupal/templates/NOTES.txt similarity index 96% rename from drupal/templates/NOTES.txt rename to charts/drupal/templates/NOTES.txt index 8ac76223..af4f982d 100644 --- a/drupal/templates/NOTES.txt +++ b/charts/drupal/templates/NOTES.txt @@ -87,9 +87,18 @@ kubectl exec -it $POD_NAME -n {{ .Release.Namespace }} -- drush si {{ .Values.dr ** Login +{{- if .Values.drupal.usePasswordFiles }} + + echo Username: {{ .Values.drupal.username }} + echo Password: "Password is handled by Vault" + +{{- else }} + echo Username: {{ .Values.drupal.username }} echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "drupal.fullname" . }} -o jsonpath="{.data.password}" | base64 --decode) +{{- end }} + ** Running Drush commands export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }},tier=drupal" -o jsonpath="{.items[0].metadata.name}") diff --git a/charts/drupal/templates/_helpers.tpl b/charts/drupal/templates/_helpers.tpl new file mode 100644 index 00000000..29b74d45 --- /dev/null +++ b/charts/drupal/templates/_helpers.tpl @@ -0,0 +1,325 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- if typeIs "string" .value }} + {{- tpl .value .context }} +{{- else }} + {{- tpl (.value | toYaml) .context }} +{{- end }} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "drupal.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "drupal.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "backend.fullname" -}} +{{- $name := default "drupal" .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "drupal.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "drupal.serviceAccountName" -}} +{{- if .Values.drupal.serviceAccount.create }} +{{- default (include "drupal.fullname" .) .Values.drupal.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.drupal.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create common environment variables for Drupal +*/}} +{{- define "drupal.env" -}} +{{- if .Values.external.enabled }} +- name: EXTERNAL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "drupal.fullname" . }} + key: databasePassword +{{- else if and .Values.mysql.enabled (not .Values.mysql.auth.usePasswordFiles) }} +- name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-mysql" + key: mysql-password +{{- else if .Values.postgresql.enabled }} +- name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-postgresql" + key: password +{{- end }} +{{- if .Values.redis.enabled }} +- name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-redis" + key: redis-password +{{- end }} +{{- if not .Values.drupal.usePasswordFiles }} +- name: DRUPAL_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "drupal.fullname" . }} + key: password +{{- end }} +{{- end -}} + +{{/* +Create initContainers for Drupal +*/}} +{{- define "drupal.initContainers" -}} +{{- if .Values.drupal.volumePermissions.enabled }} +- name: set-volume-permissions + image: 'alpine:3.10' + command: + - chown + - '-R' + - '84:84' + - /files/public + - /files/private + volumeMounts: + - name: files-public + mountPath: /files/public + - name: files-private + mountPath: /files/private + securityContext: + runAsUser: 0 +{{- end }} +{{- if .Values.azure.sharedDisk.enabled }} +- name: init-chown + image: 'alpine:3.10' + command: + - chown + - '-R' + - '82:82' + - /mnt/azure + volumeMounts: + - name: files-public + mountPath: /mnt/azure +{{- end }} +{{- if or (and .Values.azure.azureFile.enabled .Values.azure.azureFile.initMediaIconsFolder) (and .Values.azure.sharedDisk.enabled .Values.azure.sharedDisk.initMediaIconsFolder) }} +- name: init-media-icons-folder + image: 'alpine:3.10' + command: + - mkdir + - '-p' + - /files/media-icons/generic + volumeMounts: + - name: files-public + mountPath: /files +{{- end }} +{{- if not (eq .Values.drupal.siteRoot "/") }} +- name: init-site-root + image: 'alpine:3.10' + command: + - /bin/sh + - '-c' + - | + mkdir -p "/webroot$(dirname "{{ .Values.drupal.siteRoot }}")" + ln -s /var/www/html "/webroot{{ .Values.drupal.siteRoot }}" + volumeMounts: + - name: webroot + mountPath: /webroot +{{- end }} +{{- if .Values.drupal.initContainers }} +{{- toYaml .Values.drupal.initContainers }} +{{- end }} +{{- end -}} + +{{/* +Create common volume mounts for Drupal +*/}} +{{- define "drupal.volumeMounts" -}} +- name: cm-drupal + readOnly: true + mountPath: /usr/local/etc/php/php.ini + subPath: php.ini +- name: cm-drupal + readOnly: true + mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini + subPath: opcache-recommended.ini +- name: cm-drupal + readOnly: true + mountPath: /usr/local/etc/php-fpm.d/www.conf + subPath: www.conf +- name: cm-drupal + mountPath: /var/www/html/sites/default/settings.php + subPath: settings.php + readOnly: true +- name: cm-drupal + mountPath: /var/www/html/sites/default/extra.settings.php + subPath: extra.settings.php + readOnly: true +- name: cm-drupal + mountPath: /var/www/html/sites/default/services.yml + subPath: services.yml + readOnly: true +- name: ssmtp + mountPath: /etc/ssmtp/ssmtp.conf + subPath: ssmtp.conf + readOnly: true +- name: twig-cache + mountPath: /cache/twig +{{- if not .Values.drupal.disableDefaultFilesMount }} +- name: files + mountPath: /var/www/html/sites/default/files + subPath: public +- name: files + mountPath: /private + subPath: private +{{- end }} +{{- if not (eq .Values.drupal.siteRoot "/") }} +- name: webroot + mountPath: /webroot +{{- end }} +{{- end -}} + +{{/* +Create common volumes for Drupal +*/}} +{{- define "drupal.volumes" -}} +{{- $fullName := include "drupal.fullname" . -}} +- name: cm-drupal + configMap: + name: {{ $fullName }} +- name: ssmtp + secret: + secretName: {{ $fullName }}-ssmtp + items: + - key: ssmtp.conf + path: ssmtp.conf +- name: twig-cache + emptyDir: {} +{{- if .Values.drupal.persistence.enabled }} +- name: files + persistentVolumeClaim: + claimName: {{ $fullName }}-drupal +{{- else if or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled) }} +- name: files-public + persistentVolumeClaim: + claimName: {{ $fullName }}-public +- name: files-private + persistentVolumeClaim: + claimName: {{ $fullName }}-private +{{- else if not .Values.drupal.disableDefaultFilesMount }} +- name: files + emptyDir: {} +{{- end }} +{{- if not (eq .Values.drupal.siteRoot "/") }} +- name: webroot + emptyDir: {} +{{- end }} +{{- if .Values.drupal.volumes }} +{{ toYaml .Values.drupal.volumes }} +{{- end }} +{{- end -}} + +{{/* +Create connection pooler for Drupal +*/}} +{{- define "drupal.connectionPooler" -}} +{{- if .Values.proxysql.enabled }} +- name: proxysql + image: proxysql/proxysql:2.1.0 + imagePullPolicy: Always + ports: + - containerPort: 6032 + - containerPort: 6033 + volumeMounts: + - name: configfiles + mountPath: "/etc/proxysql" + readOnly: true + livenessProbe: + tcpSocket: + port: 6032 + periodSeconds: 60 + command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + runAsGroup: 999 +{{- else if .Values.pgbouncer.enabled }} +- name: pgbouncer + image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest + imagePullPolicy: Always + ports: + - containerPort: 5432 + volumeMounts: + - name: configfiles + mountPath: "/etc/pgbouncer" + readOnly: true + livenessProbe: + tcpSocket: + port: 5432 + periodSeconds: 60 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ['all'] +{{- end }} +{{- end -}} + +{{/* +Create connection pooler for Drupal +*/}} +{{- define "drupal.connectionPooler.volumes" -}} +{{- $fullName := include "drupal.fullname" . -}} +{{- if .Values.proxysql.enabled }} +- name: configfiles + secret: + secretName: {{ $fullName }}-proxysql +{{- else if .Values.pgbouncer.enabled }} +- name: configfiles + secret: + secretName: {{ $fullName }}-pgbouncer +{{- end }} +{{- end -}} diff --git a/charts/drupal/templates/cm/drupal.yaml b/charts/drupal/templates/cm/drupal.yaml new file mode 100644 index 00000000..a9b6db59 --- /dev/null +++ b/charts/drupal/templates/cm/drupal.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "drupal.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + php.ini: | + {{- tpl (.Files.Get "conf/php.ini") . | nindent 4 }} + opcache-recommended.ini: | + {{- tpl (.Files.Get "conf/opcache-recommended.ini") . | nindent 4 }} + www.conf: | + {{- tpl (.Files.Get "conf/www.conf") . | nindent 4 }} + {{- .Values.drupal.php.fpm | nindent 4}} + settings.php: | + {{- if eq "d9" .Values.drupal.version }} + {{- tpl (.Files.Get "conf/settings.d9.php") . | nindent 4 }} + {{- else if eq "d10" .Values.drupal.version }} + {{- tpl (.Files.Get "conf/settings.d10.php") . | nindent 4 }} + {{- else }} + settings.php: + =1.21" $.Capabilities.KubeVersion.GitVersion }} +apiVersion: batch/v1 +{{- else }} +apiVersion: batch/v1beta1 +{{- end }} +kind: CronJob +metadata: + name: {{ $fullName }}-{{ $cronName }} + labels: + app.kubernetes.io/name: {{ $name }} + helm.sh/chart: {{ $chartName }} + app.kubernetes.io/instance: {{ $release.Name }} + app.kubernetes.io/managed-by: {{ $release.Service }} +spec: + schedule: "{{ $cron.schedule }}" + startingDeadlineSeconds: 100 + concurrencyPolicy: Replace + successfulJobsHistoryLimit: {{ $values.drupal.cron.successfulJobsHistoryLimit }} + failedJobsHistoryLimit: {{ $values.drupal.cron.failedJobsHistoryLimit }} + jobTemplate: + spec: + template: + metadata: + labels: + app.kubernetes.io/name: {{ $name }} + helm.sh/chart: {{ $chartName }} + app.kubernetes.io/instance: {{ $release.Name }} + app.kubernetes.io/managed-by: {{ $release.Service }} + {{- if $values.drupal.podAnnotations }} + annotations: + {{- toYaml $values.drupal.podAnnotations | nindent 12 }} + {{- end }} + spec: + serviceAccountName: {{ include "drupal.serviceAccountName" $ctx }} + {{- if $values.drupal.tolerations }} + tolerations: + {{- toYaml $values.drupal.tolerations | nindent 10 }} + {{- end }} + {{- if $values.drupal.nodeSelector }} + nodeSelector: + {{- toYaml $values.drupal.nodeSelector | nindent 12 }} + {{- end }} + restartPolicy: OnFailure + containers: + - name: cron + image: "{{ $values.drupal.image }}:{{ default $chart.AppVersion $values.drupal.tag }}" + imagePullPolicy: {{ default "" $values.drupal.imagePullPolicy | quote }} + command: + - '/bin/sh' + - '-c' + - | + # Errors should fail the job + set -e + + # Pre Install scripts + {{- if $values.drupal.cron.preInstallScripts }} + {{ toYaml $values.drupal.cron.preInstallScripts | nindent 14}} + {{- end }} + +{{ $cron.script | indent 16 }} + + env: + {{- include "drupal.env" $ctx | nindent 14 }} + {{- if $values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" $values.extraEnvVars "context" $) | nindent 14 }} + {{- end }} + volumeMounts: + {{- include "drupal.volumeMounts" $ctx | nindent 14 }} + {{- if $values.drupal.volumeMounts }} + {{- include "common.tplvalues.render" (dict "value" $values.drupal.volumeMounts "context" $) | nindent 14 }} + {{- end }} + {{- if $cron.volumeMounts }} + {{- include "common.tplvalues.render" (dict "value" $cron.volumeMounts "context" $) | nindent 14 }} + {{- end }} + {{- include "drupal.connectionPooler" $ctx | nindent 10 }} + {{- if $values.drupal.imagePullSecrets }} + imagePullSecrets: + {{- toYaml $values.drupal.imagePullSecrets | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml $values.drupal.securityContext | nindent 12 }} + volumes: + {{- include "drupal.volumes" $ctx | nindent 10 }} + {{- include "drupal.connectionPooler.volumes" $ctx | nindent 10 }} + {{- if $cron.volumes }} + {{- toYaml $cron.volumes | nindent 10 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/drupal/templates/cronjob/drupal-backup.yaml b/charts/drupal/templates/cronjob/drupal-backup.yaml new file mode 100644 index 00000000..31369aaf --- /dev/null +++ b/charts/drupal/templates/cronjob/drupal-backup.yaml @@ -0,0 +1,107 @@ +{{- if .Values.drupal.backup.enabled }} +{{- if semverCompare ">=1.21" $.Capabilities.KubeVersion.GitVersion }} +apiVersion: batch/v1 +{{- else }} +apiVersion: batch/v1beta1 +{{- end }} +kind: CronJob +metadata: + name: {{ template "drupal.fullname" . }}-drupal-backup + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + schedule: "{{ .Values.drupal.backup.schedule }}" + startingDeadlineSeconds: 100 + concurrencyPolicy: Replace + successfulJobsHistoryLimit: {{ .Values.drupal.cron.successfulJobsHistoryLimit }} + failedJobsHistoryLimit: {{ .Values.drupal.cron.failedJobsHistoryLimit }} + jobTemplate: + spec: + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + {{- if .Values.drupal.podAnnotations }} + {{- toYaml .Values.drupal.podAnnotations | nindent 12 }} + {{- end }} + spec: + serviceAccountName: {{ include "drupal.serviceAccountName" . }} + {{- if .Values.drupal.tolerations }} + tolerations: + {{- toYaml .Values.drupal.tolerations | nindent 12 }} + {{- end }} + {{- if .Values.drupal.nodeSelector }} + nodeSelector: + {{- toYaml .Values.drupal.nodeSelector | nindent 12 }} + {{- end }} + restartPolicy: OnFailure + containers: + - name: drush + image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" + imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} + command: + - '/bin/sh' + - '-c' + - | + # Errors should fail the job + set -e + + # Pre Install scripts + {{- if .Values.drupal.cron.preInstallScripts }} + {{ .Values.drupal.cron.preInstallScripts | nindent 14}} + {{- end }} + + # Wait for DB to be available + until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done + echo DB available + + # Check Drush status + drush status + + # Run cron + BACKUPNAME=$(date +%Y%m%d.%H%M%S) + mkdir -p /backup/$BACKUPNAME + echo "Backup DB" + {{- if .Values.mysql.enabled }} + drush -y sql-dump {{ .Values.drupal.backup.sqlDumpArgs }} --extra-dump=--no-tablespaces | gzip > /backup/$BACKUPNAME/db.sql.gz + {{- else }} + drush -y sql-dump {{ .Values.drupal.backup.sqlDumpArgs }} | gzip > /backup/$BACKUPNAME/db.sql.gz + {{- end }} + echo "Backup public files" + tar {{ .Values.drupal.backup.filesArgs }} -czvf /backup/$BACKUPNAME/files.tar.gz --directory=sites/default/files . + echo "Backup private files" + tar {{ .Values.drupal.backup.privateArgs }} -czvf /backup/$BACKUPNAME/private.tar.gz --directory=/private . + env: + {{- include "drupal.env" . | nindent 14 }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 14 }} + {{- end }} + volumeMounts: + {{- include "drupal.volumeMounts" . | nindent 14 }} + {{- if .Values.drupal.volumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.drupal.volumeMounts "context" $) | nindent 14 }} + {{- end }} + {{- include "drupal.connectionPooler" . | nindent 10 }} + {{- if .Values.drupal.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.drupal.imagePullSecrets | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml .Values.drupal.securityContext | nindent 12 }} + volumes: + {{- include "drupal.volumes" . | nindent 10 }} + {{- include "drupal.connectionPooler.volumes" . | nindent 10 }} + - name: backup + {{- if .Values.drupal.backup.volume }} + {{- toYaml .Values.drupal.backup.volume | nindent 12 }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end }} diff --git a/charts/drupal/templates/cronjob/drupal.yaml b/charts/drupal/templates/cronjob/drupal.yaml new file mode 100644 index 00000000..0238b66e --- /dev/null +++ b/charts/drupal/templates/cronjob/drupal.yaml @@ -0,0 +1,90 @@ +{{- if .Values.drupal.cron.enabled }} +{{- if semverCompare ">=1.21" $.Capabilities.KubeVersion.GitVersion }} +apiVersion: batch/v1 +{{- else }} +apiVersion: batch/v1beta1 +{{- end }} +kind: CronJob +metadata: + name: {{ template "drupal.fullname" . }}-drupal-cron + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + schedule: "{{ .Values.drupal.cron.schedule }}" + startingDeadlineSeconds: 100 + concurrencyPolicy: Replace + successfulJobsHistoryLimit: {{ .Values.drupal.cron.successfulJobsHistoryLimit }} + failedJobsHistoryLimit: {{ .Values.drupal.cron.failedJobsHistoryLimit }} + jobTemplate: + spec: + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + {{- if .Values.drupal.podAnnotations }} + {{- toYaml .Values.drupal.podAnnotations | nindent 12 }} + {{- end }} + spec: + serviceAccountName: {{ include "drupal.serviceAccountName" . }} + {{- if .Values.drupal.tolerations }} + tolerations: + {{- toYaml .Values.drupal.tolerations | nindent 10 }} + {{- end }} + {{- if .Values.drupal.nodeSelector }} + nodeSelector: + {{- toYaml .Values.drupal.nodeSelector | nindent 12 }} + {{- end }} + restartPolicy: OnFailure + containers: + - name: drush + image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" + imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} + command: + - '/bin/sh' + - '-c' + - | + # Errors should fail the job + set -e + + # Pre Install scripts + {{- if .Values.drupal.cron.preInstallScripts }} + {{ .Values.drupal.cron.preInstallScripts | nindent 14}} + {{- end }} + + # Wait for DB to be available + until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done + echo DB available + + # Check Drush status + drush status + + # Run cron + drush -y core-cron + env: + {{- include "drupal.env" . | nindent 14 }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 14 }} + {{- end }} + volumeMounts: + {{- include "drupal.volumeMounts" . | nindent 14 }} + {{- if .Values.drupal.volumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.drupal.volumeMounts "context" $) | nindent 14 }} + {{- end }} + {{- include "drupal.connectionPooler" . | nindent 10 }} + {{- if .Values.drupal.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.drupal.imagePullSecrets | nindent 12 }} + {{- end }} + securityContext: + {{- toYaml .Values.drupal.securityContext | nindent 12 }} + volumes: + {{- include "drupal.volumes" . | nindent 10 }} + {{- include "drupal.connectionPooler.volumes" . | nindent 10 }} +{{- end }} diff --git a/charts/drupal/templates/deploy/drupal.yaml b/charts/drupal/templates/deploy/drupal.yaml new file mode 100644 index 00000000..5c4285c9 --- /dev/null +++ b/charts/drupal/templates/deploy/drupal.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "drupal.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.drupal.replicas }} + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + tier: drupal + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + tier: drupal + annotations: + {{- if .Values.drupal.podAnnotations }} + {{- toYaml .Values.drupal.podAnnotations | nindent 8 }} + {{- end }} + checksum/config: {{ include (print $.Template.BasePath "/cm/drupal.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ include "drupal.serviceAccountName" . }} + {{- if .Values.drupal.tolerations }} + tolerations: + {{- toYaml .Values.drupal.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.drupal.nodeSelector }} + nodeSelector: + {{- toYaml .Values.drupal.nodeSelector | nindent 8 }} + {{- end }} + {{- if or (.Values.drupal.initContainers) (.Values.drupal.volumePermissions.enabled) (or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled)) }} + initContainers: + {{- include "drupal.initContainers" . | nindent 8 }} + {{- end }} + containers: + - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" + imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} + {{- if .Values.drupal.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.drupal.command "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.drupal.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.drupal.args "context" $) | nindent 8 }} + {{- end }} + name: drupal + ports: + - containerPort: 9000 + name: tcp-php-fpm + protocol: TCP + {{- if .Values.drupal.healthcheck.enabled }} + livenessProbe: + exec: + command: + - php-fpm-healthcheck + initialDelaySeconds: 0 + periodSeconds: 5 + readinessProbe: + exec: + command: + - php-fpm-healthcheck + initialDelaySeconds: 1 + periodSeconds: 5 + {{- end }} + env: + {{- include "drupal.env" . | nindent 10 }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.drupal.resources }} + resources: + {{- toYaml .Values.drupal.resources | nindent 10 }} + {{- end }} + volumeMounts: + {{- include "drupal.volumeMounts" . | nindent 10 }} + {{- if .Values.drupal.volumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.drupal.volumeMounts "context" $) | nindent 10 }} + {{- end }} + {{- include "drupal.connectionPooler" . | nindent 6 }} + {{- if .Values.drupal.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.drupal.imagePullSecrets | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.drupal.securityContext | nindent 8 }} + volumes: + {{- include "drupal.volumes" . | nindent 6 }} + {{- include "drupal.connectionPooler.volumes" . | nindent 6 }} diff --git a/drupal/templates/deploy/nginx.yaml b/charts/drupal/templates/deploy/nginx.yaml similarity index 64% rename from drupal/templates/deploy/nginx.yaml rename to charts/drupal/templates/deploy/nginx.yaml index d7b2a610..ab05f98e 100644 --- a/drupal/templates/deploy/nginx.yaml +++ b/charts/drupal/templates/deploy/nginx.yaml @@ -22,25 +22,25 @@ spec: app.kubernetes.io/name: {{ include "drupal.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} tier: frontend -{{- if .Values.nginx.podLabels }} -{{ toYaml .Values.nginx.podLabels | indent 8 }} -{{- end }} + {{- if .Values.nginx.podLabels }} + {{- toYaml .Values.nginx.podLabels | nindent 8 }} + {{- end }} annotations: -{{- if .Values.nginx.podAnnotations }} -{{ toYaml .Values.nginx.podAnnotations | indent 8 }} -{{- end }} + {{- if .Values.nginx.podAnnotations }} + {{- toYaml .Values.nginx.podAnnotations | nindent 8 }} + {{- end }} checksum/config: {{ include (print $.Template.BasePath "/cm/nginx.yaml") . | sha256sum }} spec: -{{- if .Values.nginx.tolerations }} + {{- if .Values.nginx.tolerations }} tolerations: -{{ toYaml .Values.nginx.tolerations | indent 6 }} -{{- end }} -{{- if .Values.nginx.nodeSelector }} + {{- toYaml .Values.nginx.tolerations | nindent 6 }} + {{- end }} + {{- if .Values.nginx.nodeSelector }} nodeSelector: -{{ toYaml .Values.nginx.nodeSelector | indent 8 }} -{{- end }} + {{- toYaml .Values.nginx.nodeSelector | nindent 8 }} + {{- end }} initContainers: -{{- if not (eq .Values.drupal.siteRoot "/") }} + {{- if not (eq .Values.drupal.siteRoot "/") }} - name: init-site-root image: 'alpine:3.10' command: @@ -52,14 +52,14 @@ spec: volumeMounts: - name: webroot mountPath: /webroot -{{- end }} + {{- end }} containers: - image: "{{ .Values.nginx.image }}:{{ default (print .Chart.AppVersion "-nginx") .Values.nginx.tag }}" imagePullPolicy: {{ default "" .Values.nginx.imagePullPolicy | quote }} name: nginx ports: - name: http - containerPort: 80 + containerPort: 8080 protocol: TCP - name: https containerPort: 443 @@ -67,66 +67,64 @@ spec: readinessProbe: httpGet: path: /_healthz - port: 80 + port: 8080 initialDelaySeconds: 0 periodSeconds: 5 livenessProbe: httpGet: path: /_healthz - port: 80 + port: 8080 initialDelaySeconds: 1 periodSeconds: 5 + {{- if .Values.nginx.resources }} resources: - requests: - memory: "200Mi" - cpu: "250m" - limits: - memory: "500Mi" - cpu: "400m" + {{- toYaml .Values.nginx.resources | nindent 10 }} + {{- end }} volumeMounts: - mountPath: /etc/nginx/nginx.conf name: cm-nginx readOnly: true subPath: nginx.conf -{{- if not .Values.drupal.disableDefaultFilesMount }} + {{- if not .Values.drupal.disableDefaultFilesMount }} - name: files mountPath: /var/www/html/sites/default/files subPath: public -{{- end }} -{{- if not (eq .Values.drupal.siteRoot "/") }} + {{- end }} + {{- if not (eq .Values.drupal.siteRoot "/") }} - name: webroot mountPath: /webroot -{{- end }} -{{- if .Values.nginx.volumeMounts }} -{{ toYaml .Values.nginx.volumeMounts | indent 8 }} -{{- end }} + {{- end }} + {{- if .Values.nginx.volumeMounts }} + {{- toYaml .Values.nginx.volumeMounts | nindent 8 }} + {{- end }} {{- if .Values.nginx.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.nginx.imagePullSecrets | indent 8 }} + {{- toYaml .Values.nginx.imagePullSecrets | nindent 8 }} {{- end }} - # Allow non-root user to access PersistentVolume + {{- if .Values.nginx.securityContext }} securityContext: fsGroup: {{ .Values.nginx.securityContext.fsGroup }} + {{- end }} volumes: - name: cm-nginx configMap: name: {{ include "drupal.fullname" . }}-nginx -{{- if .Values.drupal.persistence.enabled }} + {{- if .Values.drupal.persistence.enabled }} - name: files persistentVolumeClaim: claimName: {{ template "drupal.fullname" . }}-drupal -{{- else if or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled) }} + {{- else if or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled) }} - name: files-public persistentVolumeClaim: claimName: {{ include "drupal.fullname" . }}-public -{{- else if not .Values.drupal.disableDefaultFilesMount }} + {{- else if not .Values.drupal.disableDefaultFilesMount }} - name: files emptyDir: {} -{{- end }} -{{- if not (eq .Values.drupal.siteRoot "/") }} + {{- end }} + {{- if not (eq .Values.drupal.siteRoot "/") }} - name: webroot emptyDir: {} -{{- end }} -{{- if .Values.nginx.volumes }} -{{ toYaml .Values.nginx.volumes | indent 6 }} -{{- end }} + {{- end }} + {{- if .Values.nginx.volumes }} + {{- toYaml .Values.nginx.volumes | nindent 6 }} + {{- end }} diff --git a/drupal/templates/hpa/drupal.yaml b/charts/drupal/templates/hpa/drupal.yaml similarity index 100% rename from drupal/templates/hpa/drupal.yaml rename to charts/drupal/templates/hpa/drupal.yaml diff --git a/drupal/templates/hpa/nginx.yaml b/charts/drupal/templates/hpa/nginx.yaml similarity index 100% rename from drupal/templates/hpa/nginx.yaml rename to charts/drupal/templates/hpa/nginx.yaml diff --git a/drupal/templates/ing/drupal.yaml b/charts/drupal/templates/ing/drupal.yaml similarity index 81% rename from drupal/templates/ing/drupal.yaml rename to charts/drupal/templates/ing/drupal.yaml index 8b1d0019..762e5917 100644 --- a/drupal/templates/ing/drupal.yaml +++ b/charts/drupal/templates/ing/drupal.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ingress.enabled -}} +{{- if .Values.ingress.enabled }} {{- $fullName := include "drupal.fullname" . -}} {{- $releaseName := .Release.Name -}} {{- $varnishEnabled := .Values.varnish.enabled -}} @@ -16,24 +16,24 @@ metadata: helm.sh/chart: {{ include "drupal.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Values.ingress.annotations }} + {{- with .Values.ingress.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: -{{- if .Values.ingress.className }} + {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className }} -{{- end }} -{{- if .Values.ingress.tls }} + {{- end }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: {{- range .Values.ingress.hosts }} - host: {{ . | quote }} @@ -47,21 +47,21 @@ spec: service: name: {{ $releaseName }}-varnish port: - number: 80 + number: 8080 {{- else }} service: name: {{ $fullName }}-nginx port: - number: 80 + number: 8080 {{- end }} {{- else }} - backend: {{- if $varnishEnabled }} serviceName: {{ $releaseName }}-varnish - servicePort: 80 + servicePort: 8080 {{- else }} serviceName: {{ $fullName }}-nginx - servicePort: 80 + servicePort: 8080 {{- end }} {{- end }} {{- end }} diff --git a/charts/drupal/templates/job/post-install-site-install.yaml b/charts/drupal/templates/job/post-install-site-install.yaml new file mode 100644 index 00000000..5f2fdd21 --- /dev/null +++ b/charts/drupal/templates/job/post-install-site-install.yaml @@ -0,0 +1,188 @@ +{{- if .Values.drupal.install }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "drupal.fullname" . }}-site-install + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "10" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: {{ default "" .Values.drupal.backoffLimitInstall }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + {{- if .Values.drupal.podAnnotations }} + {{- toYaml .Values.drupal.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "drupal.serviceAccountName" . }} + {{- if .Values.drupal.tolerations }} + tolerations: + {{- toYaml .Values.drupal.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.drupal.nodeSelector }} + nodeSelector: + {{- toYaml .Values.drupal.nodeSelector | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + {{- if or (.Values.drupal.initContainers) (or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled)) }} + initContainers: + {{- include "drupal.initContainers" . | nindent 8 }} + {{- end }} + containers: + - name: drush + image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" + imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} + command: + - '/bin/sh' + - '-c' + - | + # Errors should fail the job + set -e + + # Pre Install scripts + {{- if .Values.drupal.preInstallScripts }} + {{ toYaml .Values.drupal.preInstallScripts | nindent 14}} + {{- end }} + + # Wait for DB to be available + {{ .Values.drupal.dbAvailabilityScript | nindent 14}} + + {{- if .Values.redis.enabled }} + {{- if .Values.redis.sentinel.enabled }} + until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done + {{- else }} + until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done + {{- end }} + echo Redis available + {{- end }} + + # Check Drush status + drush status || true + + {{- if .Values.redis.enabled }} + # Flush redis caches + {{- if .Values.redis.sentinel.enabled }} + printf "AUTH $REDIS_PASSWORD\r\nFLUSHDB\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }} + {{- else }} + printf "AUTH $REDIS_PASSWORD\r\nFLUSHDB\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }} + {{- end }} + {{- end }} + + # Run site install + {{- if .Values.drupal.restore.enabled }} + + # Check to see if using specific backup else use latest CHECK IF NAME SAYS LATEST + {{- if eq .Values.drupal.restore.name "latest"}} + BACKUPNAME=$(ls -td -- /backup/* | head -n 1 | sed -e "s/\/backup\///") + {{- else }} + BACKUPNAME='{{ .Values.drupal.restore.name }}' + {{- end }} + + echo "Restoring backup: $BACKUPNAME" + + {{- if .Values.drupal.restore.db }} + echo "Drop database" + drush sql-drop -y + echo "Restore database" + gunzip -c /backup/$BACKUPNAME/db.sql.gz{{ if .Values.drupal.restore.convert }} | sed 's/MyISAM/InnoDB/g'{{ end }} | drush sql-cli + echo "Database restored" + {{- end }} + + {{- if .Values.drupal.restore.files }} + echo "Deleting files" + # Errors from deleting should not fail the job + set +e + find sites/default/files/ -type f -print0 | xargs -0 rm + find sites/default/files/ -mindepth 1 -type d -print0 | xargs -0 rmdir + find /private/ -type f -print0 | xargs -0 rm + find /private/ -mindepth 1 -type d -print0 | xargs -0 rmdir + set -e + + echo "Restoring files" + {{- if .Values.drupal.restore.suppressTarErrors }} + set +e + {{- end }} + tar -zxf /backup/$BACKUPNAME/files.tar.gz --directory sites/default/files --no-acls --no-xattrs -m --no-same-permissions --no-overwrite-dir + tar -zxf /backup/$BACKUPNAME/private.tar.gz --directory /private --no-acls --no-xattrs -m --no-same-permissions --no-overwrite-dir + {{- if .Values.drupal.restore.suppressTarErrors }} + set -e + {{- end }} + echo "Files restored" + {{- end }} + + # Run database updates + {{- if .Values.drupal.cacheRebuildBeforeDatabaseMigration }} + drush -y cache:rebuild + {{- end }} + drush -y updatedb + + {{- else }} + time drush site:install {{ .Values.drupal.profile }} \ + --sites-subdir=default \ + {{- if .Values.mysql.enabled }} + --db-url="mysql://{{ .Values.mysql.auth.username }}:$MYSQL_PASSWORD@{{ .Release.Name }}-mysql:{{ .Values.mysql.primary.service.ports.mysql }}/{{ .Values.mysql.auth.database }}" \ + {{- else if .Values.postgresql.enabled }} + --db-url="pgsql://{{ .Values.postgresql.auth.username }}:$POSTGRES_PASSWORD@{{ .Release.Name }}-postgresql:{{ .Values.postgresql.primary.service.ports.postgresql }}/{{ .Values.postgresql.auth.database }}" \ + {{- end }} + --account-name={{ .Values.drupal.username }} \ + --account-pass=$DRUPAL_ADMIN_PASSWORD \ + --site-mail={{ .Values.drupal.siteEmail | quote }} \ + --site-name={{ .Values.drupal.siteName | quote }} \ + {{- if .Values.drupal.extensions.enabled }} + wxt_extension_configure_form.select_all='TRUE' \ + {{- end }} + install_configure_form.update_status_module='array(FALSE,FALSE)' \ + --yes + {{- end }} + + drush -y cache:rebuild + + {{- if .Values.redis.enabled }} + # Enable redis + drush -y pm:enable redis + {{- end }} + + # Rebuild caches + drush -y cache:rebuild + + # Extra installation scripts + {{- if .Values.drupal.postInstallScripts }} + {{ toYaml .Values.drupal.postInstallScripts | nindent 14}} + {{- end }} + env: + {{- include "drupal.env" . | nindent 10 }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 10 }} + {{- end }} + volumeMounts: + {{- include "drupal.volumeMounts" . | nindent 10 }} + {{- if .Values.drupal.volumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.drupal.volumeMounts "context" $) | nindent 10 }} + {{- end }} + {{- include "drupal.connectionPooler" . | nindent 6 }} + {{- if .Values.drupal.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.drupal.imagePullSecrets | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.drupal.securityContext | nindent 8 }} + volumes: + {{- include "drupal.volumes" . | nindent 6 }} + {{- include "drupal.connectionPooler.volumes" . | nindent 6 }} + {{- if .Values.drupal.restore.enabled }} + - name: backup + {{- toYaml .Values.drupal.restore.volume | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/drupal/templates/job/post-upgrade-reconfigure.yaml b/charts/drupal/templates/job/post-upgrade-reconfigure.yaml new file mode 100644 index 00000000..20fe1a40 --- /dev/null +++ b/charts/drupal/templates/job/post-upgrade-reconfigure.yaml @@ -0,0 +1,109 @@ +{{- if .Values.drupal.reconfigure }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "drupal.fullname" . }}-reconfigure + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "10" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: {{ default "" .Values.drupal.backoffLimitReconfigure }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + {{- if .Values.drupal.podAnnotations }} + {{- toYaml .Values.drupal.podAnnotations | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "drupal.serviceAccountName" . }} + {{- if .Values.drupal.tolerations }} + tolerations: + {{- toYaml .Values.drupal.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.drupal.nodeSelector }} + nodeSelector: + {{- toYaml .Values.drupal.nodeSelector | nindent 8 }} + {{- end }} + restartPolicy: OnFailure + {{- if or (.Values.drupal.initContainers) (or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled)) }} + initContainers: + {{- include "drupal.initContainers" . | nindent 8 }} + {{- end }} + containers: + - name: drush + image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" + imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} + command: + - '/bin/sh' + - '-c' + - | + # Errors should fail the job + set -e + + # Pre Upgrade scripts + {{- if .Values.drupal.preUpgradeScripts }} + {{ toYaml .Values.drupal.preUpgradeScripts | nindent 14}} + {{- end }} + + # Wait for DB to be available + {{ .Values.drupal.dbAvailabilityScript | nindent 14}} + + {{- if .Values.redis.enabled }} + {{- if .Values.redis.sentinel.enabled }} + until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done + {{- else }} + until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done + {{- end }} + echo Redis available + {{- end }} + + # Check Drush status + drush status || true + + # Run database updates + {{- if .Values.drupal.cacheRebuildBeforeDatabaseMigration }} + drush -y cache:rebuild + {{- end }} + {{- if .Values.drupal.updateDBBeforeDatabaseMigration }} + drush -y updatedb + {{- end }} + + # Rebuild caches + drush -y cache:rebuild + + # Post Upgrade scripts + {{- if .Values.drupal.postUpgradeScripts }} + {{ toYaml .Values.drupal.postUpgradeScripts | nindent 14}} + {{- end }} + env: + {{- include "drupal.env" . | nindent 10 }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 10 }} + {{- end }} + volumeMounts: + {{- include "drupal.volumeMounts" . | nindent 10 }} + {{- if .Values.drupal.volumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.drupal.volumeMounts "context" $) | nindent 10 }} + {{- end }} + {{- include "drupal.connectionPooler" . | nindent 6 }} + {{- if .Values.drupal.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.drupal.imagePullSecrets | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.drupal.securityContext | nindent 8 }} + volumes: + {{- include "drupal.volumes" . | nindent 6 }} + {{- include "drupal.connectionPooler.volumes" . | nindent 6 }} +{{- end }} diff --git a/charts/drupal/templates/netpol/drupal.yaml b/charts/drupal/templates/netpol/drupal.yaml new file mode 100644 index 00000000..d3c7ca33 --- /dev/null +++ b/charts/drupal/templates/netpol/drupal.yaml @@ -0,0 +1,16 @@ +{{- if .Values.netpol.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "drupal.fullname" . }}-allow-same-ns + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + podSelector: {} + ingress: + - from: + - podSelector: {} +{{- end }} diff --git a/charts/drupal/templates/netpol/route.yaml b/charts/drupal/templates/netpol/route.yaml new file mode 100644 index 00000000..d2eb8ccb --- /dev/null +++ b/charts/drupal/templates/netpol/route.yaml @@ -0,0 +1,20 @@ +{{- if .Values.netpol.openshift.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "drupal.fullname" . }}-allow-openshift-ingress + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + podSelector: {} + policyTypes: + - Ingress +{{- end }} diff --git a/drupal/templates/pdb/poddisruptionbudget.yaml b/charts/drupal/templates/pdb/poddisruptionbudget.yaml similarity index 100% rename from drupal/templates/pdb/poddisruptionbudget.yaml rename to charts/drupal/templates/pdb/poddisruptionbudget.yaml diff --git a/charts/drupal/templates/pv/csi-azure-file.yaml b/charts/drupal/templates/pv/csi-azure-file.yaml new file mode 100644 index 00000000..f94f0a16 --- /dev/null +++ b/charts/drupal/templates/pv/csi-azure-file.yaml @@ -0,0 +1,42 @@ + +{{- $name := include "drupal.name" . -}} +{{- $fullName := include "drupal.fullname" . -}} +{{- $chartName := include "drupal.chart" . -}} +{{- $chart := .Chart }} +{{- $release := .Release }} +{{- $values := .Values }} +{{- $ctx := . }} +{{- range $k, $v := .Values.azure.azureFile.folders }} +{{- if $values.azure.azureFile.enabled -}} +{{- if not $values.azure.azureFile.disablePVCreation }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + {{- if $values.azure.azureFile.annotations }} + annotations: + {{- toYaml $values.azure.azureFile.annotations | nindent 4 }} + {{- end }} + name: {{ $fullName }}-{{ $v }} +spec: + capacity: + storage: {{ $values.azure.azureFile.size }} + accessModes: + - {{ $values.azure.azureFile.accessMode }} + {{- if $values.azure.storageClass.create }} + storageClassName: {{ $fullName }}-csi-azure + {{- else if eq "-" $values.azure.azureFile.storageClass }} + storageClassName: "" + {{- else if $values.azure.azureFile.storageClass }} + storageClassName: "{{ $values.azure.azureFile.storageClass }}" + {{- end }} + {{- if $values.azure.azureFile.backup.spec }} + {{- toYaml $values.azure.azureFile.backup.spec | nindent 2 }} + {{- end }} + {{- if $values.azure.azureFile.backup.mountOptions }} + mountOptions: + {{- toYaml $values.azure.azureFile.backup.mountOptions | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/drupal/templates/pv/csi-azure-shared-disk.yaml b/charts/drupal/templates/pv/csi-azure-shared-disk.yaml new file mode 100644 index 00000000..cae0d50f --- /dev/null +++ b/charts/drupal/templates/pv/csi-azure-shared-disk.yaml @@ -0,0 +1,41 @@ +{{- $name := include "drupal.name" . -}} +{{- $fullName := include "drupal.fullname" . -}} +{{- $chartName := include "drupal.chart" . -}} +{{- $chart := .Chart }} +{{- $release := .Release }} +{{- $values := .Values }} +{{- $ctx := . }} +{{- range $k, $v := .Values.azure.sharedDisk.folders }} +{{- if $values.azure.sharedDisk.enabled }} +{{- if not $values.azure.sharedDisk.disablePVCreation }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + {{- if $values.azure.sharedDisk.annotations }} + annotations: + {{- toYaml $values.azure.sharedDisk.annotations | nindent 4 }} + {{- end }} + name: {{ $fullName }}-{{ $v }} +spec: + capacity: + storage: {{ $values.azure.sharedDisk.size }} + accessModes: + - {{ $values.azure.sharedDisk.accessMode }} + {{- if $values.azure.storageClass.create }} + storageClassName: {{ $fullName }}-csi-azure + {{- else if eq "-" $values.azure.sharedDisk.storageClass }} + storageClassName: "" + {{- else if $values.azure.sharedDisk.storageClass }} + storageClassName: "{{ $values.azure.sharedDisk.storageClass }}" + {{- end }} + {{- if $values.azure.sharedDisk.private.spec }} + {{- toYaml $values.azure.sharedDisk.private.spec | nindent 2 }} + {{- end }} + {{- if $values.azure.sharedDisk.private.mountOptions }} + mountOptions: + {{- toYaml $values.azure.sharedDisk.private.mountOptions | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/drupal/templates/pvc/csi-azure-file.yaml b/charts/drupal/templates/pvc/csi-azure-file.yaml new file mode 100644 index 00000000..12c35612 --- /dev/null +++ b/charts/drupal/templates/pvc/csi-azure-file.yaml @@ -0,0 +1,36 @@ +{{- $name := include "drupal.name" . -}} +{{- $fullName := include "drupal.fullname" . -}} +{{- $chartName := include "drupal.chart" . -}} +{{- $chart := .Chart }} +{{- $release := .Release }} +{{- $values := .Values }} +{{- $ctx := . }} +{{- range $k, $v := .Values.azure.azureFile.folders }} +{{- if $values.azure.azureFile.enabled }} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + annotations: + {{- if $values.azure.azureFile.enabled }} + {{- toYaml $values.azure.azureFile.annotations | nindent 4 }} + {{- end }} + name: {{ $fullName }}-{{ $v }} +spec: + accessModes: + - {{ $values.azure.azureFile.accessMode }} + resources: + requests: + storage: {{ $values.azure.azureFile.size }} + {{- if not $values.azure.azureFile.disableVolumeName }} + volumeName: {{ $fullName }}-{{ $v }} + {{- end }} + {{- if $values.azure.storageClass.create }} + storageClassName: {{ $fullName }}-csi-azure + {{- else if eq "-" $values.azure.azureFile.storageClass }} + storageClassName: "" + {{- else if $values.azure.azureFile.storageClass }} + storageClassName: "{{ $values.azure.azureFile.storageClass }}" + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/drupal/templates/pvc/csi-azure-shared-disk.yaml b/charts/drupal/templates/pvc/csi-azure-shared-disk.yaml new file mode 100644 index 00000000..e7b6134d --- /dev/null +++ b/charts/drupal/templates/pvc/csi-azure-shared-disk.yaml @@ -0,0 +1,36 @@ +{{- $name := include "drupal.name" . -}} +{{- $fullName := include "drupal.fullname" . -}} +{{- $chartName := include "drupal.chart" . -}} +{{- $chart := .Chart }} +{{- $release := .Release }} +{{- $values := .Values }} +{{- $ctx := . }} +{{- range $k, $v := .Values.azure.sharedDisk.folders }} +{{- if $values.azure.sharedDisk.enabled }} +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + annotations: + {{- if $values.azure.azureFile.enabled }} + {{- toYaml $values.azure.azureFile.annotations | nindent 4 }} + {{- end }} + name: {{ $fullName }}-{{ $v }} +spec: + accessModes: + - {{ $values.azure.sharedDisk.accessMode }} + resources: + requests: + storage: {{ $values.azure.sharedDisk.size }} + {{- if not $values.azure.sharedDisk.disableVolumeName }} + volumeName: {{ $fullName }}-{{ $v }} + {{- end }} + {{- if $values.azure.storageClass.create }} + storageClassName: {{ $fullName }}-csi-azure + {{- else if eq "-" $values.azure.sharedDisk.storageClass }} + storageClassName: "" + {{- else if $values.azure.sharedDisk.storageClass }} + storageClassName: "{{ $values.azure.sharedDisk.storageClass }}" + {{- end }} +{{- end }} +{{- end }} diff --git a/drupal/templates/pvc/drupal.yaml b/charts/drupal/templates/pvc/drupal.yaml similarity index 74% rename from drupal/templates/pvc/drupal.yaml rename to charts/drupal/templates/pvc/drupal.yaml index 9a3421df..a59455db 100644 --- a/drupal/templates/pvc/drupal.yaml +++ b/charts/drupal/templates/pvc/drupal.yaml @@ -2,10 +2,10 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: -{{- if .Values.drupal.persistence.annotations }} + {{- if .Values.drupal.persistence.annotations }} annotations: -{{ toYaml .Values.drupal.persistence.annotations | indent 4 }} -{{- end }} + {{- toYaml .Values.drupal.persistence.annotations | nindent 4 }} + {{- end }} name: {{ include "drupal.fullname" . }}-drupal labels: app.kubernetes.io/name: {{ include "drupal.name" . }}-drupal @@ -21,11 +21,11 @@ spec: {{- if .Values.drupal.persistence.iops }} iops: {{ .Values.drupal.persistence.iops | quote }} {{- end }} -{{- if .Values.drupal.persistence.storageClass }} -{{- if (eq "-" .Values.drupal.persistence.storageClass) }} + {{- if .Values.drupal.persistence.storageClass }} + {{- if (eq "-" .Values.drupal.persistence.storageClass) }} storageClassName: "" -{{- else }} + {{- else }} storageClassName: "{{ .Values.drupal.persistence.storageClass }}" -{{- end }} -{{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/drupal/templates/sa/drupal.yaml b/charts/drupal/templates/sa/drupal.yaml new file mode 100644 index 00000000..aff4dd46 --- /dev/null +++ b/charts/drupal/templates/sa/drupal.yaml @@ -0,0 +1,12 @@ +{{- if .Values.drupal.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "drupal.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "drupal.name" . }} + helm.sh/chart: {{ include "drupal.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +automountServiceAccountToken: {{ .Values.drupal.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/drupal/templates/secret/drupal.yaml b/charts/drupal/templates/secret/drupal.yaml similarity index 93% rename from drupal/templates/secret/drupal.yaml rename to charts/drupal/templates/secret/drupal.yaml index 2251febe..99bad0d6 100644 --- a/drupal/templates/secret/drupal.yaml +++ b/charts/drupal/templates/secret/drupal.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.drupal.usePasswordFiles }} apiVersion: v1 kind: Secret metadata: @@ -22,3 +23,4 @@ data: {{ if .Values.external.enabled }} databasePassword: {{ .Values.external.password | b64enc | quote }} {{ end }} +{{- end }} diff --git a/drupal/templates/secret/pgbouncer.yaml b/charts/drupal/templates/secret/pgbouncer.yaml similarity index 100% rename from drupal/templates/secret/pgbouncer.yaml rename to charts/drupal/templates/secret/pgbouncer.yaml diff --git a/drupal/templates/secret/proxysql.yaml b/charts/drupal/templates/secret/proxysql.yaml similarity index 100% rename from drupal/templates/secret/proxysql.yaml rename to charts/drupal/templates/secret/proxysql.yaml diff --git a/drupal/templates/secret/ssmtp.yaml b/charts/drupal/templates/secret/ssmtp.yaml similarity index 100% rename from drupal/templates/secret/ssmtp.yaml rename to charts/drupal/templates/secret/ssmtp.yaml diff --git a/drupal/templates/storageclass/csi-azure.yaml b/charts/drupal/templates/storageclass/csi-azure.yaml similarity index 100% rename from drupal/templates/storageclass/csi-azure.yaml rename to charts/drupal/templates/storageclass/csi-azure.yaml diff --git a/drupal/templates/svc/drupal.yaml b/charts/drupal/templates/svc/drupal.yaml similarity index 92% rename from drupal/templates/svc/drupal.yaml rename to charts/drupal/templates/svc/drupal.yaml index 6df804aa..37f1c2c6 100644 --- a/drupal/templates/svc/drupal.yaml +++ b/charts/drupal/templates/svc/drupal.yaml @@ -16,4 +16,4 @@ spec: app.kubernetes.io/name: {{ include "drupal.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} tier: drupal - type: {{ .Values.drupal.serviceType }} + type: {{ .Values.drupal.serviceType }} diff --git a/drupal/templates/svc/nginx.yaml b/charts/drupal/templates/svc/nginx.yaml similarity index 97% rename from drupal/templates/svc/nginx.yaml rename to charts/drupal/templates/svc/nginx.yaml index 16cfcd84..8429fae9 100644 --- a/drupal/templates/svc/nginx.yaml +++ b/charts/drupal/templates/svc/nginx.yaml @@ -10,7 +10,7 @@ metadata: spec: ports: - name: http - port: 80 + port: 8080 targetPort: http - name: https port: 443 diff --git a/drupal/values-example-csi-azure.yaml b/charts/drupal/values-example-csi-azure.yaml similarity index 99% rename from drupal/values-example-csi-azure.yaml rename to charts/drupal/values-example-csi-azure.yaml index 92bae7c6..d2d16ce9 100644 --- a/drupal/values-example-csi-azure.yaml +++ b/charts/drupal/values-example-csi-azure.yaml @@ -59,7 +59,7 @@ drupal: cacheRebuildBeforeDatabaseMigration: true # Run extra install scripts - # extraInstallScripts: |- + # postInstallScripts: |- # ## Extra settings.php settings @@ -71,7 +71,7 @@ drupal: $settings['file_temp_path'] = '/drupal-tmp'; $config['config_split.config_split.dev']['status'] = TRUE; - extraUpgradeScripts: |- + postUpgradeScripts: |- drush config:import --yes # Restore Drupal automatically diff --git a/drupal/values-example-single-node.yaml b/charts/drupal/values-example-single-node.yaml similarity index 100% rename from drupal/values-example-single-node.yaml rename to charts/drupal/values-example-single-node.yaml diff --git a/drupal/values.yaml b/charts/drupal/values.yaml similarity index 90% rename from drupal/values.yaml rename to charts/drupal/values.yaml index 17b48b08..f4523833 100644 --- a/drupal/values.yaml +++ b/charts/drupal/values.yaml @@ -15,6 +15,15 @@ ingress: # hosts: # - chart-example.local +extraEnvVars: [] + +netpol: + enabled: false + openshift: + enabled: false + +## Configuration values for the Drupal chart +## ref: https://github.com/drupalwxt/helm-drupal/blob/master/README.md drupal: ## Drupal image version ## ref: https://hub.docker.com/drupalwxt/site-wxt/tags/ @@ -38,11 +47,15 @@ drupal: replicas: 1 - # PHP configuration php: ini: {} # max_execution_time: 300 + fpm: |- + pm.max_children = 50 + pm.start_servers = 5 + pm.min_spare_servers = 5 + pm.max_spare_servers = 35 ## User of the application ## @@ -64,7 +77,7 @@ drupal: # Default WxT Library theme (only used if install and/or reconfigure are enabled) # Common options include: theme-wet-boew, theme-gcweb-legacy, theme-gcweb, ... - wxtTheme: theme-gcweb + theme: theme-gcweb ## Version of the application ## @@ -101,12 +114,22 @@ drupal: ## Extra CLI scripts ## - extraInstallScripts: '' + preInstallScripts: '' + # |- + # drush config-set system.performance js.preprocess 0 -y; + # drush config-set system.performance css.preprocess 0 -y; + + postInstallScripts: '' + # |- + # drush config-set system.performance js.preprocess 0 -y; + # drush config-set system.performance css.preprocess 0 -y; + + preUpgradeScripts: '' # |- # drush config-set system.performance js.preprocess 0 -y; # drush config-set system.performance css.preprocess 0 -y; - extraUpgradeScripts: '' + postUpgradeScripts: '' # |- # drush config-set system.performance js.preprocess 0 -y; # drush config-set system.performance css.preprocess 0 -y; @@ -142,9 +165,6 @@ drupal: cacheRebuildBeforeDatabaseMigration: true updateDBBeforeDatabaseMigration: true - # Run WxT specific commands - wxtUpdate: false - # Restrict how many attempt install and/or reconfigure jobs will try in case of failure. Default is 6. # backoffLimitInstall: 1 # backoffLimitReconfigure: 1 @@ -162,6 +182,14 @@ drupal: # Defaults to once an hour schedule: '0 * * * *' + preInstallScripts: '' + # |- + # drush config-set system.performance js.preprocess 0 -y; + # drush config-set system.performance css.preprocess 0 -y; + + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 + additionalCrons: {} # example: # # Run at midnight UTC @@ -245,10 +273,10 @@ drupal: # name: nothing # readOnly: true - securityContext: - fsGroup: 82 - runAsUser: 82 - runAsGroup: 82 + securityContext: {} + # fsGroup: 82 + # runAsUser: 82 + # runAsGroup: 82 smtp: host: mail @@ -281,6 +309,24 @@ drupal: volumePermissions: enabled: false + ## Drupal pods ServiceAccount + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param serviceAccount.create Enable the creation of a ServiceAccount for Drupal pods + ## + create: true + ## @param serviceAccount.name Name of the created ServiceAccount + ## If not set and create is true, a name is generated using the drupal.fullname template + ## + name: "" + ## @param serviceAccount.annotations Annotations for Drupal Service Account + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: true + # Set an initContainers manually # initContainers: # - name: set-volume-permissions @@ -317,6 +363,12 @@ drupal: targetCPUUtilizationPercentage: 50 targetMemoryUtilizationPercentage: 50 + command: [] + + args: [] + +## Configuration values for the Drupal chart +## ref: https://github.com/drupalwxt/helm-drupal/blob/master/README.md nginx: ## Nginx image version ## ref: https://hub.docker.com/drupalwxt/site-wxt/tags/ @@ -353,14 +405,21 @@ nginx: # name: nothing # readOnly: true - securityContext: - enabled: true - fsGroup: 33 + securityContext: {} + # fsGroup: 33 gzip: true client_max_body_size: 20m real_ip_header: X-Forwarded-For + resources: {} + # requests: + # memory: "200Mi" + # cpu: "250m" + # limits: + # memory: "500Mi" + # cpu: "400m" + # Example of using both toleration and nodeSelector to deploy nginx on an AKS Spot instance # node pool: tolerations: [] @@ -403,6 +462,7 @@ azure: # Azure File logic azureFile: enabled: false + folders: ["backup", "private", "public", "tmp"] # Uncomment next line if you want to disable specifying a volume name on the public and private PVCs # disableVolumeName: true @@ -526,6 +586,7 @@ azure: # Shared Disk logic sharedDisk: enabled: false + folders: ["private", "public"] # Uncomment next line if you want to disable specifying a volume name on the public and private PVCs # disableVolumeName: true @@ -610,6 +671,7 @@ mysql: slow_query_log=0 slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log long_query_time=10.0 + transaction_isolation="READ-COMMITTED" max_allowed_packet = 256M innodb_buffer_pool_size = 4096M @@ -617,11 +679,13 @@ mysql: table_definition_cache = 4096 table_open_cache = 8192 innodb_flush_log_at_trx_commit=2 + [client] port=3306 socket=/opt/bitnami/mysql/tmp/mysql.sock default-character-set=UTF8 plugin_dir=/opt/bitnami/mysql/lib/plugin + [manager] port=3306 socket=/opt/bitnami/mysql/tmp/mysql.sock @@ -707,8 +771,23 @@ redis: # Disable RDB persistence. save "" +## Configuration values for the Solr dependency sub-chart +## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/README.md +solr: + enabled: false + image: + registry: docker.io + repository: bitnami/solr + tag: 9.2.1-debian-11-r16 + cloudEnabled: false + cloudBootstrap: false + zookeeper: + enabled: false + replicaCount: 1 + collectionReplicas: 1 + ## Configuration values for the Varnish dependency sub-chart -## ref: https://github.com/StatCan/charts/blob/master/stable/varnish/README.md +## ref: https://github.com/statcan/charts/blob/master/stable/varnish/README.md varnish: enabled: false varnishd: @@ -748,7 +827,7 @@ varnish: backend nginx { .host = "{{ include "backend.fullname" . }}-nginx"; .host_header = "{{ include "backend.fullname" . }}-nginx"; - .port = "80"; + .port = "8080"; } sub vcl_init { @@ -947,3 +1026,6 @@ varnish: # synthetic(std.fileread("/data/configuration/varnish/errors/503.html")); # return (deliver); # } + +solr: + enabled: false diff --git a/solr/.helmignore b/charts/solr/.helmignore similarity index 100% rename from solr/.helmignore rename to charts/solr/.helmignore diff --git a/solr/Chart.yaml b/charts/solr/Chart.yaml similarity index 100% rename from solr/Chart.yaml rename to charts/solr/Chart.yaml diff --git a/solr/README.md b/charts/solr/README.md similarity index 100% rename from solr/README.md rename to charts/solr/README.md diff --git a/drupal7/charts/.gitkeep b/charts/solr/charts/.gitkeep similarity index 100% rename from drupal7/charts/.gitkeep rename to charts/solr/charts/.gitkeep diff --git a/solr/templates/NOTES.txt b/charts/solr/templates/NOTES.txt similarity index 100% rename from solr/templates/NOTES.txt rename to charts/solr/templates/NOTES.txt diff --git a/solr/templates/_helpers.tpl b/charts/solr/templates/_helpers.tpl similarity index 100% rename from solr/templates/_helpers.tpl rename to charts/solr/templates/_helpers.tpl diff --git a/solr/templates/dr/solr.yaml b/charts/solr/templates/dr/solr.yaml similarity index 100% rename from solr/templates/dr/solr.yaml rename to charts/solr/templates/dr/solr.yaml diff --git a/solr/templates/ing/solr.yaml b/charts/solr/templates/ing/solr.yaml similarity index 100% rename from solr/templates/ing/solr.yaml rename to charts/solr/templates/ing/solr.yaml diff --git a/solr/templates/solrcloud/solr.yaml b/charts/solr/templates/solrcloud/solr.yaml similarity index 100% rename from solr/templates/solrcloud/solr.yaml rename to charts/solr/templates/solrcloud/solr.yaml diff --git a/solr/values.yaml b/charts/solr/values.yaml similarity index 100% rename from solr/values.yaml rename to charts/solr/values.yaml diff --git a/drupal7/.helmignore b/charts/varnish/.helmignore similarity index 97% rename from drupal7/.helmignore rename to charts/varnish/.helmignore index f0c13194..50af0317 100644 --- a/drupal7/.helmignore +++ b/charts/varnish/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +.vscode/ diff --git a/charts/varnish/Chart.yaml b/charts/varnish/Chart.yaml new file mode 100644 index 00000000..bc51e0d3 --- /dev/null +++ b/charts/varnish/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +type: application +description: A Helm chart for using Varnish. +name: varnish +version: 0.2.5 +appVersion: 6.6.0 +home: https://www.varnish-software.com +sources: +- https://github.com/varnish +maintainers: +- name: sylus + email: william.hearn@canada.ca +- name: zachomedia + email: zachary.seguin@canada.ca +engine: gotpl diff --git a/charts/varnish/README.md b/charts/varnish/README.md new file mode 100644 index 00000000..7c7e0a08 --- /dev/null +++ b/charts/varnish/README.md @@ -0,0 +1,14 @@ +# Varnish Helm Chart + +This chart installs a Varnish deamon which can be used as a proxy to cache static web resources. + +## Prerequisites Details + +* Kubernetes 1.8+ + +## Chart Details + +This chart will do the following: + +* Kubernetes Deployment +* ConfigMap with `default.vcl` for configuration of Varnish diff --git a/charts/varnish/templates/NOTES.txt b/charts/varnish/templates/NOTES.txt new file mode 100644 index 00000000..d70b3212 --- /dev/null +++ b/charts/varnish/templates/NOTES.txt @@ -0,0 +1,2 @@ + +Point your Ingress Controller to the {{ include "varnish.fullname" . }} service diff --git a/drupal/templates/_helpers.tpl b/charts/varnish/templates/_helpers.tpl similarity index 62% rename from drupal/templates/_helpers.tpl rename to charts/varnish/templates/_helpers.tpl index 474f42c1..30c20f12 100644 --- a/drupal/templates/_helpers.tpl +++ b/charts/varnish/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "drupal.name" -}} +{{- define "varnish.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "drupal.fullname" -}} +{{- define "varnish.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -25,22 +25,21 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. +Create chart name and version as used by the chart label. */}} -{{- define "backend.fullname" -}} -{{- $name := default "drupal" .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- define "varnish.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* -Create chart name and version as used by the chart label. +Common labels */}} -{{- define "drupal.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- define "varnish.labels" -}} +app.kubernetes.io/name: {{ include "varnish.name" . }} +helm.sh/chart: {{ include "varnish.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} diff --git a/charts/varnish/templates/configmap/varnish.yaml b/charts/varnish/templates/configmap/varnish.yaml new file mode 100644 index 00000000..68640705 --- /dev/null +++ b/charts/varnish/templates/configmap/varnish.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "varnish.fullname" . }}" + labels: +{{ include "varnish.labels" . | indent 4 }} +data: +{{- if .Values.varnishConfigContent }} + default.vcl: | +{{ tpl .Values.varnishConfigContent . | indent 4 }} +{{- else }} + default.vcl: | + vcl 4.0; + + # Varnish configuration was not provided to the helm chart. + # Please provide `varnishConfigContent` + + backend placeholder { + .host = "localhost"; + .port = "80"; + } + + sub vcl_recv { + return (synth(700, "Service Unavailable")); + } + + sub vcl_synth { + set resp.status = 503; + return (deliver); + } + +{{- end }} diff --git a/charts/varnish/templates/deploy/varnish.yaml b/charts/varnish/templates/deploy/varnish.yaml new file mode 100644 index 00000000..256eccea --- /dev/null +++ b/charts/varnish/templates/deploy/varnish.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "varnish.fullname" . }} + labels: +{{ include "varnish.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "varnish.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "varnish.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + annotations: +{{- if .Values.annotations }} +{{ toYaml .Values.annotations | indent 8 }} +{{- end }} + checksum/config: {{ include (print $.Template.BasePath "/configmap/varnish.yaml") . | sha256sum }} +{{- if .Values.admin.enabled }} + checksum/secret: {{ include (print $.Template.BasePath "/secret/varnish.yaml") . | sha256sum }} +{{- end }} + spec: +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 6 }} +{{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.varnishd.image }}:{{ default .Chart.AppVersion .Values.varnishd.tag }}" + imagePullPolicy: {{ .Values.varnishd.pullPolicy }} + command: + - varnishd + - -F + - -f + - /etc/varnish/default.vcl + - -a + - http=:{{ .Values.service.port }},HTTP +{{- if .Values.admin.enabled }} + - -T + - 0.0.0.0:{{ .Values.admin.port }} + - -S + - /etc/varnish/secret +{{- end }} + - -p + - feature=+http2 + - -s + - malloc,{{ .Values.memorySize }} + - -n + - /tmp/varnish_workdir + volumeMounts: + - name: varnish-config + mountPath: /etc/varnish/default.vcl + subPath: default.vcl +{{- if .Values.admin.enabled }} + - name: varnish-secret + mountPath: /etc/varnish/secret + subPath: secret +{{- end }} +{{- if .Values.volumeMounts }} +{{ toYaml .Values.volumeMounts | indent 12 }} +{{- end }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP +{{- if .Values.admin.enabled }} + - name: tcp-admin + containerPort: {{ .Values.admin.port }} + protocol: TCP +{{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.varnishd.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: varnish-config + configMap: + name: "{{ include "varnish.fullname" . }}" +{{- if .Values.volumes }} +{{ toYaml .Values.volumes | indent 6 }} +{{- end }} +{{- if .Values.admin.enabled }} + - name: varnish-secret + secret: + secretName: {{ include "varnish.fullname" . }} +{{- end }} diff --git a/charts/varnish/templates/dr/varnish.yaml b/charts/varnish/templates/dr/varnish.yaml new file mode 100755 index 00000000..218cd26f --- /dev/null +++ b/charts/varnish/templates/dr/varnish.yaml @@ -0,0 +1,13 @@ +{{- if .Values.destinationRule.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ include "varnish.fullname" . }} + labels: +{{ include "varnish.labels" . | indent 4 }} +spec: + host: "{{ template "varnish.fullname" . }}.{{ .Release.Namespace }}.svc.{{ default "cluster.local" .Values.clusterDomain }}" + trafficPolicy: + tls: + mode: "{{ default "DISABLE" .Values.destinationRule.mode }}" +{{- end }} diff --git a/charts/varnish/templates/secret/varnish.yaml b/charts/varnish/templates/secret/varnish.yaml new file mode 100644 index 00000000..d911da15 --- /dev/null +++ b/charts/varnish/templates/secret/varnish.yaml @@ -0,0 +1,15 @@ +{{- if .Values.admin.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "varnish.fullname" . }} + labels: +{{ include "varnish.labels" . | indent 4 }} +type: Opaque +data: + {{- if .Values.admin.secret }} + secret: {{ .Values.admin.secret | b64enc }} + {{- else }} + secret: {{ randAlphaNum 20 | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/varnish/templates/svc/varnish-headless.yaml b/charts/varnish/templates/svc/varnish-headless.yaml new file mode 100644 index 00000000..a65b7c4e --- /dev/null +++ b/charts/varnish/templates/svc/varnish-headless.yaml @@ -0,0 +1,18 @@ +{{- if .Values.admin.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "varnish.fullname" . }}-admin + labels: +{{ include "varnish.labels" . | indent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tcp-admin + port: {{ .Values.admin.port }} + protocol: TCP + selector: + app.kubernetes.io/name: {{ include "varnish.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/varnish/templates/svc/varnish.yaml b/charts/varnish/templates/svc/varnish.yaml new file mode 100644 index 00000000..a2b2ad00 --- /dev/null +++ b/charts/varnish/templates/svc/varnish.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "varnish.fullname" . }} + labels: +{{ include "varnish.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: http + port: {{ .Values.service.port }} + protocol: TCP + selector: + app.kubernetes.io/name: {{ include "varnish.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/varnish/values.yaml b/charts/varnish/values.yaml new file mode 100644 index 00000000..6b0b4152 --- /dev/null +++ b/charts/varnish/values.yaml @@ -0,0 +1,86 @@ +# Default values for varnish. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +varnishd: + ## Varnish image version + ## ref: https://hub.docker.com/_/varnish?tab=tags + ## + image: varnish + + ## Note that by default we use appVersion to get image tag + # tag: 6.4.0 + + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + ## + # imagePullSecrets: + # - name: myRegistryKeySecretName + + ## Specify a imagePullPolicy + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + imagePullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +# annotations: {} + +destinationRule: + enabled: false + mode: DISABLE + +# Varnish port +service: + type: ClusterIP + port: 80 + +# The size of the Varnish memory +# (e.g., 100M, 1G) +memorySize: 100M + +# Admin +admin: + enable: false + port: 6082 + + # Set admin secret + # (when unset, a random value is generated and should be copied from the secret into your values) + # secret: replaceme + +# Use this property to override the default content with +# the --set-file option: helm install --set-file varnishConfigContent=varnish.vcl +# varnishConfigContent: + +# volumes: +# - name: example-cron-disk +# azureFile: +# shareName: '' +# secretName: '' + +# volumeMounts: +# - name: example-cron-disk +# mountPath: /path/to/folder +# readOnly: true + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/docs/diagram-drupal.pdf b/docs/diagram-drupal.pdf index 4ccfbb24..10693dae 100644 Binary files a/docs/diagram-drupal.pdf and b/docs/diagram-drupal.pdf differ diff --git a/drupal/Chart.lock b/drupal/Chart.lock deleted file mode 100644 index 146a3f38..00000000 --- a/drupal/Chart.lock +++ /dev/null @@ -1,15 +0,0 @@ -dependencies: -- name: mysql - repository: https://charts.bitnami.com/bitnami - version: 9.1.7 -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 11.6.6 -- name: redis - repository: https://charts.bitnami.com/bitnami - version: 16.13.2 -- name: varnish - repository: https://statcan.github.io/charts - version: 0.2.2 -digest: sha256:eff9b22832514728f66d261ff5cac8a31b399b52171bf06c821fdf5fca3f7fb3 -generated: "2023-01-16T08:09:32.964366-05:00" diff --git a/drupal/charts/varnish-0.2.2.tgz b/drupal/charts/varnish-0.2.2.tgz deleted file mode 100644 index b541c5b2..00000000 Binary files a/drupal/charts/varnish-0.2.2.tgz and /dev/null differ diff --git a/drupal/conf/settings.d8.php b/drupal/conf/settings.d8.php deleted file mode 100644 index 659027d8..00000000 --- a/drupal/conf/settings.d8.php +++ /dev/null @@ -1,970 +0,0 @@ - 'databasename', -* 'username' => 'sqlusername', -* 'password' => 'sqlpassword', -* 'host' => 'localhost', -* 'port' => '3306', -* 'driver' => 'mysql', -* 'prefix' => '', -* 'collation' => 'utf8mb4_general_ci', -* ); -* @endcode -*/ - -{{- if .Values.external.enabled }} -$databases['default']['default'] = array ( - 'database' => {{ .Values.external.database | quote }}, - 'username' => {{ .Values.external.user | quote }}, - 'password' => getenv('EXTERNAL_PASSWORD') ?: '', - {{- if .Values.proxysql.enabled }} - 'host' => '127.0.0.1', - {{- else if .Values.postgresql.enabled }} - 'host' => 'localhost', - {{- else }} - 'host' => {{ .Values.external.host | quote }}, - {{- end }} - 'port' => {{ .Values.external.port }}, - 'prefix' => '', - 'namespace' => 'Drupal\Core\Database\Driver\{{ .Values.external.driver }}', - 'driver' => '{{ .Values.external.driver }}', - {{- if .Values.external.initCommands }} - 'init_commands' => array ( - {{- range .Values.external.initCommands }} - {{- range $key, $value := . }} - '{{ $key }}' => {{ $value | quote }}, - {{- end }} - {{- end }} - ), - {{- end }} - {{- if .Values.external.pdo }} - 'pdo' => array ( - {{- range .Values.external.pdo }} - {{- range $key, $value := . }} - {{ $key }} => {{ $value | quote }}, - {{- end }} - {{- end }} - ), - {{- end }} -); -{{- else if .Values.mysql.enabled }} -$databases['default']['default'] = array ( - 'database' => {{ .Values.mysql.auth.database | quote }}, - 'username' => {{ .Values.mysql.auth.username | quote }}, - 'password' => getenv('MYSQL_PASSWORD') ?: '', - {{- if .Values.proxysql.enabled }} - 'host' => '127.0.0.1', - {{- else }} - 'host' => '{{ .Release.Name }}-mysql', - {{- end }} - 'port' => {{ .Values.mysql.primary.service.ports.mysql | quote }}, - 'prefix' => '', - 'namespace' => 'Drupal\Core\Database\Driver\mysql', - 'driver' => 'mysql', -); -{{- else if .Values.postgresql.enabled }} -$databases['default']['default'] = array ( - 'database' => {{ .Values.postgresql.auth.database | quote }}, - 'username' => {{ .Values.postgresql.auth.username | quote }}, - 'password' => getenv('POSTGRES_PASSWORD') ?: '', - {{- if .Values.pgbouncer.enabled }} - 'host' => 'localhost', - {{- else }} - 'host' => '{{ .Release.Name }}-postgresql', - {{- end }} - 'port' => {{ .Values.postgresql.primary.service.ports.postgresql | quote }}, - 'prefix' => '', - 'namespace' => 'Drupal\Core\Database\Driver\pgsql', - 'driver' => 'pgsql', -); -{{- end }} - -/** -* Customizing database settings. -* -* Many of the values of the $databases array can be customized for your -* particular database system. Refer to the sample in the section above as a -* starting point. -* -* The "driver" property indicates what Drupal database driver the -* connection should use. This is usually the same as the name of the -* database type, such as mysql or sqlite, but not always. The other -* properties will vary depending on the driver. For SQLite, you must -* specify a database file name in a directory that is writable by the -* webserver. For most other drivers, you must specify a -* username, password, host, and database name. -* -* Transaction support is enabled by default for all drivers that support it, -* including MySQL. To explicitly disable it, set the 'transactions' key to -* FALSE. -* Note that some configurations of MySQL, such as the MyISAM engine, don't -* support it and will proceed silently even if enabled. If you experience -* transaction related crashes with such configuration, set the 'transactions' -* key to FALSE. -* -* For each database, you may optionally specify multiple "target" databases. -* A target database allows Drupal to try to send certain queries to a -* different database if it can but fall back to the default connection if not. -* That is useful for primary/replica replication, as Drupal may try to connect -* to a replica server when appropriate and if one is not available will simply -* fall back to the single primary server (The terms primary/replica are -* traditionally referred to as master/slave in database server documentation). -* -* The general format for the $databases array is as follows: -* @code -* $databases['default']['default'] = $info_array; -* $databases['default']['replica'][] = $info_array; -* $databases['default']['replica'][] = $info_array; -* $databases['extra']['default'] = $info_array; -* @endcode -* -* In the above example, $info_array is an array of settings described above. -* The first line sets a "default" database that has one primary database -* (the second level default). The second and third lines create an array -* of potential replica databases. Drupal will select one at random for a given -* request as needed. The fourth line creates a new database with a name of -* "extra". -* -* You can optionally set prefixes for some or all database table names -* by using the 'prefix' setting. If a prefix is specified, the table -* name will be prepended with its value. Be sure to use valid database -* characters only, usually alphanumeric and underscore. If no prefixes -* are desired, leave it as an empty string ''. -* -* To have all database names prefixed, set 'prefix' as a string: -* @code -* 'prefix' => 'main_', -* @endcode -* To provide prefixes for specific tables, set 'prefix' as an array. -* The array's keys are the table names and the values are the prefixes. -* The 'default' element is mandatory and holds the prefix for any tables -* not specified elsewhere in the array. Example: -* @code -* 'prefix' => array( -* 'default' => 'main_', -* 'users' => 'shared_', -* 'sessions' => 'shared_', -* 'role' => 'shared_', -* 'authmap' => 'shared_', -* ), -* @endcode -* You can also use a reference to a schema/database as a prefix. This may be -* useful if your Drupal installation exists in a schema that is not the default -* or you want to access several databases from the same code base at the same -* time. -* Example: -* @code -* 'prefix' => array( -* 'default' => 'main.', -* 'users' => 'shared.', -* 'sessions' => 'shared.', -* 'role' => 'shared.', -* 'authmap' => 'shared.', -* ); -* @endcode -* NOTE: MySQL and SQLite's definition of a schema is a database. -* -* Advanced users can add or override initial commands to execute when -* connecting to the database server, as well as PDO connection settings. For -* example, to enable MySQL SELECT queries to exceed the max_join_size system -* variable, and to reduce the database connection timeout to 5 seconds: -* @code -* $databases['default']['default'] = array( -* 'init_commands' => array( -* 'big_selects' => 'SET SQL_BIG_SELECTS=1', -* ), -* 'pdo' => array( -* PDO::ATTR_TIMEOUT => 5, -* ), -* ); -* @endcode -* -* WARNING: The above defaults are designed for database portability. Changing -* them may cause unexpected behavior, including potential data loss. See -* https://www.drupal.org/developing/api/database/configuration for more -* information on these defaults and the potential issues. -* -* More details can be found in the constructor methods for each driver: -* - \Drupal\Core\Database\Driver\mysql\Connection::__construct() -* - \Drupal\Core\Database\Driver\pgsql\Connection::__construct() -* - \Drupal\Core\Database\Driver\sqlite\Connection::__construct() -* -* Sample Database configuration format for PostgreSQL (pgsql): -* @code -* $databases['default']['default'] = array( -* 'driver' => 'pgsql', -* 'database' => 'databasename', -* 'username' => 'sqlusername', -* 'password' => 'sqlpassword', -* 'host' => 'localhost', -* 'prefix' => '', -* ); -* @endcode -* -* Sample Database configuration format for SQLite (sqlite): -* @code -* $databases['default']['default'] = array( -* 'driver' => 'sqlite', -* 'database' => '/path/to/databasefilename', -* ); -* @endcode -*/ - -/** -* Location of the site configuration files. -* -* The $config_directories array specifies the location of file system -* directories used for configuration data. On install, the "sync" directory is -* created. This is used for configuration imports. The "active" directory is -* not created by default since the default storage for active configuration is -* the database rather than the file system. (This can be changed. See "Active -* configuration settings" below). -* -* The default location for the "sync" directory is inside a randomly-named -* directory in the public files path. The setting below allows you to override -* the "sync" location. -* -* If you use files for the "active" configuration, you can tell the -* Configuration system where this directory is located by adding an entry with -* array key CONFIG_ACTIVE_DIRECTORY. -* -* Example: -* @code -* $config_directories = array( -* CONFIG_SYNC_DIRECTORY => '/directory/outside/webroot', -* ); -* @endcode -*/ -$config_directories = array(); - -/** -* Settings: -* -* $settings contains environment-specific configuration, such as the files -* directory and reverse proxy address, and temporary configuration, such as -* security overrides. -* -* @see \Drupal\Core\Site\Settings::get() -*/ - -/** -* The active installation profile. -* -* Changing this after installation is not recommended as it changes which -* directories are scanned during extension discovery. If this is set prior to -* installation this value will be rewritten according to the profile selected -* by the user. -* -* @see install_select_profile() -*/ -# $settings['install_profile'] = ''; - -/** -* Salt for one-time login links, cancel links, form tokens, etc. -* -* This variable will be set to a random value by the installer. All one-time -* login links will be invalidated if the value is changed. Note that if your -* site is deployed on a cluster of web servers, you must ensure that this -* variable has the same value on each server. -* -* For enhanced security, you may set this variable to the contents of a file -* outside your document root; you should also ensure that this file is not -* stored with backups of your database. -* -* Example: -* @code -* $settings['hash_salt'] = file_get_contents('/home/example/salt.txt'); -* @endcode -*/ -$settings['hash_salt'] = 'default'; - -/** -* Deployment identifier. -* -* Drupal's dependency injection container will be automatically invalidated and -* rebuilt when the Drupal core version changes. When updating contributed or -* custom code that changes the container, changing this identifier will also -* allow the container to be invalidated as soon as code is deployed. -*/ -# $settings['deployment_identifier'] = \Drupal::VERSION; - -/** -* Access control for update.php script. -* -* If you are updating your Drupal installation using the update.php script but -* are not logged in using either an account with the "Administer software -* updates" permission or the site maintenance account (the account that was -* created during installation), you will need to modify the access check -* statement below. Change the FALSE to a TRUE to disable the access check. -* After finishing the upgrade, be sure to open this file again and change the -* TRUE back to a FALSE! -*/ -$settings['update_free_access'] = FALSE; - -/** -* External access proxy settings: -* -* If your site must access the Internet via a web proxy then you can enter the -* proxy settings here. Set the full URL of the proxy, including the port, in -* variables: -* - $settings['http_client_config']['proxy']['http']: The proxy URL for HTTP -* requests. -* - $settings['http_client_config']['proxy']['https']: The proxy URL for HTTPS -* requests. -* You can pass in the user name and password for basic authentication in the -* URLs in these settings. -* -* You can also define an array of host names that can be accessed directly, -* bypassing the proxy, in $settings['http_client_config']['proxy']['no']. -* -* If these settings are not configured, the system environment variables -* HTTP_PROXY, HTTPS_PROXY, and NO_PROXY on the web server will be used instead. -*/ -# $settings['http_client_config']['proxy']['http'] = 'http://proxy_user:proxy_pass@example.com:8080'; -# $settings['http_client_config']['proxy']['https'] = 'http://proxy_user:proxy_pass@example.com:8080'; -# $settings['http_client_config']['proxy']['no'] = ['127.0.0.1', 'localhost']; - -/** -* Reverse Proxy Configuration: -* -* Reverse proxy servers are often used to enhance the performance -* of heavily visited sites and may also provide other site caching, -* security, or encryption benefits. In an environment where Drupal -* is behind a reverse proxy, the real IP address of the client should -* be determined such that the correct client IP address is available -* to Drupal's logging, statistics, and access management systems. In -* the most simple scenario, the proxy server will add an -* X-Forwarded-For header to the request that contains the client IP -* address. However, HTTP headers are vulnerable to spoofing, where a -* malicious client could bypass restrictions by setting the -* X-Forwarded-For header directly. Therefore, Drupal's proxy -* configuration requires the IP addresses of all remote proxies to be -* specified in $settings['reverse_proxy_addresses'] to work correctly. -* -* Enable this setting to get Drupal to determine the client IP from -* the X-Forwarded-For header (or $settings['reverse_proxy_header'] if set). -* If you are unsure about this setting, do not have a reverse proxy, -* or Drupal operates in a shared hosting environment, this setting -* should remain commented out. -* -* In order for this setting to be used you must specify every possible -* reverse proxy IP address in $settings['reverse_proxy_addresses']. -* If a complete list of reverse proxies is not available in your -* environment (for example, if you use a CDN) you may set the -* $_SERVER['REMOTE_ADDR'] variable directly in settings.php. -* Be aware, however, that it is likely that this would allow IP -* address spoofing unless more advanced precautions are taken. -*/ -$settings['reverse_proxy'] = TRUE; - -/** -* Specify every reverse proxy IP address in your environment. -* This setting is required if $settings['reverse_proxy'] is TRUE. -*/ -$settings['reverse_proxy_addresses'] = array('0.0.0.0/0'); - -/** -* Set this value if your proxy server sends the client IP in a header -* other than X-Forwarded-For. -*/ -# $settings['reverse_proxy_header'] = 'X_CLUSTER_CLIENT_IP'; - -/** -* Set this value if your proxy server sends the client protocol in a header -* other than X-Forwarded-Proto. -*/ -# $settings['reverse_proxy_proto_header'] = 'X_FORWARDED_PROTO'; - -/** -* Set this value if your proxy server sends the client protocol in a header -* other than X-Forwarded-Host. -*/ -# $settings['reverse_proxy_host_header'] = 'X_FORWARDED_HOST'; - -/** -* Set this value if your proxy server sends the client protocol in a header -* other than X-Forwarded-Port. -*/ -# $settings['reverse_proxy_port_header'] = 'X_FORWARDED_PORT'; - -/** -* Set this value if your proxy server sends the client protocol in a header -* other than Forwarded. -*/ -# $settings['reverse_proxy_forwarded_header'] = 'FORWARDED'; - -/** -* Page caching: -* -* By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page -* views. This tells a HTTP proxy that it may return a page from its local -* cache without contacting the web server, if the user sends the same Cookie -* header as the user who originally requested the cached page. Without "Vary: -* Cookie", authenticated users would also be served the anonymous page from -* the cache. If the site has mostly anonymous users except a few known -* editors/administrators, the Vary header can be omitted. This allows for -* better caching in HTTP proxies (including reverse proxies), i.e. even if -* clients send different cookies, they still get content served from the cache. -* However, authenticated users should access the site directly (i.e. not use an -* HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid -* getting cached pages from the proxy. -*/ -# $settings['omit_vary_cookie'] = TRUE; - -/** -* Class Loader. -* -* If the APC extension is detected, the Symfony APC class loader is used for -* performance reasons. Detection can be prevented by setting -* class_loader_auto_detect to false, as in the example below. -*/ -# $settings['class_loader_auto_detect'] = FALSE; - -/* -* If the APC extension is not detected, either because APC is missing or -* because auto-detection has been disabled, auto-loading falls back to -* Composer's ClassLoader, which is good for development as it does not break -* when code is moved in the file system. You can also decorate the base class -* loader with another cached solution than the Symfony APC class loader, as -* all production sites should have a cached class loader of some sort enabled. -* -* To do so, you may decorate and replace the local $class_loader variable. For -* example, to use Symfony's APC class loader without automatic detection, -* uncomment the code below. -*/ -/* -if ($settings['hash_salt']) { - $prefix = 'drupal.' . hash('sha256', 'drupal.' . $settings['hash_salt']); - $apc_loader = new \Symfony\Component\ClassLoader\ApcClassLoader($prefix, $class_loader); - unset($prefix); - $class_loader->unregister(); - $apc_loader->register(); - $class_loader = $apc_loader; -} -*/ - -/** -* Authorized file system operations: -* -* The Update Manager module included with Drupal provides a mechanism for -* site administrators to securely install missing updates for the site -* directly through the web user interface. On securely-configured servers, -* the Update manager will require the administrator to provide SSH or FTP -* credentials before allowing the installation to proceed; this allows the -* site to update the new files as the user who owns all the Drupal files, -* instead of as the user the webserver is running as. On servers where the -* webserver user is itself the owner of the Drupal files, the administrator -* will not be prompted for SSH or FTP credentials (note that these server -* setups are common on shared hosting, but are inherently insecure). -* -* Some sites might wish to disable the above functionality, and only update -* the code directly via SSH or FTP themselves. This setting completely -* disables all functionality related to these authorized file operations. -* -* @see https://www.drupal.org/node/244924 -* -* Remove the leading hash signs to disable. -*/ -# $settings['allow_authorize_operations'] = FALSE; - -/** -* Default mode for directories and files written by Drupal. -* -* Value should be in PHP Octal Notation, with leading zero. -*/ -# $settings['file_chmod_directory'] = 0775; -# $settings['file_chmod_file'] = 0664; - -/** -* Public file base URL: -* -* An alternative base URL to be used for serving public files. This must -* include any leading directory path. -* -* A different value from the domain used by Drupal to be used for accessing -* public files. This can be used for a simple CDN integration, or to improve -* security by serving user-uploaded files from a different domain or subdomain -* pointing to the same server. Do not include a trailing slash. -*/ -# $settings['file_public_base_url'] = 'http://downloads.example.com/files'; - -/** -* Public file path: -* -* A local file system path where public files will be stored. This directory -* must exist and be writable by Drupal. This directory must be relative to -* the Drupal installation directory and be accessible over the web. -*/ -# $settings['file_public_path'] = 'sites/default/files'; - -/** -* Private file path: -* -* A local file system path where private files will be stored. This directory -* must be absolute, outside of the Drupal installation directory and not -* accessible over the web. -* -* Note: Caches need to be cleared when this value is changed to make the -* private:// stream wrapper available to the system. -* -* See https://www.drupal.org/documentation/modules/file for more information -* about securing private files. -*/ -$settings['file_private_path'] = '/private'; - -/** -* Session write interval: -* -* Set the minimum interval between each session write to database. -* For performance reasons it defaults to 180. -*/ -# $settings['session_write_interval'] = 180; - -/** -* String overrides: -* -* To override specific strings on your site with or without enabling the Locale -* module, add an entry to this list. This functionality allows you to change -* a small number of your site's default English language interface strings. -* -* Remove the leading hash signs to enable. -* -* The "en" part of the variable name, is dynamic and can be any langcode of -* any added language. (eg locale_custom_strings_de for german). -*/ -# $settings['locale_custom_strings_en'][''] = array( -# 'forum' => 'Discussion board', -# '@count min' => '@count minutes', -# ); - -/** -* A custom theme for the offline page: -* -* This applies when the site is explicitly set to maintenance mode through the -* administration page or when the database is inactive due to an error. -* The template file should also be copied into the theme. It is located inside -* 'core/modules/system/templates/maintenance-page.html.twig'. -* -* Note: This setting does not apply to installation and update pages. -*/ -# $settings['maintenance_theme'] = 'bartik'; - -/** -* PHP settings: -* -* To see what PHP settings are possible, including whether they can be set at -* runtime (by using ini_set()), read the PHP documentation: -* http://php.net/manual/ini.list.php -* See \Drupal\Core\DrupalKernel::bootEnvironment() for required runtime -* settings and the .htaccess file for non-runtime settings. -* Settings defined there should not be duplicated here so as to avoid conflict -* issues. -*/ - -/** -* If you encounter a situation where users post a large amount of text, and -* the result is stripped out upon viewing but can still be edited, Drupal's -* output filter may not have sufficient memory to process it. If you -* experience this issue, you may wish to uncomment the following two lines -* and increase the limits of these variables. For more information, see -* http://php.net/manual/pcre.configuration.php. -*/ -# ini_set('pcre.backtrack_limit', 200000); -# ini_set('pcre.recursion_limit', 200000); - -/** -* Active configuration settings. -* -* By default, the active configuration is stored in the database in the -* {config} table. To use a different storage mechanism for the active -* configuration, do the following prior to installing: -* - Create an "active" directory and declare its path in $config_directories -* as explained under the 'Location of the site configuration files' section -* above in this file. To enhance security, you can declare a path that is -* outside your document root. -* - Override the 'bootstrap_config_storage' setting here. It must be set to a -* callable that returns an object that implements -* \Drupal\Core\Config\StorageInterface. -* - Override the service definition 'config.storage.active'. Put this -* override in a services.yml file in the same directory as settings.php -* (definitions in this file will override service definition defaults). -*/ -# $settings['bootstrap_config_storage'] = array('Drupal\Core\Config\BootstrapConfigStorageFactory', 'getFileStorage'); - -/** -* Configuration overrides. -* -* To globally override specific configuration values for this site, -* set them here. You usually don't need to use this feature. This is -* useful in a configuration file for a vhost or directory, rather than -* the default settings.php. -* -* Note that any values you provide in these variable overrides will not be -* viewable from the Drupal administration interface. The administration -* interface displays the values stored in configuration so that you can stage -* changes to other environments that don't have the overrides. -* -* There are particular configuration values that are risky to override. For -* example, overriding the list of installed modules in 'core.extension' is not -* supported as module install or uninstall has not occurred. Other examples -* include field storage configuration, because it has effects on database -* structure, and 'core.menu.static_menu_link_overrides' since this is cached in -* a way that is not config override aware. Also, note that changing -* configuration values in settings.php will not fire any of the configuration -* change events. -*/ -# $config['system.site']['name'] = 'My Drupal site'; -# $config['system.theme']['default'] = 'stark'; -# $config['user.settings']['anonymous'] = 'Visitor'; - -/** -* Fast 404 pages: -* -* Drupal can generate fully themed 404 pages. However, some of these responses -* are for images or other resource files that are not displayed to the user. -* This can waste bandwidth, and also generate server load. -* -* The options below return a simple, fast 404 page for URLs matching a -* specific pattern: -* - $config['system.performance']['fast_404']['exclude_paths']: A regular -* expression to match paths to exclude, such as images generated by image -* styles, or dynamically-resized images. The default pattern provided below -* also excludes the private file system. If you need to add more paths, you -* can add '|path' to the expression. -* - $config['system.performance']['fast_404']['paths']: A regular expression to -* match paths that should return a simple 404 page, rather than the fully -* themed 404 page. If you don't have any aliases ending in htm or html you -* can add '|s?html?' to the expression. -* - $config['system.performance']['fast_404']['html']: The html to return for -* simple 404 pages. -* -* Remove the leading hash signs if you would like to alter this functionality. -*/ -# $config['system.performance']['fast_404']['exclude_paths'] = '/\/(?:styles)|(?:system\/files)\//'; -# $config['system.performance']['fast_404']['paths'] = '/\.(?:txt|png|gif|jpe?g|css|js|ico|swf|flv|cgi|bat|pl|dll|exe|asp)$/i'; -# $config['system.performance']['fast_404']['html'] = '404 Not Found

Not Found

The requested URL "@path" was not found on this server.

'; - -/** -* Load services definition file. -*/ -$settings['container_yamls'][] = __DIR__ . '/services.yml'; - -/** -* Override the default service container class. -* -* This is useful for example to trace the service container for performance -* tracking purposes, for testing a service container with an error condition or -* to test a service container that throws an exception. -*/ -# $settings['container_base_class'] = '\Drupal\Core\DependencyInjection\Container'; - -/** -* Trusted host configuration. -* -* Drupal core can use the Symfony trusted host mechanism to prevent HTTP Host -* header spoofing. -* -* To enable the trusted host mechanism, you enable your allowable hosts -* in $settings['trusted_host_patterns']. This should be an array of regular -* expression patterns, without delimiters, representing the hosts you would -* like to allow. -* -* For example: -* @code -* $settings['trusted_host_patterns'] = array( -* '^www\.example\.com$', -* ); -* @endcode -* will allow the site to only run from www.example.com. -* -* If you are running multisite, or if you are running your site from -* different domain names (eg, you don't redirect http://www.example.com to -* http://example.com), you should specify all of the host patterns that are -* allowed by your site. -* -* For example: -* @code -* $settings['trusted_host_patterns'] = array( -* '^example\.com$', -* '^.+\.example\.com$', -* '^example\.org$', -* '^.+\.example\.org$', -* ); -* @endcode -* will allow the site to run off of all variants of example.com and -* example.org, with all subdomains included. -*/ - -/** -* Get environment settings. -* -* Production (default): normal production settings. -* Development: Use development settings. -*/ -$drupal_settings = 'production'; -if (isset($_ENV['DRUPAL_SETTINGS'])) { - $drupal_settings = $_ENV['DRUPAL_SETTINGS']; -} - -/** Todo: create better patterns on production sites */ -if ($drupal_settings !== 'production') { - $settings['trusted_host_patterns'] = array('[\s\S]*'); -} - -/** -* Load local development override configuration, if available. -* -* Use settings.local.php to override variables on secondary (staging, -* development, etc) installations of this site. Typically used to disable -* caching, JavaScript/CSS compression, re-routing of outgoing emails, and -* other things that should not happen on development and testing sites. -* -* Keep this code block at the end of this file to take full effect. -*/ -if ($drupal_settings === 'development' && file_exists(__DIR__ . '/settings.local.php')) { - include __DIR__ . '/settings.local.php'; -} - -/** Everything after here is added by the installation process. -* -* TODO: improve the installation by putting the settings.local part below these -* settings. -*/ - -$config_directories[CONFIG_SYNC_DIRECTORY] = '{{ .Values.drupal.configSync.directory }}'; - -{{- if .Values.drupal.configSplit.enabled }} -/** - * Configuration Split for Configuration Management - * - * WxT is following the best practices given by Acquia for configuration - * management. The "default" configuration directory should be shared between - * all multi-sites, and each multisite will override this selectively using - * configuration splits. - * - * To disable this functionality simply set the following parameters: - * $wxt_override_config_dirs = FALSE; - * $settings['config_sync_directory'] = $dir . "/private/config/$site_dir"; - * - * See https://github.com/acquia/blt/blob/12.x/settings/config.settings.php - * for more information. - */ - -use Drupal\wxt\Robo\Common\EnvironmentDetector; - -if (!isset($wxt_override_config_dirs)) { - $wxt_override_config_dirs = TRUE; -} -if ($wxt_override_config_dirs) { - $config_directories['sync'] = $repo_root . "/private/config/default"; - $settings['config_sync_directory'] = $repo_root . "/private/config/default"; -} -$split_filename_prefix = 'config_split.config_split'; -if (isset($config_directories['sync'])) { - $split_filepath_prefix = $config_directories['sync'] . '/' . $split_filename_prefix; -} -else { - $split_filepath_prefix = $settings['config_sync_directory'] . '/' . $split_filename_prefix; -} - -/** - * Set environment splits. - */ -$split_envs = [ - 'local', - 'dev', - 'test', - 'qa', - 'prod', - 'ci', -]; -foreach ($split_envs as $split_env) { - $config["$split_filename_prefix.$split_env"]['status'] = FALSE; -} -if (!isset($split)) { - $split = 'none'; - if (EnvironmentDetector::isLocalEnv()) { - $split = 'local'; - } - if (EnvironmentDetector::isCiEnv()) { - $split = 'ci'; - } - if (EnvironmentDetector::isDevEnv()) { - $split = 'dev'; - } - elseif (EnvironmentDetector::isTestEnv()) { - $split = 'test'; - } - elseif (EnvironmentDetector::isQaEnv()) { - $split = 'qa'; - } - elseif (EnvironmentDetector::isProdEnv()) { - $split = 'prod'; - } -} -if ($split != 'none') { - $config["$split_filename_prefix.$split"]['status'] = TRUE; -} - -/** - * Set multisite split. - */ -// $config["$split_filename_prefix.SITENAME"]['status'] = TRUE; -{{- end }} - -{{- if .Values.redis.enabled }} -if (extension_loaded('redis')) { - // Set Redis as the default backend for any cache bin not otherwise specified. - $settings['cache']['default'] = 'cache.backend.redis'; - $settings['redis.connection']['interface'] = '{{ default "PhpRedis" .Values.redis.clientInterface }}'; - $settings['redis.connection']['scheme'] = 'http'; - {{- if .Values.redis.sentinel.enabled }} - $settings['redis.connection']['host'] = ['{{ .Release.Name }}-redis:{{ .Values.redis.sentinel.service.sentinelPort }}']; - $settings['redis.connection']['instance'] = '{{ .Values.redis.sentinel.masterSet }}'; - {{- else }} - $settings['redis.connection']['host'] = '{{ .Release.Name }}-redis-master'; - $settings['redis.connection']['port'] = '{{ .Values.redis.master.service.ports.redis }}'; - {{- end }} - $settings['redis.connection']['password'] = getenv('REDIS_PASSWORD') ?: ''; - $settings['redis.connection']['persistent'] = FALSE; - - // Allow the services to work before the Redis module itself is enabled. - $settings['container_yamls'][] = 'modules/contrib/redis/example.services.yml'; - $settings['container_yamls'][] = 'modules/contrib/redis/redis.services.yml'; - - // Manually add the classloader path, this is required for the container cache bin definition below - // and allows to use it without the redis module being enabled. - $class_loader->addPsr4('Drupal\\redis\\', 'modules/contrib/redis/src'); - - $settings['bootstrap_container_definition'] = [ - 'parameters' => [], - 'services' => [ - 'redis.factory' => [ - 'class' => 'Drupal\redis\ClientFactory', - ], - 'cache.backend.redis' => [ - 'class' => 'Drupal\redis\Cache\CacheBackendFactory', - 'arguments' => ['@redis.factory', '@cache_tags_provider.container', '@serialization.phpserialize'], - ], - 'cache.container' => [ - 'class' => '\Drupal\redis\Cache\PhpRedis', - 'factory' => ['@cache.backend.redis', 'get'], - 'arguments' => ['container'], - ], - 'cache_tags_provider.container' => [ - 'class' => 'Drupal\redis\Cache\RedisCacheTagsChecksum', - 'arguments' => ['@redis.factory'], - ], - 'serialization.phpserialize' => [ - 'class' => 'Drupal\Component\Serialization\PhpSerialize', - ], - ], - ]; - - /** Optional prefix for cache entries */ - $settings['cache_prefix'] = 'drupal_'; - - // Always set the fast backend for bootstrap, discover and config, otherwise - // this gets lost when redis is enabled. - $settings['cache']['bins']['bootstrap'] = 'cache.backend.chainedfast'; - $settings['cache']['bins']['discovery'] = 'cache.backend.chainedfast'; - $settings['cache']['bins']['config'] = 'cache.backend.chainedfast'; - - // Use for all bins otherwise specified. - $settings['cache']['default'] = 'cache.backend.redis'; - - // Use for all queues unless otherwise specified for a specific queue. - $settings['queue_default'] = 'queue.redis'; - - // Or if you want to use reliable queue implementation. - // $settings['queue_default'] = 'queue.redis_reliable'; - - // Use this to only use Redis for a specific queue. - // $settings['queue_service_aggregator_feeds'] = 'queue.redis'; - - // Use this to use reliable queue implementation. - // $settings['queue_service_aggregator_feeds'] = 'queue.redis_reliable'; -} -{{- end }} - -// As recommended in the S3FS docs, change the twig storage directory -$settings['php_storage']['twig']['directory'] = '/cache/twig'; - -if (is_file(__DIR__ . '/extra.settings.php')) { - include __DIR__ . '/extra.settings.php'; -} diff --git a/drupal/conf/varnish.yaml b/drupal/conf/varnish.yaml deleted file mode 100644 index e69de29b..00000000 diff --git a/drupal/conf/www.conf b/drupal/conf/www.conf deleted file mode 100644 index 30ffa113..00000000 --- a/drupal/conf/www.conf +++ /dev/null @@ -1,9 +0,0 @@ -[www] -user = www-data -group = www-data -listen = 127.0.0.1:9000 -pm = dynamic -pm.max_children = 50 -pm.start_servers = 5 -pm.min_spare_servers = 5 -pm.max_spare_servers = 35 diff --git a/drupal/templates/cm/drupal.yaml b/drupal/templates/cm/drupal.yaml deleted file mode 100644 index 9c98ae0a..00000000 --- a/drupal/templates/cm/drupal.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "drupal.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - php.ini: | -{{ tpl (.Files.Get "conf/php.ini") . | indent 4 }} - opcache-recommended.ini: | -{{ tpl (.Files.Get "conf/opcache-recommended.ini") . | indent 4 }} - www.conf: | -{{ tpl (.Files.Get "conf/www.conf") . | indent 4 }} - settings.php: | -{{- if eq "d8" .Values.drupal.version }} -{{ tpl (.Files.Get "conf/settings.d8.php") . | indent 4 }} -{{- else if eq "d9" .Values.drupal.version }} -{{ tpl (.Files.Get "conf/settings.d9.php") . | indent 4 }} -{{- else }} - settings.php: - =1.21" $.Capabilities.KubeVersion.GitVersion }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: {{ $fullName }}-{{ $cronName }} - labels: - app.kubernetes.io/name: {{ $name }} - helm.sh/chart: {{ $chartName }} - app.kubernetes.io/instance: {{ $release.Name }} - app.kubernetes.io/managed-by: {{ $release.Service }} -spec: - schedule: "{{ $cron.schedule }}" - startingDeadlineSeconds: 100 - concurrencyPolicy: Replace - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - jobTemplate: - spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ $name }} - helm.sh/chart: {{ $chartName }} - app.kubernetes.io/instance: {{ $release.Name }} - app.kubernetes.io/managed-by: {{ $release.Service }} - spec: -{{- if $values.drupal.tolerations }} - tolerations: -{{ toYaml $values.drupal.tolerations | indent 10 }} -{{- end }} -{{- if $values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml $values.drupal.nodeSelector | indent 12 }} -{{- end }} - restartPolicy: OnFailure - containers: - - name: cron - image: "{{ $values.drupal.image }}:{{ default $chart.AppVersion $values.drupal.tag }}" - imagePullPolicy: {{ default "" $values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | -{{ $cron.script | indent 14 }} - env: -{{- if $values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $fullName }} - key: databasePassword -{{- else if $values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - # This is not ideal, but calling the template - # was returning the wrong result. - name: "{{ $release.Name }}-mysql" - key: mysql-password -{{- else if $values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ $release.Name }}-postgresql" - key: password -{{- end }} -{{- if $values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ $release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ $fullName }}" - key: password -{{- if $values.extraVars }} -{{ toYaml $values.extraVars | indent 12 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/services.yml - subPath: services.yml - readOnly: true - - name: ssmtp - mountPath: /etc/ssmtp/ssmtp.conf - subPath: ssmtp.conf - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if not $values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if $values.drupal.volumeMounts }} -{{ toYaml $values.drupal.volumeMounts | indent 12 }} -{{- end }} -{{- if $cron.volumeMounts }} -{{ toYaml $cron.volumeMounts | indent 12 }} -{{- end }} -{{- if $values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if $values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} -{{- if $values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml $values.drupal.imagePullSecrets | indent 12 }} -{{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml $values.drupal.securityContext | indent 12 }} - volumes: - - name: cm-drupal - configMap: - name: {{ $fullName }} - - name: ssmtp - secret: - secretName: {{ $fullName }}-ssmtp - items: - - key: ssmtp.conf - path: ssmtp.conf - - name: twig-cache - emptyDir: {} -{{- if $values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ $fullName }}-drupal -{{- else if or ($values.azure.azureFile.enabled) ($values.azure.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ $fullName }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ $fullName }}-private -{{- else if not $values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if $values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ $fullName }}-proxysql -{{- else if $values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ $fullName }}-pgbouncer -{{- end }} -{{- if $values.drupal.volumes }} -{{ toYaml $values.drupal.volumes | indent 10 }} -{{- end }} -{{- if $cron.volumes }} -{{ toYaml $cron.volumes | indent 10 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal/templates/cronjob/drupal-backup.yaml b/drupal/templates/cronjob/drupal-backup.yaml deleted file mode 100644 index 2ad48c29..00000000 --- a/drupal/templates/cronjob/drupal-backup.yaml +++ /dev/null @@ -1,245 +0,0 @@ -{{- if .Values.drupal.backup.enabled }} -{{- if semverCompare ">=1.21" $.Capabilities.KubeVersion.GitVersion }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: {{ template "drupal.fullname" . }}-drupal-backup - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - schedule: "{{ .Values.drupal.backup.schedule }}" - startingDeadlineSeconds: 100 - concurrencyPolicy: Replace - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - jobTemplate: - spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 10 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 12 }} -{{- end }} - restartPolicy: OnFailure - containers: - - name: drush - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | - # Errors should fail the job - set -e - - # Wait for DB to be available - until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done - echo DB available - - # Check Drush status - drush status - - # Run cron - BACKUPNAME=$(date +%Y%m%d.%H%M%S) - mkdir -p /backup/$BACKUPNAME - echo "Backup DB" - {{- if .Values.mysql.enabled }} - drush -y sql-dump {{ .Values.drupal.backup.sqlDumpArgs }} --extra-dump=--no-tablespaces | gzip > /backup/$BACKUPNAME/db.sql.gz - {{- else }} - drush -y sql-dump {{ .Values.drupal.backup.sqlDumpArgs }} | gzip > /backup/$BACKUPNAME/db.sql.gz - {{- end }} - echo "Backup public files" - tar {{ .Values.drupal.backup.filesArgs }} -czvf /backup/$BACKUPNAME/files.tar.gz --directory=sites/default/files . - echo "Backup private files" - tar {{ .Values.drupal.backup.privateArgs }} -czvf /backup/$BACKUPNAME/private.tar.gz --directory=/private . - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ include "drupal.fullname" . }}" - key: password -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 12 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/services.yml - subPath: services.yml - readOnly: true - - name: ssmtp - mountPath: /etc/ssmtp/ssmtp.conf - subPath: ssmtp.conf - readOnly: true - - name: twig-cache - mountPath: /cache/twig - - name: backup - mountPath: /backup -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 12 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 12 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 12 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal.fullname" . }} - - name: ssmtp - secret: - secretName: {{ include "drupal.fullname" . }}-ssmtp - items: - - key: ssmtp.conf - path: ssmtp.conf - - name: twig-cache - emptyDir: {} - - name: backup -{{- if .Values.drupal.backup.volume }} -{{ toYaml .Values.drupal.backup.volume | indent 12 }} -{{- else }} - emptyDir: {} -{{- end }} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal.fullname" . }}-drupal -{{- else if or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 10 }} -{{- end }} -{{- end }} diff --git a/drupal/templates/cronjob/drupal.yaml b/drupal/templates/cronjob/drupal.yaml deleted file mode 100644 index 6f894dba..00000000 --- a/drupal/templates/cronjob/drupal.yaml +++ /dev/null @@ -1,226 +0,0 @@ -{{- if .Values.drupal.cron.enabled }} -{{- if semverCompare ">=1.21" $.Capabilities.KubeVersion.GitVersion }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: {{ template "drupal.fullname" . }}-drupal-cron - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - schedule: "{{ .Values.drupal.cron.schedule }}" - startingDeadlineSeconds: 100 - concurrencyPolicy: Replace - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - jobTemplate: - spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 10 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 12 }} -{{- end }} - restartPolicy: OnFailure - containers: - - name: drush - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | - # Errors should fail the job - set -e - - # Wait for DB to be available - until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done - echo DB available - - # Check Drush status - drush status - - # Run cron - drush -y core-cron - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ include "drupal.fullname" . }}" - key: password -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 12 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/services.yml - subPath: services.yml - readOnly: true - - name: ssmtp - mountPath: /etc/ssmtp/ssmtp.conf - subPath: ssmtp.conf - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 12 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 12 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 12 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal.fullname" . }} - - name: ssmtp - secret: - secretName: {{ include "drupal.fullname" . }}-ssmtp - items: - - key: ssmtp.conf - path: ssmtp.conf - - name: twig-cache - emptyDir: {} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal.fullname" . }}-drupal -{{- else if or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 10 }} -{{- end }} -{{- end }} diff --git a/drupal/templates/deploy/drupal.yaml b/drupal/templates/deploy/drupal.yaml deleted file mode 100644 index fdc74126..00000000 --- a/drupal/templates/deploy/drupal.yaml +++ /dev/null @@ -1,292 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "drupal.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - replicas: {{ .Values.drupal.replicas }} - strategy: - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - tier: drupal - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - tier: drupal - annotations: -{{- if .Values.drupal.podAnnotations }} -{{ toYaml .Values.drupal.podAnnotations | indent 8 }} -{{- end }} - checksum/config: {{ include (print $.Template.BasePath "/cm/drupal.yaml") . | sha256sum }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 6 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 8 }} -{{- end }} -{{- if or (.Values.drupal.initContainers) (.Values.drupal.volumePermissions.enabled) (or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled)) }} - initContainers: -{{- if .Values.drupal.volumePermissions.enabled }} - - name: set-volume-permissions - image: 'alpine:3.10' - command: - - chown - - '-R' - - '84:84' - - /files/public - - /files/private - volumeMounts: - - name: files-public - mountPath: /files/public - - name: files-private - mountPath: /files/private - securityContext: - runAsUser: 0 -{{- end }} -{{- if .Values.azure.sharedDisk.enabled }} - - name: init-chown - image: 'alpine:3.10' - command: - - chown - - '-R' - - '82:82' - - /mnt/azure - volumeMounts: - - name: files-public - mountPath: /mnt/azure -{{- end }} -{{- if or (and .Values.azure.azureFile.enabled .Values.azure.azureFile.initMediaIconsFolder) (and .Values.azure.sharedDisk.enabled .Values.azure.sharedDisk.initMediaIconsFolder) }} - - name: init-media-icons-folder - image: 'alpine:3.10' - command: - - mkdir - - '-p' - - /files/media-icons/generic - volumeMounts: - - name: files-public - mountPath: /files -{{- end }} -{{- if not (eq .Values.drupal.siteRoot "/") }} - - name: init-site-root - image: 'alpine:3.10' - command: - - /bin/sh - - '-c' - - | - mkdir -p "/webroot$(dirname "{{ .Values.drupal.siteRoot }}")" - ln -s /var/www/html "/webroot{{ .Values.drupal.siteRoot }}" - volumeMounts: - - name: webroot - mountPath: /webroot -{{- end }} -{{- if .Values.drupal.initContainers }} -{{ toYaml .Values.drupal.initContainers | indent 8 }} -{{- end }} -{{- end }} - containers: - - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - name: drupal -{{- if .Values.drupal.healthcheck.enabled }} - livenessProbe: - exec: - command: - - php-fpm-healthcheck - initialDelaySeconds: 0 - periodSeconds: 5 - readinessProbe: - exec: - command: - - php-fpm-healthcheck - initialDelaySeconds: 1 - periodSeconds: 5 -{{- end }} - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 8 }} -{{- end }} -{{- if .Values.drupal.resources }} - resources: -{{ toYaml .Values.drupal.resources | indent 10 }} -{{- end }} - ports: - - containerPort: 9000 - name: tcp-php-fpm - protocol: TCP - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/services.yml - subPath: services.yml - readOnly: true - - name: ssmtp - mountPath: /etc/ssmtp/ssmtp.conf - subPath: ssmtp.conf - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if not (eq .Values.drupal.siteRoot "/") }} - - name: webroot - mountPath: /webroot -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 8 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 8 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 8 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal.fullname" . }} - - name: ssmtp - secret: - secretName: {{ include "drupal.fullname" . }}-ssmtp - items: - - key: ssmtp.conf - path: ssmtp.conf - - name: twig-cache - emptyDir: {} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal.fullname" . }}-drupal -{{- else if or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-pgbouncer -{{- end }} -{{- if not (eq .Values.drupal.siteRoot "/") }} - - name: webroot - emptyDir: {} -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 6 }} -{{- end }} diff --git a/drupal/templates/job/post-install-site-install.yaml b/drupal/templates/job/post-install-site-install.yaml deleted file mode 100644 index ddf994c8..00000000 --- a/drupal/templates/job/post-install-site-install.yaml +++ /dev/null @@ -1,362 +0,0 @@ -{{- if .Values.drupal.install }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "drupal.fullname" . }}-site-install - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - backoffLimit: {{ default "" .Values.drupal.backoffLimitInstall }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 6 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 8 }} -{{- end }} - restartPolicy: OnFailure -{{- if or (.Values.drupal.initContainers) (or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled)) }} - initContainers: -{{- if .Values.azure.sharedDisk.enabled }} - - name: init-chown - image: 'alpine:3.10' - command: - - chown - - '-R' - - '82:82' - - /mnt/azure - volumeMounts: - - name: files-public - mountPath: /mnt/azure -{{- end }} -{{- if or (and .Values.azure.azureFile.enabled .Values.azure.azureFile.initMediaIconsFolder) (and .Values.azure.sharedDisk.enabled .Values.azure.sharedDisk.initMediaIconsFolder) }} - - name: init-media-icons-folder - image: 'alpine:3.10' - command: - - mkdir - - '-p' - - /files/media-icons/generic - volumeMounts: - - name: files-public - mountPath: /files -{{- end }} -{{- if .Values.drupal.initContainers }} -{{ toYaml .Values.drupal.initContainers | indent 8 }} -{{- end }} -{{- end }} - containers: - - name: drush - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | - # Errors should fail the job - set -e - - # Wait for DB to be available - {{ .Values.drupal.dbAvailabilityScript | nindent 14}} - - {{- if .Values.redis.enabled }} - {{- if .Values.redis.sentinel.enabled }} - until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done - {{- else }} - until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done - {{- end }} - echo Redis available - {{- end }} - - # Check Drush status - drush status || true - - {{- if .Values.redis.enabled }} - # Flush redis caches - {{- if .Values.redis.sentinel.enabled }} - printf "AUTH $REDIS_PASSWORD\r\nFLUSHDB\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }} - {{- else }} - printf "AUTH $REDIS_PASSWORD\r\nFLUSHDB\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }} - {{- end }} - {{- end }} - - # Run site install - {{- if .Values.drupal.restore.enabled }} - - # Check to see if using specific backup else use latest CHECK IF NAME SAYS LATEST - {{- if eq .Values.drupal.restore.name "latest"}} - BACKUPNAME=$(ls -td -- /backup/* | head -n 1 | sed -e "s/\/backup\///") - {{- else }} - BACKUPNAME='{{ .Values.drupal.restore.name }}' - {{- end }} - - echo "Restoring backup: $BACKUPNAME" - - {{- if .Values.drupal.restore.db }} - echo "Drop database" - drush sql-drop -y - echo "Restore database" - gunzip -c /backup/$BACKUPNAME/db.sql.gz{{ if .Values.drupal.restore.convert }} | sed 's/MyISAM/InnoDB/g'{{ end }} | drush sql-cli - echo "Database restored" - {{- end }} - - {{- if .Values.drupal.restore.files }} - echo "Deleting files" - # Errors from deleting should not fail the job - set +e - find sites/default/files/ -type f -print0 | xargs -0 rm - find sites/default/files/ -mindepth 1 -type d -print0 | xargs -0 rmdir - find /private/ -type f -print0 | xargs -0 rm - find /private/ -mindepth 1 -type d -print0 | xargs -0 rmdir - set -e - - echo "Restoring files" - {{- if .Values.drupal.restore.suppressTarErrors }} - set +e - {{- end }} - tar -zxf /backup/$BACKUPNAME/files.tar.gz --directory sites/default/files --no-acls --no-xattrs -m --no-same-permissions --no-overwrite-dir - tar -zxf /backup/$BACKUPNAME/private.tar.gz --directory /private --no-acls --no-xattrs -m --no-same-permissions --no-overwrite-dir - {{- if .Values.drupal.restore.suppressTarErrors }} - set -e - {{- end }} - echo "Files restored" - {{- end }} - - # Run database updates - {{- if .Values.drupal.cacheRebuildBeforeDatabaseMigration }} - drush -y cache:rebuild - {{- end }} - drush -y updatedb - - # WxT updates - {{- if .Values.drupal.wxtUpdate }} - drush -y cache:rebuild - drush -y update:wxt - {{- end }} - - {{- else }} - time drush site:install {{ .Values.drupal.profile }} \ - --sites-subdir=default \ - {{- if .Values.mysql.enabled }} - --db-url="mysql://{{ .Values.mysql.auth.username }}:$MYSQL_PASSWORD@{{ .Release.Name }}-mysql:{{ .Values.mysql.primary.service.ports.mysql }}/{{ .Values.mysql.auth.database }}" \ - {{- else if .Values.postgresql.enabled }} - --db-url="pgsql://{{ .Values.postgresql.auth.username }}:$POSTGRES_PASSWORD@{{ .Release.Name }}-postgresql:{{ .Values.postgresql.primary.service.ports.postgresql }}/{{ .Values.postgresql.auth.database }}" \ - {{- end }} - --account-name={{ .Values.drupal.username }} \ - --account-pass=$DRUPAL_ADMIN_PASSWORD \ - --site-mail={{ .Values.drupal.siteEmail | quote }} \ - --site-name={{ .Values.drupal.siteName | quote }} \ - {{- if .Values.drupal.extensions.enabled }} - wxt_extension_configure_form.select_all='TRUE' \ - {{- end }} - install_configure_form.update_status_module='array(FALSE,FALSE)' \ - --yes - {{- end }} - - drush -y cache:rebuild - - {{- if .Values.redis.enabled }} - # Enable redis - drush -y pm:enable redis - {{- end }} - - # Change WxT theme - {{- if .Values.drupal.wxtTheme }} - drush -y config:set wxt_library.settings wxt.theme '{{ .Values.drupal.wxtTheme }}' - {{- end }} - - # Rebuild caches - drush -y cache:rebuild - - # Migrate content - {{- if and .Values.drupal.migrate .Values.drupal.extensions.enabled }} - drush -y migrate:import wxt_file - drush -y migrate:import --group wxt --tag 'Core' - drush -y migrate:import --group gcweb --tag 'Core' - drush -y migrate:import --group gcweb --tag 'Menu' - {{- end }} - - # Extra installation scripts - {{- if .Values.drupal.extraInstallScripts }} - {{ .Values.drupal.extraInstallScripts | nindent 14}} - {{- end }} - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ include "drupal.fullname" . }}" - key: password -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 8 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/services.yml - subPath: services.yml - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if .Values.drupal.restore.enabled }} - - name: backup - mountPath: /backup -{{- end }} -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 8 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 8 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 8 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal.fullname" . }} - - name: twig-cache - emptyDir: {} -{{- if .Values.drupal.restore.enabled }} - - name: backup -{{ toYaml .Values.drupal.restore.volume | indent 8 }} -{{- end }} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal.fullname" . }}-drupal -{{- else if or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 6 }} -{{- end }} -{{- end }} diff --git a/drupal/templates/job/post-upgrade-reconfigure.yaml b/drupal/templates/job/post-upgrade-reconfigure.yaml deleted file mode 100644 index 1757b907..00000000 --- a/drupal/templates/job/post-upgrade-reconfigure.yaml +++ /dev/null @@ -1,279 +0,0 @@ -{{- if .Values.drupal.reconfigure }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "drupal.fullname" . }}-reconfigure - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - backoffLimit: {{ default "" .Values.drupal.backoffLimitReconfigure }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal.name" . }} - helm.sh/chart: {{ include "drupal.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 6 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 8 }} -{{- end }} - restartPolicy: OnFailure -{{- if or (.Values.drupal.initContainers) (or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled)) }} - initContainers: -{{- if .Values.azure.sharedDisk.enabled }} - - name: init-chown - image: 'alpine:3.10' - command: - - chown - - '-R' - - '82:82' - - /mnt/azure - volumeMounts: - - name: files-public - mountPath: /mnt/azure -{{- end }} -{{- if or (and .Values.azure.azureFile.enabled .Values.azure.azureFile.initMediaIconsFolder) (and .Values.azure.sharedDisk.enabled .Values.azure.sharedDisk.initMediaIconsFolder) }} - - name: init-media-icons-folder - image: 'alpine:3.10' - command: - - mkdir - - '-p' - - /files/media-icons/generic - volumeMounts: - - name: files-public - mountPath: /files -{{- end }} -{{- if .Values.drupal.initContainers }} -{{ toYaml .Values.drupal.initContainers | indent 8 }} -{{- end }} -{{- end }} - containers: - - name: drush - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | - # Errors should fail the job - set -e - - # Wait for DB to be available - {{ .Values.drupal.dbAvailabilityScript | nindent 14}} - - {{- if .Values.redis.enabled }} - {{- if .Values.redis.sentinel.enabled }} - until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done - {{- else }} - until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done - {{- end }} - echo Redis available - {{- end }} - - # Check Drush status - drush status || true - - # Run database updates - {{- if .Values.drupal.cacheRebuildBeforeDatabaseMigration }} - drush -y cache:rebuild - {{- end }} - {{- if .Values.drupal.updateDBBeforeDatabaseMigration }} - drush -y updatedb - {{- end }} - - # WxT updates - {{- if .Values.drupal.wxtUpdate }} - drush -y cache:rebuild - drush -y update:wxt - {{- end }} - - # Change WxT theme - {{- if .Values.drupal.wxtTheme }} - drush -y config:set wxt_library.settings wxt.theme '{{ .Values.drupal.wxtTheme }}' - {{- end }} - - # Rebuild caches - drush -y cache:rebuild - - # Migrate content - {{- if and .Values.drupal.migrate .Values.drupal.extensions.enabled }} - drush -y migrate:import wxt_file - drush -y migrate:import --group wxt --tag 'Core' - drush -y migrate:import --group gcweb --tag 'Core' - drush -y migrate:import --group gcweb --tag 'Menu' - {{- end }} - - # Extra Upgrade scripts - {{- if .Values.drupal.extraUpgradeScripts }} - {{ .Values.drupal.extraUpgradeScripts | nindent 14}} - {{- end }} - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ include "drupal.fullname" . }}" - key: password -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 8 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/services.yml - subPath: services.yml - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 8 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 8 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 8 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal.fullname" . }} - - name: twig-cache - emptyDir: {} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal.fullname" . }}-drupal -{{- else if or (.Values.azure.azureFile.enabled) (.Values.azure.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 6 }} -{{- end }} -{{- end }} diff --git a/drupal/templates/pv/csi-azure-file-backup.yaml b/drupal/templates/pv/csi-azure-file-backup.yaml deleted file mode 100644 index 67dde9ca..00000000 --- a/drupal/templates/pv/csi-azure-file-backup.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.azure.azureFile.enabled -}} -{{- if not .Values.azure.azureFile.disablePVCreation }} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.azure.azureFile.annotations }} - annotations: -{{ toYaml .Values.azure.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-backup -spec: - capacity: - storage: {{ .Values.azure.azureFile.size }} - accessModes: - - {{ .Values.azure.azureFile.accessMode }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.azureFile.storageClass }} - storageClassName: "" -{{- else if .Values.azure.azureFile.storageClass }} - storageClassName: "{{ .Values.azure.azureFile.storageClass }}" -{{- end }} -{{- if .Values.azure.azureFile.backup.spec }} -{{ toYaml .Values.azure.azureFile.backup.spec | indent 2 }} -{{- end }} -{{- if .Values.azure.azureFile.backup.mountOptions }} - mountOptions: -{{ toYaml .Values.azure.azureFile.backup.mountOptions | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal/templates/pv/csi-azure-file-private.yaml b/drupal/templates/pv/csi-azure-file-private.yaml deleted file mode 100644 index 8c1718ba..00000000 --- a/drupal/templates/pv/csi-azure-file-private.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.azure.azureFile.enabled -}} -{{- if not .Values.azure.azureFile.disablePVCreation }} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.azure.azureFile.annotations }} - annotations: -{{ toYaml .Values.azure.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-private -spec: - capacity: - storage: {{ .Values.azure.azureFile.size }} - accessModes: - - {{ .Values.azure.azureFile.accessMode }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.azureFile.storageClass }} - storageClassName: "" -{{- else if .Values.azure.azureFile.storageClass }} - storageClassName: "{{ .Values.azure.azureFile.storageClass }}" -{{- end }} -{{- if .Values.azure.azureFile.private.spec }} -{{ toYaml .Values.azure.azureFile.private.spec | indent 2 }} -{{- end }} -{{- if .Values.azure.azureFile.private.mountOptions }} - mountOptions: -{{ toYaml .Values.azure.azureFile.private.mountOptions | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal/templates/pv/csi-azure-file-public.yaml b/drupal/templates/pv/csi-azure-file-public.yaml deleted file mode 100644 index cecd704b..00000000 --- a/drupal/templates/pv/csi-azure-file-public.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.azure.azureFile.enabled -}} -{{- if not .Values.azure.azureFile.disablePVCreation }} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.azure.azureFile.annotations }} - annotations: -{{ toYaml .Values.azure.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-public -spec: - capacity: - storage: {{ .Values.azure.azureFile.size }} - accessModes: - - {{ .Values.azure.azureFile.accessMode }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.azureFile.storageClass }} - storageClassName: "" -{{- else if .Values.azure.azureFile.storageClass }} - storageClassName: "{{ .Values.azure.azureFile.storageClass }}" -{{- end }} -{{- if .Values.azure.azureFile.public.spec }} -{{ toYaml .Values.azure.azureFile.public.spec | indent 2 }} -{{- end }} -{{- if .Values.azure.azureFile.public.mountOptions }} - mountOptions: -{{ toYaml .Values.azure.azureFile.public.mountOptions | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal/templates/pv/csi-azure-file-tmp.yaml b/drupal/templates/pv/csi-azure-file-tmp.yaml deleted file mode 100644 index b7243653..00000000 --- a/drupal/templates/pv/csi-azure-file-tmp.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.azure.azureFile.enabled -}} -{{- if not .Values.azure.azureFile.disablePVCreation }} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.azure.azureFile.annotations }} - annotations: -{{ toYaml .Values.azure.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-tmp -spec: - capacity: - storage: {{ .Values.azure.azureFile.size }} - accessModes: - - {{ .Values.azure.azureFile.accessMode }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.azureFile.storageClass }} - storageClassName: "" -{{- else if .Values.azure.azureFile.storageClass }} - storageClassName: "{{ .Values.azure.azureFile.storageClass }}" -{{- end }} -{{- if .Values.azure.azureFile.tmp.spec }} -{{ toYaml .Values.azure.azureFile.tmp.spec | indent 2 }} -{{- end }} -{{- if .Values.azure.azureFile.tmp.mountOptions }} - mountOptions: -{{ toYaml .Values.azure.azureFile.tmp.mountOptions | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal/templates/pv/csi-azure-shared-disk-private.yaml b/drupal/templates/pv/csi-azure-shared-disk-private.yaml deleted file mode 100644 index 39ebab21..00000000 --- a/drupal/templates/pv/csi-azure-shared-disk-private.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.azure.sharedDisk.enabled }} -{{- if not .Values.azure.sharedDisk.disablePVCreation }} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.azure.sharedDisk.annotations }} - annotations: -{{ toYaml .Values.azure.sharedDisk.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-private -spec: - capacity: - storage: {{ .Values.azure.sharedDisk.size }} - accessModes: - - {{ .Values.azure.sharedDisk.accessMode }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.sharedDisk.storageClass }} - storageClassName: "" -{{- else if .Values.azure.sharedDisk.storageClass }} - storageClassName: "{{ .Values.azure.sharedDisk.storageClass }}" -{{- end }} -{{- if .Values.azure.sharedDisk.private.spec }} -{{ toYaml .Values.azure.sharedDisk.private.spec | indent 2 }} -{{- end }} -{{- if .Values.azure.sharedDisk.private.mountOptions }} - mountOptions: -{{ toYaml .Values.azure.sharedDisk.private.mountOptions | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal/templates/pv/csi-azure-shared-disk-public.yaml b/drupal/templates/pv/csi-azure-shared-disk-public.yaml deleted file mode 100644 index 367e00b3..00000000 --- a/drupal/templates/pv/csi-azure-shared-disk-public.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.azure.sharedDisk.enabled }} -{{- if not .Values.azure.sharedDisk.disablePVCreation }} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.azure.sharedDisk.annotations }} - annotations: -{{ toYaml .Values.azure.sharedDisk.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-public -spec: - capacity: - storage: {{ .Values.azure.sharedDisk.size }} - accessModes: - - {{ .Values.azure.sharedDisk.accessMode }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.sharedDisk.storageClass }} - storageClassName: "" -{{- else if .Values.azure.sharedDisk.storageClass }} - storageClassName: "{{ .Values.azure.sharedDisk.storageClass }}" -{{- end }} -{{- if .Values.azure.sharedDisk.public.spec }} -{{ toYaml .Values.azure.sharedDisk.public.spec | indent 2 }} -{{- end }} -{{- if .Values.azure.sharedDisk.public.mountOptions }} - mountOptions: -{{ toYaml .Values.azure.sharedDisk.public.mountOptions | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal/templates/pvc/csi-azure-file-backup.yaml b/drupal/templates/pvc/csi-azure-file-backup.yaml deleted file mode 100644 index 36da8b38..00000000 --- a/drupal/templates/pvc/csi-azure-file-backup.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.azure.azureFile.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.azure.azureFile.enabled }} -{{ toYaml .Values.azure.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-backup -spec: - accessModes: - - {{ .Values.azure.azureFile.accessMode }} - resources: - requests: - storage: {{ .Values.azure.azureFile.size }} -{{- if not .Values.azure.azureFile.disableVolumeName }} - volumeName: {{ include "drupal.fullname" . }}-backup -{{- end }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.azureFile.storageClass }} - storageClassName: "" -{{- else if .Values.azure.azureFile.storageClass }} - storageClassName: "{{ .Values.azure.azureFile.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal/templates/pvc/csi-azure-file-private.yaml b/drupal/templates/pvc/csi-azure-file-private.yaml deleted file mode 100644 index b403589e..00000000 --- a/drupal/templates/pvc/csi-azure-file-private.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.azure.azureFile.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.azure.azureFile.enabled }} -{{ toYaml .Values.azure.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-private -spec: - accessModes: - - {{ .Values.azure.azureFile.accessMode }} - resources: - requests: - storage: {{ .Values.azure.azureFile.size }} -{{- if not .Values.azure.azureFile.disableVolumeName }} - volumeName: {{ include "drupal.fullname" . }}-private -{{- end }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.azureFile.storageClass }} - storageClassName: "" -{{- else if .Values.azure.azureFile.storageClass }} - storageClassName: "{{ .Values.azure.azureFile.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal/templates/pvc/csi-azure-file-public.yaml b/drupal/templates/pvc/csi-azure-file-public.yaml deleted file mode 100644 index fb03432f..00000000 --- a/drupal/templates/pvc/csi-azure-file-public.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.azure.azureFile.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.azure.azureFile.enabled }} -{{ toYaml .Values.azure.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-public -spec: - accessModes: - - {{ .Values.azure.azureFile.accessMode }} - resources: - requests: - storage: {{ .Values.azure.azureFile.size }} -{{- if not .Values.azure.azureFile.disableVolumeName }} - volumeName: {{ include "drupal.fullname" . }}-public -{{- end }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.azureFile.storageClass }} - storageClassName: "" -{{- else if .Values.azure.azureFile.storageClass }} - storageClassName: "{{ .Values.azure.azureFile.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal/templates/pvc/csi-azure-file-tmp.yaml b/drupal/templates/pvc/csi-azure-file-tmp.yaml deleted file mode 100644 index c00f367d..00000000 --- a/drupal/templates/pvc/csi-azure-file-tmp.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.azure.azureFile.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.azure.azureFile.enabled }} -{{ toYaml .Values.azure.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-tmp -spec: - accessModes: - - {{ .Values.azure.azureFile.accessMode }} - resources: - requests: - storage: {{ .Values.azure.azureFile.size }} -{{- if not .Values.azure.azureFile.disableVolumeName }} - volumeName: {{ include "drupal.fullname" . }}-tmp -{{- end }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.azureFile.storageClass }} - storageClassName: "" -{{- else if .Values.azure.azureFile.storageClass }} - storageClassName: "{{ .Values.azure.azureFile.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal/templates/pvc/csi-azure-shared-disk-private.yaml b/drupal/templates/pvc/csi-azure-shared-disk-private.yaml deleted file mode 100644 index 72c352ea..00000000 --- a/drupal/templates/pvc/csi-azure-shared-disk-private.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.azure.sharedDisk.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.azure.sharedDisk.enabled }} -{{ toYaml .Values.azure.sharedDisk.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-private -spec: - accessModes: - - {{ .Values.azure.sharedDisk.accessMode }} - resources: - requests: - storage: {{ .Values.azure.sharedDisk.size }} -{{- if not .Values.azure.sharedDisk.disableVolumeName }} - volumeName: {{ include "drupal.fullname" . }}-private -{{- end }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.sharedDisk.storageClass }} - storageClassName: "" -{{- else if .Values.azure.sharedDisk.storageClass }} - storageClassName: "{{ .Values.azure.sharedDisk.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal/templates/pvc/csi-azure-shared-disk-public.yaml b/drupal/templates/pvc/csi-azure-shared-disk-public.yaml deleted file mode 100644 index 7ad39f3c..00000000 --- a/drupal/templates/pvc/csi-azure-shared-disk-public.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.azure.sharedDisk.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.azure.sharedDisk.enabled }} -{{ toYaml .Values.azure.sharedDisk.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal.fullname" . }}-public -spec: - accessModes: - - {{ .Values.azure.sharedDisk.accessMode }} - resources: - requests: - storage: {{ .Values.azure.sharedDisk.size }} -{{- if not .Values.azure.sharedDisk.disableVolumeName }} - volumeName: {{ include "drupal.fullname" . }}-public -{{- end }} -{{- if .Values.azure.storageClass.create }} - storageClassName: {{ include "drupal.fullname" . }}-csi-azure -{{- else if eq "-" .Values.azure.sharedDisk.storageClass }} - storageClassName: "" -{{- else if .Values.azure.sharedDisk.storageClass }} - storageClassName: "{{ .Values.azure.sharedDisk.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal7/Chart.yaml b/drupal7/Chart.yaml deleted file mode 100644 index 34fd9dd0..00000000 --- a/drupal7/Chart.yaml +++ /dev/null @@ -1,41 +0,0 @@ -name: drupal7 -apiVersion: v2 -type: application -version: 0.3.5 -appVersion: "4.54" -description: Drupal 7 variant of the Web Experience Toolkit (WetKit). -keywords: -- drupal -- cms -- wetkit -- http -- web -- application -- php -home: http://www.drupal.org/project/wetkit -icon: https://bitnami.com/assets/stacks/drupal/img/drupal-stack-220x234.png -sources: -- https://github.com/wet-boew/wet-boew-drupal -maintainers: -- name: sylus - email: william.hearn@canada.ca -- name: zachomedia - email: zachary.seguin@canada.ca -engine: gotpl -dependencies: - - name: mysql - version: 9.1.7 - repository: https://charts.bitnami.com/bitnami - condition: mysql.enabled - - name: postgresql - version: 11.6.6 - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled - - name: redis - version: 16.13.2 - repository: https://charts.bitnami.com/bitnami - condition: redis.enabled - - name: varnish - version: 0.2.2 - repository: https://statcan.github.io/charts - condition: varnish.enabled diff --git a/drupal7/README.md b/drupal7/README.md deleted file mode 100644 index 6dac0a9c..00000000 --- a/drupal7/README.md +++ /dev/null @@ -1,291 +0,0 @@ -# drupal7 - -![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.54](https://img.shields.io/badge/AppVersion-4.54-informational?style=flat-square) - -Drupal 7 variant of the Web Experience Toolkit (WetKit). - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| sylus | | | -| zachomedia | | | - -## Source Code - -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://charts.bitnami.com/bitnami | mysql | 9.1.7 | -| https://charts.bitnami.com/bitnami | postgresql | 11.6.6 | -| https://charts.bitnami.com/bitnami | redis | 16.13.2 | -| https://statcan.github.io/charts | varnish | 0.2.2 | - -## Prerequisites - -- Kubernetes 1.7+ -- Helm v3.0.0+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```sh -helm repo add drupalwxt https://drupalwxt.github.io/helm-drupal -"drupalwxt" has been added to your repositories - -helm install my-release drupalwxt/drupal -NAME: my-release -``` - -Optionally you can git clone the helm chart and select the appropriate values file: - -```sh -git clone https://github.com/drupalwxt/helm-drupal -cd helm-drupal/drupal -cp values-azurefile.yaml values-override.yaml -helm install --name drupal -f values-override.yaml -``` - -## Ingress - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| ingress.annotations | object | `{}` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0] | string | `"chart-example.local"` | | -| ingress.path | string | `"/"` | | -| ingress.tls | list | `[]` | | - -## Drupal - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| drupal.additionalCrons | object | `{}` | | -| drupal.autoscaling.enabled | bool | `false` | | -| drupal.autoscaling.maxReplicas | int | `11` | | -| drupal.autoscaling.minReplicas | int | `1` | | -| drupal.autoscaling.targetCPUUtilizationPercentage | int | `50` | | -| drupal.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | -| drupal.backup.enabled | bool | `false` | | -| drupal.backup.filesArgs | string | `""` | | -| drupal.backup.privateArgs | string | `""` | | -| drupal.backup.schedule | string | `"0 0 * * *"` | | -| drupal.backup.sqlDumpArgs | string | `""` | | -| drupal.backup.volume | object | `{}` | | -| drupal.cacheRebuildBeforeDatabaseMigration | bool | `true` | | -| drupal.cron.enabled | bool | `true` | | -| drupal.cron.schedule | string | `"0 * * * *"` | | -| drupal.dbAvailabilityScript | string | `"until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done\necho DB available"` | default script used to detect when the DB is ready | -| drupal.disableDefaultFilesMount | bool | `false` | | -| drupal.extraInstallScripts | string | `""` | | -| drupal.extraSettings | string | `""` | | -| drupal.extraUpgradeScripts | string | `""` | | -| drupal.healthcheck.enabled | bool | `true` | | -| drupal.image | string | `"drupalwxt/site-wetkit"` | | -| drupal.imagePullPolicy | string | `"IfNotPresent"` | | -| drupal.install | bool | `true` | | -| drupal.migrate | bool | `false` | | -| drupal.nodeSelector | object | `{}` | | -| drupal.persistence.accessMode | string | `"ReadWriteOnce"` | | -| drupal.persistence.annotations | object | `{}` | | -| drupal.persistence.enabled | bool | `false` | | -| drupal.persistence.size | string | `"8Gi"` | | -| drupal.php.ini | object | `{}` | | -| drupal.podAnnotations | object | `{}` | | -| drupal.profile | string | `"wetkit"` | | -| drupal.reconfigure | bool | `true` | | -| drupal.replicas | int | `1` | | -| drupal.resources | object | `{}` | | -| drupal.restore.convert | bool | `false` | | -| drupal.restore.db | bool | `true` | | -| drupal.restore.enabled | bool | `false` | | -| drupal.restore.files | bool | `false` | | -| drupal.restore.name | string | `"latest"` | | -| drupal.restore.suppressTarErrors | bool | `false` | | -| drupal.restore.volume | object | `{}` | | -| drupal.securityContext.fsGroup | int | `82` | | -| drupal.securityContext.runAsGroup | int | `82` | | -| drupal.securityContext.runAsUser | int | `82` | | -| drupal.serviceType | string | `"ClusterIP"` | | -| drupal.siteEmail | string | `"admin@example.com"` | | -| drupal.siteName | string | `"Drupal Install Profile (WetKit)"` | | -| drupal.smtp.auth.enabled | bool | `false` | | -| drupal.smtp.auth.method | string | `"LOGIN"` | | -| drupal.smtp.auth.password | string | `""` | | -| drupal.smtp.auth.user | string | `""` | | -| drupal.smtp.host | string | `"mail"` | | -| drupal.smtp.starttls | bool | `true` | | -| drupal.smtp.tls | bool | `true` | | -| drupal.tolerations | list | `[]` | | -| drupal.updateDBBeforeDatabaseMigration | bool | `true` | | -| drupal.username | string | `"admin"` | | -| drupal.version | string | `"d7"` | | -| drupal.volumeMounts | string | `nil` | | -| drupal.volumes | string | `nil` | | -| drupal.wxtTheme | string | `"theme-gcweb"` | | - -## Nginx - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| nginx.autoscaling.enabled | bool | `false` | | -| nginx.autoscaling.maxReplicas | int | `11` | | -| nginx.autoscaling.minReplicas | int | `1` | | -| nginx.autoscaling.targetCPUUtilizationPercentage | int | `50` | | -| nginx.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | -| nginx.client_max_body_size | string | `"20m"` | | -| nginx.customLocations | string | `""` | | -| nginx.gzip | bool | `true` | | -| nginx.image | string | `"drupalwxt/site-wetkit"` | | -| nginx.imagePullPolicy | string | `"IfNotPresent"` | | -| nginx.nodeSelector | object | `{}` | | -| nginx.real_ip_header | string | `"X-Forwarded-For"` | | -| nginx.replicas | int | `1` | | -| nginx.resolver | string | `"kube-dns.kube-system.svc.cluster.local"` | | -| nginx.securityContext.enabled | bool | `true` | | -| nginx.securityContext.fsGroup | int | `33` | | -| nginx.serviceType | string | `"ClusterIP"` | | -| nginx.tolerations | list | `[]` | | -| nginx.volumeMounts | string | `nil` | | -| nginx.volumes | string | `nil` | | - -## MySQL - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| mysql.auth.database | string | `"wxt"` | | -| mysql.auth.password | string | `""` | | -| mysql.auth.rootPassword | string | `""` | | -| mysql.auth.username | string | `"wxt"` | | -| mysql.enabled | bool | `true` | | -| mysql.image.tag | string | `"8.0.29-debian-11-r3"` | | -| mysql.primary.configuration | string | `"[mysqld]\ndefault_authentication_plugin=mysql_native_password\nskip-name-resolve\nexplicit_defaults_for_timestamp\nbasedir=/opt/bitnami/mysql\nplugin_dir=/opt/bitnami/mysql/lib/plugin\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndatadir=/bitnami/mysql/data\ntmpdir=/opt/bitnami/mysql/tmp\nmax_allowed_packet=16M\nbind-address=0.0.0.0\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid\nlog-error=/opt/bitnami/mysql/logs/mysqld.log\ncharacter-set-server=UTF8\ncollation-server=utf8_general_ci\nslow_query_log=0\nslow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log\nlong_query_time=10.0\n\nmax_allowed_packet = 256M\ninnodb_buffer_pool_size = 4096M\ninnodb_buffer_pool_instances = 4\ntable_definition_cache = 4096\ntable_open_cache = 8192\ninnodb_flush_log_at_trx_commit=2\n[client]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\ndefault-character-set=UTF8\nplugin_dir=/opt/bitnami/mysql/lib/plugin\n[manager]\nport=3306\nsocket=/opt/bitnami/mysql/tmp/mysql.sock\npid-file=/opt/bitnami/mysql/tmp/mysqld.pid"` | | -| mysql.primary.persistence.enabled | bool | `true` | | -| mysql.primary.persistence.size | string | `"128Gi"` | | -| mysql.volumePermissions.enabled | bool | `true` | | - -### ProxySQL - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| proxysql.admin.password | string | `"password"` | | -| proxysql.admin.user | string | `"username@hostname"` | | -| proxysql.configuration.maxConnections | int | `2048` | | -| proxysql.configuration.serverVersion | string | `"5.7.28"` | | -| proxysql.configuration.stackSize | int | `1048576` | | -| proxysql.enabled | bool | `false` | | -| proxysql.monitor.password | string | `"password"` | | -| proxysql.monitor.user | string | `"username@hostname"` | | - -## PostgreSQL - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| postgresql.auth.database | string | `"wxt"` | | -| postgresql.auth.enablePostgresUser | bool | `true` | | -| postgresql.auth.password | string | `""` | | -| postgresql.auth.postgresPassword | string | `""` | | -| postgresql.auth.username | string | `"wxt"` | | -| postgresql.enabled | bool | `false` | | -| postgresql.image.tag | string | `"14.3.0-debian-11-r3"` | | -| postgresql.primary.configuration | string | `"listen_addresses='*'\nmax_connections=200\nshared_buffers='512MB'\nwork_mem='2048MB'\neffective_cache_size='512MB'\nmaintenance_work_mem='32MB'\nmin_wal_size='512MB'\nmax_wal_size='512MB'\nwal_buffer='8048kB'\nbytea_output='escape'"` | | -| postgresql.primary.persistence.enabled | bool | `true` | | -| postgresql.primary.persistence.size | string | `"128Gi"` | | -| postgresql.volumePermissions.enabled | bool | `true` | | - -### PGBouncer - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| pgbouncer.enabled | bool | `false` | | -| pgbouncer.host | string | `"mypgserver.postgres.database.azure.com"` | | -| pgbouncer.maxClientConnections | int | `400` | | -| pgbouncer.password | string | `"password"` | | -| pgbouncer.poolSize | int | `50` | | -| pgbouncer.user | string | `"username@hostname"` | | - -## External - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| external.database | string | `"wetkit"` | | -| external.driver | string | `"mysql"` | | -| external.enabled | bool | `false` | | -| external.host | string | `"mysql.example.org"` | | -| external.password | string | `"password"` | | -| external.port | int | `3306` | | -| external.user | string | `"wetkit"` | | - -## Azure Files - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| azureFile.accessMode | string | `"ReadWriteMany"` | | -| azureFile.annotations | object | `{}` | | -| azureFile.enabled | bool | `false` | | -| azureFile.initMediaIconsFolder | bool | `true` | | -| azureFile.private.azureFile.readOnly | bool | `false` | | -| azureFile.private.azureFile.secretName | string | `"drupal-storage"` | | -| azureFile.private.azureFile.shareName | string | `"drupal-private"` | | -| azureFile.public.azureFile.readOnly | bool | `false` | | -| azureFile.public.azureFile.secretName | string | `"drupal-storage"` | | -| azureFile.public.azureFile.shareName | string | `"drupal-public"` | | -| azureFile.size | string | `"100Gi"` | | -| azureFile.storageClass | string | `"azurefile"` | | - -## Shared Disk - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| sharedDisk.accessMode | string | `"ReadWriteMany"` | | -| sharedDisk.annotations | object | `{}` | | -| sharedDisk.enabled | bool | `false` | | -| sharedDisk.initMediaIconsFolder | bool | `true` | | -| sharedDisk.maxShares | int | `2` | | -| sharedDisk.private.azureFile.readOnly | bool | `false` | | -| sharedDisk.private.azureFile.secretName | string | `"drupal-storage"` | | -| sharedDisk.private.azureFile.shareName | string | `"drupal-private"` | | -| sharedDisk.size | string | `"256Gi"` | | - -## Redis - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| redis.commonConfiguration | string | `"# Disable AOF https://redis.io/topics/persistence#append-only-file\nappendonly no\n# Disable RDB persistence.\nsave \"\""` | | -| redis.enabled | bool | `false` | | -| redis.master.disableCommands | list | `[]` | | -| redis.master.persistence.enabled | bool | `false` | | -| redis.master.service.type | string | `"ClusterIP"` | | -| redis.replica.disableCommands | list | `[]` | | -| redis.replica.enabled | bool | `false` | | -| redis.replica.persistence.enabled | bool | `false` | | -| redis.replica.replicaCount | int | `0` | | -| redis.replica.service.type | string | `"ClusterIP"` | | -| redis.sentinel.enabled | bool | `false` | | - -## Varnish - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| varnish.affinity | object | `{}` | | -| varnish.enabled | bool | `false` | | -| varnish.nodeSelector | object | `{}` | | -| varnish.resources | object | `{}` | | -| varnish.service.port | int | `80` | | -| varnish.service.type | string | `"ClusterIP"` | | -| varnish.tolerations | list | `[]` | | -| varnish.varnishConfigContent | string | `"vcl 4.0;\n\nimport std;\nimport directors;\n\nbackend nginx {\n .host = \"{{ include \"backend.fullname\" . }}-nginx\";\n .host_header = \"{{ include \"backend.fullname\" . }}-nginx\";\n .port = \"80\";\n}\n\nsub vcl_init {\n new backends = directors.round_robin();\n backends.add_backend(nginx);\n}\n\nsub vcl_recv {\n set req.http.X-Forwarded-Host = req.http.Host;\n if (!req.http.X-Forwarded-Proto) {\n set req.http.X-Forwarded-Proto = \"http\";\n }\n\n # Answer healthcheck\n if (req.url == \"/_healthcheck\" || req.url == \"/healthcheck.txt\") {\n return (synth(700, \"HEALTHCHECK\"));\n }\n set req.backend_hint = backends.backend();\n\n # Answer healthcheck\n if (req.url == \"/_healthcheck\" || req.url == \"/healthcheck.txt\") {\n return (synth(700, \"HEALTHCHECK\"));\n }\n set req.backend_hint = backends.backend();\n\n # Always cache certain file types\n # Remove cookies that Drupal doesn't care about\n if (req.url ~ \"(?i)\\.(asc|dat|tgz|png|gif|jpeg|jpg|ico|swf|css|js)(\\?.*)?$\") {\n unset req.http.Cookie;\n } else if (req.http.Cookie) {\n set req.http.Cookie = \";\" + req.http.Cookie;\n set req.http.Cookie = regsuball(req.http.Cookie, \"; +\", \";\");\n set req.http.Cookie = regsuball(req.http.Cookie, \";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=\", \"; \\1=\");\n set req.http.Cookie = regsuball(req.http.Cookie, \";[^ ][^;]*\", \"\");\n set req.http.Cookie = regsuball(req.http.Cookie, \"^[; ]+|[; ]+$\", \"\");\n if (req.http.Cookie == \"\") {\n unset req.http.Cookie;\n } else {\n return (pass);\n }\n }\n # If POST, PUT or DELETE, then don't cache\n if (req.method == \"POST\" || req.method == \"PUT\" || req.method == \"DELETE\") {\n return (pass);\n }\n # Happens before we check if we have this in cache already.\n #\n # Typically you clean up the request here, removing cookies you don't need,\n # rewriting the request, etc.\n return (hash);\n #return (pass);\n}\n\nsub vcl_backend_fetch {\n # NEW\n set bereq.http.Host = \"{{ include \"backend.fullname\" . }}-nginx\";\n\n # Don't add 127.0.0.1 to X-Forwarded-For\n set bereq.http.X-Forwarded-For = regsub(bereq.http.X-Forwarded-For, \"(, )?127\\.0\\.0\\.1$\", \"\");\n}\n\nsub vcl_backend_response {\n if (beresp.http.Location) {\n set beresp.http.Location = regsub(\n beresp.http.Location,\n \"^https?://[^/]+/\",\n bereq.http.X-Forwarded-Proto + \"://\" + bereq.http.X-Forwarded-Host + \"/\"\n );\n }\n # Only cache select response codes\n if (beresp.status == 200 || beresp.status == 203 || beresp.status == 204 || beresp.status == 206 || beresp.status == 300 || beresp.status == 301 || beresp.status == 404 || beresp.status == 405 || beresp.status == 410 || beresp.status == 414 || beresp.status == 501) {\n # Cache for 5 minutes\n set beresp.ttl = 5m;\n set beresp.grace = 12h;\n set beresp.keep = 24h;\n } else {\n set beresp.ttl = 0s;\n }\n}\n\nsub vcl_deliver {\n # Remove identifying information\n unset resp.http.Server;\n unset resp.http.X-Powered-By;\n unset resp.http.X-Varnish;\n unset resp.http.Via;\n\n # Comment these for easier Drupal cache tag debugging in development.\n unset resp.http.Cache-Tags;\n unset resp.http.X-Drupal-Cache-Contexts;\n\n # Add Content-Security-Policy\n # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net data:; font-src 'self' *.example.ca https://fonts.gstatic.com\";\n\n # Add CORS Headers\n # if (req.http.Origin ~ \"(?i)\\.example\\.ca$\") {\n # if (req.url ~ \"\\.(ttd|woff|woff2)(\\?.*)?$\") {\n # set resp.http.Access-Control-Allow-Origin = \"*\";\n # set resp.http.Access-Control-Allow-Methods = \"GET\";\n # }\n # }\n\n # Add X-Frame-Options\n if (req.url ~ \"^/livechat\" || req.url ~ \"^/(eng/|fra/)?media/\") {\n set resp.http.X-Frame-Options = \"SAMEORIGIN\";\n } else {\n set resp.http.X-Frame-Options = \"DENY\";\n }\n\n set resp.http.X-Content-Type-Options = \"nosniff\";\n set resp.http.X-XSS-Protection = \"1; mode=block\";\n\n # Happens when we have all the pieces we need, and are about to send the\n # response to the client.\n #\n # You can do accounting or modifying the final object here.\n if (obj.hits > 0) {\n set resp.http.X-Cache = \"HIT\";\n } else {\n set resp.http.X-Cache = \"MISS\";\n }\n # Handle errors\n if ( (resp.status >= 500 && resp.status <= 599)\n || resp.status == 400\n || resp.status == 401\n || resp.status == 403\n || resp.status == 404) {\n return (synth(resp.status));\n }\n}\n\nsub vcl_synth {\n # Remove identifying information\n unset resp.http.Server;\n unset resp.http.X-Powered-By;\n unset resp.http.X-Varnish;\n unset resp.http.Via;\n\n # Add Content-Security-Policy\n # set resp.http.Content-Security-Policy = \"default-src 'self' *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca data:;\";\n # set resp.http.X-Content-Type-Options = \"nosniff\";\n # set resp.http.X-Frame-Options = \"DENY\";\n # set resp.http.X-XSS-Protection = \"1; mode=block\";\n\n # if (resp.status >= 500 && resp.status <= 599) {\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n # return (deliver);\n # } elseif (resp.status == 400) { # 400 - Bad Request\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/400.html\"));\n # return (deliver);\n # } elseif (resp.status == 401) { # 401 - Unauthorized\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/401.html\"));\n # return (deliver);\n # } elseif (resp.status == 403) { # 403 - Forbidden\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/403.html\"));\n # return (deliver);\n # } elseif (resp.status == 404) { # 404 - Not Found\n # set resp.http.Content-Type = \"text/html; charset=utf-8\";\n # synthetic(std.fileread(\"/data/configuration/varnish/errors/404.html\"));\n # return (deliver);\n # } else\n if (resp.status == 700) { # Respond to healthcheck\n set resp.status = 200;\n set resp.http.Content-Type = \"text/plain\";\n synthetic ( {\"OK\"} );\n return (deliver);\n }\n}\n\n##\n# ERROR HANDLING\n##\n# sub vcl_backend_error {\n# set beresp.http.Content-Type = \"text/html; charset=utf-8\";\n# synthetic(std.fileread(\"/data/configuration/varnish/errors/503.html\"));\n# return (deliver);\n# }\n"` | | -| varnish.varnishd.image | string | `"varnish"` | | -| varnish.varnishd.imagePullPolicy | string | `"IfNotPresent"` | | -| varnish.varnishd.tag | string | `"6.5.1"` | | - - - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/drupal7/README.md.gotmpl b/drupal7/README.md.gotmpl deleted file mode 100644 index 38ee7a64..00000000 --- a/drupal7/README.md.gotmpl +++ /dev/null @@ -1,166 +0,0 @@ -{{ template "chart.header" . }} - -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.badgesSection" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -{{ template "chart.maintainersSection" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "chart.requirementsSection" . }} - -## Prerequisites - -- Kubernetes 1.7+ -- Helm v3.0.0+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```sh -helm repo add drupalwxt https://drupalwxt.github.io/helm-drupal -"drupalwxt" has been added to your repositories - -helm install my-release drupalwxt/drupal -NAME: my-release -``` - -Optionally you can git clone the helm chart and select the appropriate values file: - -```sh -git clone https://github.com/drupalwxt/helm-drupal -cd helm-drupal/drupal -cp values-azurefile.yaml values-override.yaml -helm install --name drupal -f values-override.yaml -``` - -## Ingress - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "ingress." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -## Drupal - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "drupal." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -## Nginx - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "nginx." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -## MySQL - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "mysql." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -### ProxySQL - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "proxysql." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -## PostgreSQL - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "postgresql." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -### PGBouncer - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "pgbouncer." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -## External - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "external." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -## Azure Files - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "azureFile." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -## Shared Disk - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "sharedDisk." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - - -## Redis - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "redis." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - -## Varnish - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -{{- range .Values }} - {{- if hasPrefix "varnish." .Key }} -| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | - {{- end }} -{{- end }} - - - -{{ template "helm-docs.versionFooter" . }} diff --git a/drupal7/charts/mysql-9.1.7.tgz b/drupal7/charts/mysql-9.1.7.tgz deleted file mode 100644 index 2c705d11..00000000 Binary files a/drupal7/charts/mysql-9.1.7.tgz and /dev/null differ diff --git a/drupal7/charts/postgresql-11.6.6.tgz b/drupal7/charts/postgresql-11.6.6.tgz deleted file mode 100644 index b743d2ba..00000000 Binary files a/drupal7/charts/postgresql-11.6.6.tgz and /dev/null differ diff --git a/drupal7/charts/redis-16.13.2.tgz b/drupal7/charts/redis-16.13.2.tgz deleted file mode 100644 index 33b5e967..00000000 Binary files a/drupal7/charts/redis-16.13.2.tgz and /dev/null differ diff --git a/drupal7/charts/varnish-0.2.2.tgz b/drupal7/charts/varnish-0.2.2.tgz deleted file mode 100644 index b541c5b2..00000000 Binary files a/drupal7/charts/varnish-0.2.2.tgz and /dev/null differ diff --git a/drupal7/conf/nginx.conf b/drupal7/conf/nginx.conf deleted file mode 100644 index e0dfe1e1..00000000 --- a/drupal7/conf/nginx.conf +++ /dev/null @@ -1,96 +0,0 @@ -error_log /proc/self/fd/2; -pid /var/run/nginx.pid; -user root; -worker_processes auto; -worker_rlimit_nofile 500000; - -events { - multi_accept on; - use epoll; - worker_connections 8192; -} - -http { - access_log /proc/self/fd/1; -{{- if .Values.nginx.client_max_body_size }} - client_max_body_size {{ .Values.nginx.client_max_body_size }}; -{{- else }} - client_max_body_size 20m; -{{- end }} - default_type application/octet-stream; -{{- if .Values.nginx.gzip }} - gzip on; - gzip_buffers 16 8k; - gzip_comp_level 4; - gzip_disable msie6; - gzip_proxied off; - gzip_types application/json; - gzip_vary on; -{{- end }} - include /etc/nginx/mime.types; - index index.html index.htm; - keepalive_timeout 240; - proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:8m max_size=3000m inactive=600m; - proxy_temp_path /var/tmp; - sendfile on; - server_tokens off; - tcp_nopush on; - types_hash_max_size 2048; - proxy_http_version 1.1; - map_hash_max_size 262144; - map_hash_bucket_size 262144; - - server { - #IPv4 - listen 80; - - #IPv6 - listen [::]:80; - - # Filesystem root of the site and index with fallback. - root /var/www/html; - index index.php index.html index.htm; - - # Make site accessible from http://drupal.dev; - server_name _; - - set_real_ip_from 0.0.0.0/0; - real_ip_header {{ .Values.nginx.real_ip_header }}; - - # Block hidden files and directories - location ~ (^|/)\. { - return 404; - } - - # Nginx health - location /_healthz { - access_log off; - return 200 "OK"; - } - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ /index.html /index.php?$query_string; - } - - {{ .Values.nginx.customLocations }} - - location ~ \.php$ { - proxy_intercept_errors on; - include fastcgi_params; - fastcgi_read_timeout 120; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - fastcgi_pass {{ template "drupal7.fullname" . }}:9000; - fastcgi_buffers 16 32k; - fastcgi_buffer_size 64k; - fastcgi_busy_buffers_size 64k; - try_files $uri =404; - } - - location ~ /\.ht { - deny all; - } - } -} diff --git a/drupal7/conf/opcache-recommended.ini b/drupal7/conf/opcache-recommended.ini deleted file mode 100644 index ab1365b9..00000000 --- a/drupal7/conf/opcache-recommended.ini +++ /dev/null @@ -1,5 +0,0 @@ -opcache.memory_consumption=1024 -opcache.interned_strings_buffer=32 -opcache.max_accelerated_files=32531 -opcache.revalidate_freq=300 -opcache.fast_shutdown=1 diff --git a/drupal7/conf/pgbouncer.ini b/drupal7/conf/pgbouncer.ini deleted file mode 100644 index cbc138aa..00000000 --- a/drupal7/conf/pgbouncer.ini +++ /dev/null @@ -1,23 +0,0 @@ -[databases] -# Please change "host=postgres.default port=5432" -# to reflect your PostgreSQL target: -* = host={{ .Values.pgbouncer.host }} port=5432 user={{ .Values.pgbouncer.user }} -[pgbouncer] -# Do not change these settings: -listen_addr = 0.0.0.0 -auth_file = /etc/pgbouncer/userlist.txt -auth_type = trust -server_tls_sslmode = verify-ca -server_tls_ca_file = /etc/root.crt.pem -# These are defaults and can be configured -# please leave them as defaults if you are -# uncertain. -listen_port = 5432 -unix_socket_dir = -# user = postgres -pool_mode = transaction -default_pool_size = {{ .Values.pgbouncer.poolSize }} -max_client_conn = {{ .Values.pgbouncer.maxClientConnections }} -ignore_startup_parameters = extra_float_digits -# admin_users = postgres -# Please add any additional settings below this line diff --git a/drupal7/conf/php.ini b/drupal7/conf/php.ini deleted file mode 100644 index ed5afffd..00000000 --- a/drupal7/conf/php.ini +++ /dev/null @@ -1,12 +0,0 @@ -[PHP] -date.timezone = UTC -zend.assertions = 0 -upload_max_filesize = 32M -post_max_size = 32M -file_uploads = On -memory_limit = 1024M -display_errors = Off -display_startup_errors = Off -{{- range $key, $val := .Values.drupal.php.ini }} -{{ $key }} = {{ $val }} -{{- end }} diff --git a/drupal7/conf/proxysql.conf b/drupal7/conf/proxysql.conf deleted file mode 100644 index e8d2d1ac..00000000 --- a/drupal7/conf/proxysql.conf +++ /dev/null @@ -1,65 +0,0 @@ -datadir="/var/lib/proxysql" - -admin_variables= -{ - admin_credentials="{{ .Values.proxysql.admin.user }}:{{ .Values.proxysql.admin.password }}" - mysql_ifaces="0.0.0.0:6032" - refresh_interval=2000 -} - -mysql_variables= -{ - threads=4 - max_connections="{{ .Values.proxysql.configuration.maxConnections }}" - default_query_delay=0 - default_query_timeout=36000000 - have_compress=true - poll_timeout=2000 - interfaces="0.0.0.0:3306;/tmp/proxysql.sock" - default_schema="information_schema" - stacksize="{{ .Values.proxysql.configuration.stackSize }}" - server_version="{{ .Values.proxysql.configuration.serverVersion }}" - connect_timeout_server=10000 - monitor_history=60000 - monitor_connect_interval=200000 - monitor_ping_interval=200000 - ping_interval_server_msec=10000 - ping_timeout_server=200 - commands_stats=true - sessions_sort=true - monitor_username="{{ .Values.proxysql.monitor.user }}" - monitor_password="{{ .Values.proxysql.monitor.password }}" -} - -{{- if .Values.external.enabled }} -mysql_servers = -( - { hostgroup_id=1, hostname="{{ .Values.external.host }}", port=3306 , weight=1, comment="write Group", use_ssl=1 }, -) - -mysql_users = -( - { username = "{{ .Values.external.user }}" , password = "{{ .Values.external.password }}" , default_hostgroup = 1 , active = 1 } -) -{{- else if .Values.mysql.enabled }} -mysql_servers = -( - { hostgroup_id=1, hostname="{{ .Release.Name }}-mysql", port=3306 , weight=1, comment="write Group", use_ssl=1 }, -) - -mysql_users = -( - { username = "{{ .Values.mysql.auth.username }}" , password = "{{ .Values.mysql.auth.database }}" , default_hostgroup = 1 , active = 1 } -) -{{- end }} - -mysql_query_rules = -( - { - rule_id=1 - active=1 - match_digest="^SELECT .* FOR UPDATE" - destination_hostgroup=1 - apply=1 - }, -) diff --git a/drupal7/conf/settings.d7.php b/drupal7/conf/settings.d7.php deleted file mode 100644 index 95173c59..00000000 --- a/drupal7/conf/settings.d7.php +++ /dev/null @@ -1,753 +0,0 @@ - 'mysql', -* 'database' => 'databasename', -* 'username' => 'username', -* 'password' => 'password', -* 'host' => 'localhost', -* 'port' => 3306, -* 'prefix' => 'myprefix_', -* 'collation' => 'utf8_general_ci', -* ); -* @endcode -* -* The "driver" property indicates what Drupal database driver the -* connection should use. This is usually the same as the name of the -* database type, such as mysql or sqlite, but not always. The other -* properties will vary depending on the driver. For SQLite, you must -* specify a database file name in a directory that is writable by the -* webserver. For most other drivers, you must specify a -* username, password, host, and database name. -* -* Transaction support is enabled by default for all drivers that support it, -* including MySQL. To explicitly disable it, set the 'transactions' key to -* FALSE. -* Note that some configurations of MySQL, such as the MyISAM engine, don't -* support it and will proceed silently even if enabled. If you experience -* transaction related crashes with such configuration, set the 'transactions' -* key to FALSE. -* -* For each database, you may optionally specify multiple "target" databases. -* A target database allows Drupal to try to send certain queries to a -* different database if it can but fall back to the default connection if not. -* That is useful for master/slave replication, as Drupal may try to connect -* to a slave server when appropriate and if one is not available will simply -* fall back to the single master server. -* -* The general format for the $databases array is as follows: -* @code -* $databases['default']['default'] = $info_array; -* $databases['default']['slave'][] = $info_array; -* $databases['default']['slave'][] = $info_array; -* $databases['extra']['default'] = $info_array; -* @endcode -* -* In the above example, $info_array is an array of settings described above. -* The first line sets a "default" database that has one master database -* (the second level default). The second and third lines create an array -* of potential slave databases. Drupal will select one at random for a given -* request as needed. The fourth line creates a new database with a name of -* "extra". -* -* For a single database configuration, the following is sufficient: -* @code -* $databases['default']['default'] = array( -* 'driver' => 'mysql', -* 'database' => 'databasename', -* 'username' => 'username', -* 'password' => 'password', -* 'host' => 'localhost', -* 'prefix' => 'main_', -* 'collation' => 'utf8_general_ci', -* ); -* @endcode -* -* For handling full UTF-8 in MySQL, including multi-byte characters such as -* emojis, Asian symbols, and mathematical symbols, you may set the collation -* and charset to "utf8mb4" prior to running install.php: -* @code -* $databases['default']['default'] = array( -* 'driver' => 'mysql', -* 'database' => 'databasename', -* 'username' => 'username', -* 'password' => 'password', -* 'host' => 'localhost', -* 'charset' => 'utf8mb4', -* 'collation' => 'utf8mb4_general_ci', -* ); -* @endcode -* When using this setting on an existing installation, ensure that all existing -* tables have been converted to the utf8mb4 charset, for example by using the -* utf8mb4_convert contributed project available at -* https://www.drupal.org/project/utf8mb4_convert, so as to prevent mixing data -* with different charsets. -* Note this should only be used when all of the following conditions are met: -* - In order to allow for large indexes, MySQL must be set up with the -* following my.cnf settings: -* [mysqld] -* innodb_large_prefix=true -* innodb_file_format=barracuda -* innodb_file_per_table=true -* These settings are available as of MySQL 5.5.14, and are defaults in -* MySQL 5.7.7 and up. -* - The PHP MySQL driver must support the utf8mb4 charset (libmysqlclient -* 5.5.3 and up, as well as mysqlnd 5.0.9 and up). -* - The MySQL server must support the utf8mb4 charset (5.5.3 and up). -* -* You can optionally set prefixes for some or all database table names -* by using the 'prefix' setting. If a prefix is specified, the table -* name will be prepended with its value. Be sure to use valid database -* characters only, usually alphanumeric and underscore. If no prefixes -* are desired, leave it as an empty string ''. -* -* To have all database names prefixed, set 'prefix' as a string: -* @code -* 'prefix' => 'main_', -* @endcode -* To provide prefixes for specific tables, set 'prefix' as an array. -* The array's keys are the table names and the values are the prefixes. -* The 'default' element is mandatory and holds the prefix for any tables -* not specified elsewhere in the array. Example: -* @code -* 'prefix' => array( -* 'default' => 'main_', -* 'users' => 'shared_', -* 'sessions' => 'shared_', -* 'role' => 'shared_', -* 'authmap' => 'shared_', -* ), -* @endcode -* You can also use a reference to a schema/database as a prefix. This may be -* useful if your Drupal installation exists in a schema that is not the default -* or you want to access several databases from the same code base at the same -* time. -* Example: -* @code -* 'prefix' => array( -* 'default' => 'main.', -* 'users' => 'shared.', -* 'sessions' => 'shared.', -* 'role' => 'shared.', -* 'authmap' => 'shared.', -* ); -* @endcode -* NOTE: MySQL and SQLite's definition of a schema is a database. -* -* Advanced users can add or override initial commands to execute when -* connecting to the database server, as well as PDO connection settings. For -* example, to enable MySQL SELECT queries to exceed the max_join_size system -* variable, and to reduce the database connection timeout to 5 seconds: -* -* @code -* $databases['default']['default'] = array( -* 'init_commands' => array( -* 'big_selects' => 'SET SQL_BIG_SELECTS=1', -* ), -* 'pdo' => array( -* PDO::ATTR_TIMEOUT => 5, -* ), -* ); -* @endcode -* -* WARNING: These defaults are designed for database portability. Changing them -* may cause unexpected behavior, including potential data loss. -* -* @see DatabaseConnection_mysql::__construct -* @see DatabaseConnection_pgsql::__construct -* @see DatabaseConnection_sqlite::__construct -* -* Database configuration format: -* @code -* $databases['default']['default'] = array( -* 'driver' => 'mysql', -* 'database' => 'databasename', -* 'username' => 'username', -* 'password' => 'password', -* 'host' => 'localhost', -* 'prefix' => '', -* ); -* $databases['default']['default'] = array( -* 'driver' => 'pgsql', -* 'database' => 'databasename', -* 'username' => 'username', -* 'password' => 'password', -* 'host' => 'localhost', -* 'prefix' => '', -* ); -* $databases['default']['default'] = array( -* 'driver' => 'sqlite', -* 'database' => '/path/to/databasefilename', -* ); -* @endcode -*/ - -{{- if .Values.external.enabled }} -$databases = array( - 'default' => - array ( - 'default' => - array ( - 'database' => {{ .Values.external.database | quote }}, - 'username' => {{ .Values.external.user | quote }}, - 'password' => getenv('EXTERNAL_PASSWORD') ?: '', - {{- if .Values.proxysql.enabled }} - 'host' => '127.0.0.1', - {{- else if .Values.postgresql.enabled }} - 'host' => 'localhost', - {{- else }} - 'host' => {{ .Values.external.host | quote }}, - {{- end }} - 'port' => {{ .Values.external.port }}, - 'driver' => '{{ .Values.external.driver }}', - 'prefix' => '', - ), - ), -); - -{{- if .Values.proxysql.enabled }} -// When proxysql is enabled, allow a way to -// access the upstream database directly. -$databases['noproxy'] = array( - 'default' => - array ( - 'database' => {{ .Values.external.database | quote }}, - 'username' => {{ .Values.external.user | quote }}, - 'password' => getenv('EXTERNAL_PASSWORD') ?: '', - 'host' => {{ .Values.external.host | quote }}, - 'port' => {{ .Values.external.port }}, - 'driver' => '{{ .Values.external.driver }}', - 'prefix' => '', - 'pdo' => array( - PDO::MYSQL_ATTR_SSL_CA => "/etc/ssl/certs/ca-certificates.crt", - ), - ), -); -{{- end }} -{{- else if .Values.mysql.enabled }} -$databases = array ( - 'default' => - array ( - 'default' => - array ( - 'database' => {{ .Values.mysql.auth.database | quote }}, - 'username' => {{ .Values.mysql.auth.username | quote }}, - 'password' => getenv('MYSQL_PASSWORD') ?: '', - {{- if .Values.proxysql.enabled }} - 'host' => '127.0.0.1', - {{- else }} - 'host' => '{{ .Release.Name }}-mysql', - {{- end }} - 'port' => {{ .Values.mysql.primary.service.ports.mysql | quote }}, - 'driver' => 'mysql', - 'prefix' => '', - ), - ), -); -{{- else if .Values.postgresql.enabled }} -$databases = array ( - 'default' => - array ( - 'default' => - array ( - 'database' => {{ .Values.postgresql.auth.database | quote }}, - 'username' => {{ .Values.postgresql.auth.username | quote }}, - 'password' => getenv('POSTGRES_PASSWORD') ?: '', - {{- if .Values.pgbouncer.enabled }} - 'host' => 'localhost', - {{- else }} - 'host' => '{{ .Release.Name }}-postgresql', - {{- end }} - 'port' => {{ .Values.postgresql.primary.service.ports.postgresql | quote }}, - 'driver' => 'pgsql', - 'prefix' => '', - ), - ), -); -{{- end }} - -/** -* Access control for update.php script. -* -* If you are updating your Drupal installation using the update.php script but -* are not logged in using either an account with the "Administer software -* updates" permission or the site maintenance account (the account that was -* created during installation), you will need to modify the access check -* statement below. Change the FALSE to a TRUE to disable the access check. -* After finishing the upgrade, be sure to open this file again and change the -* TRUE back to a FALSE! -*/ -$update_free_access = FALSE; - -/** -* Salt for one-time login links and cancel links, form tokens, etc. -* -* This variable will be set to a random value by the installer. All one-time -* login links will be invalidated if the value is changed. Note that if your -* site is deployed on a cluster of web servers, you must ensure that this -* variable has the same value on each server. If this variable is empty, a hash -* of the serialized database credentials will be used as a fallback salt. -* -* For enhanced security, you may set this variable to a value using the -* contents of a file outside your docroot that is never saved together -* with any backups of your Drupal files and database. -* -* Example: -* $drupal_hash_salt = file_get_contents('/home/example/salt.txt'); -* -*/ -$drupal_hash_salt = ''; - -/** -* Base URL (optional). -* -* If Drupal is generating incorrect URLs on your site, which could -* be in HTML headers (links to CSS and JS files) or visible links on pages -* (such as in menus), uncomment the Base URL statement below (remove the -* leading hash sign) and fill in the absolute URL to your Drupal installation. -* -* You might also want to force users to use a given domain. -* See the .htaccess file for more information. -* -* Examples: -* $base_url = 'http://www.example.com'; -* $base_url = 'http://www.example.com:8888'; -* $base_url = 'http://www.example.com/drupal'; -* $base_url = 'https://www.example.com:8888/drupal'; -* -* It is not allowed to have a trailing slash; Drupal will add it -* for you. -*/ -# $base_url = 'http://www.example.com'; // NO trailing slash! - -/** -* PHP settings: -* -* To see what PHP settings are possible, including whether they can be set at -* runtime (by using ini_set()), read the PHP documentation: -* http://www.php.net/manual/ini.list.php -* See drupal_environment_initialize() in includes/bootstrap.inc for required -* runtime settings and the .htaccess file for non-runtime settings. Settings -* defined there should not be duplicated here so as to avoid conflict issues. -*/ - -/** -* Some distributions of Linux (most notably Debian) ship their PHP -* installations with garbage collection (gc) disabled. Since Drupal depends on -* PHP's garbage collection for clearing sessions, ensure that garbage -* collection occurs by using the most common settings. -*/ -ini_set('session.gc_probability', 1); -ini_set('session.gc_divisor', 100); - -/** -* Set session lifetime (in seconds), i.e. the time from the user's last visit -* to the active session may be deleted by the session garbage collector. When -* a session is deleted, authenticated users are logged out, and the contents -* of the user's $_SESSION variable is discarded. -*/ -ini_set('session.gc_maxlifetime', 200000); - -/** -* Set session cookie lifetime (in seconds), i.e. the time from the session is -* created to the cookie expires, i.e. when the browser is expected to discard -* the cookie. The value 0 means "until the browser is closed". -*/ -ini_set('session.cookie_lifetime', 2000000); - -/** -* If you encounter a situation where users post a large amount of text, and -* the result is stripped out upon viewing but can still be edited, Drupal's -* output filter may not have sufficient memory to process it. If you -* experience this issue, you may wish to uncomment the following two lines -* and increase the limits of these variables. For more information, see -* http://php.net/manual/pcre.configuration.php. -*/ -# ini_set('pcre.backtrack_limit', 200000); -# ini_set('pcre.recursion_limit', 200000); - -/** -* Drupal automatically generates a unique session cookie name for each site -* based on its full domain name. If you have multiple domains pointing at the -* same Drupal site, you can either redirect them all to a single domain (see -* comment in .htaccess), or uncomment the line below and specify their shared -* base domain. Doing so assures that users remain logged in as they cross -* between your various domains. Make sure to always start the $cookie_domain -* with a leading dot, as per RFC 2109. -*/ -# $cookie_domain = '.example.com'; - -/** -* Variable overrides: -* -* To override specific entries in the 'variable' table for this site, -* set them here. You usually don't need to use this feature. This is -* useful in a configuration file for a vhost or directory, rather than -* the default settings.php. Any configuration setting from the 'variable' -* table can be given a new value. Note that any values you provide in -* these variable overrides will not be modifiable from the Drupal -* administration interface. -* -* The following overrides are examples: -* - site_name: Defines the site's name. -* - theme_default: Defines the default theme for this site. -* - anonymous: Defines the human-readable name of anonymous users. -* Remove the leading hash signs to enable. -*/ -# $conf['site_name'] = 'My Drupal site'; -# $conf['theme_default'] = 'garland'; -# $conf['anonymous'] = 'Visitor'; - -/** -* A custom theme can be set for the offline page. This applies when the site -* is explicitly set to maintenance mode through the administration page or when -* the database is inactive due to an error. It can be set through the -* 'maintenance_theme' key. The template file should also be copied into the -* theme. It is located inside 'modules/system/maintenance-page.tpl.php'. -* Note: This setting does not apply to installation and update pages. -*/ -# $conf['maintenance_theme'] = 'bartik'; - -/** -* Reverse Proxy Configuration: -* -* Reverse proxy servers are often used to enhance the performance -* of heavily visited sites and may also provide other site caching, -* security, or encryption benefits. In an environment where Drupal -* is behind a reverse proxy, the real IP address of the client should -* be determined such that the correct client IP address is available -* to Drupal's logging, statistics, and access management systems. In -* the most simple scenario, the proxy server will add an -* X-Forwarded-For header to the request that contains the client IP -* address. However, HTTP headers are vulnerable to spoofing, where a -* malicious client could bypass restrictions by setting the -* X-Forwarded-For header directly. Therefore, Drupal's proxy -* configuration requires the IP addresses of all remote proxies to be -* specified in $conf['reverse_proxy_addresses'] to work correctly. -* -* Enable this setting to get Drupal to determine the client IP from -* the X-Forwarded-For header (or $conf['reverse_proxy_header'] if set). -* If you are unsure about this setting, do not have a reverse proxy, -* or Drupal operates in a shared hosting environment, this setting -* should remain commented out. -* -* In order for this setting to be used you must specify every possible -* reverse proxy IP address in $conf['reverse_proxy_addresses']. -* If a complete list of reverse proxies is not available in your -* environment (for example, if you use a CDN) you may set the -* $_SERVER['REMOTE_ADDR'] variable directly in settings.php. -* Be aware, however, that it is likely that this would allow IP -* address spoofing unless more advanced precautions are taken. -*/ -$conf['reverse_proxy'] = TRUE; - -/** -* Specify every reverse proxy IP address in your environment. -* This setting is required if $conf['reverse_proxy'] is TRUE. -*/ -$conf['reverse_proxy_addresses'] = array('0.0.0.0/0'); - -/** -* Set this value if your proxy server sends the client IP in a header -* other than X-Forwarded-For. -*/ -# $conf['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP'; - -/** -* Page caching: -* -* By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page -* views. This tells a HTTP proxy that it may return a page from its local -* cache without contacting the web server, if the user sends the same Cookie -* header as the user who originally requested the cached page. Without "Vary: -* Cookie", authenticated users would also be served the anonymous page from -* the cache. If the site has mostly anonymous users except a few known -* editors/administrators, the Vary header can be omitted. This allows for -* better caching in HTTP proxies (including reverse proxies), i.e. even if -* clients send different cookies, they still get content served from the cache. -* However, authenticated users should access the site directly (i.e. not use an -* HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid -* getting cached pages from the proxy. -*/ -# $conf['omit_vary_cookie'] = TRUE; - -/** -* CSS/JS aggregated file gzip compression: -* -* By default, when CSS or JS aggregation and clean URLs are enabled Drupal will -* store a gzip compressed (.gz) copy of the aggregated files. If this file is -* available then rewrite rules in the default .htaccess file will serve these -* files to browsers that accept gzip encoded content. This allows pages to load -* faster for these users and has minimal impact on server load. If you are -* using a webserver other than Apache httpd, or a caching reverse proxy that is -* configured to cache and compress these files itself you may want to uncomment -* one or both of the below lines, which will prevent gzip files being stored. -*/ -# $conf['css_gzip_compression'] = FALSE; -# $conf['js_gzip_compression'] = FALSE; - -/** -* Block caching: -* -* Block caching may not be compatible with node access modules depending on -* how the original block cache policy is defined by the module that provides -* the block. By default, Drupal therefore disables block caching when one or -* more modules implement hook_node_grants(). If you consider block caching to -* be safe on your site and want to bypass this restriction, uncomment the line -* below. -*/ -# $conf['block_cache_bypass_node_grants'] = TRUE; - -/** -* String overrides: -* -* To override specific strings on your site with or without enabling the Locale -* module, add an entry to this list. This functionality allows you to change -* a small number of your site's default English language interface strings. -* -* Remove the leading hash signs to enable. -*/ -# $conf['locale_custom_strings_en'][''] = array( -# 'forum' => 'Discussion board', -# '@count min' => '@count minutes', -# ); - -/** -* -* IP blocking: -* -* To bypass database queries for denied IP addresses, use this setting. -* Drupal queries the {blocked_ips} table by default on every page request -* for both authenticated and anonymous users. This allows the system to -* block IP addresses from within the administrative interface and before any -* modules are loaded. However on high traffic websites you may want to avoid -* this query, allowing you to bypass database access altogether for anonymous -* users under certain caching configurations. -* -* If using this setting, you will need to add back any IP addresses which -* you may have blocked via the administrative interface. Each element of this -* array represents a blocked IP address. Uncommenting the array and leaving it -* empty will have the effect of disabling IP blocking on your site. -* -* Remove the leading hash signs to enable. -*/ -# $conf['blocked_ips'] = array( -# 'a.b.c.d', -# ); - -/** -* Fast 404 pages: -* -* Drupal can generate fully themed 404 pages. However, some of these responses -* are for images or other resource files that are not displayed to the user. -* This can waste bandwidth, and also generate server load. -* -* The options below return a simple, fast 404 page for URLs matching a -* specific pattern: -* - 404_fast_paths_exclude: A regular expression to match paths to exclude, -* such as images generated by image styles, or dynamically-resized images. -* The default pattern provided below also excludes the private file system. -* If you need to add more paths, you can add '|path' to the expression. -* - 404_fast_paths: A regular expression to match paths that should return a -* simple 404 page, rather than the fully themed 404 page. If you don't have -* any aliases ending in htm or html you can add '|s?html?' to the expression. -* - 404_fast_html: The html to return for simple 404 pages. -* -* Add leading hash signs if you would like to disable this functionality. -*/ -$conf['404_fast_paths_exclude'] = '/\/(?:styles)|(?:system\/files)\//'; -$conf['404_fast_paths'] = '/\.(?:txt|png|gif|jpe?g|css|js|ico|swf|flv|cgi|bat|pl|dll|exe|asp)$/i'; -$conf['404_fast_html'] = '404 Not Found

Not Found

The requested URL "@path" was not found on this server.

'; - -/** -* By default the page request process will return a fast 404 page for missing -* files if they match the regular expression set in '404_fast_paths' and not -* '404_fast_paths_exclude' above. 404 errors will simultaneously be logged in -* the Drupal system log. -* -* You can choose to return a fast 404 page earlier for missing pages (as soon -* as settings.php is loaded) by uncommenting the line below. This speeds up -* server response time when loading 404 error pages and prevents the 404 error -* from being logged in the Drupal system log. In order to prevent valid pages -* such as image styles and other generated content that may match the -* '404_fast_paths' regular expression from returning 404 errors, it is -* necessary to add them to the '404_fast_paths_exclude' regular expression -* above. Make sure that you understand the effects of this feature before -* uncommenting the line below. -*/ -# drupal_fast_404(); - -/** -* External access proxy settings: -* -* If your site must access the Internet via a web proxy then you can enter -* the proxy settings here. Currently only basic authentication is supported -* by using the username and password variables. The proxy_user_agent variable -* can be set to NULL for proxies that require no User-Agent header or to a -* non-empty string for proxies that limit requests to a specific agent. The -* proxy_exceptions variable is an array of host names to be accessed directly, -* not via proxy. -*/ -# $conf['proxy_server'] = ''; -# $conf['proxy_port'] = 8080; -# $conf['proxy_username'] = ''; -# $conf['proxy_password'] = ''; -# $conf['proxy_user_agent'] = ''; -# $conf['proxy_exceptions'] = array('127.0.0.1', 'localhost'); - -/** -* Authorized file system operations: -* -* The Update manager module included with Drupal provides a mechanism for -* site administrators to securely install missing updates for the site -* directly through the web user interface. On securely-configured servers, -* the Update manager will require the administrator to provide SSH or FTP -* credentials before allowing the installation to proceed; this allows the -* site to update the new files as the user who owns all the Drupal files, -* instead of as the user the webserver is running as. On servers where the -* webserver user is itself the owner of the Drupal files, the administrator -* will not be prompted for SSH or FTP credentials (note that these server -* setups are common on shared hosting, but are inherently insecure). -* -* Some sites might wish to disable the above functionality, and only update -* the code directly via SSH or FTP themselves. This setting completely -* disables all functionality related to these authorized file operations. -* -* @see http://drupal.org/node/244924 -* -* Remove the leading hash signs to disable. -*/ -# $conf['allow_authorize_operations'] = FALSE; - -/** -* Theme debugging: -* -* When debugging is enabled: -* - The markup of each template is surrounded by HTML comments that contain -* theming information, such as template file name suggestions. -* - Note that this debugging markup will cause automated tests that directly -* check rendered HTML to fail. -* -* For more information about debugging theme templates, see -* https://www.drupal.org/node/223440#theme-debug. -* -* Not recommended in production environments. -* -* Remove the leading hash sign to enable. -*/ -# $conf['theme_debug'] = TRUE; - -/** -* CSS identifier double underscores allowance: -* -* To allow CSS identifiers to contain double underscores (.example__selector) -* for Drupal's BEM-style naming standards, uncomment the line below. -* Note that if you change this value in existing sites, existing page styles -* may be broken. -* -* @see drupal_clean_css_identifier() -*/ -# $conf['allow_css_double_underscores'] = TRUE; - -/** -* Set private file path directory. -*/ -$conf['file_private_path'] = '/private'; - -/** -* Load local development override configuration, if available. -* -* Use settings.local.php to override variables on secondary (staging, -* development, etc) installations of this site. Typically used to disable -* caching, JavaScript/CSS compression, re-routing of outgoing emails, and -* other things that should not happen on development and testing sites. -* -* Keep this code block at the end of this file to take full effect. -*/ - -{{- if .Values.redis.enabled }} -if (extension_loaded('redis')) { -{{- if .Values.redis.sentinel.enabled }} -$conf['redis_client_host'] = "{{ .Release.Name }}-redis"; -$conf['redis_client_port'] = "{{ .Values.redis.sentinel.service.sentinelPort }}"; -{{- else }} -$conf['redis_client_host'] = "{{ .Release.Name }}-redis-master"; -$conf['redis_client_port'] = "{{ .Values.redis.master.service.ports.redis }}"; -{{- end }} -$conf['redis_client_interface'] = '{{ default "Predis" .Values.redis.clientInterface }}'; -$conf['cache_backends'][] = 'sites/all/modules/contrib/redis/redis.autoload.inc'; -$conf['cache_default_class'] = 'Redis_Cache'; -// The 'cache_form' bin must be assigned to non-volatile storage. -$conf['cache_class_cache_form'] = 'DrupalDatabaseCache'; -// The 'cache_field' bin must be transactional. -$conf['cache_class_cache_field'] = 'DrupalDatabaseCache'; -$conf['redis_client_password'] = getenv('REDIS_PASSWORD') ?: ''; -} -{{- end }} - -if (is_file(__DIR__ . '/extra.settings.php')) { - include __DIR__ . '/extra.settings.php'; -} diff --git a/drupal7/conf/ssmtp.conf b/drupal7/conf/ssmtp.conf deleted file mode 100644 index 861f7b8f..00000000 --- a/drupal7/conf/ssmtp.conf +++ /dev/null @@ -1,13 +0,0 @@ -mailhub={{ .Values.drupal.smtp.host }} -FromLineOverride=YES -{{- if .Values.drupal.smtp.tls }} -UseTLS=YES -{{- end }} -{{- if .Values.drupal.smtp.starttls }} -UseSTARTTLS=YES -{{- end }} -{{- if .Values.drupal.smtp.auth.enabled }} -AuthUser={{ .Values.drupal.smtp.auth.user }} -AuthPass={{ .Values.drupal.smtp.auth.password }} -AuthMethod={{ default "LOGIN" .Values.drupal.smtp.auth.method }} -{{- end }} diff --git a/drupal7/conf/userlist.txt b/drupal7/conf/userlist.txt deleted file mode 100644 index f4acc69a..00000000 --- a/drupal7/conf/userlist.txt +++ /dev/null @@ -1 +0,0 @@ -"{{ .Values.pgbouncer.user }}" "{{ .Values.pgbouncer.password }}" diff --git a/drupal7/conf/www.conf b/drupal7/conf/www.conf deleted file mode 100644 index 30ffa113..00000000 --- a/drupal7/conf/www.conf +++ /dev/null @@ -1,9 +0,0 @@ -[www] -user = www-data -group = www-data -listen = 127.0.0.1:9000 -pm = dynamic -pm.max_children = 50 -pm.start_servers = 5 -pm.min_spare_servers = 5 -pm.max_spare_servers = 35 diff --git a/drupal7/templates/NOTES.txt b/drupal7/templates/NOTES.txt deleted file mode 100644 index 80be347c..00000000 --- a/drupal7/templates/NOTES.txt +++ /dev/null @@ -1,100 +0,0 @@ - -{{- if .Values.drupal.install }} - -********************** -** CONGRATULATIONS! ** -********************** - -Your Drupal site has been installed. - -{{- else }} - -Drupal was not installed. You may now restore a Drupal site or setup a new one with: - -export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }},tier=drupal" -o jsonpath="{.items[0].metadata.name}") - -# Run drush site:install -kubectl exec -it $POD_NAME -n {{ .Release.Namespace }} -- drush si {{ .Values.drupal.profile }} \ - --sites-subdir=default \ - --db-url={{ print "mysql://" .Values.mysql.auth.username ":YOUR_MYSQL_PASSWORD@" .Release.Name "-mysql:3306/ " .Values.mysql.auth.database | quote }} \ - --account-name={{ .Values.drupal.username | quote }} \ - --account-pass=YOUR_ACCOUNT_PASSWORD \ - --site-mail={{ .Values.drupal.siteEmail | quote }} \ - --site-name={{ .Values.drupal.siteName | quote }} \ - install_configure_form.update_status_module='array(FALSE,FALSE)' \ - --yes - -{{- end }} - -** To access your Drupal site - -{{- if .Values.ingress.enabled }} - - Visit http://{{ index .Values.ingress.hosts 0 }}{{ .Values.ingress.path }} - -{{- else if contains "LoadBalancer" .Values.nginx.serviceType }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "drupal7.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "drupal7.fullname" . }}-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - - echo http://$SERVICE_IP/ - -{{- else if contains "ClusterIP" .Values.nginx.serviceType }} - - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }},tier=frontend" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME 8080:80 - -{{- else if contains "NodePort" .Values.nginx.serviceType }} - - Or running: - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "drupal7.fullname" . }})-nginx - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - - echo http://$NODE_IP:$NODE_PORT/ - -{{- end }} - -** Migrations - -{{- if or (not .Values.drupal.migrate) (not .Values.drupal.install) (not .Values.drupal.reconfigure) }} - - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }},tier=drupal" -o jsonpath="{.items[0].metadata.name}") - - # Baseline migrations for Canada.ca - TODO - - # Group migration - TODO - -{{- else }} - - Default Canada.ca content migrations have been run. - - To perform additional migrations, run: - - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }},tier=drupal" -o jsonpath="{.items[0].metadata.name}") - kubectl exec -it $POD_NAME -n {{ .Release.Namespace }} -- drush migrate:import $MIGRATION - -{{- end }} - -** Login - - echo Username: {{ .Values.drupal.username }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "drupal7.fullname" . }} -o jsonpath="{.data.password}" | base64 --decode) - -** Running Drush commands - - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }},tier=drupal" -o jsonpath="{.items[0].metadata.name}") - kubectl exec -it $POD_NAME -n {{ .Release.Namespace }} -- drush $YOUR_COMMAND - -** Istio - -Running with Istio sidecar injection? - -1. The jobs won't finish, so you'll need to monitor the pods and once they reach 1/2 ready, terminate the proxy: - - kubectl exec -it $POD_NAME -n {{ .Release.Namespace }} -c istio-proxy -- kill -INT 1 diff --git a/drupal7/templates/_helpers.tpl b/drupal7/templates/_helpers.tpl deleted file mode 100644 index 7f0d8c16..00000000 --- a/drupal7/templates/_helpers.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "drupal7.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "drupal7.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "backend.fullname" -}} -{{- $name := default "drupal7" .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "drupal7.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/drupal7/templates/cm/drupal.yaml b/drupal7/templates/cm/drupal.yaml deleted file mode 100644 index ad28468b..00000000 --- a/drupal7/templates/cm/drupal.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "drupal7.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - php.ini: | -{{ tpl (.Files.Get "conf/php.ini") . | indent 4 }} - opcache-recommended.ini: | -{{ tpl (.Files.Get "conf/opcache-recommended.ini") . | indent 4 }} - www.conf: | -{{ tpl (.Files.Get "conf/www.conf") . | indent 4 }} - settings.php: | -{{- if eq "d7" .Values.drupal.version }} -{{ tpl (.Files.Get "conf/settings.d7.php") . | indent 4 }} -{{- else }} - settings.php: - =1.21" $.Capabilities.KubeVersion.GitVersion }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: {{ $fullName }}-{{ $cronName }} - labels: - app.kubernetes.io/name: {{ $name }} - helm.sh/chart: {{ $chartName }} - app.kubernetes.io/instance: {{ $release.Name }} - app.kubernetes.io/managed-by: {{ $release.Service }} -spec: - schedule: "{{ $cron.schedule }}" - startingDeadlineSeconds: 100 - concurrencyPolicy: Replace - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - jobTemplate: - spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ $name }} - helm.sh/chart: {{ $chartName }} - app.kubernetes.io/instance: {{ $release.Name }} - app.kubernetes.io/managed-by: {{ $release.Service }} - spec: -{{- if $values.drupal.tolerations }} - tolerations: -{{ toYaml $values.drupal.tolerations | indent 10 }} -{{- end }} -{{- if $values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml $values.drupal.nodeSelector | indent 12 }} -{{- end }} - restartPolicy: OnFailure - containers: - - name: cron - image: "{{ $values.drupal.image }}:{{ default $chart.AppVersion $values.drupal.tag }}" - imagePullPolicy: {{ default "" $values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | -{{ $cron.script | indent 14 }} - env: -{{- if $values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ $fullName }} - key: databasePassword -{{- else if $values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - # This is not ideal, but calling through the template - # was returning the wrong result. - name: "{{ $release.Name }}-mysql" - key: mysql-password -{{- else if $values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ $release.Name }}-postgresql" - key: password -{{- end }} -{{- if $values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ $release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ $fullName }}" - key: password -{{- if $values.extraVars }} -{{ toYaml $values.extraVars | indent 12 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: ssmtp - mountPath: /etc/ssmtp/ssmtp.conf - subPath: ssmtp.conf - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if not $values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if $values.drupal.volumeMounts }} -{{ toYaml $values.drupal.volumeMounts | indent 12 }} -{{- end }} -{{- if $cron.volumeMounts }} -{{ toYaml $cron.volumeMounts | indent 12 }} -{{- end }} -{{- if $values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if $values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} -{{- if $values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml $values.drupal.imagePullSecrets | indent 12 }} -{{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml $values.drupal.securityContext | indent 12 }} - volumes: - - name: cm-drupal - configMap: - name: {{ $fullName }} - - name: ssmtp - secret: - secretName: {{ $fullName }}-ssmtp - items: - - key: ssmtp.conf - path: ssmtp.conf - - name: twig-cache - emptyDir: {} -{{- if $values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ $fullName }}-drupal -{{- else if or ($values.azureFile.enabled) ($values.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ $fullName }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ $fullName }}-private -{{- else if not $values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if $values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ $fullName }}-proxysql -{{- else if $values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ $fullName }}-pgbouncer -{{- end }} -{{- if $values.drupal.volumes }} -{{ toYaml $values.drupal.volumes | indent 10 }} -{{- end }} -{{- if $cron.volumes }} -{{ toYaml $cron.volumes | indent 10 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/cronjob/drupal-backup.yaml b/drupal7/templates/cronjob/drupal-backup.yaml deleted file mode 100644 index 1a1c19f0..00000000 --- a/drupal7/templates/cronjob/drupal-backup.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- if .Values.drupal.backup.enabled }} -{{- if semverCompare ">=1.21" $.Capabilities.KubeVersion.GitVersion }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: {{ template "drupal7.fullname" . }}-drupal-backup - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - schedule: "{{ .Values.drupal.backup.schedule }}" - startingDeadlineSeconds: 100 - concurrencyPolicy: Replace - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - jobTemplate: - spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 10 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 12 }} -{{- end }} - restartPolicy: OnFailure - containers: - - name: drush - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | - # Errors should fail the job - set -e - - # Wait for DB to be available - until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done - echo DB available - - # Check Drush status - drush status - - # Run cron - BACKUPNAME=$(date +%Y%m%d.%H%M%S) - mkdir -p /backup/$BACKUPNAME - echo "Backup DB" - {{- if .Values.mysql.enabled }} - drush -y sql-dump {{ .Values.drupal.backup.sqlDumpArgs }} --extra-dump=--no-tablespaces | gzip > /backup/$BACKUPNAME/db.sql.gz - {{- else }} - drush -y sql-dump {{ .Values.drupal.backup.sqlDumpArgs }} | gzip > /backup/$BACKUPNAME/db.sql.gz - {{- end }} - echo "Backup public files" - tar {{ .Values.drupal.backup.filesArgs }} -czvf /backup/$BACKUPNAME/files.tar.gz --directory=sites/default/files . - echo "Backup private files" - tar {{ .Values.drupal.backup.privateArgs }} -czvf /backup/$BACKUPNAME/private.tar.gz --directory=/private . - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal7.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ include "drupal7.fullname" . }}" - key: password -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 12 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: ssmtp - mountPath: /etc/ssmtp/ssmtp.conf - subPath: ssmtp.conf - readOnly: true - - name: twig-cache - mountPath: /cache/twig - - name: backup - mountPath: /backup -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 12 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 12 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 12 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal7.fullname" . }} - - name: ssmtp - secret: - secretName: {{ include "drupal7.fullname" . }}-ssmtp - items: - - key: ssmtp.conf - path: ssmtp.conf - - name: twig-cache - emptyDir: {} - - name: backup -{{- if .Values.drupal.backup.volume }} -{{ toYaml .Values.drupal.backup.volume | indent 12 }} -{{- else }} - emptyDir: {} -{{- end }} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal7.fullname" . }}-drupal -{{- else if or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 10 }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/cronjob/drupal.yaml b/drupal7/templates/cronjob/drupal.yaml deleted file mode 100644 index f9350c2d..00000000 --- a/drupal7/templates/cronjob/drupal.yaml +++ /dev/null @@ -1,222 +0,0 @@ -{{- if .Values.drupal.cron.enabled }} -{{- if semverCompare ">=1.21" $.Capabilities.KubeVersion.GitVersion }} -apiVersion: batch/v1 -{{- else }} -apiVersion: batch/v1beta1 -{{- end }} -kind: CronJob -metadata: - name: {{ template "drupal7.fullname" . }}-drupal-cron - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - schedule: "{{ .Values.drupal.cron.schedule }}" - startingDeadlineSeconds: 100 - concurrencyPolicy: Replace - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - jobTemplate: - spec: - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 10 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 12 }} -{{- end }} - restartPolicy: OnFailure - containers: - - name: drush - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | - # Errors should fail the job - set -e - - # Wait for DB to be available - until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done - echo DB available - - # Check Drush status - drush status - - # Run cron - drush -y core-cron - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal7.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ include "drupal7.fullname" . }}" - key: password -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 12 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: ssmtp - mountPath: /etc/ssmtp/ssmtp.conf - subPath: ssmtp.conf - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 12 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 12 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 12 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal7.fullname" . }} - - name: ssmtp - secret: - secretName: {{ include "drupal7.fullname" . }}-ssmtp - items: - - key: ssmtp.conf - path: ssmtp.conf - - name: twig-cache - emptyDir: {} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal7.fullname" . }}-drupal -{{- else if or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 10 }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/deploy/drupal.yaml b/drupal7/templates/deploy/drupal.yaml deleted file mode 100644 index 827b199f..00000000 --- a/drupal7/templates/deploy/drupal.yaml +++ /dev/null @@ -1,250 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "drupal7.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - replicas: {{ .Values.drupal.replicas }} - strategy: - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - tier: drupal7 - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - tier: drupal7 - annotations: -{{- if .Values.drupal.podAnnotations }} -{{ toYaml .Values.drupal.podAnnotations | indent 8 }} -{{- end }} - checksum/config: {{ include (print $.Template.BasePath "/cm/drupal.yaml") . | sha256sum }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 6 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 8 }} -{{- end }} -{{- if or (.Values.drupal.initContainers) (or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled)) }} - initContainers: -{{- if .Values.sharedDisk.enabled }} - - name: init-chown - image: 'alpine:3.10' - command: - - chown - - '-R' - - '82:82' - - /mnt/azure - volumeMounts: - - name: files-public - mountPath: /mnt/azure -{{- end }} -{{- if or (and .Values.azureFile.enabled .Values.azureFile.initMediaIconsFolder) (and .Values.sharedDisk.enabled .Values.sharedDisk.initMediaIconsFolder) }} - - name: init-media-icons-folder - image: 'alpine:3.10' - command: - - mkdir - - '-p' - - /files/media-icons/generic - volumeMounts: - - name: files-public - mountPath: /files -{{- end }} -{{- if .Values.drupal.initContainers }} -{{ toYaml .Values.drupal.initContainers | indent 8 }} -{{- end }} -{{- end }} - containers: - - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - name: drupal -{{- if .Values.drupal.healthcheck.enabled }} - livenessProbe: - exec: - command: - - php-fpm-healthcheck - initialDelaySeconds: 0 - periodSeconds: 5 - readinessProbe: - exec: - command: - - php-fpm-healthcheck - initialDelaySeconds: 1 - periodSeconds: 5 -{{- end }} - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal7.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 8 }} -{{- end }} -{{- if .Values.drupal.resources }} - resources: -{{ toYaml .Values.drupal.resources | indent 10 }} -{{- end }} - ports: - - containerPort: 9000 - name: tcp-php-fpm - protocol: TCP - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: ssmtp - mountPath: /etc/ssmtp/ssmtp.conf - subPath: ssmtp.conf - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 8 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 8 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 8 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal7.fullname" . }} - - name: ssmtp - secret: - secretName: {{ include "drupal7.fullname" . }}-ssmtp - items: - - key: ssmtp.conf - path: ssmtp.conf - - name: twig-cache - emptyDir: {} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal7.fullname" . }}-drupal -{{- else if or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 6 }} -{{- end }} diff --git a/drupal7/templates/deploy/nginx.yaml b/drupal7/templates/deploy/nginx.yaml deleted file mode 100644 index 5faa6ca9..00000000 --- a/drupal7/templates/deploy/nginx.yaml +++ /dev/null @@ -1,98 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "drupal7.fullname" . }}-nginx - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - replicas: {{ .Values.nginx.replicas }} - strategy: - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - tier: frontend - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - tier: frontend -{{- if .Values.nginx.podLabels }} -{{ toYaml .Values.nginx.podLabels | indent 8 }} -{{- end }} - annotations: -{{- if .Values.nginx.podAnnotations }} -{{ toYaml .Values.nginx.podAnnotations | indent 8 }} -{{- end }} - checksum/config: {{ include (print $.Template.BasePath "/cm/nginx.yaml") . | sha256sum }} - spec: -{{- if .Values.nginx.tolerations }} - tolerations: -{{ toYaml .Values.nginx.tolerations | indent 6 }} -{{- end }} -{{- if .Values.nginx.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nginx.nodeSelector | indent 8 }} -{{- end }} - containers: - - image: "{{ .Values.nginx.image }}:{{ default (print .Chart.AppVersion "-nginx") .Values.nginx.tag }}" - imagePullPolicy: {{ default "" .Values.nginx.imagePullPolicy | quote }} - name: nginx - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - readinessProbe: - httpGet: - path: /_healthz - port: 80 - initialDelaySeconds: 0 - periodSeconds: 5 - livenessProbe: - httpGet: - path: /_healthz - port: 80 - initialDelaySeconds: 1 - periodSeconds: 5 - resources: - requests: - memory: "200Mi" - cpu: "250m" - limits: - memory: "500Mi" - cpu: "400m" - volumeMounts: - - mountPath: /etc/nginx/nginx.conf - name: cm-nginx - readOnly: true - subPath: nginx.conf -{{- if .Values.nginx.volumeMounts }} -{{ toYaml .Values.nginx.volumeMounts | indent 8 }} -{{- end }} - {{- if .Values.nginx.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.nginx.imagePullSecrets | indent 8 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: - fsGroup: {{ .Values.nginx.securityContext.fsGroup }} - volumes: - - name: cm-nginx - configMap: - name: {{ include "drupal7.fullname" . }}-nginx -{{- if or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-public -{{- end }} -{{- if .Values.nginx.volumes }} -{{ toYaml .Values.nginx.volumes | indent 6 }} -{{- end }} diff --git a/drupal7/templates/hpa/drupal.yaml b/drupal7/templates/hpa/drupal.yaml deleted file mode 100644 index 43d22b4f..00000000 --- a/drupal7/templates/hpa/drupal.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.drupal.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "drupal7.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "drupal7.fullname" . }} - minReplicas: {{ .Values.drupal.autoscaling.minReplicas }} - maxReplicas: {{ .Values.drupal.autoscaling.maxReplicas }} - metrics: - {{- if .Values.drupal.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.drupal.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.drupal.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.drupal.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/drupal7/templates/hpa/nginx.yaml b/drupal7/templates/hpa/nginx.yaml deleted file mode 100644 index 802c2f80..00000000 --- a/drupal7/templates/hpa/nginx.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.nginx.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "drupal7.fullname" . }}-nginx - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "drupal7.fullname" . }}-nginx - minReplicas: {{ .Values.nginx.autoscaling.minReplicas }} - maxReplicas: {{ .Values.nginx.autoscaling.maxReplicas }} - metrics: - {{- if .Values.nginx.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.nginx.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.nginx.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.nginx.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/drupal7/templates/ing/drupal.yaml b/drupal7/templates/ing/drupal.yaml deleted file mode 100644 index f3fa4b88..00000000 --- a/drupal7/templates/ing/drupal.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "drupal7.fullname" . -}} -{{- $releaseName := .Release.Name -}} -{{- $varnishEnabled := .Values.varnish.enabled -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else }} -apiVersion: networking.k8s.io/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Values.ingress.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} -{{- end }} -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ . | quote }} - http: - paths: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - - pathType: Prefix - path: {{ $ingressPath }} - backend: - {{- if $varnishEnabled }} - service: - name: {{ $releaseName }}-varnish - port: - number: 80 - {{- else }} - service: - name: {{ $fullName }}-nginx - port: - number: 80 - {{- end }} - {{- else }} - - backend: - {{- if $varnishEnabled }} - serviceName: {{ $releaseName }}-varnish - servicePort: 80 - {{- else }} - serviceName: {{ $fullName }}-nginx - servicePort: 80 - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/drupal7/templates/job/post-install-site-install.yaml b/drupal7/templates/job/post-install-site-install.yaml deleted file mode 100644 index 39892579..00000000 --- a/drupal7/templates/job/post-install-site-install.yaml +++ /dev/null @@ -1,338 +0,0 @@ -{{- if .Values.drupal.install }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "drupal7.fullname" . }}-site-install - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - backoffLimit: {{ default "" .Values.drupal.backoffLimitInstall }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 6 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 8 }} -{{- end }} - restartPolicy: OnFailure -{{- if or (.Values.drupal.initContainers) (or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled)) }} - initContainers: -{{- if .Values.sharedDisk.enabled }} - - name: init-chown - image: 'alpine:3.10' - command: - - chown - - '-R' - - '82:82' - - /mnt/azure - volumeMounts: - - name: files-public - mountPath: /mnt/azure -{{- end }} -{{- if or (and .Values.azureFile.enabled .Values.azureFile.initMediaIconsFolder) (and .Values.sharedDisk.enabled .Values.sharedDisk.initMediaIconsFolder) }} - - name: init-media-icons-folder - image: 'alpine:3.10' - command: - - mkdir - - '-p' - - /files/media-icons/generic - volumeMounts: - - name: files-public - mountPath: /files -{{- end }} -{{- if .Values.drupal.initContainers }} -{{ toYaml .Values.drupal.initContainers | indent 8 }} -{{- end }} -{{- end }} - containers: - - name: drush - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | - # Errors should fail the job - set -e - - # Wait for DB to be available - {{ .Values.drupal.dbAvailabilityScript | nindent 14}} - - {{- if .Values.redis.enabled }} - {{- if .Values.redis.sentinel.enabled }} - until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done - {{- else }} - until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done - {{- end }} - echo Redis available - {{- end }} - - # Check Drush status - drush status || true - - {{- if .Values.redis.enabled }} - # Flush redis caches - {{- if .Values.redis.sentinel.enabled }} - printf "AUTH $REDIS_PASSWORD\r\nFLUSHDB\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }} - {{- else }} - printf "AUTH $REDIS_PASSWORD\r\nFLUSHDB\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }} - {{- end }} - {{- end }} - - # Run site install - {{- if .Values.drupal.restore.enabled }} - - # Check to see if using specific backup else use latest CHECK IF NAME SAYS LATEST - {{- if eq .Values.drupal.restore.name "latest"}} - BACKUPNAME=$(ls -td -- /backup/* | head -n 1 | sed -e "s/\/backup\///") - {{- else }} - BACKUPNAME='{{ .Values.drupal.restore.name }}' - {{- end }} - - echo "Restoring backup: $BACKUPNAME" - - {{- if .Values.drupal.restore.db }} - echo "Drop database" - drush sql-drop -y - echo "Restore database" - gunzip -c /backup/$BACKUPNAME/db.sql.gz{{ if .Values.drupal.restore.convert }} | sed 's/MyISAM/InnoDB/g'{{ end }} | drush sql-cli - echo "Database restored" - {{- end }} - - {{- if .Values.drupal.restore.files }} - echo "Deleting files" - # Errors from deleting should not fail the job - set +e - find sites/default/files/ -type f -print0 | xargs -0 rm - find sites/default/files/ -mindepth 1 -type d -print0 | xargs -0 rmdir - find /private/ -type f -print0 | xargs -0 rm - find /private/ -mindepth 1 -type d -print0 | xargs -0 rmdir - set -e - - echo "Restoring files" - {{- if .Values.drupal.restore.suppressTarErrors }} - set +e - {{- end }} - tar -zxf /backup/$BACKUPNAME/files.tar.gz --directory sites/default/files --no-acls --no-xattrs -m --no-same-permissions --no-overwrite-dir - tar -zxf /backup/$BACKUPNAME/private.tar.gz --directory /private --no-acls --no-xattrs -m --no-same-permissions --no-overwrite-dir - {{- if .Values.drupal.restore.suppressTarErrors }} - set -e - {{- end }} - echo "Files restored" - {{- end }} - - # Run database updates - {{- if .Values.drupal.cacheRebuildBeforeDatabaseMigration }} - drush -y cache:rebuild - {{- end }} - drush -y updatedb - - {{- else }} - time drush site:install {{ .Values.drupal.profile }} \ - --sites-subdir=default \ - {{- if .Values.mysql.enabled }} - --db-url="mysql://{{ .Values.mysql.auth.username }}:$MYSQL_PASSWORD@{{ .Release.Name }}-mysql:{{ .Values.mysql.primary.service.ports.mysql }}/{{ .Values.mysql.auth.database }}" \ - {{- else if .Values.postgresql.enabled }} - --db-url="pgsql://{{ .Values.postgresql.auth.username }}:$POSTGRES_PASSWORD@{{ .Release.Name }}-postgresql:{{ .Values.postgresql.primary.service.ports.postgresql }}/{{ .Values.postgresql.auth.database }}" \ - {{- end }} - --account-name={{ .Values.drupal.username }} \ - --account-pass=$DRUPAL_ADMIN_PASSWORD \ - --site-mail={{ .Values.drupal.siteEmail | quote }} \ - --site-name={{ .Values.drupal.siteName | quote }} \ - install_configure_form.update_status_module='array(FALSE,FALSE)' \ - --yes - {{- end }} - - {{- if .Values.redis.enabled }} - # Enable redis - drush -y en redis - {{- end }} - - # Change WetKit theme - {{- if .Values.drupal.wxtTheme }} - drush -y vset wetkit_wetboew_theme '{{ .Values.drupal.wxtTheme }}' - {{- end }} - - # Extra installation scripts - {{- if .Values.drupal.extraInstallScripts }} - {{ .Values.drupal.extraInstallScripts | nindent 14}} - {{- end }} - - drush -y cc all - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal7.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ include "drupal7.fullname" . }}" - key: password -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 8 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if .Values.drupal.restore.enabled }} - - name: backup - mountPath: /backup -{{- end }} -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 8 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 8 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 8 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal7.fullname" . }} - - name: twig-cache - emptyDir: {} -{{- if .Values.drupal.restore.enabled }} - - name: backup -{{ toYaml .Values.drupal.restore.volume | indent 8 }} -{{- end }} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal7.fullname" . }}-drupal -{{- else if or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 6 }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/job/post-upgrade-reconfigure.yaml b/drupal7/templates/job/post-upgrade-reconfigure.yaml deleted file mode 100644 index c6d1d57b..00000000 --- a/drupal7/templates/job/post-upgrade-reconfigure.yaml +++ /dev/null @@ -1,260 +0,0 @@ -{{- if .Values.drupal.reconfigure }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "drupal7.fullname" . }}-reconfigure - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - backoffLimit: {{ default "" .Values.drupal.backoffLimitReconfigure }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - spec: -{{- if .Values.drupal.tolerations }} - tolerations: -{{ toYaml .Values.drupal.tolerations | indent 6 }} -{{- end }} -{{- if .Values.drupal.nodeSelector }} - nodeSelector: -{{ toYaml .Values.drupal.nodeSelector | indent 8 }} -{{- end }} - restartPolicy: OnFailure -{{- if or (.Values.drupal.initContainers) (or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled)) }} - initContainers: -{{- if .Values.sharedDisk.enabled }} - - name: init-chown - image: 'alpine:3.10' - command: - - chown - - '-R' - - '82:82' - - /mnt/azure - volumeMounts: - - name: files-public - mountPath: /mnt/azure -{{- end }} -{{- if or (and .Values.azureFile.enabled .Values.azureFile.initMediaIconsFolder) (and .Values.sharedDisk.enabled .Values.sharedDisk.initMediaIconsFolder) }} - - name: init-media-icons-folder - image: 'alpine:3.10' - command: - - mkdir - - '-p' - - /files/media-icons/generic - volumeMounts: - - name: files-public - mountPath: /files -{{- end }} -{{- if .Values.drupal.initContainers }} -{{ toYaml .Values.drupal.initContainers | indent 8 }} -{{- end }} -{{- end }} - containers: - - name: drush - image: "{{ .Values.drupal.image }}:{{ default .Chart.AppVersion .Values.drupal.tag }}" - imagePullPolicy: {{ default "" .Values.drupal.imagePullPolicy | quote }} - command: - - '/bin/sh' - - '-c' - - | - # Errors should fail the job - set -e - - # Wait for DB to be available - {{ .Values.drupal.dbAvailabilityScript | nindent 14}} - - {{- if .Values.redis.enabled }} - {{- if .Values.redis.sentinel.enabled }} - until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis {{ .Values.redis.sentinel.service.sentinelPort }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done - {{- else }} - until [[ $(printf "AUTH $REDIS_PASSWORD\r\n" | nc -w 2 {{ .Release.Name }}-redis-master {{ .Values.redis.master.service.ports.redis }}) == $(printf "+OK\r\n") ]]; do echo Waiting for Redis; sleep 3; done - {{- end }} - echo Redis available - {{- end }} - - # Check Drush status - drush status || true - - # Run database updates - {{- if .Values.drupal.cacheRebuildBeforeDatabaseMigration }} - drush -y cc all - {{- end }} - {{- if .Values.drupal.updateDBBeforeDatabaseMigration }} - drush -y updatedb - {{- end }} - - # Change WxT theme - {{- if .Values.drupal.wxtTheme }} - drush -y vset wetkit_wetboew_theme '{{ .Values.drupal.wxtTheme }}' - {{- end }} - - # Extra Upgrade scripts - {{- if .Values.drupal.extraUpgradeScripts }} - {{ .Values.drupal.extraUpgradeScripts | nindent 14}} - {{- end }} - - drush -y cc all - env: -{{- if .Values.external.enabled }} - - name: EXTERNAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "drupal7.fullname" . }} - key: databasePassword -{{- else if .Values.mysql.enabled }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-mysql" - key: mysql-password -{{- else if .Values.postgresql.enabled }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-postgresql" - key: password -{{- end }} -{{- if .Values.redis.enabled }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ .Release.Name }}-redis" - key: redis-password -{{- end }} - - name: DRUPAL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ include "drupal7.fullname" . }}" - key: password -{{- if .Values.extraVars }} -{{ toYaml .Values.extraVars | indent 8 }} -{{- end }} - volumeMounts: - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/php.ini - subPath: php.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini - subPath: opcache-recommended.ini - - name: cm-drupal - readOnly: true - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf - - name: cm-drupal - mountPath: /var/www/html/sites/default/settings.php - subPath: settings.php - readOnly: true - - name: cm-drupal - mountPath: /var/www/html/sites/default/extra.settings.php - subPath: extra.settings.php - readOnly: true - - name: twig-cache - mountPath: /cache/twig -{{- if not .Values.drupal.disableDefaultFilesMount }} - - name: files - mountPath: /var/www/html/sites/default/files - subPath: public - - name: files - mountPath: /private - subPath: private -{{- end }} -{{- if .Values.drupal.volumeMounts }} -{{ toYaml .Values.drupal.volumeMounts | indent 8 }} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: proxysql - image: proxysql/proxysql:2.1.0 - imagePullPolicy: Always - ports: - - containerPort: 6032 - - containerPort: 6033 - volumeMounts: - - name: configfiles - mountPath: "/etc/proxysql" - readOnly: true - livenessProbe: - tcpSocket: - port: 6032 - periodSeconds: 60 - command: ["/usr/bin/proxysql", "--initial", "-f", "-c", "/etc/proxysql/proxysql.conf"] - securityContext: - allowPrivilegeEscalation: false - runAsUser: 0 - runAsGroup: 999 -{{- else if .Values.pgbouncer.enabled }} - - name: pgbouncer - image: mcr.microsoft.com/azure-oss-db-tools/pgbouncer-sidecar:latest - imagePullPolicy: Always - ports: - - containerPort: 5432 - volumeMounts: - - name: configfiles - mountPath: "/etc/pgbouncer" - readOnly: true - livenessProbe: - tcpSocket: - port: 5432 - periodSeconds: 60 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "killall -INT pgbouncer && sleep 120"] - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ['all'] -{{- end }} - {{- if .Values.drupal.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.drupal.imagePullSecrets | indent 8 }} - {{- end }} - # Allow non-root user to access PersistentVolume - securityContext: -{{ toYaml .Values.drupal.securityContext | indent 8 }} - volumes: - - name: cm-drupal - configMap: - name: {{ include "drupal7.fullname" . }} - - name: twig-cache - emptyDir: {} -{{- if .Values.drupal.persistence.enabled }} - - name: files - persistentVolumeClaim: - claimName: {{ template "drupal7.fullname" . }}-drupal -{{- else if or (.Values.azureFile.enabled) (.Values.sharedDisk.enabled) }} - - name: files-public - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-public - - name: files-private - persistentVolumeClaim: - claimName: {{ include "drupal7.fullname" . }}-private -{{- else if not .Values.drupal.disableDefaultFilesMount }} - - name: files - emptyDir: {} -{{- end }} -{{- if .Values.proxysql.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-proxysql -{{- else if .Values.pgbouncer.enabled }} - - name: configfiles - secret: - secretName: {{ include "drupal7.fullname" . }}-pgbouncer -{{- end }} -{{- if .Values.drupal.volumes }} -{{ toYaml .Values.drupal.volumes | indent 6 }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/pdb/poddisruptionbudget.yaml b/drupal7/templates/pdb/poddisruptionbudget.yaml deleted file mode 100644 index 8ecbaf29..00000000 --- a/drupal7/templates/pdb/poddisruptionbudget.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.drupal.podDisruptionBudget }} -{{- $name := include "drupal7.name" . -}} -{{- $fullName := include "drupal7.fullname" . -}} -{{- $chartName := include "drupal7.chart" . -}} -{{- $release := .Release }} -{{- $values := .Values }} ---- -{{- if semverCompare ">=1.21" $.Capabilities.KubeVersion.GitVersion }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ $fullName }} - labels: - app.kubernetes.io/name: {{ $name }} - helm.sh/chart: {{ $chartName }} - app.kubernetes.io/instance: {{ $release.Name }} - app.kubernetes.io/managed-by: {{ $release.Service }} -spec: - {{- if $values.drupal.podDisruptionBudget.minAvailable }} - minAvailable: {{ $values.drupal.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if $values.drupal.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ $values.drupal.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ $name }} - app.kubernetes.io/instance: {{ $release.Name }} -{{- end }} diff --git a/drupal7/templates/pv/azurefile-private.yaml b/drupal7/templates/pv/azurefile-private.yaml deleted file mode 100644 index b0b06e1a..00000000 --- a/drupal7/templates/pv/azurefile-private.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.azureFile.enabled -}} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.azureFile.annotations }} - annotations: -{{ toYaml .Values.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal7.fullname" . }}-private -spec: - capacity: - storage: {{ .Values.azureFile.size }} - accessModes: - - {{ .Values.azureFile.accessMode }} -{{- if .Values.azureFile.private }} -{{ toYaml .Values.azureFile.private | indent 2 }} -{{- end }} -{{- if .Values.azureFile.mountOptions }} - mountOptions: -{{ toYaml .Values.azureFile.mountOptions | indent 4 }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/pv/azurefile-public.yaml b/drupal7/templates/pv/azurefile-public.yaml deleted file mode 100644 index 6189faae..00000000 --- a/drupal7/templates/pv/azurefile-public.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.azureFile.enabled -}} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.azureFile.annotations }} - annotations: -{{ toYaml .Values.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal7.fullname" . }}-public -spec: - capacity: - storage: {{ .Values.azureFile.size }} - accessModes: - - {{ .Values.azureFile.accessMode }} -{{- if .Values.azureFile.public }} -{{ toYaml .Values.azureFile.public | indent 2 }} -{{- end }} -{{- if .Values.azureFile.mountOptions }} - mountOptions: -{{ toYaml .Values.azureFile.mountOptions | indent 4 }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/pv/shareddisk-private.yaml b/drupal7/templates/pv/shareddisk-private.yaml deleted file mode 100644 index 81921c90..00000000 --- a/drupal7/templates/pv/shareddisk-private.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.sharedDisk.enabled -}} -{{- if not .Values.sharedDisk.disablePrivatePVCreation }} -apiVersion: v1 -kind: PersistentVolume -metadata: -{{- if .Values.sharedDisk.annotations }} - annotations: -{{ toYaml .Values.sharedDisk.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal7.fullname" . }}-private -spec: - capacity: - storage: {{ .Values.sharedDisk.size }} - accessModes: - - {{ .Values.sharedDisk.accessMode }} -{{- if eq "-" .Values.sharedDisk.storageClass }} - storageClassName: "" -{{- else if .Values.sharedDisk.storageClass }} - storageClassName: "{{ .Values.sharedDisk.storageClass }}" -{{- end }} -{{- if .Values.sharedDisk.private }} -{{ toYaml .Values.sharedDisk.private | indent 2 }} -{{- end }} -{{- if not .Values.sharedDisk.private.mountOptions }} - mountOptions: - - dir_mode=0777 - - file_mode=0777 - - uid=82 - - gid=82 -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/pvc/azurefile-private.yaml b/drupal7/templates/pvc/azurefile-private.yaml deleted file mode 100644 index 0bedd41a..00000000 --- a/drupal7/templates/pvc/azurefile-private.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.azureFile.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.azureFile.enabled }} -{{ toYaml .Values.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal7.fullname" . }}-private -spec: - accessModes: - - {{ .Values.azureFile.accessMode }} - resources: - requests: - storage: {{ .Values.azureFile.size }} -{{- if not .Values.azureFile.disableVolumeName }} - volumeName: {{ include "drupal7.fullname" . }}-private -{{- end }} -{{- if or (eq "-" .Values.azureFile.storageClass) (.Values.azureFile.mountOptions) }} - storageClassName: "" -{{- else if .Values.azureFile.storageClass }} - storageClassName: "{{ .Values.azureFile.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal7/templates/pvc/azurefile-public.yaml b/drupal7/templates/pvc/azurefile-public.yaml deleted file mode 100644 index 2662451b..00000000 --- a/drupal7/templates/pvc/azurefile-public.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.azureFile.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.azureFile.enabled }} -{{ toYaml .Values.azureFile.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal7.fullname" . }}-public -spec: - accessModes: - - {{ .Values.azureFile.accessMode }} - resources: - requests: - storage: {{ .Values.azureFile.size }} -{{- if not .Values.azureFile.disableVolumeName }} - volumeName: {{ include "drupal7.fullname" . }}-public -{{- end }} -{{- if or (eq "-" .Values.azureFile.storageClass) (.Values.azureFile.mountOptions) }} - storageClassName: "" -{{- else if .Values.azureFile.storageClass }} - storageClassName: "{{ .Values.azureFile.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal7/templates/pvc/drupal.yaml b/drupal7/templates/pvc/drupal.yaml deleted file mode 100644 index 9f2e13e8..00000000 --- a/drupal7/templates/pvc/drupal.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if and .Values.drupal.persistence.enabled (not .Values.drupal.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: -{{- if .Values.drupal.persistence.annotations }} - annotations: -{{ toYaml .Values.drupal.persistence.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal7.fullname" . }}-drupal - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }}-drupal - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.drupal.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.drupal.persistence.size | quote }} - {{- if .Values.drupal.persistence.iops }} - iops: {{ .Values.drupal.persistence.iops | quote }} - {{- end }} -{{- if .Values.drupal.persistence.storageClass }} -{{- if (eq "-" .Values.drupal.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.drupal.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/drupal7/templates/pvc/shareddisk-private.yaml b/drupal7/templates/pvc/shareddisk-private.yaml deleted file mode 100644 index 4069fb9e..00000000 --- a/drupal7/templates/pvc/shareddisk-private.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.sharedDisk.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.sharedDisk.enabled }} -{{ toYaml .Values.sharedDisk.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal7.fullname" . }}-private -spec: - accessModes: - - {{ .Values.sharedDisk.accessMode }} - resources: - requests: - storage: {{ .Values.sharedDisk.size }} -{{- if not .Values.sharedDisk.disableVolumeName }} - volumeName: {{ include "drupal7.fullname" . }}-private -{{- end }} -{{- if eq "-" .Values.sharedDisk.storageClass }} - storageClassName: "" -{{- else if .Values.sharedDisk.storageClass }} - storageClassName: "{{ .Values.sharedDisk.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal7/templates/pvc/shareddisk-public.yaml b/drupal7/templates/pvc/shareddisk-public.yaml deleted file mode 100644 index b52f49e6..00000000 --- a/drupal7/templates/pvc/shareddisk-public.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.sharedDisk.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - annotations: -{{- if .Values.sharedDisk.enabled }} -{{ toYaml .Values.sharedDisk.annotations | indent 4 }} -{{- end }} - name: {{ include "drupal7.fullname" . }}-public -spec: - accessModes: - - {{ .Values.sharedDisk.accessMode }} - resources: - requests: - storage: {{ .Values.sharedDisk.size }} -{{- if not .Values.sharedDisk.disableVolumeName }} - volumeName: {{ include "drupal7.fullname" . }}-public -{{- end }} -{{- if eq "-" .Values.sharedDisk.storageClass }} - storageClassName: "" -{{- else if .Values.sharedDisk.storageClass }} - storageClassName: "{{ .Values.sharedDisk.storageClass }}" -{{- end }} -{{- end }} diff --git a/drupal7/templates/secret/drupal.yaml b/drupal7/templates/secret/drupal.yaml deleted file mode 100644 index 94ea9745..00000000 --- a/drupal7/templates/secret/drupal.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "drupal7.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -type: Opaque -data: - {{ if .Values.drupal.username }} - username: {{ default "" .Values.drupal.username | b64enc | quote }} - {{ else }} - username: {{ "admin" | b64enc | quote }} - {{ end }} - {{ if .Values.drupal.password }} - password: {{ default "" .Values.drupal.password | b64enc | quote }} - {{ else }} - password: {{ randAlphaNum 10 | b64enc | quote }} - {{ end }} - {{ if .Values.external.enabled }} - databasePassword: {{ .Values.external.password | b64enc | quote }} - {{ end }} diff --git a/drupal7/templates/secret/pgbouncer.yaml b/drupal7/templates/secret/pgbouncer.yaml deleted file mode 100644 index a50e0948..00000000 --- a/drupal7/templates/secret/pgbouncer.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.pgbouncer.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "drupal7.fullname" . }}-pgbouncer - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - pgbouncer.ini: {{ tpl (.Files.Get "conf/pgbouncer.ini") . | b64enc }} - userlist.txt: {{ tpl (.Files.Get "conf/userlist.txt") . | b64enc }} -{{- end }} diff --git a/drupal7/templates/secret/proxysql.yaml b/drupal7/templates/secret/proxysql.yaml deleted file mode 100644 index 86b8011b..00000000 --- a/drupal7/templates/secret/proxysql.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.proxysql.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "drupal7.fullname" . }}-proxysql - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -data: - proxysql.conf: {{ tpl (.Files.Get "conf/proxysql.conf") . | b64enc }} -{{- end }} diff --git a/drupal7/templates/secret/ssmtp.yaml b/drupal7/templates/secret/ssmtp.yaml deleted file mode 100644 index 8554d96d..00000000 --- a/drupal7/templates/secret/ssmtp.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "drupal7.fullname" . }}-ssmtp - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -type: Opaque -data: - ssmtp.conf: {{ tpl (.Files.Get "conf/ssmtp.conf") . | b64enc }} diff --git a/drupal7/templates/storageclass/shared-disk.yaml b/drupal7/templates/storageclass/shared-disk.yaml deleted file mode 100644 index c0f75e2f..00000000 --- a/drupal7/templates/storageclass/shared-disk.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.sharedDisk.enabled -}} -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: {{ include "drupal7.fullname" . }}-shared-disk - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} -provisioner: kubernetes.io/azure-disk -{{- else }} -provisioner: disk.csi.azure.com -{{- end }} -parameters: - skuname: Premium_LRS - cachingMode: None - maxShares: "{{ .Values.sharedDisk.maxShares }}" -{{- end }} diff --git a/drupal7/templates/svc/drupal.yaml b/drupal7/templates/svc/drupal.yaml deleted file mode 100644 index bac62ce4..00000000 --- a/drupal7/templates/svc/drupal.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "drupal7.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - ports: - - name: tcp-php-fpm - port: 9000 - protocol: TCP - selector: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - tier: drupal7 - type: {{ .Values.drupal.serviceType }} diff --git a/drupal7/templates/svc/nginx.yaml b/drupal7/templates/svc/nginx.yaml deleted file mode 100644 index 4d005129..00000000 --- a/drupal7/templates/svc/nginx.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "drupal7.fullname" . }}-nginx - labels: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - helm.sh/chart: {{ include "drupal7.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - ports: - - name: http - port: 80 - targetPort: http - - name: https - port: 443 - targetPort: https - selector: - app.kubernetes.io/name: {{ include "drupal7.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - tier: frontend - type: {{ .Values.nginx.serviceType }} diff --git a/drupal7/values-azurefiles.yaml b/drupal7/values-azurefiles.yaml deleted file mode 100644 index bbe2ea61..00000000 --- a/drupal7/values-azurefiles.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# When installing with Azure Files - -## Drupal -## Ref: https://github.com/drupalwxt/helm-drupal -drupal: - ## Drupal image version - ## ref: https://hub.docker.com/drupalwxt/site-wetkit/tags/ - ## - image: drupalwxt/site-wetkit - tag: 4.54 - - ## Site configuration - ## - profile: wetkit - siteEmail: admin@example.com - siteName: Drupal Install Profile (WetKit) - - ## User of the application - ## - username: admin - - ## Application password - ## - ## password: password - - # php-fpm healthcheck - # Requires https://github.com/renatomefi/php-fpm-healthcheck in the container. - # (note: official images do not contain this feature yet) - healthcheck: - enabled: true - - # Switch to canada.ca theme (only used if install and/or reconfigure are enabled) - # Common options include: theme-wet-boew, theme-gcweb-legacy - wxtTheme: theme-gcweb - - ## Extra settings.php settings - ## - extraSettings: '' - # |- - # $settings['trusted_host_patterns'] = ['^example\.com$']; - - ## Extra CLI scripts - ## - extraInstallScripts: '' - # |- - # drush config-set system.performance js.preprocess 0 -y; - # drush config-set system.performance css.preprocess 0 -y; - - # Install Drupal automatically - install: true - - # Run migrations for default content - migrate: true - - # Reconfigure on upgrade - reconfigure: true - - # Allows custom /var/www/html/sites/default/files and /private mounts - disableDefaultFilesMount: true - - # volumes: {} - - volumeMounts: - - name: files-public - mountPath: /var/www/html/sites/default/files - - name: files-private - mountPath: /private - -## Nginx -## Ref: https://github.com/drupalwxt/helm-drupal -nginx: - image: drupalwxt/site-wetkit - tag: 4.54-nginx - - # Set your cluster's DNS resolution service here - resolver: 10.0.0.10 - - # volumes: {} - - volumeMounts: - - name: files-public - mountPath: /var/www/html/sites/default/files - -# kubectl create secret generic drupal-storage --from-literal=azurestorageaccountname=$STORAGE_ACCOUNT_NAME --from-literal=azurestorageaccountkey=$STORAGE_KEY -n drupal -azureFile: - enabled: true - storageClass: "-" - -## Redis -## Ref: https://github.com/bitnami/charts/tree/master/bitnami/redis -redis: - enabled: true - -## Varnish -## Ref: https://github.com/StatCan/charts/tree/master/stable/varnish -varnish: - enabled: true - -## MySQL -## ref: https://github.com/bitnami/charts/blob/master/bitnami/mysql/README.md -mysql: - enabled: true - primary: - persistence: - enabled: true - storageClass: managed-premium - size: 128Gi - -## ProxySQL -## Ref: https://github.com/drupalwxt/helm-drupal -proxysql: - enabled: false - -## PostgreSQL -## Ref: https://github.com/bitnami/charts/tree/master/bitnami/postgresql -postgresql: - enabled: false - -## PGBouncer -## Ref: https://github.com/drupalwxt/helm-drupal -pgbouncer: - enabled: false diff --git a/drupal7/values-kind.yaml b/drupal7/values-kind.yaml deleted file mode 100644 index 6f43151e..00000000 --- a/drupal7/values-kind.yaml +++ /dev/null @@ -1,151 +0,0 @@ -# When installing with Kind the cluster is required to have the following settings for the stateful assets to work -# -# For example: -# kind create cluster --config kind.yaml -# -# kind: Cluster -# apiVersion: kind.x-k8s.io/v1alpha4 -# nodes: -# - role: control-plane -# # add a mount from /path/to/my/files on the host to /files on the node -# extraMounts: -# - hostPath: /tmp/drupal/shared/drupal-public -# containerPath: /mnt/drupal/drupal-public -# - hostPath: /tmp/drupal/shared/drupal-private -# containerPath: /mnt/drupal/drupal-private - -## Drupal -## Ref: https://github.com/drupalwxt/helm-drupal -drupal: - ## Drupal image version - ## ref: https://hub.docker.com/drupalwxt/site-wetkit/tags/ - ## - image: drupalwxt/site-wetkit - tag: 4.54 - - ## Site configuration - ## - profile: wetkit - siteEmail: admin@example.com - siteName: Drupal Install Profile (WetKit) - - ## User of the application - ## - username: admin - - ## Application password - ## - ## password: password - - # php-fpm healthcheck - # Requires https://github.com/renatomefi/php-fpm-healthcheck in the container. - # (note: official images do not contain this feature yet) - healthcheck: - enabled: true - - # Switch to canada.ca theme (only used if install and/or reconfigure are enabled) - # Common options include: theme-wet-boew, theme-gcweb-legacy - wxtTheme: theme-gcweb - - ## Extra settings.php settings - ## - extraSettings: '' - # |- - # $settings['trusted_host_patterns'] = ['^example\.com$']; - - ## Extra CLI scripts - ## - extraInstallScripts: '' - # |- - # drush config-set system.performance js.preprocess 0 -y; - # drush config-set system.performance css.preprocess 0 -y; - - # Install Drupal automatically - install: true - - # Run migrations for default content - migrate: true - - # Reconfigure on upgrade - reconfigure: true - - # php-fpm healthcheck - # Requires https://github.com/renatomefi/php-fpm-healthcheck in the container. - # (note: official images do not contain this feature yet) - healthcheck: - enabled: true - - # Allows custom /var/www/html/sites/default/files and /private mounts - disableDefaultFilesMount: true - - volumes: - - name: files-public - hostPath: - path: /mnt/drupal/drupal-public - - name: files-private - hostPath: - path: /mnt/drupal/drupal-private - - volumeMounts: - - name: files-public - mountPath: /var/www/html/sites/default/files - - name: files-private - mountPath: /private - -## Nginx -## Ref: https://github.com/drupalwxt/helm-drupal -nginx: - image: drupalwxt/site-wetkit - tag: 4.54-nginx - - # Set your cluster's DNS resolution service here - resolver: 10.0.0.10 - - volumes: - - name: files-public - hostPath: - path: /mnt/drupal/drupal-public - - volumeMounts: - - name: files-public - mountPath: /var/www/html/sites/default/files - -## Redis -## Ref: https://github.com/bitnami/charts/tree/master/bitnami/redis -redis: - enabled: true - -## Varnish -## Ref: https://github.com/StatCan/charts/tree/master/stable/varnish -varnish: - enabled: true - -## MySQL -## ref: https://github.com/bitnami/charts/blob/master/bitnami/mysql/README.md -mysql: - enabled: true - -## ProxySQL -## Ref: https://github.com/drupalwxt/helm-drupal -proxysql: - enabled: true - admin: - user: proxysql - password: proxysqlPassword - monitor: - user: monitor - password: monitorPassword - configuration: - maxConnections: 2048 - serverVersion: "5.7.28" - stackSize: 1048576 - -## PostgreSQL -## Ref: https://github.com/bitnami/charts/tree/master/bitnami/postgresql -postgresql: - enabled: false - -## PGBouncer -## Ref: https://github.com/drupalwxt/helm-drupal -pgbouncer: - enabled: false diff --git a/drupal7/values.yaml b/drupal7/values.yaml deleted file mode 100644 index d1835f38..00000000 --- a/drupal7/values.yaml +++ /dev/null @@ -1,765 +0,0 @@ -## Configure Ingress resource that allow you to access the Drupal installation -## Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - enabled: false - # className: nginx - annotations: {} - # kubernetes.io/tls-acme: "true" - path: / - hosts: - - chart-example.local - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -drupal: - ## Drupal image version - ## ref: https://hub.docker.com/drupalwxt/site-wetkit/tags/ - ## - image: drupalwxt/site-wetkit - - ## Note that by default we use appVersion to get image tag - # tag: 4.54 - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - ## - # imagePullSecrets: - # - name: myRegistryKeySecretName - - ## Specify a imagePullPolicy - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - imagePullPolicy: IfNotPresent - - replicas: 1 - - # PHP configuration - php: - ini: {} - # max_execution_time: 300 - - ## User of the application - ## - username: admin - - ## Application password - ## - ## password: WetKit2020 - - ## Site configuration - ## - profile: wetkit - siteEmail: admin@example.com - siteName: Drupal Install Profile (WetKit) - - # Default WetKit Library theme (only used if install and/or reconfigure are enabled) - # Common options include: theme-wet-boew, theme-gcweb-legacy, theme-gcweb, ... - wxtTheme: theme-gcweb - - ## Version of the application - ## - ## Supported versions: d7 - ## - version: d7 - - ## Extra settings.php settings - ## - ## Note that if using Varnish and 'trusted_host_patterns' you need a pattern for your Helm release name: - ## $settings['trusted_host_patterns'] = ['^example\.com$','^your-helm-release.*$']; - ## - extraSettings: '' - # |- - # $settings['trusted_host_patterns'] = ['^example\.com$']; - - ## Extra CLI scripts - ## - extraInstallScripts: '' - # |- - # drush config-set system.performance js.preprocess 0 -y; - # drush config-set system.performance css.preprocess 0 -y; - - extraUpgradeScripts: '' - # |- - # drush config-set system.performance js.preprocess 0 -y; - # drush config-set system.performance css.preprocess 0 -y; - - # -- default script used to detect when the DB is ready - dbAvailabilityScript: |- - until drush sql:query 'SHOW TABLES;'; do echo Waiting for DB; sleep 3; done - echo DB available - - # Install Drupal automatically - install: true - - # Restore Drupal automatically - restore: - enabled: false - name: latest - db: true - files: false - suppressTarErrors: false - - # Convert MyISAM to InnoDB - convert: false - - # CHANGE THIS! Otherwise restore won't complete. - volume: {} - # emptyDir: {} - - # Run migrations for default content - migrate: false - - # Reconfigure on upgrade - reconfigure: true - cacheRebuildBeforeDatabaseMigration: true - updateDBBeforeDatabaseMigration: true - - # Restrict how many attempt install and/or reconfigure jobs will try in case of failure. Default is 6. - # backoffLimitInstall: 1 - # backoffLimitReconfigure: 1 - - # podDisruptionBudget: - # minAvailable: 1 - # maxUnavailable: 1 - - # Configure the Drupal cron - cron: - # When enabled, a CronJob will run the job based on the schedule - enabled: true - - # CronJob schedule (standard cron syntax) - # Defaults to once an hour - schedule: '0 * * * *' - - additionalCrons: {} - # example: - # # Run at midnight UTC - # schedule: '0 0 * * *' - - # script: | - # echo 'Hello, world!' - - # volumes: - # - name: example-cron-disk - # azureFile: - # shareName: '' - # secretName: '' - # volumeMounts: - # - name: example-cron-disk - # mountPath: /path/to/folder - # readOnly: true - - # Configure the Drupal backup cron - backup: - # When enabled, a CronJob will run the job based on the schedule - enabled: false - - # CronJob schedule (standard cron syntax) - # Defaults to midnight - schedule: '0 0 * * *' - - # CHANGE THIS! Otherwise your backups will go away when the pod is gone. - volume: {} - # emptyDir: {} - - sqlDumpArgs: '' - # additional arguments for sql-dump command - # --skip-tables-list="table_0,table_1" - - filesArgs: '' - # additional arguments for tar command that backup public files - # --exclude="sites/default/files/js" --exclude="sites/default/files/css" - - privateArgs: '' - # additional arguments for sql-dump command that backup private files - # --exclude="/private/junk" - - # php-fpm healthcheck - # Requires https://github.com/renatomefi/php-fpm-healthcheck in the container. - healthcheck: - enabled: true - - serviceType: ClusterIP - - persistence: - enabled: false - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - ## Drupal data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - annotations: {} - accessMode: ReadWriteOnce - size: 8Gi - - # Allows custom /var/www/html/sites/default/files and /private mounts - disableDefaultFilesMount: false - volumes: - # - name: nothing - # emptyDir: {} - volumeMounts: - # - mountPath: /var/nothing - # name: nothing - # readOnly: true - - securityContext: - fsGroup: 82 - runAsUser: 82 - runAsGroup: 82 - - smtp: - host: mail - tls: true - starttls: true - auth: - enabled: false - user: '' - password: '' - # Note: sSMTP only supports LOGIN and CRAM-MD5 - method: LOGIN - - podAnnotations: {} - resources: {} - # requests: - # memory: "256Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - - # Example of using both toleration and nodeSelector to deploy drupal on an AKS Spot instance - # node pool: - tolerations: [] - # - key: "kubernetes.azure.com/scalesetpriority" - # operator: "Equal" - # value: "spot" - # effect: "NoSchedule" - - nodeSelector: {} - # kubernetes.azure.com/scalesetpriority: "spot" - - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 11 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - -nginx: - ## Nginx image version - ## ref: https://hub.docker.com/drupalwxt/site-wetkit/tags/ - image: drupalwxt/site-wetkit - ## Note that by default we use appVersion to get image tag - # tag: 4.54-nginx - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - ## - # imagePullSecrets: - # - name: myRegistryKeySecretName - - ## Specify a imagePullPolicy - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - imagePullPolicy: IfNotPresent - - replicas: 1 - - # Set your cluster's DNS resolution service here - resolver: kube-dns.kube-system.svc.cluster.local - - serviceType: ClusterIP - - customLocations: "" - - volumes: - # - name: nothing - # emptyDir: {} - volumeMounts: - # - mountPath: /var/nothing - # name: nothing - # readOnly: true - - securityContext: - enabled: true - fsGroup: 33 - - gzip: true - client_max_body_size: 20m - real_ip_header: X-Forwarded-For - - # Example of using both toleration and nodeSelector to deploy nginx on an AKS Spot instance - # node pool: - tolerations: [] - # - key: "kubernetes.azure.com/scalesetpriority" - # operator: "Equal" - # value: "spot" - # effect: "NoSchedule" - - nodeSelector: {} - # kubernetes.azure.com/scalesetpriority: "spot" - - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 11 - targetCPUUtilizationPercentage: 50 - targetMemoryUtilizationPercentage: 50 - -# Specify an external database -# Useful for managed offerings from your Cloud Provider -external: - enabled: false - # Drupal DB driver - driver: mysql - port: 3306 - host: mysql.example.org - # Credentials - database: wetkit - user: wetkit - password: password - # initCommands: - # - isolation: "SET SESSION tx_isolation='READ-COMMITTED'" - # pdo: - # - PDO::MYSQL_ATTR_SSL_CA: '/etc/ssl/certs/ca-certificates.crt' - -# Shared Disk logic -sharedDisk: - enabled: false - - # Uncomment next line if you want to disable specifying a volume name on the public and private PVCs - # disableVolumeName: true - - # Uncomment next line if you want to disable the manual creation of PV and let the PVC handle it automatically - # disablePrivatePVCreation: true - - initMediaIconsFolder: true - - annotations: {} - accessMode: ReadWriteMany - size: 256Gi - # storageClass: "-" - - maxShares: 2 - - private: - # mountOptions: - # - dir_mode=0777 - # - file_mode=0777 - # - uid=82 - # - gid=82 - # - mfsymlinks - # - nobrl - # - cache=none - azureFile: - secretName: drupal-storage - shareName: drupal-private - readOnly: false - -# Azure File logic -azureFile: - enabled: false - - # Uncomment next line if you want to disable specifying a volume name on the public and private PVCs - # disableVolumeName: true - - initMediaIconsFolder: true - - annotations: {} - accessMode: ReadWriteMany - size: 100Gi - storageClass: "azurefile" - - public: - azureFile: - secretName: drupal-storage - shareName: drupal-public - # secretNamespace: "" - readOnly: false - - private: - azureFile: - secretName: drupal-storage - shareName: drupal-private - # secretNamespace: "" - readOnly: false - - # mountOptions: - # - dir_mode=0777 - # - file_mode=0777 - # - uid=82 - # - gid=82 - # - mfsymlinks - # - nobrl - # - cache=none - -## Configuration values for the MySQL dependency sub-chart -## ref: https://github.com/bitnami/charts/blob/master/bitnami/mysql/README.md -mysql: - enabled: true - image: - tag: 8.0.29-debian-11-r3 - auth: - rootPassword: "" - database: wxt - username: wxt - password: "" - primary: - persistence: - enabled: true - # storageClass: managed-premium - size: 128Gi - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - slow_query_log=0 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log - long_query_time=10.0 - - max_allowed_packet = 256M - innodb_buffer_pool_size = 4096M - innodb_buffer_pool_instances = 4 - table_definition_cache = 4096 - table_open_cache = 8192 - innodb_flush_log_at_trx_commit=2 - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mysql/lib/plugin - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - volumePermissions: - enabled: true - -## Configuration values for the PostgreSQL dependency sub-chart -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md -postgresql: - enabled: false - image: - tag: 14.3.0-debian-11-r3 - auth: - enablePostgresUser: true - postgresPassword: "" - username: "wxt" - password: "" - database: "wxt" - primary: - persistence: - enabled: true - # storageClass: managed-premium - size: 128Gi - configuration: |- - listen_addresses='*' - max_connections=200 - shared_buffers='512MB' - work_mem='2048MB' - effective_cache_size='512MB' - maintenance_work_mem='32MB' - min_wal_size='512MB' - max_wal_size='512MB' - wal_buffer='8048kB' - bytea_output='escape' - volumePermissions: - enabled: true - -pgbouncer: - enabled: false - host: mypgserver.postgres.database.azure.com - user: username@hostname - password: password - poolSize: 50 - maxClientConnections: 400 - -proxysql: - enabled: false - admin: - user: username@hostname - password: password - monitor: - user: username@hostname - password: password - configuration: - maxConnections: 2048 - serverVersion: "5.7.28" - stackSize: 1048576 - -## Configuration values for the Redis dependency sub-chart -## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/README.md -redis: - enabled: false - replica: - enabled: false - replicaCount: 0 - service: - type: ClusterIP - disableCommands: [] - persistence: - enabled: false - sentinel: - enabled: false - master: - service: - type: ClusterIP - disableCommands: [] - persistence: - enabled: false - commonConfiguration: |- - # Disable AOF https://redis.io/topics/persistence#append-only-file - appendonly no - # Disable RDB persistence. - save "" - -## Configuration values for the Varnish dependency sub-chart -## ref: https://github.com/StatCan/charts/blob/master/stable/varnish/README.md -varnish: - enabled: false - varnishd: - image: varnish - tag: 6.5.1 - imagePullPolicy: IfNotPresent - service: - type: ClusterIP - port: 80 - resources: {} - # requests: - # memory: "512Mi" - # cpu: "100m" - # limits: - # memory: "1Gi" - # cpu: "500m" - - # Example of using both toleration and nodeSelector to deploy varnish on an AKS Spot instance - # node pool: - tolerations: [] - # - key: "kubernetes.azure.com/scalesetpriority" - # operator: "Equal" - # value: "spot" - # effect: "NoSchedule" - - nodeSelector: {} - # kubernetes.azure.com/scalesetpriority: "spot" - - affinity: {} - - varnishConfigContent: | - vcl 4.0; - - import std; - import directors; - - backend nginx { - .host = "{{ include "backend.fullname" . }}-nginx"; - .host_header = "{{ include "backend.fullname" . }}-nginx"; - .port = "80"; - } - - sub vcl_init { - new backends = directors.round_robin(); - backends.add_backend(nginx); - } - - sub vcl_recv { - set req.http.X-Forwarded-Host = req.http.Host; - if (!req.http.X-Forwarded-Proto) { - set req.http.X-Forwarded-Proto = "http"; - } - - # Answer healthcheck - if (req.url == "/_healthcheck" || req.url == "/healthcheck.txt") { - return (synth(700, "HEALTHCHECK")); - } - set req.backend_hint = backends.backend(); - - # Answer healthcheck - if (req.url == "/_healthcheck" || req.url == "/healthcheck.txt") { - return (synth(700, "HEALTHCHECK")); - } - set req.backend_hint = backends.backend(); - - # Always cache certain file types - # Remove cookies that Drupal doesn't care about - if (req.url ~ "(?i)\.(asc|dat|tgz|png|gif|jpeg|jpg|ico|swf|css|js)(\?.*)?$") { - unset req.http.Cookie; - } else if (req.http.Cookie) { - set req.http.Cookie = ";" + req.http.Cookie; - set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";"); - set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1="); - set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", ""); - set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", ""); - if (req.http.Cookie == "") { - unset req.http.Cookie; - } else { - return (pass); - } - } - # If POST, PUT or DELETE, then don't cache - if (req.method == "POST" || req.method == "PUT" || req.method == "DELETE") { - return (pass); - } - # Happens before we check if we have this in cache already. - # - # Typically you clean up the request here, removing cookies you don't need, - # rewriting the request, etc. - return (hash); - #return (pass); - } - - sub vcl_backend_fetch { - # NEW - set bereq.http.Host = "{{ include "backend.fullname" . }}-nginx"; - - # Don't add 127.0.0.1 to X-Forwarded-For - set bereq.http.X-Forwarded-For = regsub(bereq.http.X-Forwarded-For, "(, )?127\.0\.0\.1$", ""); - } - - sub vcl_backend_response { - if (beresp.http.Location) { - set beresp.http.Location = regsub( - beresp.http.Location, - "^https?://[^/]+/", - bereq.http.X-Forwarded-Proto + "://" + bereq.http.X-Forwarded-Host + "/" - ); - } - # Only cache select response codes - if (beresp.status == 200 || beresp.status == 203 || beresp.status == 204 || beresp.status == 206 || beresp.status == 300 || beresp.status == 301 || beresp.status == 404 || beresp.status == 405 || beresp.status == 410 || beresp.status == 414 || beresp.status == 501) { - # Cache for 5 minutes - set beresp.ttl = 5m; - set beresp.grace = 12h; - set beresp.keep = 24h; - } else { - set beresp.ttl = 0s; - } - } - - sub vcl_deliver { - # Remove identifying information - unset resp.http.Server; - unset resp.http.X-Powered-By; - unset resp.http.X-Varnish; - unset resp.http.Via; - - # Comment these for easier Drupal cache tag debugging in development. - unset resp.http.Cache-Tags; - unset resp.http.X-Drupal-Cache-Contexts; - - # Add Content-Security-Policy - # set resp.http.Content-Security-Policy = "default-src 'self' *.example.ca *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net data:; font-src 'self' *.example.ca https://fonts.gstatic.com"; - - # Add CORS Headers - # if (req.http.Origin ~ "(?i)\.example\.ca$") { - # if (req.url ~ "\.(ttd|woff|woff2)(\?.*)?$") { - # set resp.http.Access-Control-Allow-Origin = "*"; - # set resp.http.Access-Control-Allow-Methods = "GET"; - # } - # } - - # Add X-Frame-Options - if (req.url ~ "^/livechat" || req.url ~ "^/(eng/|fra/)?media/") { - set resp.http.X-Frame-Options = "SAMEORIGIN"; - } else { - set resp.http.X-Frame-Options = "DENY"; - } - - set resp.http.X-Content-Type-Options = "nosniff"; - set resp.http.X-XSS-Protection = "1; mode=block"; - - # Happens when we have all the pieces we need, and are about to send the - # response to the client. - # - # You can do accounting or modifying the final object here. - if (obj.hits > 0) { - set resp.http.X-Cache = "HIT"; - } else { - set resp.http.X-Cache = "MISS"; - } - # Handle errors - if ( (resp.status >= 500 && resp.status <= 599) - || resp.status == 400 - || resp.status == 401 - || resp.status == 403 - || resp.status == 404) { - return (synth(resp.status)); - } - } - - sub vcl_synth { - # Remove identifying information - unset resp.http.Server; - unset resp.http.X-Powered-By; - unset resp.http.X-Varnish; - unset resp.http.Via; - - # Add Content-Security-Policy - # set resp.http.Content-Security-Policy = "default-src 'self' *.example.ca; style-src 'self' 'unsafe-inline' *.example.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.ca *.adobedtm.com use.fontawesome.com blob:; connect-src 'self' *.example.ca *.omtrdc.net *.demdex.net *.everesttech.net; img-src 'self' *.example.ca data:;"; - # set resp.http.X-Content-Type-Options = "nosniff"; - # set resp.http.X-Frame-Options = "DENY"; - # set resp.http.X-XSS-Protection = "1; mode=block"; - - # if (resp.status >= 500 && resp.status <= 599) { - # set resp.http.Content-Type = "text/html; charset=utf-8"; - # synthetic(std.fileread("/data/configuration/varnish/errors/503.html")); - # return (deliver); - # } elseif (resp.status == 400) { # 400 - Bad Request - # set resp.http.Content-Type = "text/html; charset=utf-8"; - # synthetic(std.fileread("/data/configuration/varnish/errors/400.html")); - # return (deliver); - # } elseif (resp.status == 401) { # 401 - Unauthorized - # set resp.http.Content-Type = "text/html; charset=utf-8"; - # synthetic(std.fileread("/data/configuration/varnish/errors/401.html")); - # return (deliver); - # } elseif (resp.status == 403) { # 403 - Forbidden - # set resp.http.Content-Type = "text/html; charset=utf-8"; - # synthetic(std.fileread("/data/configuration/varnish/errors/403.html")); - # return (deliver); - # } elseif (resp.status == 404) { # 404 - Not Found - # set resp.http.Content-Type = "text/html; charset=utf-8"; - # synthetic(std.fileread("/data/configuration/varnish/errors/404.html")); - # return (deliver); - # } else - if (resp.status == 700) { # Respond to healthcheck - set resp.status = 200; - set resp.http.Content-Type = "text/plain"; - synthetic ( {"OK"} ); - return (deliver); - } - } - - ## - # ERROR HANDLING - ## - # sub vcl_backend_error { - # set beresp.http.Content-Type = "text/html; charset=utf-8"; - # synthetic(std.fileread("/data/configuration/varnish/errors/503.html")); - # return (deliver); - # } diff --git a/solr/charts/.gitkeep b/solr/charts/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/test/config.yaml b/test/config.yaml index 8642a20f..d01c530b 100644 --- a/test/config.yaml +++ b/test/config.yaml @@ -4,7 +4,6 @@ chart-dirs: chart-repos: - bitnami=https://charts.bitnami.com/bitnami - helm=https://charts.helm.sh/stable - - statcan=https://statcan.github.io/charts check-version-increment: true validate-maintainers: false excluded-charts: