Skip to content

feat(helm): Add Helm Chart #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Quentinchampenois wants to merge 13 commits into
base: main
Choose a base branch
from
Draft

feat(helm): Add Helm Chart #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
d14a3ac
feat(helm): Add Helm Chart
Quentinchampenois Mar 24, 2025
fe92884
fix(helm): Deployments
Quentinchampenois Mar 24, 2025
de99ee9
fix(frontend): Bump to node22
Quentinchampenois Mar 25, 2025
78d92a4
fix(helm): Directus and webserver cors policies
Quentinchampenois Mar 26, 2025
0380770
fix(directus): Bump to version 11.6.0
Quentinchampenois Mar 27, 2025
0278928
fix(helm): Add MARKETPLACE_TRUST
Quentinchampenois Mar 27, 2025
9633eff
feat(tofu): Add Scaleway configuration
Quentinchampenois Mar 27, 2025
bb0bea7
fix(directus): Cookies subdomains
Quentinchampenois Mar 27, 2025
8ee9ebd
fix(helm): Directus SMTP settings
Quentinchampenois Mar 28, 2025
51f4b1f
fix(helm): Participant service
Quentinchampenois Apr 1, 2025
cd3b964
fix(frontend): Add directus content public url
Quentinchampenois Apr 25, 2025
cf1f19a
fix(server): Add pool_pre_ping option
Quentinchampenois May 2, 2025
741ee5b
fix(helm): Add env var in deployments
Quentinchampenois May 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions deploy/helm/echo/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
values-prod.yaml
*.zip
5 changes: 5 additions & 0 deletions deploy/helm/echo/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v2
name: echo
description: "Helm chart for deploying Dembrane ECHO backend (API, Worker, Directus)"
version: 0.1.0
appVersion: "0.1.0"
14 changes: 14 additions & 0 deletions deploy/helm/echo/cluster-issuer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: CHANGE_ME_ACME_EMAIL
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
7 changes: 7 additions & 0 deletions deploy/helm/echo/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{{- define "echo.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{- define "echo.fullname" -}}
{{- printf "%s-%s" (include "echo.name" .) .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
125 changes: 125 additions & 0 deletions deploy/helm/echo/templates/deployment-api-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-api
namespace: {{ .Release.Namespace }}
labels:
app: echo
component: api
spec:
replicas: {{ .Values.apiServer.replicaCount }}
selector:
matchLabels:
app: echo
component: api
template:
metadata:
labels:
app: echo
component: api
spec:
containers:
- name: api-server
image: '{{ .Values.apiServer.image.repository }}:{{ .Values.apiServer.image.tag }}'
imagePullPolicy: Always
command:
- '/bin/sh'
- '/code/server/prod.sh'
ports:
- containerPort: {{ .Values.apiServer.service.port }}
env:
- name: DIRECTUS_BASE_URL
value: '{{ .Values.apiServer.env.DIRECTUS_BASE_URL }}'
- name: DIRECTUS_PUBLIC_URL
value: '{{ .Values.apiServer.env.DIRECTUS_PUBLIC_URL }}'

- name: DIRECTUS_TOKEN
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_ADMIN_TOKEN

- name: DIRECTUS_SECRET
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_SECRET

- name: DIRECTUS_SESSION_COOKIE_NAME
value: '{{ .Values.directus.env.SESSION_COOKIE_NAME }}'

- name: ADMIN_BASE_URL
value: '{{ .Values.apiServer.env.ADMIN_BASE_URL }}'

- name: PARTICIPANT_BASE_URL
value: '{{ .Values.apiServer.env.PARTICIPANT_BASE_URL }}'

- name: BUILD_VERSION
value: '{{ .Values.apiServer.env.BUILD_VERSION }}'

- name: OPENAI_API_KEY
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: OPENAI_API_KEY

- name: ANTHROPIC_API_KEY
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: ANTHROPIC_API_KEY

- name: REDIS_URL
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: REDIS_URL

- name: RABBITMQ_URL
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: RABBITMQ_URL

- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DATABASE_URL_WORKER

- name: DISABLE_REDACTION
value: '{{ .Values.apiServer.env.DISABLE_REDACTION }}'

- name: DISABLE_SENTRY
value: '{{ .Values.apiServer.env.DISABLE_SENTRY }}'

- name: SERVE_API_DOCS
value: '{{ .Values.apiServer.env.SERVE_API_DOCS }}'

- name: DISABLE_CORS
value: '{{ .Values.apiServer.env.DISABLE_CORS }}'

- name: STORAGE_S3_BUCKET
value: '{{ .Values.apiServer.env.STORAGE_S3_BUCKET }}'

- name: STORAGE_S3_REGION
value: '{{ .Values.apiServer.env.STORAGE_S3_REGION }}'

- name: STORAGE_S3_ENDPOINT
value: '{{ .Values.apiServer.env.STORAGE_S3_ENDPOINT }}'

- name: STORAGE_S3_KEY
value: '{{ .Values.apiServer.env.STORAGE_S3_KEY }}'

- name: STORAGE_S3_SECRET
value: '{{ .Values.apiServer.env.STORAGE_S3_SECRET }}'

- name: DEBUG_MODE
value: '{{ .Values.apiServer.env.DEBUG_MODE }}'
resources:
requests:
cpu: '250m'
memory: '256Mi'
limits:
cpu: '500m'
memory: '512Mi'
227 changes: 227 additions & 0 deletions deploy/helm/echo/templates/deployment-directus.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,227 @@
# deploy/helm/echo/templates/deployment-directus.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo-directus
namespace: {{ .Release.Namespace }}
labels:
app: echo
component: directus
spec:
replicas: {{ .Values.directus.replicaCount }}
selector:
matchLabels:
app: echo
component: directus
template:
metadata:
labels:
app: echo
component: directus
spec:
containers:
- name: directus
image: '{{ .Values.directus.image.repository }}:{{ .Values.directus.image.tag }}'
imagePullPolicy: Always
ports:
- containerPort: {{ .Values.directus.service.port }}
env:
- name: PUBLIC_URL
value: '{{ .Values.directus.env.PUBLIC_URL }}'

- name: PORT
value: '8055'

- name: SECRET
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_SECRET

- name: ADMIN_EMAIL
value: '{{ .Values.directus.env.ADMIN_EMAIL }}'

- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_ADMIN_PASSWORD

- name: ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_ADMIN_TOKEN

- name: WEBSOCKETS_ENABLED
value: 'true'

- name: DB_CLIENT
value: 'pg'

- name: DB_CONNECTION_STRING
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DATABASE_URL

- name: TELEMETRY
value: 'false'

- name: REDIS_ENABLED
value: 'true'

- name: REDIS
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: REDIS_URL

- name: CORS_ENABLED
value: '{{ .Values.directus.env.CORS_ENABLED }}'

- name: CORS_CREDENTIALS
value: '{{ .Values.directus.env.CORS_CREDENTIALS }}'

- name: CORS_METHODS
value: "GET,POST,PUT,PATCH,DELETE,OPTIONS,SEARCH"

- name: CORS_ALLOW_HEADERS
value: "Content-Type,Authorization"

- name: CORS_EXPOSED_HEADERS
value: "Content-Type,Content-Range,X-Total-Count"

- name: CORS_ORIGIN
value: '{{ .Values.directus.env.CORS_ORIGIN | quote }}'

- name: SESSION_COOKIE_NAME
value: '{{ .Values.directus.env.SESSION_COOKIE_NAME | quote }}'

- name: SESSION_COOKIE_DOMAIN
value: '{{ .Values.directus.env.SESSION_COOKIE_DOMAIN | quote }}'

- name: SESSION_COOKIE_SAME_SITE
value: '{{ .Values.directus.env.SESSION_COOKIE_SAME_SITE | quote }}'

- name: SESSION_COOKIE_SECURE
value: '{{ .Values.directus.env.SESSION_COOKIE_SECURE | quote }}'

- name: EMAIL_TRANSPORT
value: 'smtp'

- name: EMAIL_TEMPLATES_PATH
value: './templates'

- name: EMAIL_VERIFY_SETUP
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_EMAIL_VERIFY_SETUP

- name: EMAIL_SMTP_SECURE
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_EMAIL_SMTP_SECURE

- name: EMAIL_FROM
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_EMAIL_FROM

- name: EMAIL_SMTP_NAME
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_EMAIL_SMTP_HOST

- name: EMAIL_SMTP_HOST
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_EMAIL_SMTP_HOST

- name: EMAIL_SMTP_PORT
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_EMAIL_SMTP_PORT

- name: EMAIL_SMTP_USER
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_EMAIL_SMTP_USER

- name: EMAIL_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: DIRECTUS_EMAIL_SMTP_PASSWORD

- name: USER_REGISTER_URL_ALLOW_LIST
value: '{{ .Values.directus.env.USER_REGISTER_URL_ALLOW_LIST | quote }}'

- name: PASSWORD_RESET_URL_ALLOW_LIST
value: '{{ .Values.directus.env.PASSWORD_RESET_URL_ALLOW_LIST }}'

- name: USER_INVITE_URL_ALLOW_LIST
value: '{{ .Values.directus.env.USER_INVITE_URL_ALLOW_LIST }}'

- name: AUTH_PROVIDERS
value: 'google'

- name: MARKETPLACE_TRUST
value: '{{ .Values.directus.env.MARKETPLACE_TRUST }}'

- name: AUTH_GOOGLE_DRIVER
value: 'openid'

- name: AUTH_GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: AUTH_GOOGLE_CLIENT_ID

- name: AUTH_GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: echo-backend-secrets
key: AUTH_GOOGLE_CLIENT_SECRET

- name: AUTH_GOOGLE_ISSUER_URL
value: 'https://accounts.google.com'

- name: AUTH_GOOGLE_IDENTIFIER_KEY
value: 'email'

- name: AUTH_GOOGLE_FIRST_NAME_KEY
value: 'given_name'

- name: AUTH_GOOGLE_LAST_NAME_KEY
value: 'family_name'

- name: AUTH_GOOGLE_ICON
value: 'google'

- name: AUTH_GOOGLE_LABEL
value: 'Google'

- name: AUTH_GOOGLE_ALLOW_PUBLIC_REGISTRATION
value: '{{ .Values.directus.env.AUTH_GOOGLE_ALLOW_PUBLIC_REGISTRATION }}'

- name: AUTH_GOOGLE_DEFAULT_ROLE_ID
value: '{{ .Values.directus.env.AUTH_GOOGLE_DEFAULT_ROLE_ID }}'

- name: AUTH_GOOGLE_REDIRECT_ALLOW_LIST
value: '{{ .Values.directus.env.AUTH_GOOGLE_REDIRECT_ALLOW_LIST }}'

resources:
requests:
cpu: '250m'
memory: '256Mi'
limits:
cpu: '500m'
memory: '512Mi'
Loading