feat: add chart for auth-server

charts/auth-server/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/auth-server/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+description: Elegant Themes Auth Server
+icon: https://raw.githubusercontent.com/nodejs/nodejs.org/main/public/static/images/logo-hexagon.svg
+maintainers:
+  - email: dustin@elegantthemes.com
+    name: Elegant Themes
+name: auth-server
+version: 1.0.0

charts/auth-server/app-readme.md

@@ -0,0 +1 @@
+Auth Server

charts/auth-server/questions.yml

@@ -0,0 +1,3 @@
+questions:
+#  - variable: s3_bucket_name
+#    label: S3 Bucket Name

charts/auth-server/templates/_helpers.tpl

@@ -0,0 +1,8 @@
+{{- define "addCIDRToIPs" -}}
+  {{- $ips := . | split "," -}}
+  {{- $ipsWithCIDR := list -}}
+  {{- range $ip := $ips -}}
+    {{- $ipsWithCIDR = append $ipsWithCIDR (print $ip "/32") -}}
+  {{- end -}}
+  {{ $ipsWithCIDR | join "," | quote }}
+{{- end -}}

charts/auth-server/templates/auth-server.yml

@@ -0,0 +1,137 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: {{ .Release.Name }}
+  ports:
+    - port: {{ .Values.AUTH_SERVER_PORT }}
+      targetPort: {{ .Values.AUTH_SERVER_PORT }}
+      name: nodejs
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Release.Name }}
+spec:
+  replicas: {{ .Values.REPLICAS }}
+  strategy:
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      app: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}
+        redis-client: 'true'
+    spec:
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app.kubernetes.io/name
+                    operator: In
+                    values:
+                      - ingress-nginx
+              namespaces:
+                - ingress-nginx
+              topologyKey: kubernetes.io/hostname
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                    - key: app
+                      operator: In
+                      values:
+                        - {{ .Release.Name }}
+              namespaces:
+                - {{ .Release.Namespace }}
+              topologyKey: kubernetes.io/hostname
+            - labelSelector:
+                matchExpressions:
+                    - key: app
+                      operator: In
+                      values:
+                        - cloud-screenshot
+              namespaces:
+                - dc-screenshot
+              topologyKey: kubernetes.io/hostname
+      containers:
+        - name: {{ .Release.Name }}
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: AUTH_SERVER_PATH
+              value: {{ .Values.INSTALL_PATH | squote }}
+            - name: VIRTUAL_HOST
+              value: {{ .Values.VIRTUAL_HOST | squote }}
+            - name: AUTH_SERVER_REPO_URL
+              value: {{ .Values.AUTH_SERVER_REPO_URL | squote }}
+            - name: IMAGE_VERSION
+              value: {{ .Values.AUTH_SERVER_VERSION | squote }}
+            - name: GIT_REF
+              value: {{ .Values.GIT_REF | squote }}
+
+          image: {{ .Values.AUTH_SERVER_IMAGE | squote }}
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.AUTH_SERVER_PORT }}
+              scheme: HTTP
+            periodSeconds: 30
+          ports:
+            - name: nodejs
+              containerPort: {{ .Values.AUTH_SERVER_PORT }}
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: {{ .Values.AUTH_SERVER_PORT }}
+              scheme: HTTP
+            periodSeconds: 10
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+            limits:
+              cpu: 1000m
+              memory: {{ .Values.MEMORY_LIMIT | squote }}
+          startupProbe:
+            exec:
+              command:
+                - cat
+                - {{ .Values.INSTALL_PATH }}/dist/healthz
+            failureThreshold: 30
+            periodSeconds: 10
+          volumeMounts:
+            - name: wordpress
+              mountPath: /srv
+            - name: config
+              mountPath: /config
+              readOnly: true
+      tolerations:
+        - key: node.kubernetes.io/disk-pressure
+          operator: Exists
+        - key: node.kubernetes.io/memory-pressure
+          operator: Exists
+        - key: node.kubernetes.io/pid-pressure
+          operator: Exists
+      volumes:
+        - name: wordpress
+          hostPath:
+            path: /srv
+            type: DirectoryOrCreate
+        - name: config
+          secret:
+            secretName: secrets

charts/auth-server/templates/ingress.yml

@@ -0,0 +1,36 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/limit-connections: "5"
+    nginx.ingress.kubernetes.io/limit-rps: "3"
+    nginx.ingress.kubernetes.io/limit-burst-multiplier: "3"
+    nginx.ingress.kubernetes.io/limit-req-status-code: "429"
+    nginx.ingress.kubernetes.io/limit-conn-status-code: "429"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/enable-rewrite-log: "false"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/limit-whitelist: {{ include "addCIDRToIPs" .Values.ETDC_IP_ADDRESSES }}
+spec:
+  tls:
+    - hosts:
+        - {{ .Values.VIRTUAL_HOST }}
+      secretName: {{ .Release.Name }}-tls
+  rules:
+    - host: {{ .Values.VIRTUAL_HOST }}
+      http:
+        paths:
+          - path: "/.*"
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}
+                port:
+                  number: {{ .Values.AUTH_SERVER_PORT }}

charts/auth-server/templates/secrets.yml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secrets
+  namespace: {{ .Release.Namespace }}
+stringData:
+  GITHUB_TOKEN: {{ .Values.GITHUB_TOKEN | squote }}
+  .env: |
+    AUTH_SERVER_ENV={{ .Values.AUTH_SERVER_ENV | squote }}
+    AUTH_SERVER_PATH={{ .Values.INSTALL_PATH | squote }}
+    AUTH_SERVER_PORT={{ .Values.AUTH_SERVER_PORT }}
+    AUTH_SERVER_REPO_URL={{ .Values.AUTH_SERVER_REPO_URL | squote }}
+    IMAGE_VERSION={{ .Values.AUTH_SERVER_VERSION | squote }}
+    JWT_PRIVATE_KEY={{ .Values.JWT_PRIVATE_KEY | b64enc | squote }}
+    REDIS_HOSTNAME={{ .Values.REDIS_HOSTNAME | squote }}
+    REDIS_NAME={{ .Values.REDIS_NAME | squote }}
+    SWAGGER_ALLOWED_IPS={{ .Values.SWAGGER_ALLOWED_IPS | squote }}
+    VIRTUAL_HOST={{ .Values.VIRTUAL_HOST | squote }}
+

charts/auth-server/values.yaml

@@ -0,0 +1,16 @@
+AUTH_SERVER_ENV:
+AUTH_SERVER_PORT:
+AUTH_SERVER_IMAGE:
+AUTH_SERVER_REPO_URL:
+AUTH_SERVER_VERSION:
+ETDC_IP_ADDRESSES:
+GITHUB_TOKEN:
+GIT_REF:
+INSTALL_PATH:
+JWT_PRIVATE_KEY:
+MEMORY_LIMIT:
+REDIS_HOSTNAME:
+REDIS_NAME:
+REPLICAS:
+SWAGGER_ALLOWED_IPS:
+VIRTUAL_HOST: