[LX-1442] Adjust Helm deployment templates and value files (#87)

UCLALibrary · Nov 30, 2023 · c841bb4 · c841bb4
1 parent 8c6c498
commit c841bb4
Show file tree

Hide file tree

Showing 9 changed files with 568 additions and 72 deletions.
diff --git a/charts/Chart.lock b/charts/Chart.lock
@@ -6,4 +6,4 @@ dependencies:
   repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
   version: 7.2.1
 digest: sha256:ac17baaf9879b11448623b1729261d4ab92ebda374549f53421c67bc4dd76043
-generated: "2023-08-04T16:58:41.365243-07:00"
+generated: "2023-11-27T14:31:49.286645-08:00"
diff --git a/charts/Chart.yaml b/charts/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "0.0.1"
+appVersion: "0.0.2"
 description: Chart for Oral History Public-Facing App
 name: oralhistory
-version: 0.0.11
+version: 1.0.0
 
 # The `appVersion` is not a required field whereas `version` is required. If
 # you’re making changes to a helm chart template file and/or the default values

diff --git a/charts/prod-oralhistory-values.yaml b/charts/prod-oralhistory-values.yaml
@@ -13,22 +13,38 @@ image:
 # Chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/solr
 solr:
   # TODO: Solr heap size? docker-compose has SOLR_HEAP=4g
+  replicaCount: 1
+  collectionReplicas: 1
   enabled: true
+
+  javaMem: "-XX:MaxRAMPercentage=80"
+  resources:
+    limits:
+      memory: 4Gi
+    requests:
+      memory: 4Gi
+
+  coreNames: ["blacklight-core"]
+
+  # Disable solr cloud
+  cloudEnabled: false
+  cloudBootstrap: false
+  zookeeper:
+    enabled: false
+
   image:
     repository: bitnami/solr
     # This is the image version, not the chart version.
     tag: 8.11.1
   auth:
     enabled: true
     adminUsername: admin
-    secretKeys:
-      adminPasswordKey: SOLR_ADMIN_PASSWORD
-      userPasswordKey: SOLR_ADMIN_PASSWORD
     existingSecret: oral-history-secrets
+    existingSecretPasswordKey: SOLR_ADMIN_PASSWORD
   persistence:
     enabled: true
     storageClass: "vsphere-csi-sc"
-    size: 8Gi
+    size: 20Gi
     mountPath: /bitnami/solr
 # Chart documentation: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
 postgresql:
@@ -39,40 +55,53 @@ postgresql:
     tag: 12.3.0
 
   auth:
-    username: blacklight
-    database: blacklight
+    database: oral_history
     secretKeys:
       adminPasswordKey: POSTGRES_PASSWORD
-      userPasswordKey: POSTGRES_PASSWORD
+      userPasswordKey: POSTGRES_USER
     existingSecret: oral-history-secrets
   service:
     ports:
       postgresql: 5432
   primary:
     persistence:
       # TODO: Should enabled be true?
-      enabled: false
-      size: 10Gi
+      enabled: true
+      size: 20Gi
 
 # TODO: Variable names and values were copied from .env - is this all right?
 web:
+  # Due to the current Helm template mechanism, any additional ENVs will have to be added in the oral-history-env ConfigMap template
   env:
-    SOLR_ADMIN_USER: admin
-    SOLR_HOST: oral-history-public-web-solr
-    SOLR_PORT: 8983
-    POSTGRES_DB: oral_history
-    POSTGRES_HOST: postgres
-    POSTGRES_USER: postgres
-    DEPLOY_HOOK: CHANGEME
-    DOCKER_PORTS: 80
-    MAKE_WAVES: false
-    PASSENGER_APP_ENV: production
-    REGISTRY_HOST: index.docker.io/
-    REGISTRY_URI: uclalibrary
-    # TODO: Real value
-    SITE_URI: oralhistory-k8s.library.ucla.edu
-    TAG: staging
-    TEST_DB: oral_history_test
+    # Solr Environment Variables
+    # The values should be matched with values used in the Solr Dependent Chart
+    SOLR_ADMIN_USER: "admin"
+
+    # DNS pointer to the Solr Service Name
+    SOLR_HOST: "prod-oral-history-public-web-solr"
+
+    SOLR_PORT: "8983"
+
+    # Postgres environment variables
+    # The values should be matched with values used in the Postgre Dependent Chart
+    POSTGRES_DB: "oral_history"
+
+    # DNS pointer to the Postgres Service Name
+    POSTGRES_HOST: "prod-oral-history-public-web-postgresql"
+
+    # Rails specific environment variables
+    MAKE_WAVES: "true"
+    PASSENGER_APP_ENV: "production"
+    RAILS_ENV: "production"
+    RACK_ENV: "production"
+    RAILS_LOG_TO_STDOUT: "true"
+    SMTP_ADDRESS: "smtp.ucla.edu"
+    SMTP_DOMAIN: "library.ucla.edu"
+    SMTP_FROM: "do-not-reply@library.ucla.edu"
+    SMTP_HOST: "oralhistory.library.ucla.edu"
+    SMTP_HTTP_PROTOCOL: "https"
+
+    SITE_URI: "oralhistory-k8s.library.ucla.edu"
 
 worker:
   replicaCount: 1
@@ -92,22 +121,28 @@ externalsecrets:
     argocd.argoproj.io/sync-wave: "-3"
   enabled: true
   # Reference to ClusterSecretStore name
-  ref: systems-clustersecretstore
+  ref: apps-clustersecretstore
   secrets:
     application:
       data:
+        - secretKey: ROLLBAR_ACCESS_TOKEN
+          remoteRef:
+            key: /apps/prodrke01/oh-public/rollbar_access_token
         - secretKey: NEGATIVE_CAPTCHA_SECRET
           remoteRef:
-            key: /systems/prodrke01/oh-public/negative_captcha_secret
+            key: /apps/prodrke01/oh-public/negative_captcha_secret
         - secretKey: POSTGRES_PASSWORD
           remoteRef:
-            key: /systems/prodrke01/oh-public/db_password
+            key: /apps/prodrke01/oh-public/db_password
+        - secretKey: POSTGRES_USER
+          remoteRef:
+            key: /apps/prodrke01/oh-public/db_username
         - secretKey: SECRET_KEY_BASE
           remoteRef:
-            key: /systems/prodrke01/oh-public/secret_key_base
-        - secretKey: solr-password
+            key: /apps/prodrke01/oh-public/secret_key_base
+        - secretKey: SOLR_ADMIN_PASSWORD
           remoteRef:
-            key: /systems/prodrke01/oh-public/solr_admin_password
+            key: /apps/prodrke01/oh-public/solr_admin_password
 
 # configure a registry token for access to your container registry, needs read permissions, create secret in Rancher, follow instructions:
 # https://ranchermanager.docs.rancher.com/v2.5/how-to-guides/new-user-guides/kubernetes-resources-setup/kubernetes-and-docker-registries#creating-a-registry
@@ -133,34 +168,29 @@ ingress:
   enabled: "true"
   ingressClassName: "nginx"
   annotations:
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
     cert-manager.io/cluster-issuer: sectigo-acme-clusterissuer
     kubernetes.io/tls-acme: "true"
-
   hosts:
     # TODO: Set real production name
     - host: oralhistory-k8s.library.ucla.edu
       paths:
         - "/"
-
   tls:
     # TODO: Set real production name
    - secretName: oralhistory-k8s-tls
      hosts:
        - oralhistory-k8s.library.ucla.edu
 
-resources: {}
+
+resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
+  limits:
+    memory: 4Gi
+  requests:
+    memory: 4Gi
 
 autoscaling:
   enabled: false