From 9e80703a6d0a962d0582086e50bc850b0de58121 Mon Sep 17 00:00:00 2001 From: Gene Kuo Date: Mon, 14 Oct 2024 21:53:50 +0900 Subject: [PATCH 1/5] Add hoppscotch Helm Chart This commit adds the initial implementation of hoppscotch Helm chart. --- charts/hoppscotch/Chart.lock | 6 ++ charts/hoppscotch/Chart.yaml | 9 ++ .../hoppscotch/templates/aio-deployment.yaml | 51 ++++++++++++ charts/hoppscotch/templates/aio-service.yaml | 24 ++++++ charts/hoppscotch/templates/ingress.yaml | 28 +++++++ charts/hoppscotch/values.yaml | 82 +++++++++++++++++++ 6 files changed, 200 insertions(+) create mode 100644 charts/hoppscotch/Chart.lock create mode 100644 charts/hoppscotch/Chart.yaml create mode 100644 charts/hoppscotch/templates/aio-deployment.yaml create mode 100644 charts/hoppscotch/templates/aio-service.yaml create mode 100644 charts/hoppscotch/templates/ingress.yaml create mode 100644 charts/hoppscotch/values.yaml diff --git a/charts/hoppscotch/Chart.lock b/charts/hoppscotch/Chart.lock new file mode 100644 index 0000000..3ce91ff --- /dev/null +++ b/charts/hoppscotch/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 16.0.1 +digest: sha256:e895214dc2ca49991deb760fa99c4c37d8d52292426dba600efcde03400db3de +generated: "2024-10-13T20:08:18.561698+09:00" diff --git a/charts/hoppscotch/Chart.yaml b/charts/hoppscotch/Chart.yaml new file mode 100644 index 0000000..04a85dd --- /dev/null +++ b/charts/hoppscotch/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: hoppscotch +description: A Helm chart for Hoppscotch services +version: 0.1.0 +appVersion: "1.0" +dependencies: + - name: postgresql + version: 16.0.1 + repository: https://charts.bitnami.com/bitnami diff --git a/charts/hoppscotch/templates/aio-deployment.yaml b/charts/hoppscotch/templates/aio-deployment.yaml new file mode 100644 index 0000000..b87a16a --- /dev/null +++ b/charts/hoppscotch/templates/aio-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-aio +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }}-aio + template: + metadata: + labels: + app: {{ .Release.Name }}-aio + spec: + securityContext: + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + initContainers: + - name: init-db + image: "{{ .Values.aio.image.repository }}:{{ .Values.aio.image.tag }}" + imagePullPolicy: IfNotPresent + env: + - name: DATABASE_URL + value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:{{ .Values.postgresql.global.postgresql.auth.password }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" + {{- range $key, $value := .Values.env }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + command: [ "/bin/sh", "-c" ] + args: + - "pnpx prisma migrate deploy" + containers: + - name: aio + image: {{ .Values.aio.image.repository }}:{{ .Values.aio.image.tag }} + ports: + - containerPort: 3000 + - containerPort: 3100 + - containerPort: 3170 + - containerPort: 80 + env: + - name: DATABASE_URL + value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:{{ .Values.postgresql.global.postgresql.auth.password }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" + {{- range $key, $value := .Values.aio.env }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/hoppscotch/templates/aio-service.yaml b/charts/hoppscotch/templates/aio-service.yaml new file mode 100644 index 0000000..becc797 --- /dev/null +++ b/charts/hoppscotch/templates/aio-service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-aio +spec: + selector: + app: {{ .Release.Name }}-aio + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + name: app-port + - protocol: TCP + port: 3100 + targetPort: 3100 + name: admin-port + - protocol: TCP + port: 3170 + targetPort: 3170 + name: backend-port + - protocol: TCP + port: 3080 + targetPort: 80 + name: web-port diff --git a/charts/hoppscotch/templates/ingress.yaml b/charts/hoppscotch/templates/ingress.yaml new file mode 100644 index 0000000..446e3a0 --- /dev/null +++ b/charts/hoppscotch/templates/ingress.yaml @@ -0,0 +1,28 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-app-ingress + annotations: + {{- with .Values.ingress.annotations }} + {{ toYaml . | indent 4 }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.hostname }} + http: + paths: + - path: {{ .Values.ingress.path }} + pathType: {{ .Values.ingress.pathType }} + backend: + service: + name: {{ .Release.Name }}-aio + port: + number: 3000 + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.hostname }} + secretName: {{ .Values.ingress.tls.secretName }} + {{- end }} +{{- end }} diff --git a/charts/hoppscotch/values.yaml b/charts/hoppscotch/values.yaml new file mode 100644 index 0000000..033093a --- /dev/null +++ b/charts/hoppscotch/values.yaml @@ -0,0 +1,82 @@ +# Global values for the Bitnami PostgreSQL chart +postgresql: + enabled: true + global: + postgresql: + auth: + username: "hoppscotch" + password: "your-hoppscotch-password" + database: "hoppscotch" + existingSecret: "" + secretKeys: + adminPasswordKey: "" + userPasswordKey: "" + replicationPasswordKey: "" + + primary: + persistence: + enabled: false + storageClass: "standard" + size: 8Gi + accessModes: + - ReadWriteOnce + +aio: + image: + repository: hoppscotch/hoppscotch + tag: 2024.9.1 + + # Environment variables to be use in the container. Please refer to the following document: + # https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment + env: + JWT_SECRET: "secret1233" + TOKEN_SALT_COMPLEXITY: 10 + MAGIC_LINK_TOKEN_VALIDITY: 3 + REFRESH_TOKEN_VALIDITY: "604800000" + ACCESS_TOKEN_VALIDITY: "86400000" + SESSION_SECRET: "add some secret here" + ALLOW_SECURE_COOKIES: true + DATA_ENCRYPTION_KEY: "data encryption key with 32 char" + REDIRECT_URL: "http://localhost:3000" + WHITELISTED_ORIGINS: "http://localhost:3170,http://localhost:3000,http://localhost:3100" + VITE_ALLOWED_AUTH_PROVIDERS: "GOOGLE,GITHUB,MICROSOFT,EMAIL" + GITHUB_CLIENT_ID: "************************************************" + GITHUB_CLIENT_SECRET: "************************************************" + GITHUB_CALLBACK_URL: "http://localhost:3170/v1/auth/github/callback" + GITHUB_SCOPE: "user:email" + MAILER_SMTP_ENABLE: "false" + MAILER_USE_CUSTOM_CONFIGS: "false" + #MAILER_ADDRESS_FROM: '"From Name Here" ' + MAILER_SMTP_URL: "smtps://user@domain.com:pass@smtp.domain.com" # used if custom mailer configs is false + MAILER_SMTP_HOST: "smtp.domain.com" + MAILER_SMTP_PORT: "587" + MAILER_SMTP_SECURE: "true" + MAILER_SMTP_USER: "user@domain.com" + MAILER_SMTP_PASSWORD: "pass" + MAILER_TLS_REJECT_UNAUTHORIZED: "true" + RATE_LIMIT_TTL: 60 # In seconds + RATE_LIMIT_MAX: 100 # Max requests per IP + VITE_BASE_URL: "http://localhost:3000" + VITE_SHORTCODE_BASE_URL: "http://localhost:3000" + VITE_ADMIN_URL: "http://localhost:3100" + VITE_BACKEND_GQL_URL: "http://localhost:3170/graphql" + VITE_BACKEND_WS_URL: "ws://localhost:3170/graphql" + VITE_BACKEND_API_URL: "http://localhost:3170/v1" + VITE_APP_TOS_LINK: "https://docs.hoppscotch.io/support/terms" + VITE_APP_PRIVACY_POLICY_LINK: "https://docs.hoppscotch.io/support/privacy" + ENABLE_SUBPATH_BASED_ACCESS: false + ports: + - 3000:3000 + - 3100:3100 + - 3170:3170 + - 3080:80 + +ingress: + enabled: true + hostname: "hoppscotch.test.com" + annotations: + path: / + pathType: Prefix + tls: + enabled: true + secretName: hoppscotch-tls From 3f7cd5ed356fc1fe32537e49699297de0d00ca76 Mon Sep 17 00:00:00 2001 From: Gene Kuo Date: Thu, 17 Oct 2024 21:38:28 +0900 Subject: [PATCH 2/5] Add the Option to Use existingSecret This commit adds the option to use existingSecret and reference the sensitive environment variables from created secrets instead of hard coding in enviornment variables. --- .../hoppscotch/templates/aio-deployment.yaml | 40 ++++++++++++++++--- charts/hoppscotch/templates/secrets.yaml | 17 ++++++++ charts/hoppscotch/values.yaml | 19 ++++++--- 3 files changed, 66 insertions(+), 10 deletions(-) create mode 100644 charts/hoppscotch/templates/secrets.yaml diff --git a/charts/hoppscotch/templates/aio-deployment.yaml b/charts/hoppscotch/templates/aio-deployment.yaml index b87a16a..a46497c 100644 --- a/charts/hoppscotch/templates/aio-deployment.yaml +++ b/charts/hoppscotch/templates/aio-deployment.yaml @@ -18,11 +18,16 @@ spec: value: "0" initContainers: - name: init-db - image: "{{ .Values.aio.image.repository }}:{{ .Values.aio.image.tag }}" + image: "{{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }}" imagePullPolicy: IfNotPresent env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.global.postgresql.auth.existingSecret | default (printf "%s-postgresql" .Release.Name) }} + key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey | default "password" }} - name: DATABASE_URL - value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:{{ .Values.postgresql.global.postgresql.auth.password }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" + value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:$(POSTGRES_PASSWORD)@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" {{- range $key, $value := .Values.env }} - name: {{ $key }} value: "{{ $value }}" @@ -34,16 +39,41 @@ spec: - "pnpx prisma migrate deploy" containers: - name: aio - image: {{ .Values.aio.image.repository }}:{{ .Values.aio.image.tag }} + image: {{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }} ports: - containerPort: 3000 - containerPort: 3100 - containerPort: 3170 - containerPort: 80 env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.global.postgresql.auth.existingSecret | default (printf "%s-postgresql" .Release.Name) }} + key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey | default "password" }} - name: DATABASE_URL - value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:{{ .Values.postgresql.global.postgresql.auth.password }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" - {{- range $key, $value := .Values.aio.env }} + value: "postgres://{{ .Values.postgresql.global.postgresql.auth.username }}:$(POSTGRES_PASSWORD)@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}" + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} + key: jwt_secret + - name: SESSION_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} + key: session_secret + - name: MAILER_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} + key: mailer_smtp_password + - name: DATA_ENCRYPTION_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.hoppscotch.auth.existingSecret | default (printf "%s-secrets" .Release.Name) }} + key: data_encryption_key + {{- range $key, $value := .Values.hoppscotch.env }} - name: {{ $key }} value: "{{ $value }}" {{- end }} diff --git a/charts/hoppscotch/templates/secrets.yaml b/charts/hoppscotch/templates/secrets.yaml new file mode 100644 index 0000000..90b68e7 --- /dev/null +++ b/charts/hoppscotch/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{- if not .Values.hoppscotch.auth.existingSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-secrets + labels: + app.kubernetes.io/name: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +type: Opaque +data: + jwt_secret: {{ .Values.hoppscotch.auth.JWT_SECRET | b64enc | quote }} + session_secret: {{ .Values.hoppscotch.auth.SESSION_SECRET | b64enc | quote }} + mailer_smtp_password: {{ .Values.hoppscotch.auth.MAILER_SMTP_PASSWORD | b64enc | quote }} + data_encryption_key: {{ .Values.hoppscotch.auth.DATA_ENCRYPTION_KEY | b64enc | quote }} +{{- end }} diff --git a/charts/hoppscotch/values.yaml b/charts/hoppscotch/values.yaml index 033093a..6209ced 100644 --- a/charts/hoppscotch/values.yaml +++ b/charts/hoppscotch/values.yaml @@ -21,22 +21,32 @@ postgresql: accessModes: - ReadWriteOnce -aio: +hoppscotch: image: repository: hoppscotch/hoppscotch tag: 2024.9.1 + auth: + JWT_SECRET: "secret1233" + SESSION_SECRET: "add some secret here" + DATA_ENCRYPTION_KEY: "data encryption key with 32 char" + MAILER_SMTP_PASSWORD: "pass" + existingSecret: "" + + secretKeys: + jwtSecretKey: "" + sessionSecretKey: "" + mailerSmtpPasswordKey: "" + dataEncryptionKey: "" + # Environment variables to be use in the container. Please refer to the following document: # https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment env: - JWT_SECRET: "secret1233" TOKEN_SALT_COMPLEXITY: 10 MAGIC_LINK_TOKEN_VALIDITY: 3 REFRESH_TOKEN_VALIDITY: "604800000" ACCESS_TOKEN_VALIDITY: "86400000" - SESSION_SECRET: "add some secret here" ALLOW_SECURE_COOKIES: true - DATA_ENCRYPTION_KEY: "data encryption key with 32 char" REDIRECT_URL: "http://localhost:3000" WHITELISTED_ORIGINS: "http://localhost:3170,http://localhost:3000,http://localhost:3100" VITE_ALLOWED_AUTH_PROVIDERS: "GOOGLE,GITHUB,MICROSOFT,EMAIL" @@ -52,7 +62,6 @@ aio: MAILER_SMTP_PORT: "587" MAILER_SMTP_SECURE: "true" MAILER_SMTP_USER: "user@domain.com" - MAILER_SMTP_PASSWORD: "pass" MAILER_TLS_REJECT_UNAUTHORIZED: "true" RATE_LIMIT_TTL: 60 # In seconds RATE_LIMIT_MAX: 100 # Max requests per IP From 4ecab931f5a39411e775d3e075ffae81761c26c9 Mon Sep 17 00:00:00 2001 From: Gene Kuo Date: Thu, 17 Oct 2024 23:07:37 +0900 Subject: [PATCH 3/5] Address AI bot Comment --- .../{aio-deployment.yaml => deployment.yaml} | 17 ++++++++++++++--- .../{aio-service.yaml => service.yaml} | 8 ++------ 2 files changed, 16 insertions(+), 9 deletions(-) rename charts/hoppscotch/templates/{aio-deployment.yaml => deployment.yaml} (89%) rename charts/hoppscotch/templates/{aio-service.yaml => service.yaml} (73%) diff --git a/charts/hoppscotch/templates/aio-deployment.yaml b/charts/hoppscotch/templates/deployment.yaml similarity index 89% rename from charts/hoppscotch/templates/aio-deployment.yaml rename to charts/hoppscotch/templates/deployment.yaml index a46497c..ebe677b 100644 --- a/charts/hoppscotch/templates/aio-deployment.yaml +++ b/charts/hoppscotch/templates/deployment.yaml @@ -36,15 +36,26 @@ spec: {{- toYaml .Values.resources | nindent 12 }} command: [ "/bin/sh", "-c" ] args: - - "pnpx prisma migrate deploy" + - "set -e; pnpx prisma migrate deploy" containers: - - name: aio + - name: hoppscotch-aio image: {{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }} ports: - containerPort: 3000 - containerPort: 3100 - containerPort: 3170 - - containerPort: 80 + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 15 + periodSeconds: 20 env: - name: POSTGRES_PASSWORD valueFrom: diff --git a/charts/hoppscotch/templates/aio-service.yaml b/charts/hoppscotch/templates/service.yaml similarity index 73% rename from charts/hoppscotch/templates/aio-service.yaml rename to charts/hoppscotch/templates/service.yaml index becc797..a7f0c39 100644 --- a/charts/hoppscotch/templates/aio-service.yaml +++ b/charts/hoppscotch/templates/service.yaml @@ -9,16 +9,12 @@ spec: - protocol: TCP port: 3000 targetPort: 3000 - name: app-port + name: http-web-port - protocol: TCP port: 3100 targetPort: 3100 - name: admin-port + name: http-admin-port - protocol: TCP port: 3170 targetPort: 3170 name: backend-port - - protocol: TCP - port: 3080 - targetPort: 80 - name: web-port From b81f1e40501d59cf286e55c7c5b604f7ee7c1dba Mon Sep 17 00:00:00 2001 From: Gene Kuo Date: Thu, 17 Oct 2024 23:14:07 +0900 Subject: [PATCH 4/5] Update Resources and Image Pull Policy Settings --- charts/hoppscotch/templates/deployment.yaml | 4 ++-- charts/hoppscotch/values.yaml | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/hoppscotch/templates/deployment.yaml b/charts/hoppscotch/templates/deployment.yaml index ebe677b..131203f 100644 --- a/charts/hoppscotch/templates/deployment.yaml +++ b/charts/hoppscotch/templates/deployment.yaml @@ -19,7 +19,7 @@ spec: initContainers: - name: init-db image: "{{ .Values.hoppscotch.image.repository }}:{{ .Values.hoppscotch.image.tag }}" - imagePullPolicy: IfNotPresent + imagePullPolicy: {{ .Values.hoppscotch.image.pullPolicy }} env: - name: POSTGRES_PASSWORD valueFrom: @@ -33,7 +33,7 @@ spec: value: "{{ $value }}" {{- end }} resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.hoppscotch.resources | nindent 12 }} command: [ "/bin/sh", "-c" ] args: - "set -e; pnpx prisma migrate deploy" diff --git a/charts/hoppscotch/values.yaml b/charts/hoppscotch/values.yaml index 6209ced..5292233 100644 --- a/charts/hoppscotch/values.yaml +++ b/charts/hoppscotch/values.yaml @@ -25,6 +25,7 @@ hoppscotch: image: repository: hoppscotch/hoppscotch tag: 2024.9.1 + pullPolicy: IfNotPresent auth: JWT_SECRET: "secret1233" @@ -39,6 +40,8 @@ hoppscotch: mailerSmtpPasswordKey: "" dataEncryptionKey: "" + resources: {} + # Environment variables to be use in the container. Please refer to the following document: # https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment env: From b9fb92962d6e507cfe007f27bd4e4bc74b6ec1b4 Mon Sep 17 00:00:00 2001 From: Gene Kuo Date: Thu, 17 Oct 2024 23:17:49 +0900 Subject: [PATCH 5/5] Address Suggestions --- charts/hoppscotch/templates/ingress.yaml | 2 +- charts/hoppscotch/templates/service.yaml | 1 + charts/hoppscotch/values.yaml | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/hoppscotch/templates/ingress.yaml b/charts/hoppscotch/templates/ingress.yaml index 446e3a0..ed043b0 100644 --- a/charts/hoppscotch/templates/ingress.yaml +++ b/charts/hoppscotch/templates/ingress.yaml @@ -13,7 +13,7 @@ spec: http: paths: - path: {{ .Values.ingress.path }} - pathType: {{ .Values.ingress.pathType }} + pathType: Prefix backend: service: name: {{ .Release.Name }}-aio diff --git a/charts/hoppscotch/templates/service.yaml b/charts/hoppscotch/templates/service.yaml index a7f0c39..eebe2e7 100644 --- a/charts/hoppscotch/templates/service.yaml +++ b/charts/hoppscotch/templates/service.yaml @@ -3,6 +3,7 @@ kind: Service metadata: name: {{ .Release.Name }}-aio spec: + type: ClusterIP selector: app: {{ .Release.Name }}-aio ports: diff --git a/charts/hoppscotch/values.yaml b/charts/hoppscotch/values.yaml index 5292233..61314cf 100644 --- a/charts/hoppscotch/values.yaml +++ b/charts/hoppscotch/values.yaml @@ -88,7 +88,6 @@ ingress: hostname: "hoppscotch.test.com" annotations: path: / - pathType: Prefix tls: enabled: true secretName: hoppscotch-tls