alexlebens/helm-charts
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Releases 370 Activity

add taiga

Browse Source
This commit is contained in:
Alex Lebens
2024-04-13 22:17:45 -06:00
parent f905b4ccfe
commit 60e427826c
14 changed files with 2191 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
charts/taiga/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,135 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "taiga.name" -}}
{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "taiga.fullname" -}}
{{- if .Values.global.fullnameOverride -}}
{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.global.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label
*/}}
{{- define "taiga.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "taiga.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Common labels for specific components
*/}}
{{- define "taiga.back.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-back
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "taiga.async.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-async
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "taiga.front.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-front
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "taiga.events.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-events
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- define "taiga.protected.labels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
helm.sh/chart: {{ template "taiga.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "taiga.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.back.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-back
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.async.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-async
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.front.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-front
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.events.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-events
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "taiga.protected.matchLabels" -}}
app.kubernetes.io/name: {{ template "taiga.name" . }}-protected
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "taiga.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "taiga.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the static persistent volume
*/}}
{{- define "taiga.staticVolumeName" -}}
{{- if .Values.persistence.static.existingClaim -}}
{{ .Values.persistence.static.existingClaim }}
{{- else -}}
{{ printf "%s-static" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the media persistent volume
*/}}
{{- define "taiga.mediaVolumeName" -}}
{{- if .Values.persistence.media.existingClaim -}}
{{ .Values.persistence.media.existingClaim }}
{{- else -}}
{{ printf "%s-media" (include "taiga.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end -}}
{{- end -}}

36
charts/taiga/templates/config-map.yaml Normal file
View File

@@ -0,0 +1,36 @@
{{- if .Values.createInitialUser }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "taiga.fullname" . }}-create-initial-user
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
data:
createinitialuser.sh: |
#!/bin/sh
echo """
import time
import requests
import subprocess
print('Waiting for backend ...')
while requests.get('http://{{ template "taiga.fullname" . }}-back/api/v1/').status_code != 200:
print('...')
time.sleep(2)
if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
else:
print('Admin user yet created.')
""" > /tmp/create_superuser.py
python /tmp/create_superuser.py
{{- end }}

515
charts/taiga/templates/deployment-back.yaml Normal file
View File

@@ -0,0 +1,515 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "taiga.fullname" . }}-back
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.back.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.back.replicas }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "taiga.back.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taiga.back.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ template "taiga.name" . }}-back
annotations:
{{- with .Values.back.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
affinity:
{{- with .Values.back.affinity }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- with .Values.back.nodeSelector }}
{{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.back.tolerations }}
{{ toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
securityContext:
{{- with .Values.back.securityContext }}
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ template "taiga.fullname" . }}-back
image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
imagePullPolicy: {{ .Values.back.image.pullPolicy }}
resources:
{{ toYaml .Values.back.resources | nindent 12 }}
ports:
- name: taiga-back
containerPort: {{ .Values.back.service.port }}
protocol: TCP
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: ENABLE_TELEMETRY
value: "{{ .Values.enableTelemetry }}"
- name: PUBLIC_REGISTER_ENABLED
value: "{{ .Values.publicRegisterEnabled }}"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.usernameKey }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.passwordKey }}"
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.databaseNameKey }}"
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.hostKey }}"
{{ if .Values.oidc.enabled }}
- name: OIDC_ENABLED
value: "True"
- name: OIDC_SCOPES
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.scopesKey }}"
- name: OIDC_SIGN_ALGO
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.signatureAlgorithmKey }}"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.clientIdKey }}"
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.clientSecretKey }}"
- name: OIDC_BASE_URL
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.baseUrlKey }}"
- name: OIDC_JWKS_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.jwksEndpointKey }}"
- name: OIDC_AUTHORIZATION_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.authorizationEndpointKey }}"
- name: OIDC_TOKEN_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.tokenEndpointKey }}"
- name: OIDC_USER_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.userEndpointKey }}"
{{ end }}
{{ if .Values.email.enabled }}
- name: EMAIL_BACKEND
value: "django.core.mail.backends.smtp.EmailBackend"
- name: DEFAULT_FROM_EMAIL
value: "{{ .Values.email.from }}"
- name: EMAIL_HOST
value: "{{ .Values.email.host }}"
- name: EMAIL_PORT
value: "{{ .Values.email.port }}"
- name: EMAIL_USE_TLS
value: "{{ .Values.email.tls }}"
- name: EMAIL_USE_SSL
value: "{{ .Values.email.ssl }}"
- name: EMAIL_HOST_USER
value: "{{ .Values.email.user }}"
- name: EMAIL_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.email.existingPasswordSecret }}"
key: "{{ .Values.email.existingSecretPasswordKey }}"
{{ end }}
- name: ENABLE_GITHUB_AUTH
value: "false"
- name: ENABLE_GITLAB_AUTH
value: "false"
- name: ENABLE_SLACK
value: "{{ .Values.enableSlack }}"
{{ if .Values.githubImporter.enabled }}
- name: ENABLE_GITHUB_IMPORTER
value: "True"
- name: GITHUB_API_CLIENT_ID
valueFrom:
secretKeyRef:
name: "{{ .Values.githubImporter.existingSecretName }}"
key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
- name: GITHUB_API_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.githubImporter.existingSecretName }}"
key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
{{ else }}
- name: ENABLE_GITHUB_IMPORTER
value: "False"
{{ end }}
{{ if .Values.jiraImporter.enabled }}
- name: ENABLE_JIRA_IMPORTER
value: "True"
- name: JIRA_IMPORTER_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
- name: JIRA_IMPORTER_CERT
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
- name: JIRA_IMPORTER_PUB_CERT
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
{{ else }}
- name: ENABLE_JIRA_IMPORTER
value: "False"
{{ end }}
{{ if .Values.trelloImporter }}
- name: ENABLE_TRELLO_IMPORTER
value: "True"
- name: TRELLO_IMPORTER_API_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.trelloImporter.existingSecretName }}"
key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
- name: TRELLO_IMPORTER_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.trelloImporter.existingSecretName }}"
key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
{{ else }}
- name: ENABLE_JIRA_IMPORTER
value: "False"
{{ end }}
- name: RABBITMQ_USER
value: "{{ index .Values "taiga-async-rabbitmq" "auth" "username" }}"
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: {{ index .Values "taiga-async-rabbitmq" "auth" "existingPasswordSecret" }}
key: {{ index .Values "taiga-async-rabbitmq" "auth" "existingSecretPasswordKey" }}
{{ if .Values.ingress.enabled }}
- name: TAIGA_SITES_DOMAIN
value: "{{ .Values.ingress.host }}"
- name: TAIGA_SITES_SCHEME
value: "https"
- name: SESSION_COOKIE_SECURE
value: "True"
- name: CSRF_COOKIE_SECURE
value: "True"
{{- end }}
{{- if .Values.back.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.back.service.port }}
initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.back.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.back.service.port }}
initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
{{- end }}
- name: {{ template "taiga.fullname" . }}-async
image: "{{ .Values.async.image.repository }}:{{ .Values.async.image.tag }}"
imagePullPolicy: {{ .Values.async.image.pullPolicy }}
resources:
{{ toYaml .Values.async.resources | nindent 12 }}
command:
- /taiga-back/docker/async_entrypoint.sh
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: ENABLE_TELEMETRY
value: "{{ .Values.enableTelemetry }}"
- name: PUBLIC_REGISTER_ENABLED
value: "{{ .Values.publicRegisterEnabled }}"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.usernameKey }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.passwordKey }}"
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.databaseNameKey }}"
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.hostKey }}"
{{ if .Values.oidc.enabled }}
- name: OIDC_ENABLED
value: "True"
- name: OIDC_SCOPES
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.scopesKey }}"
- name: OIDC_SIGN_ALGO
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.signatureAlgorithmKey }}"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.clientIdKey }}"
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.clientSecretKey }}"
- name: OIDC_BASE_URL
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.baseUrlKey }}"
- name: OIDC_JWKS_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.jwksEndpointKey }}"
- name: OIDC_AUTHORIZATION_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.authorizationEndpointKey }}"
- name: OIDC_TOKEN_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.tokenEndpointKey }}"
- name: OIDC_USER_ENDPOINT
valueFrom:
secretKeyRef:
name: "{{ .Values.oidc.existingSecretName }}"
key: "{{ .Values.oidc.userEndpointKey }}"
{{ end }}
{{ if .Values.email.enabled }}
- name: EMAIL_BACKEND
value: "django.core.mail.backends.smtp.EmailBackend"
- name: DEFAULT_FROM_EMAIL
value: "{{ .Values.email.from }}"
- name: EMAIL_HOST
value: "{{ .Values.email.host }}"
- name: EMAIL_PORT
value: "{{ .Values.email.port }}"
- name: EMAIL_USE_TLS
value: "{{ .Values.email.tls }}"
- name: EMAIL_USE_SSL
value: "{{ .Values.email.ssl }}"
- name: EMAIL_HOST_USER
value: "{{ .Values.email.user }}"
- name: EMAIL_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.email.existingPasswordSecret }}"
key: "{{ .Values.email.existingSecretPasswordKey }}"
{{ end }}
- name: ENABLE_GITHUB_AUTH
value: "false"
- name: ENABLE_GITLAB_AUTH
value: "false"
- name: ENABLE_SLACK
value: "{{ .Values.enableSlack }}"
{{ if .Values.githubImporter.enabled }}
- name: ENABLE_GITHUB_IMPORTER
value: "True"
- name: GITHUB_API_CLIENT_ID
valueFrom:
secretKeyRef:
name: "{{ .Values.githubImporter.existingSecretName }}"
key: "{{ .Values.githubImporter.existingSecretClientIdKey }}"
- name: GITHUB_API_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "{{ .Values.githubImporter.existingSecretName }}"
key: "{{ .Values.githubImporter.existingSecretClientSecretKey }}"
{{ else }}
- name: ENABLE_GITHUB_IMPORTER
value: "False"
{{ end }}
{{ if .Values.jiraImporter.enabled }}
- name: ENABLE_JIRA_IMPORTER
value: "True"
- name: JIRA_IMPORTER_CONSUMER_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretConsumerKeyKey }}"
- name: JIRA_IMPORTER_CERT
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretCertKey }}"
- name: JIRA_IMPORTER_PUB_CERT
valueFrom:
secretKeyRef:
name: "{{ .Values.jiraImporter.existingSecretName }}"
key: "{{ .Values.jiraImporter.existingSecretPubCertKey }}"
{{ else }}
- name: ENABLE_JIRA_IMPORTER
value: "False"
{{ end }}
{{ if .Values.trelloImporter }}
- name: ENABLE_TRELLO_IMPORTER
value: "True"
- name: TRELLO_IMPORTER_API_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.trelloImporter.existingSecretName }}"
key: "{{ .Values.trelloImporter.existingSecretApiKeyKey }}"
- name: TRELLO_IMPORTER_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.trelloImporter.existingSecretName }}"
key: "{{ .Values.trelloImporter.existingSecretSecretKeyKey }}"
{{ else }}
- name: ENABLE_JIRA_IMPORTER
value: "False"
{{ end }}
- name: RABBITMQ_USER
value: "{{ index .Values "taiga-async-rabbitmq" "auth" "username" }}"
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: {{ index .Values "taiga-async-rabbitmq" "auth" "existingPasswordSecret" }}
key: {{ index .Values "taiga-async-rabbitmq" "auth" "existingSecretPasswordKey" }}
{{ if .Values.ingress.enabled }}
- name: TAIGA_SITES_DOMAIN
value: "{{ .Values.ingress.host }}"
- name: TAIGA_SITES_SCHEME
value: "https"
- name: SESSION_COOKIE_SECURE
value: "True"
- name: CSRF_COOKIE_SECURE
value: "True"
{{- end }}
{{- if .Values.back.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.back.service.port }}
initialDelaySeconds: {{ .Values.back.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.back.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.back.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.back.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.back.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.back.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.back.service.port }}
initialDelaySeconds: {{ .Values.back.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.back.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.back.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.back.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.back.readinessProbe.failureThreshold }}
{{- end }}
volumes:
- name: taiga-static
{{- if .Values.persistence.static.enabled }}
persistentVolumeClaim:
claimName: {{ include "taiga.staticVolumeName" . }}
{{- else }}
emptyDir: {}
{{- end }}
- name: taiga-media
{{- if .Values.persistence.media.enabled }}
persistentVolumeClaim:
claimName: {{ include "taiga.mediaVolumeName" . }}
{{- else }}
emptyDir: {}
{{- end }}

96
charts/taiga/templates/deployment-events.yaml Normal file
View File

@@ -0,0 +1,96 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "taiga.fullname" . }}-events
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.events.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.events.replicas }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "taiga.events.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taiga.events.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ template "taiga.name" . }}-events
annotations:
{{- with .Values.events.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
affinity:
{{- with .Values.events.affinity }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- with .Values.events.nodeSelector }}
{{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.events.tolerations }}
{{ toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
securityContext:
{{- with .Values.events.securityContext }}
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ template "taiga.fullname" . }}-events
image: "{{ .Values.events.image.repository }}:{{ .Values.events.image.tag }}"
imagePullPolicy: {{ .Values.events.image.pullPolicy }}
resources:
{{ toYaml .Values.events.resources | nindent 12 }}
ports:
- name: taiga-events
containerPort: {{ .Values.events.service.port }}
protocol: TCP
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: RABBITMQ_USER
value: "{{ index .Values "taiga-events-rabbitmq" "auth" "username" }}"
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: {{ index .Values "taiga-events-rabbitmq" "auth" "existingPasswordSecret" }}
key: {{ index .Values "taiga-events-rabbitmq" "auth" "existingSecretPasswordKey" }}
{{- if .Values.events.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.events.service.port }}
initialDelaySeconds: {{ .Values.events.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.events.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.events.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.events.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.events.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.events.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.events.service.port }}
initialDelaySeconds: {{ .Values.events.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.events.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.events.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.events.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.events.readinessProbe.failureThreshold }}
{{- end }}

106
charts/taiga/templates/deployment-front.yaml Normal file
View File

@@ -0,0 +1,106 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "taiga.fullname" . }}-front
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.front.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.front.replicas }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "taiga.front.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taiga.front.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ template "taiga.name" . }}-front
annotations:
{{- with .Values.front.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
affinity:
{{- with .Values.front.affinity }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- with .Values.front.nodeSelector }}
{{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.front.tolerations }}
{{ toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
securityContext:
{{- with .Values.front.securityContext }}
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ template "taiga.fullname" . }}-front
image: "{{ .Values.front.image.repository }}:{{ .Values.front.image.tag }}"
imagePullPolicy: {{ .Values.front.image.pullPolicy }}
resources:
{{ toYaml .Values.front.resources | nindent 12 }}
ports:
- name: taiga-front
containerPort: {{ .Values.front.service.port }}
protocol: TCP
env:
{{ if .Values.ingress.enabled }}
- name: TAIGA_URL
value: "https://{{ .Values.ingress.host }}"
{{ else }}
- name: TAIGA_URL
value: "http://localhost:{{ .Values.front.service.port }}"
{{ end }}
- name: PUBLIC_REGISTER_ENABLED
value: "{{ .Values.publicRegisterEnabled }}"
- name: ENABLE_GITHUB_AUTH
value: "false"
- name: ENABLE_GITLAB_AUTH
value: "false"
- name: ENABLE_SLACK
value: "{{ .Values.enableSlack }}"
- name: ENABLE_GITHUB_IMPORTER
value: "{{ .Values.githubImporter.enabled }}"
- name: ENABLE_JIRA_IMPORTER
value: "{{ .Values.jiraImporter.enabled }}"
- name: ENABLE_TRELLO_IMPORTER
value: "{{ .Values.trelloImporter.enabled }}"
{{- if .Values.front.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.front.service.port }}
initialDelaySeconds: {{ .Values.front.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.front.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.front.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.front.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.front.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.front.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.front.service.port }}
initialDelaySeconds: {{ .Values.front.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.front.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.front.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.front.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.front.readinessProbe.failureThreshold }}
{{- end }}

91
charts/taiga/templates/deployment-protected.yaml Normal file
View File

@@ -0,0 +1,91 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "taiga.fullname" . }}-protected
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.protected.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: 3
replicas: {{ .Values.protected.replicas }}
strategy:
type: Recreate
selector:
matchLabels:
{{- include "taiga.protected.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "taiga.protected.labels" . | nindent 8 }}
app.kubernetes.io/component: {{ template "taiga.name" . }}-protected
annotations:
{{- with .Values.protected.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
affinity:
{{- with .Values.protected.affinity }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- with .Values.protected.nodeSelector }}
{{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
{{- with .Values.protected.tolerations }}
{{ toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "taiga.serviceAccountName" . }}
securityContext:
{{- with .Values.protected.securityContext }}
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ template "taiga.fullname" . }}-protected
image: "{{ .Values.protected.image.repository }}:{{ .Values.protected.image.tag }}"
imagePullPolicy: {{ .Values.protected.image.pullPolicy }}
resources:
{{ toYaml .Values.protected.resources | nindent 12 }}
ports:
- name: taiga-protected
containerPort: {{ .Values.protected.service.port }}
protocol: TCP
env:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: MAX_AGE
value: "{{ .Values.maxAge }}"
{{- if .Values.protected.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.protected.service.port }}
initialDelaySeconds: {{ .Values.protected.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.protected.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.protected.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.protected.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.protected.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.protected.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /admin/login/
port: {{ .Values.protected.service.port }}
initialDelaySeconds: {{ .Values.protected.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.protected.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.protected.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.protected.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.protected.readinessProbe.failureThreshold }}
{{- end }}

65
charts/taiga/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,65 @@
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "taiga.fullname" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- toYaml .Values.ingress.annotations | nindent 4 }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingress.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ template "taiga.fullname" . }}-secret-tls
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: /
backend:
service:
name: "{{ template "taiga.fullname" . }}-front"
port:
name: taiga-front
pathType: ImplementationSpecific
- path: /api
backend:
service:
name: "{{ template "taiga.fullname" . }}-back"
port:
name: taiga-back
pathType: ImplementationSpecific
- path: /admin
backend:
service:
name: "{{ template "taiga.fullname" . }}-back"
port:
name: taiga-back
pathType: ImplementationSpecific
- path: /events
backend:
service:
name: "{{ template "taiga.fullname" . }}-events"
port:
name: taiga-events
pathType: ImplementationSpecific
- path: /media
backend:
service:
name: "{{ template "taiga.fullname" . }}-protected"
port:
name: taiga-protected
pathType: ImplementationSpecific
{{- end }}

66
charts/taiga/templates/job.yaml Normal file
View File

@@ -0,0 +1,66 @@
{{- if .Values.createInitialUser }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "taiga.fullname" . }}-create-initial-user
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
backoffLimit: 4
template:
spec:
{{- if .Values.back.nodeSelector }}
nodeSelector:
{{ toYaml .Values.back.nodeSelector | nindent 8 }}
{{- end }}
restartPolicy: Never
containers:
- name: {{ template "taiga.fullname" . }}-create-initial-user
image: "{{ .Values.back.image.repository }}:{{ .Values.back.image.tag }}"
imagePullPolicy: {{ .Values.back.image.pullPolicy }}
command:
- sh
- /scripts/createinitialuser.sh
volumeMounts:
- name: create-initial-user
mountPath: /scripts
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.secretKey.existingSecretName }}"
key: "{{ .Values.secretKey.existingSecretKey }}"
- name: POSTGRES_USERNAME
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.usernameKey }}"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.passwordKey }}"
- name: POSTGRES_DATABASE_NAME
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.databaseNameKey }}"
- name: POSTGRES_DATABASE_HOST
valueFrom:
secretKeyRef:
name: "{{ .Values.postgresql.existingSecretName }}"
key: "{{ .Values.postgresql.hostKey }}"
volumes:
- name: create-initial-user
configMap:
name: {{ template "taiga.fullname" . }}-create-initial-user
defaultMode: 0744
{{- end }}

54
charts/taiga/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,54 @@
{{- if and .Values.persistence.static.enabled (not .Values.persistence.static.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "taiga.staticVolumeName" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.persistence.static.retain }}
helm.sh/resource-policy: keep
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
storageClassName: {{ .Values.persistence.static.storageClass }}
accessModes:
- {{ .Values.persistence.static.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.static.size }}
{{- end }}
---
{{- if and .Values.persistence.media.enabled (not .Values.persistence.media.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "taiga.mediaVolumeName" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if .Values.persistence.media.retain }}
"helm.sh/resource-policy": keep
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
storageClassName: {{ .Values.persistence.media.storageClass }}
accessModes:
- {{ .Values.persistence.media.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.media.size }}
{{- end }}

20
charts/taiga/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "taiga.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}

134
charts/taiga/templates/service.yaml Normal file
View File

@@ -0,0 +1,134 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "taiga.fullname" . }}-back
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.back.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.back.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.back.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.back.service.type }}
ports:
- port: {{ .Values.back.service.port }}
targetPort: taiga-back
protocol: TCP
name: taiga-back
selector:
{{- include "taiga.back.matchLabels" . | nindent 4 }}
{{- with .Values.back.service.extraSelectorLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "taiga.fullname" . }}-events
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.events.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.events.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.events.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.events.service.type }}
ports:
- port: {{ .Values.events.service.port }}
targetPort: taiga-events
protocol: TCP
name: taiga-events
selector:
{{- include "taiga.events.matchLabels" . | nindent 4 }}
{{- with .Values.events.service.extraSelectorLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "taiga.fullname" . }}-front
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.front.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.front.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.front.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.front.service.type }}
ports:
- port: {{ .Values.front.service.port }}
targetPort: taiga-front
protocol: TCP
name: taiga-front
selector:
{{- include "taiga.front.matchLabels" . | nindent 4 }}
{{- with .Values.front.service.extraSelectorLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ template "taiga.fullname" . }}-protected
namespace: {{ .Release.Namespace }}
annotations:
{{- with .Values.global.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.protected.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "taiga.protected.labels" . | nindent 4 }}
{{- with .Values.global.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.protected.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.protected.service.type }}
ports:
- port: {{ .Values.protected.service.port }}
targetPort: taiga-protected
protocol: TCP
name: taiga-protected
selector:
{{- include "taiga.protected.matchLabels" . | nindent 4 }}
{{- with .Values.protected.service.extraSelectorLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}