moving to helmfile

.github/workflows/create_cluster.yaml

@@ -254,10 +254,30 @@ jobs:
           sudo apt install -y gnupg
           wget https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux
           chmod +x sops-v3.7.1.linux
-          sudo mv sops-v3.7.1.linux /usr/local/bin/sops            
+          sudo mv sops-v3.7.1.linux /usr/local/bin/sops
+      - name: Install Helmfile
+        run: |
+            HELMFILE_VERSION="v0.140.0"
+  
+              # Download Helmfile
+            curl -L "https://github.com/roboll/helmfile/releases/download/${HELMFILE_VERSION}/helmfile_linux_amd64" -o helmfile
+
+              # Make the Helmfile binary executable
+            chmod +x helmfile
+
+              # Move Helmfile to a location in your PATH
+            sudo mv helmfile /usr/local/bin/helmfile
+
+            helm plugin install https://github.com/databus23/helm-diff
+
+              # Verify installation
+            helmfile --version        
       - name: digit deployment
-        run: go run digit_installer.go
-        working-directory: deploy-as-code/deployer 
+        run: helmfile -f digit-helmfile.yaml apply --include-needs=true
+        working-directory: deploy-as-code                 
+      # - name: digit deployment
+      #   run: go run digit_installer.go
+      #   working-directory: deploy-as-code/deployer 
       - name: Displaying the Loadbalancer ID
         run: |
           LB_ID=$(kubectl get svc nginx-ingress-controller -n egov -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')

deploy-as-code/helm/charts/.sops.yaml

@@ -1,8 +1,6 @@
-# creation rules are evaluated sequentially, the first match wins
 creation_rules:
-        # upon creation of a file that matches the pattern *dev.yaml,
-        # KMS set A is used
-        # eGOV Internal ------------------------------------------------------------------------------------------------------------- #
-        - path_regex: environments/egov-demo\-secrets\.yaml$
-          kms: 'arn:aws:kms:ap-south-1:33756621284711:key/addasd-7b85-4469-8c9e-h5748rhf74h'
-          pgp: '58BE55DFE047D960AFF29E8891E02D93FD9F'           
+  # upon creation of a file that matches the pattern *dev.yaml,
+  # KMS set A is used
+  # eGOV Internal ------------------------------------------------------------------------------------------------------------- #
+  - path_regex: charts/environments/env\-secrets\.yaml$
+    kms: 'arn:aws:kms:ap-south-1:680148267093:key/b7cf18c6-4396-4aff-b391-783c8605180a'

deploy-as-code/helm/charts/auxiliary-services/kafka-connect/values.yaml

@@ -0,0 +1,66 @@
+# Common Labels
+name: kafka-connect
+namespace: kafka-cluster    
+labels:
+  app: "kafka-connect"
+  group: "infra"
+
+# Init Containers Configs
+initContainers: {}
+
+# Container Configs
+image:
+  repository: cp-kafka-connect
+  tag: 5.2.2
+
+replicas: "1"
+httpPort: 8083
+heap: "-Xms512M -Xmx512M"
+config-storage-replication-factor: "3"
+offset-storage-replication-factor: "3"
+status-storage-replication-factor: "3"
+memory_limits: 768Mi
+resources: |
+  requests:
+    memory: {{ .Values.memory_limits | quote }}
+  limits:
+    memory: {{ .Values.memory_limits | quote }}
+
+# Additional Container Envs
+env: |
+  - name: CONNECT_REST_ADVERTISED_HOST_NAME
+    valueFrom:
+      fieldRef:
+        fieldPath: status.podIP
+  - name: CONNECT_BOOTSTRAP_SERVERS
+    value: "PLAINTEXT://{{ index $.Values "cluster-configs" "configmaps" "egov-config" "data" "kafka-brokers" }}"
+  - name: CONNECT_GROUP_ID
+    value: {{ .Values.name }}
+  - name: CONNECT_CONFIG_STORAGE_TOPIC
+    value: {{ .Values.name }}-config
+  - name: CONNECT_OFFSET_STORAGE_TOPIC
+    value: {{ .Values.name }}-offset
+  - name: CONNECT_STATUS_STORAGE_TOPIC
+    value: {{ .Values.name }}-status
+  - name: KAFKA_HEAP_OPTS
+    value: {{ .Values.heap | quote }}
+  - name: "CONNECT_CONFIG_STORAGE_REPLICATION_FACTOR"
+    value: {{ index .Values "config-storage-replication-factor" | quote }}
+  - name: "CONNECT_INTERNAL_KEY_CONVERTER"
+    value: "org.apache.kafka.connect.json.JsonConverter"
+  - name: "CONNECT_INTERNAL_VALUE_CONVERTER"
+    value: "org.apache.kafka.connect.json.JsonConverter"
+  - name: "CONNECT_KEY_CONVERTER"
+    value: "org.apache.kafka.connect.json.JsonConverter"
+  - name: "CONNECT_KEY_CONVERTER_SCHEMAS_ENABLE"
+    value: "false"
+  - name: "CONNECT_OFFSET_STORAGE_REPLICATION_FACTOR"
+    value: {{ index .Values "offset-storage-replication-factor" | quote }}
+  - name: "CONNECT_PLUGIN_PATH"
+    value: "/usr/share/java"
+  - name: "CONNECT_STATUS_STORAGE_REPLICATION_FACTOR"
+    value: {{ index .Values "status-storage-replication-factor" | quote }}
+  - name: "CONNECT_VALUE_CONVERTER"
+    value: "org.apache.kafka.connect.json.JsonConverter"
+  - name: "CONNECT_VALUE_CONVERTER_SCHEMAS_ENABLE"
+    value: "false"   

deploy-as-code/helm/charts/auxiliary-services/oauth2-proxy/values.yaml

@@ -0,0 +1,96 @@
+# Common Labels
+labels:
+  app: "oauth2-proxy"
+
+namespace: egov
+replicas: 1
+
+image:
+  repository: "quay.io/pusher/oauth2_proxy"
+  tag: "v5.1.0"
+  pullPolicy: "IfNotPresent"
+
+# Ingress Configs
+ingress:
+  enabled: true
+  context: "oauth2"  
+
+httpPort: 4180
+# Optionally specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+# imagePullSecrets:
+  # - name: myRegistryKeySecretName
+
+# Cookie Secret openssl rand -base64 32 | head -c 32 | base64
+
+extraArgs:
+  provider: github
+
+healthChecks:
+  enabled: true
+  livenessProbePath: "/ping"
+  readinessProbePath: "/ping"  
+
+args: |
+  - --http-address=0.0.0.0:4180
+  {{- range $key, $value := .Values.extraArgs }}
+  {{- if $value }}
+  - --{{ $key }}={{ $value }}
+  {{- else }}
+  - --{{ $key }}
+  {{- end }}
+  {{- end }}
+  {{- if or .Values.config.existingConfig .Values.config.configFile }}
+  - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
+  {{- end }}
+
+extraVolumes: |
+  - configMap:
+      defaultMode: 420
+      name: {{ template "common.name" . }}
+    name: configmain
+
+extraVolumeMounts: |
+  - mountPath: /etc/oauth2_proxy
+    name: configmain
+
+env: |
+  - name: OAUTH2_PROXY_CLIENT_ID
+    valueFrom:
+      secretKeyRef:
+        name:  {{ template "common.name" . }}
+        key: client-id
+  - name: OAUTH2_PROXY_CLIENT_SECRET
+    valueFrom:
+      secretKeyRef:
+        name:  {{ template "common.name" . }}
+        key: client-secret
+  - name: OAUTH2_PROXY_COOKIE_SECRET
+    valueFrom:
+      secretKeyRef:
+        name:  {{ template "common.name" . }}
+        key: cookie-secret
+
+resources: |
+  requests:
+    memory: 300Mi
+    cpu: 100m
+  limits:
+    memory: 300Mi
+    cpu: 100m
+
+# Oauth client configuration specifics
+config:
+  configFile: |-
+    email_domains = [ "*" ]
+    github_org = "egovernments" 
+    github_team = "micro-service-dev"
+    upstreams = [ "file:///dev/null" ]
+  # Custom configuration file: oauth2_proxy.cfg
+  # configFile: |-
+  #   pass_basic_auth = false
+  #   pass_access_token = true
+  # Use an existing config map (see configmap.yaml for required fields)
+  # Example:
+  # existingConfig: config

deploy-as-code/helm/charts/auxiliary-services/pgadmin/values.yaml

@@ -0,0 +1,43 @@
+# Common Labels
+labels:
+  app: "pgadmin"
+namespace: playground
+
+# Ingress Configs
+ingress:
+  enabled: true
+  context: "pgadmin"
+  # additionalAnnotations: |
+  #   nginx.ingress.kubernetes.io/auth-signin:  https://$host/oauth2/start?rd=$escaped_request_uri
+  #   nginx.ingress.kubernetes.io/auth-url:     https://$host/oauth2/auth 
+
+# Init Containers Configs
+initContainers: {}
+
+# Container Configs
+image:
+  repository: "pgadmin"
+  tag: "v4.1.1"
+replicas: "1"
+httpPort: 8080
+serverBasePath: "/pgadmin"
+dbUrl: "egov-dev-db.ctm6jbmr5mnj.ap-south-1.rds.amazonaws.com"
+environment: "DEV"
+maintenance-db-name: "postgres"           
+
+# Additional Container Envs
+env: |  
+  - name: SERVER_HOST
+    value: {{ .Values.dbUrl | quote }}     
+  - name: SERVER_PORT
+    value: "5432" 
+  - name: SERVER_MODE
+    value: "False"         
+  - name: SERVER_NAME
+    value: {{ .Values.environment | quote }}                 
+  - name: MAINTENANCE_DB_NAME
+    value: {{ index .Values "maintenance-db-name" | quote }}               
+  - name: PGADMIN_PORT
+    value: {{ .Values.httpPort | quote }}
+  - name: SCRIPT_NAME
+    value: {{ .Values.serverBasePath | quote }} 

deploy-as-code/helm/charts/auxiliary-services/playground/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: playground
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 1.16.0
+
+dependencies:
+- name: common
+  version: 0.0.5
+  repository: file://../../common

deploy-as-code/helm/charts/auxiliary-services/playground/README.md

@@ -0,0 +1,2 @@
+# Playground
+

deploy-as-code/helm/charts/auxiliary-services/playground/values.yaml

@@ -0,0 +1,13 @@
+namespace: playground 
+
+# Common Labels
+labels:
+  app: "playground"
+  group: "playground"
+
+# Container Configs
+image:
+  pullPolicy: IfNotPresent  
+  repository: playground 
+  tag: "1.3"
+replicas: "1"

deploy-as-code/helm/charts/auxiliary-services/s3-proxy/templates/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
+    nginx.ingress.kubernetes.io/upstream-vhost: {{ .Values.externalName }}
+    nginx.ingress.kubernetes.io/use-regex: "true"
+  name: {{ .Values.name }} 
+  namespace: {{ .Values.namespace }}  
+spec:
+  rules:
+  - host: {{ .Values.global.domain }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ .Values.name }}
+            port:
+              number: {{ .Values.httpPort }}
+        path: /{{ index $.Values "cluster-configs" "configmaps" "egov-config" "data" "s3-assets-bucket" }}/
+        pathType: Prefix

deploy-as-code/helm/charts/auxiliary-services/s3-proxy/templates/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  externalName: {{ .Values.externalName }}
+  ports:
+  - port: {{ .Values.httpPort }}
+    protocol: TCP
+    targetPort: {{ .Values.httpPort }}
+  sessionAffinity: None
+  type: {{ .Values.type }}

deploy-as-code/helm/charts/auxiliary-services/s3-proxy/values.yaml

@@ -0,0 +1,12 @@
+namespace: egov
+name: s3-proxy
+
+cluster-configs:
+  configmaps:
+    egov-config:
+      data:
+        s3-assets-bucket: "(pb-egov-assets|egov-dev-assets)"
+
+externalName: s3.ap-south-1.amazonaws.com
+httpPort: 80
+type: ExternalName