├── templates ├── topology.txt ├── words.txt ├── config.yaml ├── groovy.yaml ├── istio-secret.yaml ├── instances.txt ├── record-sets-delete.json ├── kube-cui-logo.txt ├── resource-quota.yaml ├── kops-cui-logo.txt ├── pdb │ ├── pdb-app.yaml │ ├── pdb-k8s-app.yaml │ └── pdb-tiller.yaml ├── argo │ ├── workflow-whalesay.yaml │ ├── argo-ingress.yaml │ ├── teardrop.yaml │ └── argo-main.yaml ├── pvc.yaml ├── record-sets-cname.json ├── record-sets-alias.json ├── limit-range.yaml ├── jenkins │ ├── jobs │ │ ├── sample │ │ │ ├── config.xml │ │ │ └── Jenkinsfile │ │ ├── image-remove │ │ │ ├── Jenkinsfile │ │ │ └── config.xml │ │ ├── image-rollback │ │ │ ├── Jenkinsfile │ │ │ └── config.xml │ │ ├── run-command │ │ │ ├── Jenkinsfile │ │ │ └── config.xml │ │ ├── image-deploy │ │ │ ├── Jenkinsfile │ │ │ └── config.xml │ │ ├── build-command │ │ │ ├── Jenkinsfile │ │ │ └── config.xml │ │ ├── config-apply │ │ │ ├── Jenkinsfile │ │ │ └── config.xml │ │ ├── build-web │ │ │ ├── Jenkinsfile │ │ │ └── config.xml │ │ ├── build-mvn │ │ │ ├── config.xml │ │ │ └── Jenkinsfile │ │ ├── build-npm │ │ │ ├── config.xml │ │ │ └── Jenkinsfile │ │ └── run-pipeline │ │ │ └── config.xml │ ├── upload.sh │ ├── jobs.sh │ └── sample.xml └── certificate.yaml ├── .github ├── CODEOWNERS └── auto-merge.yml ├── charts ├── sample │ ├── fortio.yaml │ ├── httpbin.yaml │ ├── sample-node.yaml │ ├── sample-webpack.yaml │ ├── sample-web.yaml │ ├── sample-tomcat.yaml │ └── sample-spring.yaml ├── kube-system │ ├── heapster.yaml │ ├── kube-state-metrics.yaml │ ├── aws-iam-authenticator.yaml │ ├── k8s-spot-termination-handler.yaml │ ├── efs-provisioner.yaml │ ├── kubernetes-dashboard.yaml │ ├── vault.yaml │ ├── metrics-server.yaml │ └── cluster-autoscaler.yaml ├── kube-ingress │ ├── cert-manager.yaml │ ├── external-dns.yaml │ ├── nginx-ingress.yaml │ └── nginx-ingress-private.yaml ├── monitor │ ├── newrelic-infrastructure.yaml │ ├── prometheus-adapter.yaml │ ├── jaeger.yaml │ ├── datadog.yaml │ ├── fluentd-elasticsearch.yaml │ ├── grafana.yaml │ └── prometheus.yaml ├── batch │ ├── efs-pvc-exporter.yaml │ └── elasticsearch-snapshot.yaml ├── istio │ ├── vs-kiali.yaml │ ├── vs-jaeger.yaml │ └── istio.yaml └── devops │ ├── argo.yaml │ ├── gocd.yaml │ ├── docker-registry.yaml │ ├── monocular.yaml │ ├── chartmuseum.yaml │ ├── sonarqube.yaml │ ├── argocd.yaml │ ├── sonatype-nexus.yaml │ └── jenkins.yaml ├── images ├── 05_addons.png ├── 01_configure.png ├── 02_create_cluster.png ├── 03_create_cluster.png └── 04_update_cluster.png ├── custom ├── fortio │ ├── values.yaml │ ├── Chart.yaml │ └── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── deployment.yaml ├── efs-pvc-exporter │ ├── values.yaml │ ├── Chart.yaml │ └── templates │ │ ├── cron-job.yaml │ │ ├── rbac.yaml │ │ └── _helpers.tpl ├── httpbin │ ├── Chart.yaml │ ├── values.yaml │ └── templates │ │ ├── service.yaml │ │ ├── ingress.yaml │ │ ├── istio.yaml │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ └── NOTES.txt ├── sample-node │ ├── Chart.yaml │ ├── .helmignore │ ├── templates │ │ ├── service-redis.yaml │ │ ├── pdb.yaml │ │ ├── hpa.yaml │ │ ├── _helpers.tpl │ │ ├── service.yaml │ │ ├── deployment-redis.yaml │ │ ├── ingress.yaml │ │ ├── NOTES.txt │ │ └── deployment.yaml │ └── values.yaml ├── sample-web │ ├── Chart.yaml │ ├── .helmignore │ ├── templates │ │ ├── pdb.yaml │ │ ├── hpa.yaml │ │ ├── _helpers.tpl │ │ ├── service.yaml │ │ ├── ingress.yaml │ │ ├── ingress-istio.yaml │ │ ├── NOTES.txt │ │ └── deployment.yaml │ └── values.yaml ├── sample-spring │ ├── Chart.yaml │ ├── .helmignore │ ├── templates │ │ ├── pdb.yaml │ │ ├── hpa.yaml │ │ ├── hpa-canary.yaml │ │ ├── _helpers.tpl │ │ ├── service.yaml │ │ ├── ingress.yaml │ │ ├── NOTES.txt │ │ ├── deployment.yaml │ │ └── deployment-canary.yaml │ └── values.yaml ├── sample-tomcat │ ├── Chart.yaml │ ├── .helmignore │ ├── templates │ │ ├── pdb.yaml │ │ ├── hpa.yaml │ │ ├── _helpers.tpl │ │ ├── service.yaml │ │ ├── ingress.yaml │ │ ├── NOTES.txt │ │ └── deployment.yaml │ └── values.yaml ├── sample-webpack │ ├── Chart.yaml │ ├── .helmignore │ ├── templates │ │ ├── pdb.yaml │ │ ├── hpa.yaml │ │ ├── _helpers.tpl │ │ ├── service.yaml │ │ ├── ingress.yaml │ │ ├── NOTES.txt │ │ └── deployment.yaml │ └── values.yaml └── elasticsearch-snapshot │ ├── Chart.yaml │ ├── values.yaml │ └── templates │ ├── _helpers.tpl │ └── cron-job.yaml ├── .gitignore ├── default.sh ├── README.md ├── LICENSE ├── backup-ver.sh ├── run.sh └── common.sh /templates/topology.txt: -------------------------------------------------------------------------------- 1 | public 2 | private 3 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @pakisto @gelius7 @longlg88 2 | -------------------------------------------------------------------------------- /templates/words.txt: -------------------------------------------------------------------------------- 1 | dev 2 | demo 3 | sample 4 | stage 5 | prod 6 | -------------------------------------------------------------------------------- /charts/sample/fortio.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/fortio 2 | # chart-version: latest 3 | -------------------------------------------------------------------------------- /images/05_addons.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OpsNow/kops-cui/HEAD/images/05_addons.png -------------------------------------------------------------------------------- /images/01_configure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OpsNow/kops-cui/HEAD/images/01_configure.png -------------------------------------------------------------------------------- /images/02_create_cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OpsNow/kops-cui/HEAD/images/02_create_cluster.png -------------------------------------------------------------------------------- /images/03_create_cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OpsNow/kops-cui/HEAD/images/03_create_cluster.png -------------------------------------------------------------------------------- /images/04_update_cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OpsNow/kops-cui/HEAD/images/04_update_cluster.png -------------------------------------------------------------------------------- /custom/fortio/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | image: 3 | repository: istio/fortio 4 | tag: latest_release 5 | pullPolicy: Always 6 | -------------------------------------------------------------------------------- /templates/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: REPLACE-ME 5 | type: Opaque 6 | data: 7 | text: |- 8 | -------------------------------------------------------------------------------- /templates/groovy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: REPLACE-ME 5 | type: Opaque 6 | data: 7 | groovy: |- 8 | -------------------------------------------------------------------------------- /custom/efs-pvc-exporter/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: opsnowtools/efs-pvc-exporter 3 | tag: v0.1.7 4 | 5 | rolename: efs-viewer 6 | -------------------------------------------------------------------------------- /charts/kube-system/heapster.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/heapster 2 | # chart-version: 0.3.2 3 | # chart-pdb: N 1 4 | 5 | nameOverride: heapster 6 | -------------------------------------------------------------------------------- /charts/kube-system/kube-state-metrics.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/kube-state-metrics 2 | # chart-version: 0.16.0 3 | 4 | nameOverride: kube-state-metrics 5 | -------------------------------------------------------------------------------- /charts/kube-ingress/cert-manager.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/cert-manager 2 | # chart-version: latest 3 | # chart-pdb: N 1 4 | 5 | nameOverride: cert-manager 6 | -------------------------------------------------------------------------------- /templates/istio-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: istio-secret 5 | type: Opaque 6 | data: 7 | username: USERNAME 8 | passphrase: PASSWORD 9 | -------------------------------------------------------------------------------- /charts/kube-system/aws-iam-authenticator.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/aws-iam-authenticator 2 | # chart-version: latest 3 | # chart-pdb: N 1 4 | 5 | nameOverride: aws-iam-authenticator 6 | -------------------------------------------------------------------------------- /templates/instances.txt: -------------------------------------------------------------------------------- 1 | t2.medium 2 | t2.large 3 | t2.xlarge 4 | m4.large 5 | m4.xlarge 6 | m4.2xlarge 7 | c4.large 8 | c4.xlarge 9 | c4.2xlarge 10 | r4.large 11 | r4.xlarge 12 | r4.2xlarge 13 | -------------------------------------------------------------------------------- /custom/fortio/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/39108256 4 | name: fortio 5 | version: v0.0.0 6 | appVersion: v0.0.0 7 | -------------------------------------------------------------------------------- /custom/httpbin/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/39108256 4 | name: httpbin 5 | version: v0.0.0 6 | appVersion: v0.0.0 7 | -------------------------------------------------------------------------------- /custom/sample-node/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/38965494 4 | name: sample-node 5 | version: 0.0.0 6 | appVersion: 0.0.0 7 | -------------------------------------------------------------------------------- /custom/sample-web/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/38965494 4 | name: sample-web 5 | version: 0.0.0 6 | appVersion: 0.0.0 7 | -------------------------------------------------------------------------------- /custom/sample-spring/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/38965494 4 | name: sample-spring 5 | version: 0.0.0 6 | appVersion: 0.0.0 7 | -------------------------------------------------------------------------------- /custom/sample-tomcat/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/38965494 4 | name: sample-tomcat 5 | version: 0.0.0 6 | appVersion: 0.0.0 7 | -------------------------------------------------------------------------------- /custom/sample-webpack/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/38965494 4 | name: sample-webpack 5 | version: 0.0.0 6 | appVersion: 0.0.0 7 | -------------------------------------------------------------------------------- /custom/efs-pvc-exporter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/39108256 4 | name: efs-pvc-exporter 5 | version: v0.1.7 6 | appVersion: v0.1.7 7 | -------------------------------------------------------------------------------- /charts/monitor/newrelic-infrastructure.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/newrelic-infrastructure 2 | # chart-version: 0.9.0 3 | 4 | nameOverride: newrelic-infrastructure 5 | 6 | cluster: CLUSTER_NAME 7 | 8 | licenseKey: LICENSE_KEY 9 | -------------------------------------------------------------------------------- /templates/record-sets-delete.json: -------------------------------------------------------------------------------- 1 | { 2 | "Changes": [ 3 | { 4 | "Action": "DELETE", 5 | "ResourceRecordSet": { 6 | "Name": "DOMAIN", 7 | "Type": "CNAME" 8 | } 9 | } 10 | ] 11 | } 12 | -------------------------------------------------------------------------------- /custom/elasticsearch-snapshot/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://avatars0.githubusercontent.com/u/39108256 4 | name: elasticsearch-snapshot 5 | version: v0.1.3 6 | appVersion: v0.1.3 7 | -------------------------------------------------------------------------------- /charts/sample/httpbin.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/httpbin 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | service: 6 | type: SERVICE_TYPE 7 | 8 | ingress: 9 | enabled: INGRESS_ENABLED 10 | basedomain: BASE_DOMAIN 11 | -------------------------------------------------------------------------------- /charts/kube-system/k8s-spot-termination-handler.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/k8s-spot-termination-handler 2 | # chart-version: 1.1.0 3 | 4 | nameOverride: k8s-spot-termination-handler 5 | 6 | slackUrl: SLACK_URL 7 | 8 | clusterName: CLUSTER_NAME 9 | -------------------------------------------------------------------------------- /templates/kube-cui-logo.txt: -------------------------------------------------------------------------------- 1 | _ _ _ 2 | | | ___ _| |__ ___ ___ _ _(_) 3 | | |/ / | | | '_ \ / _ \ / __| | | | | 4 | | <| |_| | |_) | __/ | (__| |_| | | 5 | |_|\_\\__,_|_.__/ \___| \___|\__,_|_| 6 | -------------------------------------------------------------------------------- /templates/resource-quota.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: resource-quota 5 | spec: 6 | hard: 7 | requests.cpu: 1000m 8 | requests.memory: 1Gi 9 | limits.cpu: 2000m 10 | limits.memory: 2Gi 11 | -------------------------------------------------------------------------------- /charts/monitor/prometheus-adapter.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/prometheus-adapter 2 | # chart-version: v0.4.1 3 | # chart-ingress: false 4 | 5 | nameOverride: prometheus-adapter 6 | 7 | prometheus: 8 | url: http://prometheus-server 9 | port: 80 10 | -------------------------------------------------------------------------------- /templates/kops-cui-logo.txt: -------------------------------------------------------------------------------- 1 | _ _ 2 | | | _____ _ __ ___ ___ _ _(_) 3 | | |/ / _ \| '_ \/ __| / __| | | | | 4 | | < (_) | |_) \__ \ | (__| |_| | | 5 | |_|\_\___/| .__/|___/ \___|\__,_|_| 6 | |_| 7 | -------------------------------------------------------------------------------- /charts/batch/efs-pvc-exporter.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/efs-pvc-exporter 2 | # chart-version: latest 3 | 4 | image: 5 | repository: opsnowtools/efs-pvc-exporter 6 | tag: v0.1.7 7 | 8 | rolename: efs-viewer 9 | 10 | schedule: "SCHEDULE" 11 | 12 | restart: RESTART 13 | -------------------------------------------------------------------------------- /templates/pdb/pdb-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | labels: 5 | app: APP_NAME 6 | name: PDB_NAME 7 | spec: 8 | #:MIN:minAvailable: PDB_MIN 9 | #:MAX:maxUnavailable: PDB_MAX 10 | selector: 11 | matchLabels: 12 | app: APP_NAME 13 | -------------------------------------------------------------------------------- /templates/pdb/pdb-k8s-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | labels: 5 | k8s-app: APP_NAME 6 | name: PDB_NAME 7 | spec: 8 | #:MIN:minAvailable: PDB_MIN 9 | #:MAX:maxUnavailable: PDB_MAX 10 | selector: 11 | matchLabels: 12 | k8s-app: APP_NAME 13 | -------------------------------------------------------------------------------- /.github/auto-merge.yml: -------------------------------------------------------------------------------- 1 | # Configuration for probot-auto-merge - https://github.com/bobvanderlinden/probot-auto-merge 2 | 3 | updateBranch: true 4 | deleteBranchAfterMerge: true 5 | reportStatus: true 6 | 7 | minApprovals: 8 | COLLABORATOR: 2 9 | maxRequestedChanges: 10 | NONE: 0 11 | blockingLabels: 12 | - blocked 13 | -------------------------------------------------------------------------------- /charts/batch/elasticsearch-snapshot.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/elasticsearch-snapshot 2 | # chart-version: latest 3 | 4 | image: 5 | repository: opsnowtools/elasticsearch-snapshot 6 | tag: v0.1.3 7 | 8 | schedule: "SCHEDULE" 9 | 10 | restart: RESTART 11 | 12 | configmap: 13 | enabled: true 14 | name: "CONFIGMAP_NAME" 15 | -------------------------------------------------------------------------------- /custom/elasticsearch-snapshot/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: opsnowtools/elasticsearch-snapshot 3 | tag: v0.1.3 4 | 5 | schedule: "0 0 * * *" 6 | 7 | restart: Never 8 | 9 | env: {} 10 | 11 | configmap: 12 | enabled: false 13 | name: "CONFIGMAP_NAME" 14 | 15 | secret: 16 | enabled: false 17 | name: "SECRET_NAME" 18 | -------------------------------------------------------------------------------- /templates/argo/workflow-whalesay.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Workflow 3 | metadata: 4 | generateName: whalesay- 5 | spec: 6 | entrypoint: whalesay 7 | templates: 8 | - name: whalesay 9 | container: 10 | image: docker/whalesay 11 | command: [cowsay] 12 | args: ["This is an Argo Workflow!"] 13 | -------------------------------------------------------------------------------- /templates/pdb/pdb-tiller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | labels: 5 | app: helm 6 | name: tiller 7 | name: PDB_NAME 8 | spec: 9 | #:MIN:minAvailable: PDB_MIN 10 | #:MAX:maxUnavailable: PDB_MAX 11 | selector: 12 | matchLabels: 13 | app: helm 14 | name: tiller 15 | -------------------------------------------------------------------------------- /templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | labels: 5 | app: PVC_NAME 6 | release: PVC_NAME 7 | name: PVC_NAME 8 | spec: 9 | accessModes: 10 | - PVC_ACCESS_MODE 11 | resources: 12 | requests: 13 | storage: PVC_SIZE 14 | #:EFS:storageClassName: "efs" 15 | #:PV:volumeName: PV_NAME 16 | -------------------------------------------------------------------------------- /templates/record-sets-cname.json: -------------------------------------------------------------------------------- 1 | { 2 | "Changes": [ 3 | { 4 | "Action": "UPSERT", 5 | "ResourceRecordSet": { 6 | "Name": "DOMAIN", 7 | "Type": "CNAME", 8 | "TTL": 300, 9 | "ResourceRecords": [ 10 | { 11 | "Value": "DNS_NAME" 12 | } 13 | ] 14 | } 15 | } 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /templates/record-sets-alias.json: -------------------------------------------------------------------------------- 1 | { 2 | "Changes": [ 3 | { 4 | "Action": "UPSERT", 5 | "ResourceRecordSet": { 6 | "Name": "DOMAIN", 7 | "Type": "A", 8 | "AliasTarget": { 9 | "HostedZoneId": "ZONE_ID", 10 | "DNSName": "DNS_NAME", 11 | "EvaluateTargetHealth": false 12 | } 13 | } 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /charts/kube-ingress/external-dns.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/external-dns 2 | # chart-version: latest 3 | 4 | nameOverride: external-dns 5 | 6 | # podAnnotations: 7 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 8 | 9 | sources: 10 | - service 11 | # - ingress 12 | 13 | aws: 14 | accessKey: AWS_ACCESS_KEY 15 | secretKey: AWS_SECRET_KEY 16 | 17 | rbac: 18 | create: true 19 | -------------------------------------------------------------------------------- /templates/limit-range.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: limit-range 5 | spec: 6 | limits: 7 | - default: 8 | cpu: 600m 9 | memory: 1252Mi 10 | defaultRequest: 11 | cpu: 500m 12 | memory: 1024Mi 13 | min: 14 | cpu: 100m 15 | memory: 128Mi 16 | max: 17 | cpu: 1000m 18 | memory: 2048Mi 19 | type: Container 20 | -------------------------------------------------------------------------------- /custom/httpbin/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | image: 3 | repository: docker.io/citizenstig/httpbin 4 | tag: latest 5 | pullPolicy: Always 6 | labels: {} 7 | annotations: {} 8 | pod: 9 | labels: {} 10 | annotations: {} 11 | service: 12 | type: ClusterIP 13 | externalPort: 80 14 | internalPort: 8000 15 | ingress: 16 | enabled: false 17 | basedomain: 127.0.0.1.nip.io 18 | istio: 19 | enabled: false 20 | -------------------------------------------------------------------------------- /custom/sample-web/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /custom/sample-node/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /custom/sample-spring/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /custom/sample-tomcat/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /custom/sample-webpack/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /charts/istio/vs-kiali.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: vs-kiali 5 | namespace: istio-system 6 | spec: 7 | hosts: 8 | - REPLACE_ME 9 | gateways: 10 | - istio-system/istio-autogenerated-k8s-ingress 11 | http: 12 | - match: 13 | - uri: 14 | prefix: /kiali 15 | route: 16 | - destination: 17 | host: kiali 18 | port: 19 | number: 20001 20 | 21 | -------------------------------------------------------------------------------- /charts/istio/vs-jaeger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: vs-jaeger 5 | namespace: istio-system 6 | spec: 7 | hosts: 8 | - REPLACE_ME 9 | gateways: 10 | - istio-system/istio-autogenerated-k8s-ingress 11 | http: 12 | - match: 13 | - uri: 14 | prefix: / 15 | route: 16 | - destination: 17 | host: jaeger-query 18 | port: 19 | number: 16686 20 | 21 | -------------------------------------------------------------------------------- /templates/argo/argo-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: argo-ui 5 | namespace: argo 6 | annotations: 7 | kubernetes.io/ingress.class: nginx 8 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 9 | spec: 10 | rules: 11 | - host: argo-ui.sample.opsnow.io 12 | http: 13 | paths: 14 | - path: / 15 | backend: 16 | serviceName: argo-ui 17 | servicePort: 80 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Windows image file caches 2 | Thumbs.db 3 | ehthumbs.db 4 | 5 | # Folder config file 6 | Desktop.ini 7 | 8 | # Recycle Bin used on file shares 9 | $RECYCLE.BIN/ 10 | 11 | # Windows shortcuts 12 | *.lnk 13 | 14 | # Mac 15 | .DS_Store 16 | 17 | # JetBrains 18 | .idea/ 19 | *.iml 20 | 21 | # Eclipse 22 | .settings/ 23 | .metadata/ 24 | .project 25 | 26 | # Build 27 | target/ 28 | build/ 29 | 30 | # Temp 31 | *.pid 32 | *.log 33 | *.tmp 34 | 35 | # hide 36 | versions 37 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/sample/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 10 | true 11 | 12 | 13 | false 14 | 15 | -------------------------------------------------------------------------------- /charts/devops/argo.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: argo/argo 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | ui: 6 | ingress: 7 | enabled: INGRESS_ENABLED 8 | hosts: 9 | - INGRESS_DOMAIN 10 | annotations: 11 | kubernetes.io/ingress.class: nginx 12 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 13 | 14 | useDefaultArtifactRepo: true 15 | useStaticCredentials: false 16 | 17 | artifactRepository: 18 | s3: 19 | bucket: ARTIFACT_REPOSITORY 20 | endpoint: s3.amazonaws.com 21 | -------------------------------------------------------------------------------- /custom/fortio/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | FORTIO_POD=$(kubectl get pod | grep {{ template "fullname" . }} | awk '{ print $1 }') 2 | echo $FORTIO_POD 3 | 4 | kubectl exec -it $FORTIO_POD -c fortio /usr/local/bin/fortio -- load -curl http://httpbin-default/get 5 | 6 | kubectl exec -it $FORTIO_POD -c fortio /usr/local/bin/fortio -- load -c 2 -qps 0 -n 20 -loglevel Warning http://httpbin-default:8000/get 7 | 8 | kubectl exec -it $FORTIO_POD -c fortio /usr/local/bin/fortio -- load -c 3 -qps 0 -n 20 -loglevel Warning http://httpbin-default:8000/get 9 | -------------------------------------------------------------------------------- /templates/certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: certmanager.k8s.io/v1alpha1 2 | kind: Certificate 3 | metadata: 4 | name: acme-crt 5 | spec: 6 | secretName: acme-crt-secret 7 | dnsNames: 8 | - foo.example.com 9 | acme: 10 | config: 11 | - ingressClass: nginx 12 | domains: 13 | - foo.example.com 14 | issuerRef: 15 | name: letsencrypt-prod 16 | # We can reference ClusterIssuers by changing the kind here. 17 | # The default value is Issuer (i.e. a locally namespaced Issuer) 18 | kind: Issuer 19 | -------------------------------------------------------------------------------- /custom/httpbin/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | draft: {{ default "draft-app" .Values.draft }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 8 | app: {{ template "fullname" . }} 9 | spec: 10 | type: {{ .Values.service.type }} 11 | ports: 12 | - name: http 13 | port: {{ .Values.service.externalPort }} 14 | targetPort: {{ .Values.service.internalPort }} 15 | selector: 16 | app: {{ template "fullname" . }} 17 | -------------------------------------------------------------------------------- /templates/jenkins/upload.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | JOB="${1:-sample}" 4 | 5 | JENKINS=$(kubectl get ing -n devops -o wide | grep jenkins | awk '{print $2}') 6 | 7 | USERNAME="admin" 8 | PASSWORD=$(kubectl get secret -n devops jenkins -o jsonpath="{.data.jenkins-${USERNAME}-password}" | base64 --decode) 9 | 10 | curl -X POST \ 11 | -H "Content-Type: application/xml" \ 12 | -u $USERNAME:$PASSWORD \ 13 | --data-binary "@$JOB.xml" \ 14 | "http://$JENKINS/createItem?name=$JOB" 15 | 16 | # --retry "20" --retry-delay "10" --max-time "3" \ 17 | -------------------------------------------------------------------------------- /charts/devops/gocd.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/gocd 2 | # chart-version: latest 3 | # chart-ingress: true 4 | # chart-pvc: gocd-server ReadWriteOnce 2Gi 5 | 6 | server: 7 | ingress: 8 | enabled: INGRESS_ENABLED 9 | hosts: 10 | - INGRESS_DOMAIN 11 | annotations: 12 | kubernetes.io/ingress.class: nginx 13 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 14 | persistence: 15 | enabled: true 16 | accessMode: ReadWriteOnce 17 | storageSize: 2Gi 18 | #:EFS:storageClass: "efs" 19 | existingClaim: gocd-server 20 | -------------------------------------------------------------------------------- /charts/kube-system/efs-provisioner.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/efs-provisioner 2 | # chart-version: 0.3.5 3 | # chart-pdb: N 1 4 | 5 | nameOverride: efs-provisioner 6 | 7 | # podAnnotations: 8 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 9 | 10 | efsProvisioner: 11 | efsFileSystemId: EFS_ID 12 | awsRegion: AWS_REGION 13 | path: /shared 14 | provisionerName: CLUSTER_NAME/efs 15 | storageClass: 16 | name: efs 17 | isDefault: false 18 | gidAllocate: 19 | enabled: true 20 | gidMin: 40000 21 | gidMax: 50000 22 | reclaimPolicy: Retain 23 | -------------------------------------------------------------------------------- /charts/kube-system/kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/kubernetes-dashboard 2 | # chart-version: 1.4.0 3 | # chart-ingress: true 4 | # chart-pdb: N 1 5 | 6 | nameOverride: kubernetes-dashboard 7 | 8 | # podAnnotations: 9 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 10 | 11 | enableInsecureLogin: true 12 | 13 | service: 14 | type: SERVICE_TYPE 15 | externalPort: 9090 16 | 17 | ingress: 18 | enabled: INGRESS_ENABLED 19 | annotations: 20 | kubernetes.io/ingress.class: nginx 21 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 22 | hosts: 23 | - INGRESS_DOMAIN 24 | -------------------------------------------------------------------------------- /default.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | THIS_REPO="opsnow" 4 | THIS_NAME="kops-cui" 5 | THIS_VERSION="v0.0.0" 6 | 7 | DEBUG_MODE=true 8 | 9 | CONFIG= 10 | CONFIG_SAVE= 11 | 12 | ANSWER= 13 | CLUSTER= 14 | 15 | REGION= 16 | AZ_LIST= 17 | 18 | KOPS_STATE_STORE= 19 | KOPS_CLUSTER_NAME= 20 | KOPS_TERRAFORM= 21 | 22 | CLUSTER_NAME= 23 | 24 | ROOT_DOMAIN= 25 | BASE_DOMAIN= 26 | 27 | CERT_MAN= 28 | EFS_ID= 29 | ISTIO= 30 | 31 | cloud=aws 32 | master_size=c4.large 33 | master_count=1 34 | master_zones= 35 | node_size=m4.large 36 | node_count=2 37 | zones= 38 | network_cidr=10.0.0.0/16 39 | networking=calico 40 | topology=public 41 | dns_zone= 42 | vpc= 43 | -------------------------------------------------------------------------------- /custom/httpbin/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: extensions/v1beta1 3 | kind: Ingress 4 | metadata: 5 | name: {{ template "fullname" . }} 6 | labels: 7 | draft: {{ default "draft-app" .Values.draft }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | app: {{ template "fullname" . }} 10 | spec: 11 | rules: 12 | - host: {{ .Release.Name }}.{{ .Values.ingress.basedomain }} 13 | http: 14 | paths: 15 | - path: / 16 | backend: 17 | serviceName: {{ template "fullname" . }} 18 | servicePort: {{ .Values.service.externalPort }} 19 | {{- end -}} 20 | -------------------------------------------------------------------------------- /charts/kube-system/vault.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: incubator/vault 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | nameOverride: vault 6 | 7 | #:STORAGE:vault: 8 | #:STORAGE: config: 9 | #:STORAGE: storage: 10 | #:STORAGE: s3: 11 | #:STORAGE: access_key: "AWS_ACCESS_KEY" 12 | #:STORAGE: secret_key: "AWS_SECRET_KEY" 13 | #:STORAGE: bucket: "AWS_BUCKET" 14 | #:STORAGE: region: "AWS_REGION" 15 | 16 | service: 17 | type: SERVICE_TYPE 18 | 19 | ingress: 20 | enabled: INGRESS_ENABLED 21 | annotations: 22 | kubernetes.io/ingress.class: nginx 23 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 24 | hosts: 25 | - INGRESS_DOMAIN 26 | -------------------------------------------------------------------------------- /custom/sample-node/templates/service-redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "fullname" . }}-redis 5 | labels: 6 | app: {{ include "fullname" . }}-redis 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }}-redis 10 | helm.sh/chart: {{ include "chart" . }} 11 | spec: 12 | ports: 13 | - name: redis 14 | port: 6379 15 | targetPort: 6379 16 | selector: 17 | app: {{ include "fullname" . }}-redis 18 | # app.kubernetes.io/instance: {{ .Release.Name }} 19 | # app.kubernetes.io/name: {{ include "fullname" . }}-redis 20 | -------------------------------------------------------------------------------- /custom/sample-web/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | {{ toYaml .Values.pdb | indent 2 }} 14 | selector: 15 | matchLabels: 16 | app: {{ include "fullname" . }} 17 | # app.kubernetes.io/instance: {{ .Release.Name }} 18 | # app.kubernetes.io/name: {{ include "fullname" . }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /custom/sample-node/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | {{ toYaml .Values.pdb | indent 2 }} 14 | selector: 15 | matchLabels: 16 | app: {{ include "fullname" . }} 17 | # app.kubernetes.io/instance: {{ .Release.Name }} 18 | # app.kubernetes.io/name: {{ include "fullname" . }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | {{ toYaml .Values.pdb | indent 2 }} 14 | selector: 15 | matchLabels: 16 | app: {{ include "fullname" . }} 17 | # app.kubernetes.io/instance: {{ .Release.Name }} 18 | # app.kubernetes.io/name: {{ include "fullname" . }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /custom/sample-tomcat/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | {{ toYaml .Values.pdb | indent 2 }} 14 | selector: 15 | matchLabels: 16 | app: {{ include "fullname" . }} 17 | # app.kubernetes.io/instance: {{ .Release.Name }} 18 | # app.kubernetes.io/name: {{ include "fullname" . }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /custom/sample-webpack/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb }} 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | {{ toYaml .Values.pdb | indent 2 }} 14 | selector: 15 | matchLabels: 16 | app: {{ include "fullname" . }} 17 | # app.kubernetes.io/instance: {{ .Release.Name }} 18 | # app.kubernetes.io/name: {{ include "fullname" . }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/kube-system/metrics-server.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/metrics-server 2 | # chart-version: 2.5.1 3 | # chart-pdb: N 1 4 | 5 | nameOverride: metrics-server 6 | 7 | args: 8 | # - --logtostderr 9 | # enable this if you have self-signed certificates 10 | - --kubelet-insecure-tls 11 | - --kubelet-preferred-address-types=InternalIP,InternalDNS,ExternalDNS,ExternalIP,Hostname 12 | # - --source=kubernetes.summary_api:'' 13 | # - --source=kubernetes.summary_api:https://kubernetes.default.svc?kubeletHttps=true&kubeletPort=10250&useServiceAccount=true&insecure=true 14 | # https://github.com/kubernetes/kubernetes/issues/67702 15 | # - --requestheader-client-ca-file=/etc/kubernetes/cert/ca.pem 16 | # - --enable-aggregator-routing=true 17 | -------------------------------------------------------------------------------- /custom/httpbin/templates/istio.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.istio.enabled -}} 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: DestinationRule 4 | metadata: 5 | name: {{ template "fullname" . }} 6 | labels: 7 | draft: {{ default "draft-app" .Values.draft }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 9 | app: {{ template "fullname" . }} 10 | spec: 11 | host: {{ template "fullname" . }} 12 | trafficPolicy: 13 | connectionPool: 14 | tcp: 15 | maxConnections: 1 16 | http: 17 | http1MaxPendingRequests: 1 18 | maxRequestsPerConnection: 1 19 | outlierDetection: 20 | consecutiveErrors: 1 21 | interval: 1s 22 | baseEjectionTime: 1m 23 | maxEjectionPercent: 100 24 | {{ end }} 25 | -------------------------------------------------------------------------------- /custom/efs-pvc-exporter/templates/cron-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1beta1 2 | kind: CronJob 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | spec: 12 | schedule: "{{ .Values.schedule }}" 13 | jobTemplate: 14 | spec: 15 | template: 16 | spec: 17 | serviceAccountName: {{ include "fullname" . }} 18 | containers: 19 | - name: {{ .Chart.Name }} 20 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 21 | restartPolicy: {{ .Values.restart }} 22 | -------------------------------------------------------------------------------- /charts/monitor/jaeger.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: incubator/jaeger 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | nameOverride: jaeger 6 | 7 | provisionDataStore: 8 | cassandra: false 9 | elasticsearch: false 10 | 11 | storage: 12 | # allowed values (cassandra, elasticsearch) 13 | type: elasticsearch 14 | elasticsearch: 15 | host: CUSTOM_HOST 16 | port: CUSTOM_PORT 17 | user: 18 | password: 19 | 20 | #elasticsearch: 21 | # image: 22 | # tag: "6.6.2" 23 | 24 | query: 25 | enabled: true 26 | #:ING:service: 27 | #:ING: type: SERVICE_TYPE 28 | #:ING:ingress: 29 | #:ING: enabled: INGRESS_ENABLED 30 | #:ING: annotations: 31 | #:ING: kubernetes.io/ingress.class: nginx 32 | #:ING: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 33 | #:ING: hosts: 34 | #:ING: - INGRESS_DOMAIN 35 | 36 | -------------------------------------------------------------------------------- /charts/devops/docker-registry.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/docker-registry 2 | # chart-version: 1.7.0 3 | # chart-ingress: true 4 | # chart-pvc: docker-registry ReadWriteOnce 20Gi 5 | 6 | nameOverride: docker-registry 7 | 8 | # podAnnotations: 9 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 10 | 11 | service: 12 | type: SERVICE_TYPE 13 | 14 | ingress: 15 | enabled: INGRESS_ENABLED 16 | hosts: 17 | - INGRESS_DOMAIN 18 | path: / 19 | annotations: 20 | kubernetes.io/ingress.class: nginx 21 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 22 | nginx.ingress.kubernetes.io/proxy-body-size: 500m 23 | ingress.kubernetes.io/proxy-body-size: 500m 24 | 25 | persistence: 26 | enabled: true 27 | accessMode: ReadWriteOnce 28 | size: 20Gi 29 | #:EFS:storageClass: "efs" 30 | existingClaim: docker-registry 31 | -------------------------------------------------------------------------------- /charts/sample/sample-node.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/sample-node 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | fullnameOverride: sample-node 6 | 7 | profile: dev 8 | 9 | namespace: sample 10 | 11 | image: 12 | repository: nalbam/sample-node 13 | tag: alpine 14 | 15 | pod: 16 | labels: 17 | spotinst.io/pods-contingency: "true" 18 | annotations: 19 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 20 | 21 | # pdb: 22 | # minAvailable: "20%" 23 | # maxUnavailable: "20%" 24 | 25 | service: 26 | type: SERVICE_TYPE 27 | 28 | ingress: 29 | enabled: INGRESS_ENABLED 30 | subdomain: sample-node-NAMESPACE 31 | basedomain: BASE_DOMAIN 32 | annotations: 33 | kubernetes.io/ingress.class: nginx 34 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 35 | 36 | configmap: 37 | enabled: false 38 | secret: 39 | enabled: false 40 | -------------------------------------------------------------------------------- /custom/fortio/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- if contains $name .Release.Name -}} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 20 | {{- else -}} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /custom/httpbin/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- if contains $name .Release.Name -}} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 20 | {{- else -}} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | -------------------------------------------------------------------------------- /custom/efs-pvc-exporter/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | 6 | --- 7 | apiVersion: rbac.authorization.k8s.io/v1 8 | kind: ClusterRole 9 | metadata: 10 | name: valve:{{ .Values.rolename }} 11 | rules: 12 | - apiGroups: [""] 13 | resources: ["pods", "persistentvolumeclaims"] 14 | verbs: ["get", "watch", "list"] 15 | - apiGroups: [""] 16 | resources: ["pods/exec"] 17 | verbs: ["create"] 18 | 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1beta1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: valve:{{ .Values.rolename }}:{{ include "fullname" . }} 24 | subjects: 25 | - kind: ServiceAccount 26 | name: {{ include "fullname" . }} 27 | namespace: {{ .Release.Namespace }} 28 | roleRef: 29 | kind: ClusterRole 30 | name: valve:{{ .Values.rolename }} 31 | apiGroup: rbac.authorization.k8s.io 32 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # kops-cui 2 | 3 | KOPS Console User Interface 4 | 5 | > It is a CUI that helps you install Kubernetes Cluster easily with KOPS. 6 | 7 | * Support Cloud 8 | * AWS 9 | 10 | * Support Addon 11 | * Ingress Controller 12 | * Dashboard 13 | * Heapster (deprecated) 14 | * Metrics Server 15 | * Cluster Autoscaler 16 | 17 | * Support OS 18 | * MacOS 19 | * Linux (centos, ubuntu ...) 20 | 21 | ## Run 22 | 23 | ```bash 24 | git clone https://github.com/opsnow/kops-cui 25 | ./kops-cui/run.sh 26 | ``` 27 | 28 | ### Configure 29 | 30 | ![configure](./images/01_configure.png) 31 | 32 | ### Create Cluster 33 | 34 | ![create_cluster](./images/02_create_cluster.png) 35 | 36 | ![create_cluster](./images/03_create_cluster.png) 37 | 38 | ### Update Cluster 39 | 40 | ![update_cluster](images/04_update_cluster.png) 41 | 42 | ### Addons 43 | 44 | ![addons](./images/05_addons.png) 45 | -------------------------------------------------------------------------------- /charts/sample/sample-webpack.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/sample-webpack 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | fullnameOverride: sample-webpack 6 | 7 | profile: dev 8 | 9 | namespaces: sample 10 | 11 | image: 12 | repository: nalbam/sample-webpack 13 | tag: alpine 14 | 15 | pod: 16 | labels: 17 | spotinst.io/pods-contingency: "true" 18 | annotations: 19 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 20 | 21 | # pdb: 22 | # minAvailable: "20%" 23 | # maxUnavailable: "20%" 24 | 25 | service: 26 | type: SERVICE_TYPE 27 | 28 | ingress: 29 | enabled: INGRESS_ENABLED 30 | subdomain: sample-webpack-NAMESPACE 31 | basedomain: BASE_DOMAIN 32 | annotations: 33 | kubernetes.io/ingress.class: nginx 34 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 35 | 36 | configmap: 37 | enabled: false 38 | secret: 39 | enabled: false 40 | -------------------------------------------------------------------------------- /charts/devops/monocular.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: monocular/monocular 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | fullnameOverride: monocular 6 | 7 | sync: 8 | repos: 9 | # Official repositories 10 | - name: stable 11 | url: https://kubernetes-charts.storage.googleapis.com 12 | - name: incubator 13 | url: https://kubernetes-charts-incubator.storage.googleapis.com 14 | # Add your own repository 15 | - name: chartmuseum 16 | url: https://chartmuseum-devops.BASE_DOMAIN 17 | schedule: "*/5 * * * *" 18 | successfulJobsHistoryLimit: 1 19 | 20 | service: 21 | type: SERVICE_TYPE 22 | 23 | ingress: 24 | enabled: INGRESS_ENABLED 25 | hosts: 26 | - INGRESS_DOMAIN 27 | annotations: 28 | kubernetes.io/ingress.class: nginx 29 | nginx.ingress.kubernetes.io/rewrite-target: /$1 30 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 31 | -------------------------------------------------------------------------------- /charts/kube-system/cluster-autoscaler.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/cluster-autoscaler 2 | # chart-version: 0.12.1 3 | # chart-node: master 4 | 5 | nameOverride: cluster-autoscaler 6 | 7 | # podAnnotations: 8 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 9 | 10 | autoDiscovery: 11 | enabled: true 12 | clusterName: CLUSTER_NAME 13 | 14 | awsRegion: AWS_REGION 15 | 16 | extraArgs: 17 | v: 4 18 | stderrthreshold: info 19 | logtostderr: true 20 | expander: random 21 | scale-down-enabled: true 22 | scale-down-utilization-threshold: 0.75 23 | skip-nodes-with-local-storage: false 24 | skip-nodes-with-system-pods: false 25 | 26 | #:MASTER:nodeSelector: 27 | #:MASTER: kubernetes.io/role: master 28 | 29 | #:MASTER:tolerations: 30 | #:MASTER: - effect: NoSchedule 31 | #:MASTER: key: node-role.kubernetes.io/master 32 | 33 | sslCertPath: /etc/ssl/certs/ca-bundle.crt 34 | 35 | rbac: 36 | create: true 37 | pspEnabled: true 38 | -------------------------------------------------------------------------------- /charts/sample/sample-web.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/sample-web 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | fullnameOverride: sample-web 6 | 7 | profile: dev 8 | 9 | namespaces: sample 10 | 11 | image: 12 | repository: nalbam/sample-web 13 | tag: alpine 14 | 15 | pod: 16 | labels: 17 | spotinst.io/pods-contingency: "true" 18 | annotations: 19 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 20 | 21 | # pdb: 22 | # minAvailable: "20%" 23 | # maxUnavailable: "20%" 24 | 25 | service: 26 | type: SERVICE_TYPE 27 | 28 | ingress: 29 | enabled: INGRESS_ENABLED 30 | subdomain: sample-web-NAMESPACE 31 | basedomain: BASE_DOMAIN 32 | annotations: 33 | kubernetes.io/ingress.class: nginx 34 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 35 | 36 | hpa: 37 | enabled: true 38 | min: 10 39 | max: 30 40 | cpu: 65 41 | 42 | configmap: 43 | enabled: false 44 | secret: 45 | enabled: false 46 | -------------------------------------------------------------------------------- /charts/sample/sample-tomcat.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/sample-tomcat 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | fullnameOverride: sample-tomcat 6 | 7 | profile: dev 8 | 9 | namespaces: sample 10 | 11 | image: 12 | repository: nalbam/sample-tomcat 13 | tag: alpine 14 | 15 | pod: 16 | labels: 17 | spotinst.io/pods-contingency: "true" 18 | annotations: 19 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 20 | 21 | # pdb: 22 | # minAvailable: "20%" 23 | # maxUnavailable: "20%" 24 | 25 | service: 26 | type: SERVICE_TYPE 27 | 28 | ingress: 29 | enabled: INGRESS_ENABLED 30 | subdomain: sample-tomcat-NAMESPACE 31 | basedomain: BASE_DOMAIN 32 | annotations: 33 | kubernetes.io/ingress.class: nginx 34 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 35 | 36 | hpa: 37 | enabled: true 38 | min: 5 39 | max: 30 40 | cpu: 65 41 | 42 | configmap: 43 | enabled: false 44 | secret: 45 | enabled: false 46 | -------------------------------------------------------------------------------- /custom/sample-node/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: {{ include "fullname" . }} 17 | minReplicas: {{ .Values.autoscaling.min }} 18 | maxReplicas: {{ .Values.autoscaling.max }} 19 | metrics: 20 | - type: Resource 21 | resource: 22 | name: cpu 23 | targetAverageUtilization: {{ .Values.autoscaling.cpu }} 24 | - type: Resource 25 | resource: 26 | name: memory 27 | targetAverageUtilization: {{ .Values.autoscaling.mem }} 28 | {{ end }} 29 | -------------------------------------------------------------------------------- /custom/sample-web/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: {{ include "fullname" . }} 17 | minReplicas: {{ .Values.autoscaling.min }} 18 | maxReplicas: {{ .Values.autoscaling.max }} 19 | metrics: 20 | - type: Resource 21 | resource: 22 | name: cpu 23 | targetAverageUtilization: {{ .Values.autoscaling.cpu }} 24 | - type: Resource 25 | resource: 26 | name: memory 27 | targetAverageUtilization: {{ .Values.autoscaling.mem }} 28 | {{ end }} 29 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: {{ include "fullname" . }} 17 | minReplicas: {{ .Values.autoscaling.min }} 18 | maxReplicas: {{ .Values.autoscaling.max }} 19 | metrics: 20 | - type: Resource 21 | resource: 22 | name: cpu 23 | targetAverageUtilization: {{ .Values.autoscaling.cpu }} 24 | - type: Resource 25 | resource: 26 | name: memory 27 | targetAverageUtilization: {{ .Values.autoscaling.mem }} 28 | {{ end }} 29 | -------------------------------------------------------------------------------- /custom/sample-tomcat/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: {{ include "fullname" . }} 17 | minReplicas: {{ .Values.autoscaling.min }} 18 | maxReplicas: {{ .Values.autoscaling.max }} 19 | metrics: 20 | - type: Resource 21 | resource: 22 | name: cpu 23 | targetAverageUtilization: {{ .Values.autoscaling.cpu }} 24 | - type: Resource 25 | resource: 26 | name: memory 27 | targetAverageUtilization: {{ .Values.autoscaling.mem }} 28 | {{ end }} 29 | -------------------------------------------------------------------------------- /custom/sample-webpack/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.autoscaling.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "fullname" . }} 6 | labels: 7 | app: {{ include "fullname" . }} 8 | app.kubernetes.io/instance: {{ .Release.Name }} 9 | app.kubernetes.io/managed-by: {{ .Release.Service }} 10 | app.kubernetes.io/name: {{ include "fullname" . }} 11 | helm.sh/chart: {{ include "chart" . }} 12 | spec: 13 | scaleTargetRef: 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | name: {{ include "fullname" . }} 17 | minReplicas: {{ .Values.autoscaling.min }} 18 | maxReplicas: {{ .Values.autoscaling.max }} 19 | metrics: 20 | - type: Resource 21 | resource: 22 | name: cpu 23 | targetAverageUtilization: {{ .Values.autoscaling.cpu }} 24 | - type: Resource 25 | resource: 26 | name: memory 27 | targetAverageUtilization: {{ .Values.autoscaling.mem }} 28 | {{ end }} 29 | -------------------------------------------------------------------------------- /charts/sample/sample-spring.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: custom/sample-spring 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | fullnameOverride: sample-spring 6 | 7 | profile: dev 8 | 9 | namespaces: sample 10 | 11 | image: 12 | repository: nalbam/sample-spring 13 | tag: alpine 14 | 15 | pod: 16 | labels: 17 | spotinst.io/pods-contingency: "true" 18 | annotations: 19 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 20 | 21 | # pdb: 22 | # minAvailable: "20%" 23 | # maxUnavailable: "20%" 24 | 25 | service: 26 | type: SERVICE_TYPE 27 | 28 | ingress: 29 | enabled: INGRESS_ENABLED 30 | subdomain: sample-spring-NAMESPACE 31 | basedomain: BASE_DOMAIN 32 | annotations: 33 | kubernetes.io/ingress.class: nginx 34 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 35 | 36 | hpa: 37 | enabled: true 38 | min: 10 39 | max: 30 40 | cpu: 65 41 | 42 | canary: 43 | enabled: false 44 | tag: alpine 45 | 46 | configmap: 47 | enabled: false 48 | secret: 49 | enabled: false 50 | -------------------------------------------------------------------------------- /charts/monitor/datadog.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/datadog 2 | # chart-version: 1.26.0 3 | 4 | nameOverride: datadog 5 | 6 | # Use 6.9.0-jmx to enable jmx fetch collection 7 | image: 8 | repository: datadog/agent 9 | tag: 6.12.1-jmx 10 | 11 | datadog: 12 | clusterName: CLUSTER_NAME 13 | apiKey: API_KEY 14 | appKey: APP_KEY 15 | apmEnabled: true 16 | # logsEnabled: true 17 | # logsConfigContainerCollectAll: true 18 | env: 19 | - name: DD_TAGS 20 | value: "cluster_name:CLUSTER_NAME" 21 | nonLocalTraffic: true 22 | 23 | daemonset: 24 | enabled: true 25 | useHostPort: true 26 | 27 | deployment: 28 | enabled: true 29 | 30 | # clusterAgent: 31 | # enabled: true 32 | # token: APP_KEY 33 | # metricsProvider: 34 | # enabled: true 35 | # env: 36 | # - name: DD_TAGS 37 | # value: "cluster_name:CLUSTER_NAME" 38 | 39 | env: 40 | - name: DD_AGENT_HOST 41 | valueFrom: 42 | fieldRef: 43 | fieldPath: status.hostIP 44 | 45 | kubeStateMetrics: 46 | enabled: KUBE_STATE_METRICS 47 | -------------------------------------------------------------------------------- /custom/httpbin/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | draft: {{ default "draft-app" .Values.draft }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 8 | app: {{ template "fullname" . }} 9 | spec: 10 | replicas: {{ .Values.replicaCount }} 11 | template: 12 | metadata: 13 | labels: 14 | draft: {{ default "draft-app" .Values.draft }} 15 | app: {{ template "fullname" . }} 16 | version: master 17 | {{- if .Values.pod.labels }} 18 | {{ toYaml .Values.pod.labels | indent 8 }} 19 | {{- end }} 20 | {{- if .Values.pod.annotations }} 21 | annotations: 22 | {{ toYaml .Values.pod.annotations | indent 8 }} 23 | {{- end }} 24 | spec: 25 | containers: 26 | - name: {{ .Chart.Name }} 27 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 28 | imagePullPolicy: {{ .Values.image.pullPolicy }} 29 | ports: 30 | - containerPort: {{ .Values.service.internalPort }} 31 | -------------------------------------------------------------------------------- /custom/httpbin/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | {{- if contains "NodePort" .Values.service.type }} 3 | Get the application URL by running these commands: 4 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }}) 5 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 6 | echo http://$NODE_IP:$NODE_PORT 7 | {{- else if contains "LoadBalancer" .Values.service.type }} 8 | Get the application URL by running these commands: 9 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 10 | You can watch the status of by running 'kubectl get svc -w {{ template "fullname" . }}' 11 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 12 | echo http://$SERVICE_IP:{{ .Values.service.externalPort }} 13 | {{- else }} 14 | http://{{ .Release.Name }}.{{ .Values.ingress.basedomain }} to access your application 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 BespinGlobal 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /custom/fortio/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | draft: {{ default "draft-app" .Values.draft }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 8 | app: {{ template "fullname" . }} 9 | spec: 10 | replicas: {{ .Values.replicaCount }} 11 | template: 12 | metadata: 13 | labels: 14 | draft: {{ default "draft-app" .Values.draft }} 15 | app: {{ template "fullname" . }} 16 | version: master 17 | {{- if .Values.pod.labels }} 18 | {{ toYaml .Values.pod.labels | indent 8 }} 19 | {{- end }} 20 | {{- if .Values.pod.annotations }} 21 | annotations: 22 | {{ toYaml .Values.pod.annotations | indent 8 }} 23 | {{- end }} 24 | spec: 25 | containers: 26 | - name: {{ .Chart.Name }} 27 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 28 | imagePullPolicy: {{ .Values.image.pullPolicy }} 29 | ports: 30 | - containerPort: 8080 31 | name: http-fortio 32 | - containerPort: 8079 33 | name: grpc-ping 34 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/hpa-canary.yaml: -------------------------------------------------------------------------------- 1 | {{ if and (not (empty .Values.istio)) (not (empty .Values.canary)) }} 2 | {{ if and (.Values.istio.enabled) (.Values.canary.enabled) }} 3 | {{ if .Values.hpa.enabled }} 4 | apiVersion: autoscaling/v2beta1 5 | kind: HorizontalPodAutoscaler 6 | metadata: 7 | name: {{ include "fullname" . }}-canary 8 | labels: 9 | app: {{ include "fullname" . }}-canary 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/name: {{ include "fullname" . }}-canary 13 | helm.sh/chart: {{ include "chart" . }} 14 | spec: 15 | scaleTargetRef: 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | name: {{ include "fullname" . }}-canary 19 | minReplicas: {{ .Values.hpa.min }} 20 | maxReplicas: {{ .Values.hpa.max }} 21 | metrics: 22 | - type: Resource 23 | resource: 24 | name: cpu 25 | targetAverageUtilization: {{ .Values.hpa.cpu }} 26 | - type: Resource 27 | resource: 28 | name: memory 29 | targetAverageUtilization: {{ .Values.hpa.mem }} 30 | {{ end }} 31 | {{ end }} 32 | {{ end }} 33 | -------------------------------------------------------------------------------- /custom/sample-node/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /custom/sample-web/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /custom/efs-pvc-exporter/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /custom/sample-tomcat/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /custom/sample-webpack/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /custom/elasticsearch-snapshot/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create chart name and version as used by the chart label. 29 | */}} 30 | {{- define "chart" -}} 31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 32 | {{- end -}} 33 | -------------------------------------------------------------------------------- /charts/devops/chartmuseum.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/chartmuseum 2 | # chart-version: 1.9.0 3 | # chart-ingress: true 4 | # chart-pvc: chartmuseum ReadWriteOnce 8Gi 5 | 6 | fullnameOverride: chartmuseum 7 | 8 | # replica: 9 | # annotations: 10 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 11 | 12 | env: 13 | open: 14 | DISABLE_API: false 15 | # open: 16 | # STORAGE: amazon 17 | # STORAGE_AMAZON_BUCKET: my-s3-bucket 18 | # STORAGE_AMAZON_PREFIX: 19 | # STORAGE_AMAZON_REGION: us-east-1 20 | # secret: 21 | # AWS_ACCESS_KEY_ID: "********" ## aws access key id value 22 | # AWS_SECRET_ACCESS_KEY: "********" ## aws access key secret value 23 | 24 | service: 25 | type: SERVICE_TYPE 26 | 27 | ingress: 28 | enabled: INGRESS_ENABLED 29 | hosts: 30 | INGRESS_DOMAIN: 31 | - / 32 | annotations: 33 | kubernetes.io/ingress.class: nginx 34 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 35 | nginx.ingress.kubernetes.io/proxy-body-size: 500m 36 | ingress.kubernetes.io/proxy-body-size: 500m 37 | 38 | persistence: 39 | enabled: true 40 | accessMode: ReadWriteOnce 41 | size: 8Gi 42 | #:EFS:storageClass: "efs" 43 | existingClaim: chartmuseum 44 | -------------------------------------------------------------------------------- /custom/elasticsearch-snapshot/templates/cron-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1beta1 2 | kind: CronJob 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | spec: 12 | schedule: "{{ .Values.schedule }}" 13 | jobTemplate: 14 | spec: 15 | template: 16 | spec: 17 | containers: 18 | - name: {{ .Chart.Name }} 19 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 20 | {{- with .Values.env }} 21 | env: 22 | {{ toYaml . | indent 14 }} 23 | {{- end }} 24 | {{ if or .Values.configmap.enabled .Values.secret.enabled }} 25 | envFrom: 26 | {{ end }} 27 | {{ if .Values.configmap.enabled }} 28 | - configMapRef: 29 | name: {{ .Values.configmap.name }} 30 | {{ end }} 31 | {{ if .Values.secret.enabled }} 32 | - secretRef: 33 | name: {{ .Values.secret.name }} 34 | {{ end }} 35 | restartPolicy: {{ .Values.restart }} 36 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/image-remove/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | def IMAGE_NAME = "${SERVICE_GROUP}-${SERVICE_NAME}" 5 | properties([ 6 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 7 | ]) 8 | podTemplate(label: label, containers: [ 9 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true) 10 | ], volumes: [ 11 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 12 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 13 | ]) { 14 | node(label) { 15 | stage("Prepare") { 16 | container("builder") { 17 | butler.prepare(IMAGE_NAME) 18 | } 19 | } 20 | stage("Remove") { 21 | container("builder") { 22 | try { 23 | // remove(cluster, namespace) 24 | butler.remove(CLUSTER, NAMESPACE) 25 | butler.success(SLACK_TOKEN, "Remove") 26 | } catch (e) { 27 | butler.failure(SLACK_TOKEN, "Remove") 28 | throw e 29 | } 30 | } 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /custom/sample-node/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.service.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.service.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.service.type }} 20 | {{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} 21 | clusterIP: {{ .Values.service.clusterIP }} 22 | {{- end }} 23 | ports: 24 | - name: http 25 | port: {{ .Values.service.externalPort }} 26 | targetPort: {{ .Values.service.internalPort }} 27 | {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- end }} 30 | selector: 31 | app: {{ include "fullname" . }} 32 | # app.kubernetes.io/instance: {{ .Release.Name }} 33 | # app.kubernetes.io/name: {{ include "fullname" . }} 34 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.service.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.service.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.service.type }} 20 | {{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} 21 | clusterIP: {{ .Values.service.clusterIP }} 22 | {{- end }} 23 | ports: 24 | - name: http 25 | port: {{ .Values.service.externalPort }} 26 | targetPort: {{ .Values.service.internalPort }} 27 | {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- end }} 30 | selector: 31 | app: {{ include "fullname" . }} 32 | # app.kubernetes.io/instance: {{ .Release.Name }} 33 | # app.kubernetes.io/name: {{ include "fullname" . }} 34 | -------------------------------------------------------------------------------- /custom/sample-tomcat/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.service.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.service.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.service.type }} 20 | {{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} 21 | clusterIP: {{ .Values.service.clusterIP }} 22 | {{- end }} 23 | ports: 24 | - name: http 25 | port: {{ .Values.service.externalPort }} 26 | targetPort: {{ .Values.service.internalPort }} 27 | {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- end }} 30 | selector: 31 | app: {{ include "fullname" . }} 32 | # app.kubernetes.io/instance: {{ .Release.Name }} 33 | # app.kubernetes.io/name: {{ include "fullname" . }} 34 | -------------------------------------------------------------------------------- /custom/sample-web/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.service.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.service.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.service.type }} 20 | {{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} 21 | clusterIP: {{ .Values.service.clusterIP }} 22 | {{- end }} 23 | ports: 24 | - name: http 25 | port: {{ .Values.service.externalPort }} 26 | targetPort: {{ .Values.service.internalPort }} 27 | {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- end }} 30 | selector: 31 | app: {{ include "fullname" . }} 32 | # app.kubernetes.io/instance: {{ .Release.Name }} 33 | # app.kubernetes.io/name: {{ include "fullname" . }} 34 | -------------------------------------------------------------------------------- /custom/sample-webpack/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.service.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.service.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | type: {{ .Values.service.type }} 20 | {{- if (and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP))) }} 21 | clusterIP: {{ .Values.service.clusterIP }} 22 | {{- end }} 23 | ports: 24 | - name: http 25 | port: {{ .Values.service.externalPort }} 26 | targetPort: {{ .Values.service.internalPort }} 27 | {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} 28 | nodePort: {{ .Values.service.nodePort }} 29 | {{- end }} 30 | selector: 31 | app: {{ include "fullname" . }} 32 | # app.kubernetes.io/instance: {{ .Release.Name }} 33 | # app.kubernetes.io/name: {{ include "fullname" . }} 34 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/image-rollback/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | def IMAGE_NAME = "${SERVICE_GROUP}-${SERVICE_NAME}" 5 | properties([ 6 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 7 | ]) 8 | podTemplate(label: label, containers: [ 9 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true) 10 | ], volumes: [ 11 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 12 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 13 | ]) { 14 | node(label) { 15 | stage("Prepare") { 16 | container("builder") { 17 | butler.prepare(IMAGE_NAME) 18 | } 19 | } 20 | stage("Rollback") { 21 | container("builder") { 22 | try { 23 | // rollback(cluster, namespace) 24 | butler.rollback(CLUSTER, NAMESPACE, REVISION) 25 | butler.success(SLACK_TOKEN, "Rollback") 26 | } catch (e) { 27 | butler.failure(SLACK_TOKEN, "Rollback") 28 | throw e 29 | } 30 | } 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/run-command/Jenkinsfile: -------------------------------------------------------------------------------- 1 | def label = "worker-${UUID.randomUUID().toString()}" 2 | properties([ 3 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 4 | ]) 5 | podTemplate(label: label, containers: [ 6 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true) 7 | ], volumes: [ 8 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 9 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 10 | ]) { 11 | node(label) { 12 | stage("Command") { 13 | container("builder") { 14 | sh """ 15 | rm -rf ${home}/.aws && mkdir -p ${home}/.aws 16 | rm -rf ${home}/.kube && mkdir -p ${home}/.kube 17 | 18 | kubectl get secret kube-config-${CLUSTER} -n devops -o json | jq -r .data.aws | base64 -d > ${home}/aws_config 19 | kubectl get secret kube-config-${CLUSTER} -n devops -o json | jq -r .data.text | base64 -d > ${home}/kube_config 20 | cp ${home}/aws_config ${home}/.aws/config && \ 21 | cp ${home}/kube_config ${home}/.kube/config 22 | 23 | kubectl config current-context 24 | 25 | $COMMAND 26 | """ 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/image-deploy/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | def IMAGE_NAME = "${SERVICE_GROUP}-${SERVICE_NAME}" 5 | properties([ 6 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 7 | ]) 8 | podTemplate(label: label, containers: [ 9 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true) 10 | ], volumes: [ 11 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 12 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 13 | ]) { 14 | node(label) { 15 | stage("Prepare") { 16 | container("builder") { 17 | butler.prepare(IMAGE_NAME, VERSION) 18 | } 19 | } 20 | stage("Deploy") { 21 | container("builder") { 22 | try { 23 | // deploy(cluster, namespace, sub_domain, profile) 24 | butler.deploy(CLUSTER, NAMESPACE, SUB_DOMAIN, PROFILE) 25 | butler.success(SLACK_TOKEN, "Deploy") 26 | } catch (e) { 27 | butler.failure(SLACK_TOKEN, "Deploy") 28 | throw e 29 | } 30 | } 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /custom/sample-node/templates/deployment-redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "fullname" . }}-redis 5 | labels: 6 | app: {{ include "fullname" . }}-redis 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }}-redis 10 | helm.sh/chart: {{ include "chart" . }} 11 | spec: 12 | replicas: 1 13 | selector: 14 | matchLabels: 15 | app: {{ include "fullname" . }}-redis 16 | # app.kubernetes.io/instance: {{ .Release.Name }} 17 | # app.kubernetes.io/name: {{ include "fullname" . }}-redis 18 | template: 19 | metadata: 20 | labels: 21 | app: {{ include "fullname" . }}-redis 22 | app.kubernetes.io/instance: {{ .Release.Name }} 23 | app.kubernetes.io/managed-by: {{ .Release.Service }} 24 | app.kubernetes.io/name: {{ include "fullname" . }}-redis 25 | version: stable 26 | spec: 27 | containers: 28 | - name: redis 29 | image: redis 30 | ports: 31 | - containerPort: 6379 32 | resources: 33 | requests: 34 | cpu: 100m 35 | memory: 128Mi 36 | limits: 37 | cpu: 200m 38 | memory: 256Mi 39 | -------------------------------------------------------------------------------- /charts/devops/sonarqube.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/sonarqube 2 | # chart-version: 0.13.4 3 | # chart-ingress: true 4 | # chart-pvc: sonarqube-sonarqube ReadWriteOnce 10Gi 5 | # chart-pvc: sonarqube-postgresql ReadWriteOnce 8Gi 6 | 7 | nameOverride: sonarqube 8 | 9 | service: 10 | type: SERVICE_TYPE 11 | 12 | ingress: 13 | enabled: INGRESS_ENABLED 14 | annotations: 15 | kubernetes.io/ingress.class: nginx 16 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 17 | nginx.ingress.kubernetes.io/proxy-body-size: 500m 18 | ingress.kubernetes.io/proxy-body-size: 500m 19 | hosts: 20 | - INGRESS_DOMAIN 21 | 22 | resources: 23 | requests: 24 | cpu: 250m 25 | memory: 3Gi 26 | limits: 27 | cpu: 1000m 28 | memory: 4Gi 29 | 30 | readinessProbe: 31 | initialDelaySeconds: 100 32 | periodSeconds: 30 33 | failureThreshold: 6 34 | livenessProbe: 35 | initialDelaySeconds: 100 36 | periodSeconds: 30 37 | failureThreshold: 6 38 | 39 | persistence: 40 | enabled: true 41 | accessMode: ReadWriteOnce 42 | size: 10Gi 43 | #:EFS:storageClass: "efs" 44 | existingClaim: sonarqube-sonarqube 45 | 46 | postgresql: 47 | persistence: 48 | enabled: true 49 | accessMode: ReadWriteOnce 50 | size: 8Gi 51 | #:EFS:storageClass: "efs" 52 | existingClaim: sonarqube-postgresql 53 | -------------------------------------------------------------------------------- /custom/sample-web/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.ingress.enabled }} 2 | {{- $fullName := include "fullname" . -}} 3 | {{- $servicePort := .Values.service.externalPort -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ include "fullname" . }} 8 | labels: 9 | app: {{ include "fullname" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/name: {{ include "fullname" . }} 13 | helm.sh/chart: {{ include "chart" . }} 14 | {{- with .Values.ingress.labels }} 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | {{- with .Values.ingress.annotations }} 18 | annotations: 19 | {{ toYaml . | indent 4 }} 20 | {{- end }} 21 | spec: 22 | rules: 23 | {{ if and .Values.ingress.subdomain .Values.ingress.basedomain }} 24 | - host: {{ .Values.ingress.subdomain }}.{{ .Values.ingress.basedomain }} 25 | http: 26 | paths: 27 | - path: / 28 | backend: 29 | serviceName: {{ $fullName }} 30 | servicePort: {{ $servicePort }} 31 | {{ end }} 32 | {{ range .Values.ingress.hosts }} 33 | - host: {{ . }} 34 | http: 35 | paths: 36 | - path: / 37 | backend: 38 | serviceName: {{ $fullName }} 39 | servicePort: {{ $servicePort }} 40 | {{ end }} 41 | {{ end }} 42 | -------------------------------------------------------------------------------- /custom/sample-node/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.ingress.enabled }} 2 | {{- $fullName := include "fullname" . -}} 3 | {{- $servicePort := .Values.service.externalPort -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ include "fullname" . }} 8 | labels: 9 | app: {{ include "fullname" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/name: {{ include "fullname" . }} 13 | helm.sh/chart: {{ include "chart" . }} 14 | {{- with .Values.ingress.labels }} 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | {{- with .Values.ingress.annotations }} 18 | annotations: 19 | {{ toYaml . | indent 4 }} 20 | {{- end }} 21 | spec: 22 | rules: 23 | {{ if and .Values.ingress.subdomain .Values.ingress.basedomain }} 24 | - host: {{ .Values.ingress.subdomain }}.{{ .Values.ingress.basedomain }} 25 | http: 26 | paths: 27 | - path: / 28 | backend: 29 | serviceName: {{ $fullName }} 30 | servicePort: {{ $servicePort }} 31 | {{ end }} 32 | {{ range .Values.ingress.hosts }} 33 | - host: {{ . }} 34 | http: 35 | paths: 36 | - path: / 37 | backend: 38 | serviceName: {{ $fullName }} 39 | servicePort: {{ $servicePort }} 40 | {{ end }} 41 | {{ end }} 42 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.ingress.enabled }} 2 | {{- $fullName := include "fullname" . -}} 3 | {{- $servicePort := .Values.service.externalPort -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ include "fullname" . }} 8 | labels: 9 | app: {{ include "fullname" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/name: {{ include "fullname" . }} 13 | helm.sh/chart: {{ include "chart" . }} 14 | {{- with .Values.ingress.labels }} 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | {{- with .Values.ingress.annotations }} 18 | annotations: 19 | {{ toYaml . | indent 4 }} 20 | {{- end }} 21 | spec: 22 | rules: 23 | {{ if and .Values.ingress.subdomain .Values.ingress.basedomain }} 24 | - host: {{ .Values.ingress.subdomain }}.{{ .Values.ingress.basedomain }} 25 | http: 26 | paths: 27 | - path: / 28 | backend: 29 | serviceName: {{ $fullName }} 30 | servicePort: {{ $servicePort }} 31 | {{ end }} 32 | {{ range .Values.ingress.hosts }} 33 | - host: {{ . }} 34 | http: 35 | paths: 36 | - path: / 37 | backend: 38 | serviceName: {{ $fullName }} 39 | servicePort: {{ $servicePort }} 40 | {{ end }} 41 | {{ end }} 42 | -------------------------------------------------------------------------------- /custom/sample-tomcat/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.ingress.enabled }} 2 | {{- $fullName := include "fullname" . -}} 3 | {{- $servicePort := .Values.service.externalPort -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ include "fullname" . }} 8 | labels: 9 | app: {{ include "fullname" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/name: {{ include "fullname" . }} 13 | helm.sh/chart: {{ include "chart" . }} 14 | {{- with .Values.ingress.labels }} 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | {{- with .Values.ingress.annotations }} 18 | annotations: 19 | {{ toYaml . | indent 4 }} 20 | {{- end }} 21 | spec: 22 | rules: 23 | {{ if and .Values.ingress.subdomain .Values.ingress.basedomain }} 24 | - host: {{ .Values.ingress.subdomain }}.{{ .Values.ingress.basedomain }} 25 | http: 26 | paths: 27 | - path: / 28 | backend: 29 | serviceName: {{ $fullName }} 30 | servicePort: {{ $servicePort }} 31 | {{ end }} 32 | {{ range .Values.ingress.hosts }} 33 | - host: {{ . }} 34 | http: 35 | paths: 36 | - path: / 37 | backend: 38 | serviceName: {{ $fullName }} 39 | servicePort: {{ $servicePort }} 40 | {{ end }} 41 | {{ end }} 42 | -------------------------------------------------------------------------------- /custom/sample-webpack/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.ingress.enabled }} 2 | {{- $fullName := include "fullname" . -}} 3 | {{- $servicePort := .Values.service.externalPort -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ include "fullname" . }} 8 | labels: 9 | app: {{ include "fullname" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/name: {{ include "fullname" . }} 13 | helm.sh/chart: {{ include "chart" . }} 14 | {{- with .Values.ingress.labels }} 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | {{- with .Values.ingress.annotations }} 18 | annotations: 19 | {{ toYaml . | indent 4 }} 20 | {{- end }} 21 | spec: 22 | rules: 23 | {{ if and .Values.ingress.subdomain .Values.ingress.basedomain }} 24 | - host: {{ .Values.ingress.subdomain }}.{{ .Values.ingress.basedomain }} 25 | http: 26 | paths: 27 | - path: / 28 | backend: 29 | serviceName: {{ $fullName }} 30 | servicePort: {{ $servicePort }} 31 | {{ end }} 32 | {{ range .Values.ingress.hosts }} 33 | - host: {{ . }} 34 | http: 35 | paths: 36 | - path: / 37 | backend: 38 | serviceName: {{ $fullName }} 39 | servicePort: {{ $servicePort }} 40 | {{ end }} 41 | {{ end }} 42 | -------------------------------------------------------------------------------- /backup-ver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SHELL_DIR=$(dirname $0) 4 | 5 | if [ ! -f $SHELL_DIR/versions ]; then 6 | echo "Need a versions file" 7 | exit 0 8 | fi 9 | 10 | . ${SHELL_DIR}/common.sh 11 | . ${SHELL_DIR}/default.sh 12 | 13 | BACKUP_DIR=$1 14 | 15 | if [ -z $BACKUP_DIR ]; then 16 | BACKUP_DIR=$SHELL_DIR 17 | fi 18 | echo "Backup charts to $BACKUP_DIR" 19 | $(cp -rf charts $BACKUP_DIR) 20 | 21 | CHART_LIST=$(cat $SHELL_DIR/versions) 22 | 23 | #echo $CHART_LIST 24 | 25 | # 한줄씩 읽어서 26 | # 설치된 버전 ver1 27 | # yaml 파일을 찾아서 28 | # ver1 로 replace 29 | while read LINE; do 30 | 31 | # get chart name 32 | chart_name=$(echo $LINE | awk '{print $1}') 33 | 34 | # get_build_ver 35 | ver1=$(echo $LINE | awk '{print $2}'| rev | cut -d'-' -f1 | rev) 36 | 37 | # confirm chart version 38 | echo "BUILD VER : " $chart_name $ver1 39 | 40 | #find file 41 | file=$(find $BACKUP_DIR -name "$chart_name.yaml") 42 | 43 | echo "FILE : " $file 44 | 45 | if [ -z $file ]; then 46 | # no file 47 | echo "Not found file : $file" 48 | continue; 49 | fi 50 | # found file 51 | prefix="# chart-version: " 52 | echo "REPLACE : " "$prefix$ver1" 53 | _replace "s/$prefix.*/$prefix$ver1/g" $file 54 | 55 | echo "=============================" 56 | 57 | done < $SHELL_DIR/versions 58 | 59 | 60 | -------------------------------------------------------------------------------- /custom/sample-web/templates/ingress-istio.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.ingress-istio.enabled }} 2 | {{- $fullName := include "fullname" . -}} 3 | {{- $servicePort := .Values.service.externalPort -}} 4 | apiVersion: extensions/v1beta1 5 | kind: Ingress 6 | metadata: 7 | name: {{ include "fullname" . }} 8 | labels: 9 | app: {{ include "fullname" . }} 10 | app.kubernetes.io/instance: {{ .Release.Name }} 11 | app.kubernetes.io/managed-by: {{ .Release.Service }} 12 | app.kubernetes.io/name: {{ include "fullname" . }} 13 | helm.sh/chart: {{ include "chart" . }} 14 | {{- with .Values.ingress.labels }} 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | {{- with .Values.ingress.annotations }} 18 | annotations: 19 | {{ toYaml . | indent 4 }} 20 | {{- end }} 21 | spec: 22 | rules: 23 | {{ if and .Values.ingress.subdomain .Values.ingress.basedomain }} 24 | - host: {{ .Values.ingress.subdomain }}.istio.{{ .Values.ingress.basedomain }} 25 | http: 26 | paths: 27 | - path: / 28 | backend: 29 | serviceName: {{ $fullName }} 30 | servicePort: {{ $servicePort }} 31 | {{ end }} 32 | {{ range .Values.ingress.hosts }} 33 | - host: {{ . }} 34 | http: 35 | paths: 36 | - path: / 37 | backend: 38 | serviceName: {{ $fullName }} 39 | servicePort: {{ $servicePort }} 40 | {{ end }} 41 | {{ end }} 42 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/run-command/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER 11 | 12 | dev 13 | 14 | 15 | COMMAND 16 | 17 | kubectl get all --all-namespaces 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 29 | true 30 | 31 | 32 | false 33 | 34 | -------------------------------------------------------------------------------- /charts/kube-ingress/nginx-ingress.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/nginx-ingress 2 | # chart-version: 1.4.0 3 | 4 | nameOverride: nginx-ingress 5 | 6 | controller: 7 | # kind: DaemonSet 8 | replicaCount: 2 9 | autoscaling: 10 | enabled: true 11 | minReplicas: 2 12 | maxReplicas: 11 13 | targetCPUUtilizationPercentage: 60 14 | targetMemoryUtilizationPercentage: 60 15 | # podAnnotations: 16 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 17 | config: 18 | use-forwarded-headers: "true" 19 | service: 20 | annotations: 21 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "" 22 | service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" 23 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" 24 | service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" 25 | # external-dns.alpha.kubernetes.io/hostname: "demo.opsnow.com." 26 | # external-dns.alpha.kubernetes.io/ttl: 300 27 | targetPorts: 28 | http: http 29 | https: http 30 | stats: 31 | enabled: true 32 | metrics: 33 | enabled: true 34 | service: 35 | annotations: 36 | prometheus.io/scrape: "true" 37 | prometheus.io/port: "10254" 38 | resources: 39 | limits: 40 | cpu: 100m 41 | memory: 256Mi 42 | requests: 43 | cpu: 100m 44 | memory: 256Mi 45 | -------------------------------------------------------------------------------- /charts/kube-ingress/nginx-ingress-private.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/nginx-ingress 2 | # chart-version: 1.4.0 3 | 4 | nameOverride: nginx-ingress-private 5 | 6 | controller: 7 | # kind: DaemonSet 8 | replicaCount: 2 9 | autoscaling: 10 | enabled: true 11 | minReplicas: 2 12 | maxReplicas: 11 13 | targetCPUUtilizationPercentage: 60 14 | targetMemoryUtilizationPercentage: 60 15 | # podAnnotations: 16 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 17 | config: 18 | use-forwarded-headers: "true" 19 | service: 20 | annotations: 21 | service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "" 22 | service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" 23 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" 24 | service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" 25 | # external-dns.alpha.kubernetes.io/hostname: "demo.opsnow.com." 26 | # external-dns.alpha.kubernetes.io/ttl: 300 27 | targetPorts: 28 | http: http 29 | https: http 30 | stats: 31 | enabled: true 32 | metrics: 33 | enabled: true 34 | service: 35 | annotations: 36 | prometheus.io/scrape: "true" 37 | prometheus.io/port: "10254" 38 | resources: 39 | limits: 40 | cpu: 100m 41 | memory: 256Mi 42 | requests: 43 | cpu: 100m 44 | memory: 256Mi 45 | -------------------------------------------------------------------------------- /charts/devops/argocd.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: argo/argo-cd 2 | # chart-version: latest 3 | # chart-ingress: true 4 | 5 | server: 6 | extraArgs: 7 | - --insecure 8 | 9 | ingress: 10 | enabled: INGRESS_ENABLED 11 | hosts: 12 | - INGRESS_DOMAIN 13 | annotations: 14 | kubernetes.io/ingress.class: nginx 15 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 16 | nginx.ingress.kubernetes.io/ssl-passthrough: "true" 17 | 18 | config: 19 | url: https://INGRESS_DOMAIN 20 | # helmRepositories: 21 | # - name: chartmuseum 22 | # url: https://chartmuseum-devops.BASE_DOMAIN 23 | #:GITHUB:dexConfig: 24 | #:GITHUB: connectors: 25 | #:GITHUB: - type: github 26 | #:GITHUB: id: github 27 | #:GITHUB: name: GitHub 28 | #:GITHUB: config: 29 | #:GITHUB: clientID: GITHUB_CLIENT_ID 30 | #:GITHUB: clientSecret: GITHUB_CLIENT_SECRET 31 | #:GITHUB: orgs: 32 | #:GITHUB: - name: GITHUB_ORG 33 | #:GITHUB: teams: 34 | 35 | rbac: 36 | policyDefault: role:readonly 37 | #:GITHUB:policyCsv: | 38 | #:GITHUB: p, role:org-admin, applications, *, */*, allow 39 | #:GITHUB: p, role:org-admin, repositories, *, *, allow 40 | #:GITHUB: p, role:org-admin, projects, *, *, allow 41 | #:GITHUB: p, role:org-admin, clusters, *, *, allow 42 | #:GITHUB: g, GITHUB_ORG:admin, role:org-admin 43 | #:GITHUB: g, GITHUB_ORG:sre-lab, role:org-sre 44 | -------------------------------------------------------------------------------- /charts/devops/sonatype-nexus.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/sonatype-nexus 2 | # chart-version: 1.15.1 3 | # chart-ingress: true 4 | # chart-pvc: sonatype-nexus-data ReadWriteOnce 30Gi 5 | 6 | nameOverride: sonatype-nexus 7 | 8 | statefulset: 9 | enabled: true 10 | 11 | nexus: 12 | serviceType: SERVICE_TYPE 13 | resources: 14 | requests: 15 | cpu: 250m 16 | memory: 4Gi 17 | limits: 18 | cpu: 1000m 19 | memory: 4Gi 20 | # podAnnotations: 21 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 22 | livenessProbe: 23 | initialDelaySeconds: 100 24 | periodSeconds: 30 25 | failureThreshold: 12 26 | path: / 27 | readinessProbe: 28 | initialDelaySeconds: 100 29 | periodSeconds: 30 30 | failureThreshold: 12 31 | path: / 32 | 33 | nexusProxy: 34 | env: 35 | nexusHttpHost: INGRESS_DOMAIN 36 | # nexusDockerHost: docker-INGRESS_DOMAIN 37 | 38 | nexusBackup: 39 | nexusAdminPassword: PASSWORD 40 | 41 | ingress: 42 | enabled: INGRESS_ENABLED 43 | tls: 44 | enabled: false 45 | annotations: 46 | kubernetes.io/ingress.class: nginx 47 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 48 | nginx.ingress.kubernetes.io/proxy-body-size: 500m 49 | ingress.kubernetes.io/proxy-body-size: 500m 50 | 51 | persistence: 52 | enabled: true 53 | accessMode: ReadWriteOnce 54 | storageSize: 30Gi 55 | #:EFS:storageClass: "efs" 56 | existingClaim: sonatype-nexus-data 57 | -------------------------------------------------------------------------------- /custom/sample-node/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range .Values.ingress.hosts }} 4 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }} 5 | {{- end }} 6 | {{- else if contains "NodePort" .Values.service.type }} 7 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fullname" . }}) 8 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 9 | echo http://$NODE_IP:$NODE_PORT 10 | {{- else if contains "LoadBalancer" .Values.service.type }} 11 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 12 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fullname" . }}' 13 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 14 | echo http://$SERVICE_IP:{{ .Values.service.port }} 15 | {{- else if contains "ClusterIP" .Values.service.type }} 16 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 17 | echo "Visit http://127.0.0.1:8080 to use your application" 18 | kubectl port-forward $POD_NAME 8080:80 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /custom/sample-web/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range .Values.ingress.hosts }} 4 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }} 5 | {{- end }} 6 | {{- else if contains "NodePort" .Values.service.type }} 7 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fullname" . }}) 8 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 9 | echo http://$NODE_IP:$NODE_PORT 10 | {{- else if contains "LoadBalancer" .Values.service.type }} 11 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 12 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fullname" . }}' 13 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 14 | echo http://$SERVICE_IP:{{ .Values.service.port }} 15 | {{- else if contains "ClusterIP" .Values.service.type }} 16 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 17 | echo "Visit http://127.0.0.1:8080 to use your application" 18 | kubectl port-forward $POD_NAME 8080:80 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range .Values.ingress.hosts }} 4 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }} 5 | {{- end }} 6 | {{- else if contains "NodePort" .Values.service.type }} 7 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fullname" . }}) 8 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 9 | echo http://$NODE_IP:$NODE_PORT 10 | {{- else if contains "LoadBalancer" .Values.service.type }} 11 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 12 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fullname" . }}' 13 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 14 | echo http://$SERVICE_IP:{{ .Values.service.port }} 15 | {{- else if contains "ClusterIP" .Values.service.type }} 16 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 17 | echo "Visit http://127.0.0.1:8080 to use your application" 18 | kubectl port-forward $POD_NAME 8080:80 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /custom/sample-tomcat/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range .Values.ingress.hosts }} 4 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }} 5 | {{- end }} 6 | {{- else if contains "NodePort" .Values.service.type }} 7 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fullname" . }}) 8 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 9 | echo http://$NODE_IP:$NODE_PORT 10 | {{- else if contains "LoadBalancer" .Values.service.type }} 11 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 12 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fullname" . }}' 13 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 14 | echo http://$SERVICE_IP:{{ .Values.service.port }} 15 | {{- else if contains "ClusterIP" .Values.service.type }} 16 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 17 | echo "Visit http://127.0.0.1:8080 to use your application" 18 | kubectl port-forward $POD_NAME 8080:80 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /custom/sample-webpack/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range .Values.ingress.hosts }} 4 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }} 5 | {{- end }} 6 | {{- else if contains "NodePort" .Values.service.type }} 7 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fullname" . }}) 8 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 9 | echo http://$NODE_IP:$NODE_PORT 10 | {{- else if contains "LoadBalancer" .Values.service.type }} 11 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 12 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fullname" . }}' 13 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 14 | echo http://$SERVICE_IP:{{ .Values.service.port }} 15 | {{- else if contains "ClusterIP" .Values.service.type }} 16 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 17 | echo "Visit http://127.0.0.1:8080 to use your application" 18 | kubectl port-forward $POD_NAME 8080:80 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/build-command/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | def IMAGE_NAME = "${SERVICE_GROUP}-${SERVICE_NAME}" 5 | properties([ 6 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 7 | ]) 8 | podTemplate(label: label, containers: [ 9 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true) 10 | ], volumes: [ 11 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 12 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 13 | ]) { 14 | node(label) { 15 | stage("Prepare") { 16 | container("builder") { 17 | butler.prepare(IMAGE_NAME) 18 | } 19 | } 20 | stage("Checkout") { 21 | container("builder") { 22 | try { 23 | if (REPOSITORY_SECRET) { 24 | git(url: REPOSITORY_URL, branch: BRANCH_NAME, credentialsId: REPOSITORY_SECRET) 25 | } else { 26 | git(url: REPOSITORY_URL, branch: BRANCH_NAME) 27 | } 28 | } catch (e) { 29 | butler.failure(SLACK_TOKEN_DEV, "Checkout") 30 | throw e 31 | } 32 | butler.scan() 33 | } 34 | } 35 | stage("Command") { 36 | container("builder") { 37 | sh """ 38 | $COMMAND 39 | """ 40 | } 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /charts/monitor/fluentd-elasticsearch.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/fluentd-elasticsearch 2 | # chart-version: 2.0.7 3 | 4 | nameOverride: fluentd-elasticsearch 5 | 6 | elasticsearch: 7 | host: CUSTOM_HOST 8 | port: CUSTOM_PORT 9 | buffer_chunk_limit: 8M 10 | buffer_queue_limit: 8 11 | # logstash_prefix: 'logstash' 12 | 13 | configMaps: 14 | output.conf: | 15 | # Enriches records with Kubernetes metadata 16 | 17 | @type kubernetes_metadata 18 | 19 | 20 | @id elasticsearch 21 | @type elasticsearch 22 | @log_level info 23 | include_tag_key true 24 | type_name _doc 25 | host "#{ENV['OUTPUT_HOST']}" 26 | port "#{ENV['OUTPUT_PORT']}" 27 | scheme "#{ENV['OUTPUT_SCHEME']}" 28 | ssl_version "#{ENV['OUTPUT_SSL_VERSION']}" 29 | logstash_format true 30 | logstash_prefix "#{ENV['LOGSTASH_PREFIX']}" 31 | reconnect_on_error true 32 | reload_connections false 33 | reload_on_failure false 34 | 35 | @type file 36 | path /var/log/fluentd-buffers/kubernetes.system.buffer 37 | flush_mode interval 38 | retry_type exponential_backoff 39 | flush_thread_count 2 40 | flush_interval 5s 41 | retry_forever 42 | retry_max_interval 30 43 | chunk_limit_size "#{ENV['OUTPUT_BUFFER_CHUNK_LIMIT']}" 44 | queue_limit_length "#{ENV['OUTPUT_BUFFER_QUEUE_LIMIT']}" 45 | overflow_action drop_oldest_chunk 46 | 47 | 48 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/config-apply/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | def IMAGE_NAME = "${SERVICE_GROUP}-${SERVICE_NAME}" 5 | properties([ 6 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 7 | ]) 8 | podTemplate(label: label, containers: [ 9 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true) 10 | ], volumes: [ 11 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 12 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 13 | ]) { 14 | node(label) { 15 | stage("Prepare") { 16 | container("builder") { 17 | butler.prepare(IMAGE_NAME) 18 | } 19 | } 20 | stage("Checkout") { 21 | container("builder") { 22 | try { 23 | if (REPOSITORY_SECRET) { 24 | git(url: REPOSITORY_URL, branch: BRANCH_NAME, credentialsId: REPOSITORY_SECRET) 25 | } else { 26 | git(url: REPOSITORY_URL, branch: BRANCH_NAME) 27 | } 28 | } catch (e) { 29 | butler.failure(SLACK_TOKEN, "Checkout") 30 | throw e 31 | } 32 | } 33 | } 34 | stage("Apply") { 35 | container("builder") { 36 | try { 37 | // apply(cluster, namespace, type, yaml) 38 | butler.apply(CLUSTER, NAMESPACE, CONFIG_TYPE, YAML_PATH) 39 | butler.success(SLACK_TOKEN, "Apply") 40 | } catch (e) { 41 | butler.failure(SLACK_TOKEN, "Apply") 42 | throw e 43 | } 44 | } 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /charts/istio/istio.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: istio 2 | # chart-version: 1.1.7 3 | # chart-ingress: true 4 | 5 | # global: 6 | # configValidation: false 7 | 8 | # ingress: 9 | # enabled: true 10 | 11 | # grafana: 12 | # enabled: true 13 | 14 | gateways: 15 | istio-ingressgateway: 16 | sds: 17 | enabled: true 18 | 19 | global: 20 | k8sIngress: 21 | enabled: true 22 | enableHttps: true 23 | gatewayName: ingressgateway 24 | 25 | certmanager: 26 | enabled: true 27 | email: sre@bespinglobal.com 28 | 29 | kiali: 30 | enabled: true 31 | createDemoSecret: true 32 | # ingress: 33 | # enabled: INGRESS_ENABLED 34 | # annotations: 35 | # - kubernetes.io/ingress.class: nginx 36 | # - nginx.ingress.kubernetes.io/force-ssl-redirect: true 37 | # hosts: 38 | # - kiali-istio.BASE_DOMAIN 39 | # dashboard: 40 | # secretName: istio-secret 41 | # grafanaURL: http://grafana:3000 42 | # jaegerURL: https://jaeger-istio.BASE_DOMAIN 43 | 44 | tracing: 45 | enabled: true 46 | # ingress: 47 | # enabled: INGRESS_ENABLED 48 | # annotations: 49 | # - kubernetes.io/ingress.class: nginx 50 | # - nginx.ingress.kubernetes.io/force-ssl-redirect: true 51 | # hosts: 52 | # - tracing-istio.BASE_DOMAIN 53 | # jaeger: 54 | # ingress: 55 | # enabled: INGRESS_ENABLED 56 | # annotations: 57 | # - kubernetes.io/ingress.class: nginx 58 | # - nginx.ingress.kubernetes.io/force-ssl-redirect: true 59 | # hosts: 60 | # - jaeger-istio.BASE_DOMAIN 61 | 62 | servicegraph: 63 | enabled: true 64 | # ingress: 65 | # enabled: INGRESS_ENABLED 66 | # annotations: 67 | # - kubernetes.io/ingress.class: nginx 68 | # - nginx.ingress.kubernetes.io/force-ssl-redirect: true 69 | # hosts: 70 | # - servicegraph-istio.BASE_DOMAIN 71 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/sample/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | properties([ 5 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 6 | ]) 7 | podTemplate(label: label, containers: [ 8 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true) 9 | ], volumes: [ 10 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 11 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 12 | ]) { 13 | node(label) { 14 | stage("Info") { 15 | sh """ 16 | pwd 17 | date 18 | whoami 19 | uname -a 20 | echo $JOB_NAME 21 | echo $BUILD_NUMBER 22 | """ 23 | } 24 | stage("Prepare") { 25 | container("builder") { 26 | sh """ 27 | pwd 28 | date 29 | whoami 30 | uname -a 31 | """ 32 | butler.prepare() 33 | } 34 | } 35 | stage("Run docker") { 36 | container("builder") { 37 | sh """ 38 | docker version 39 | docker images 40 | docker ps 41 | """ 42 | } 43 | } 44 | stage("Run kubectl") { 45 | container("builder") { 46 | sh """ 47 | kubectl version 48 | kubectl cluster-info 49 | kubectl get pod,svc,ing 50 | """ 51 | } 52 | } 53 | stage("Run helm") { 54 | container("builder") { 55 | butler.helm_init() 56 | } 57 | } 58 | stage("End") { 59 | container("builder") { 60 | sh """ 61 | ls -al 62 | """ 63 | } 64 | } 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /custom/sample-webpack/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | profile: default 4 | 5 | namespace: development 6 | 7 | image: 8 | repository: docker-registry.127.0.0.1.nip.io:30500/sample-webpack 9 | tag: latest 10 | pullPolicy: Always 11 | 12 | labels: {} 13 | annotations: {} 14 | 15 | pod: 16 | labels: {} 17 | annotations: {} 18 | 19 | pdb: {} 20 | 21 | service: 22 | type: ClusterIP 23 | externalPort: 80 24 | internalPort: 80 25 | annotations: {} 26 | labels: {} 27 | 28 | ingress: 29 | enabled: true 30 | subdomain: sample-webpack 31 | basedomain: 127.0.0.1.nip.io 32 | hosts: {} 33 | # hosts: 34 | # - sample-webpack.opsnow.com 35 | annotations: 36 | kubernetes.io/ingress.class: nginx 37 | # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 38 | labels: {} 39 | 40 | autoscaling: 41 | enabled: true 42 | min: 1 43 | max: 5 44 | cpu: 80 45 | mem: 80 46 | 47 | resources: 48 | requests: 49 | cpu: 100m 50 | memory: 128Mi 51 | limits: 52 | cpu: 120m 53 | memory: 153Mi 54 | 55 | readinessProbe: 56 | httpGet: 57 | path: / 58 | port: 80 59 | initialDelaySeconds: 3 60 | periodSeconds: 10 61 | failureThreshold: 3 62 | 63 | livenessProbe: 64 | httpGet: 65 | path: / 66 | port: 80 67 | initialDelaySeconds: 3 68 | periodSeconds: 10 69 | failureThreshold: 3 70 | 71 | # livenessProbe: 72 | # exec: 73 | # command: 74 | # - cat 75 | # - /tmp/healthy 76 | # initialDelaySeconds: 3 77 | # periodSeconds: 10 78 | # livenessProbe: 79 | # tcpSocket: 80 | # port: 80 81 | # initialDelaySeconds: 3 82 | # periodSeconds: 10 83 | 84 | # hostNetwork: true 85 | # dnsPolicy: Default 86 | 87 | nodeSelector: {} 88 | 89 | tolerations: [] 90 | 91 | affinity: {} 92 | 93 | configmap: 94 | enabled: false 95 | 96 | secret: 97 | enabled: false 98 | -------------------------------------------------------------------------------- /custom/sample-spring/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | profile: default 4 | 5 | namespace: development 6 | 7 | image: 8 | repository: docker-registry.127.0.0.1.nip.io:30500/sample-spring 9 | tag: latest 10 | pullPolicy: Always 11 | 12 | labels: {} 13 | annotations: {} 14 | 15 | pod: 16 | labels: {} 17 | annotations: {} 18 | 19 | pdb: {} 20 | 21 | service: 22 | type: ClusterIP 23 | externalPort: 80 24 | internalPort: 8080 25 | annotations: {} 26 | labels: {} 27 | 28 | ingress: 29 | enabled: true 30 | subdomain: sample-spring 31 | basedomain: 127.0.0.1.nip.io 32 | hosts: {} 33 | # hosts: 34 | # - sample-spring.opsnow.com 35 | annotations: 36 | kubernetes.io/ingress.class: nginx 37 | # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 38 | labels: {} 39 | 40 | autoscaling: 41 | enabled: true 42 | min: 1 43 | max: 5 44 | cpu: 80 45 | mem: 80 46 | 47 | resources: 48 | requests: 49 | cpu: 500m 50 | memory: 1024Mi 51 | limits: 52 | cpu: 600m 53 | memory: 1252Mi 54 | 55 | readinessProbe: 56 | httpGet: 57 | path: / 58 | port: 8080 59 | initialDelaySeconds: 30 60 | periodSeconds: 10 61 | failureThreshold: 3 62 | 63 | livenessProbe: 64 | httpGet: 65 | path: / 66 | port: 8080 67 | initialDelaySeconds: 30 68 | periodSeconds: 10 69 | failureThreshold: 3 70 | 71 | # livenessProbe: 72 | # exec: 73 | # command: 74 | # - cat 75 | # - /tmp/healthy 76 | # initialDelaySeconds: 15 77 | # periodSeconds: 10 78 | # livenessProbe: 79 | # tcpSocket: 80 | # port: 8080 81 | # initialDelaySeconds: 15 82 | # periodSeconds: 10 83 | 84 | # hostNetwork: true 85 | # dnsPolicy: Default 86 | 87 | nodeSelector: {} 88 | 89 | tolerations: [] 90 | 91 | affinity: {} 92 | 93 | configmap: 94 | enabled: false 95 | 96 | secret: 97 | enabled: false 98 | -------------------------------------------------------------------------------- /custom/sample-tomcat/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | profile: default 4 | 5 | namespace: development 6 | 7 | image: 8 | repository: docker-registry.127.0.0.1.nip.io:30500/sample-tomcat 9 | tag: latest 10 | pullPolicy: Always 11 | 12 | labels: {} 13 | annotations: {} 14 | 15 | pod: 16 | labels: {} 17 | annotations: {} 18 | 19 | pdb: {} 20 | 21 | service: 22 | type: ClusterIP 23 | externalPort: 80 24 | internalPort: 8080 25 | annotations: {} 26 | labels: {} 27 | 28 | ingress: 29 | enabled: true 30 | subdomain: sample-tomcat 31 | basedomain: 127.0.0.1.nip.io 32 | hosts: {} 33 | # hosts: 34 | # - sample-tomcat.opsnow.com 35 | annotations: 36 | kubernetes.io/ingress.class: nginx 37 | # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 38 | labels: {} 39 | 40 | autoscaling: 41 | enabled: true 42 | min: 1 43 | max: 5 44 | cpu: 80 45 | mem: 80 46 | 47 | resources: 48 | requests: 49 | cpu: 500m 50 | memory: 1024Mi 51 | limits: 52 | cpu: 600m 53 | memory: 1252Mi 54 | 55 | readinessProbe: 56 | httpGet: 57 | path: / 58 | port: 8080 59 | initialDelaySeconds: 30 60 | periodSeconds: 10 61 | failureThreshold: 3 62 | 63 | livenessProbe: 64 | httpGet: 65 | path: / 66 | port: 8080 67 | initialDelaySeconds: 30 68 | periodSeconds: 10 69 | failureThreshold: 3 70 | 71 | # livenessProbe: 72 | # exec: 73 | # command: 74 | # - cat 75 | # - /tmp/healthy 76 | # initialDelaySeconds: 15 77 | # periodSeconds: 10 78 | # livenessProbe: 79 | # tcpSocket: 80 | # port: 8080 81 | # initialDelaySeconds: 15 82 | # periodSeconds: 10 83 | 84 | # hostNetwork: true 85 | # dnsPolicy: Default 86 | 87 | nodeSelector: {} 88 | 89 | tolerations: [] 90 | 91 | affinity: {} 92 | 93 | configmap: 94 | enabled: false 95 | 96 | secret: 97 | enabled: false 98 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | 2 | SHELL_DIR=$(dirname $0) 3 | 4 | . ${SHELL_DIR}/common.sh 5 | . ${SHELL_DIR}/default.sh 6 | 7 | ################################################################################ 8 | 9 | prepare() { 10 | logo 11 | 12 | mkdir -p ~/.ssh 13 | mkdir -p ~/.aws 14 | 15 | NEED_TOOL= 16 | command -v jq > /dev/null || export NEED_TOOL=jq 17 | command -v git > /dev/null || export NEED_TOOL=git 18 | command -v aws > /dev/null || export NEED_TOOL=awscli 19 | command -v kubectl > /dev/null || export NEED_TOOL=kubectl 20 | command -v kops > /dev/null || export NEED_TOOL=kops 21 | command -v helm > /dev/null || export NEED_TOOL=helm 22 | 23 | if [ ! -z ${NEED_TOOL} ]; then 24 | question "Do you want to install the required tools? (awscli,kubectl,kops,helm...) [Y/n] : " 25 | 26 | if [ "${ANSWER:-Y}" == "Y" ]; then 27 | ${SHELL_DIR}/tools.sh 28 | else 29 | _error "Need install tools." 30 | fi 31 | fi 32 | 33 | REGION="$(aws configure get default.region)" 34 | } 35 | 36 | usage() { 37 | cat < ${JOB_LIST} 23 | 24 | while read JOB; do 25 | mkdir -p ${TMP_DIR}/${JOB} 26 | 27 | ORIGIN=${SHELL_DIR}/jobs/${JOB}/Jenkinsfile 28 | 29 | TARGET=${TMP_DIR}/${JOB}/Jenkinsfile 30 | CONFIG=${TMP_DIR}/${JOB}/config.xml 31 | 32 | # Jenkinsfile 33 | if [ -f ${ORIGIN} ]; then 34 | cp -rf ${ORIGIN} ${TARGET} 35 | _replace "s/\"/\"/g" ${TARGET} 36 | _replace "s//\>/g" ${TARGET} 38 | else 39 | touch ${TARGET} 40 | fi 41 | 42 | # Jenkinsfile >> config.xml 43 | while read LINE; do 44 | if [ "${LINE}" == "REPLACE" ]; then 45 | cat ${TARGET} >> ${CONFIG} 46 | else 47 | echo "${LINE}" >> ${CONFIG} 48 | fi 49 | done < ${SHELL_DIR}/jobs/${JOB}/config.xml 50 | done < ${JOB_LIST} 51 | 52 | # config.yaml >> jenkins.yaml 53 | POS=$(grep -n "jenkins-jobs -- start" ${CHART} | cut -d':' -f1) 54 | 55 | sed "${POS}q" ${CHART} >> ${CHART_TMP} 56 | 57 | echo 58 | echo " Jobs:" >> ${CHART_TMP} 59 | 60 | while read JOB; do 61 | echo "> ${JOB}" 62 | echo " ${JOB}: |-" >> ${CHART_TMP} 63 | 64 | sed -e "s/^/ /" ${TMP_DIR}/${JOB}/config.xml >> ${CHART_TMP} 65 | done < ${JOB_LIST} 66 | 67 | sed "1,${POS}d" ${CHART} >> ${CHART_TMP} 68 | 69 | # done 70 | cp -rf ${CHART_TMP} ${CHART} 71 | -------------------------------------------------------------------------------- /templates/jenkins/sample.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | REPOSITORY_URL 11 | 12 | https://github.com/nalbam/sample-web.git 13 | 14 | 15 | BRANCH_NAME 16 | 17 | master 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 2 28 | 29 | 30 | $REPOSITORY_URL 31 | 32 | 33 | 34 | 35 | $BRANCH_NAME 36 | 37 | 38 | false 39 | 40 | 41 | 42 | Jenkinsfile 43 | false 44 | 45 | 46 | false 47 | 48 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/build-web/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | def IMAGE_NAME = "${SERVICE_GROUP}-${SERVICE_NAME}" 5 | properties([ 6 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 7 | ]) 8 | podTemplate(label: label, containers: [ 9 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true) 10 | ], volumes: [ 11 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 12 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 13 | ]) { 14 | node(label) { 15 | stage("Prepare") { 16 | container("builder") { 17 | butler.prepare(IMAGE_NAME) 18 | } 19 | } 20 | stage("Checkout") { 21 | container("builder") { 22 | try { 23 | if (REPOSITORY_SECRET) { 24 | git(url: REPOSITORY_URL, branch: BRANCH_NAME, credentialsId: REPOSITORY_SECRET) 25 | } else { 26 | git(url: REPOSITORY_URL, branch: BRANCH_NAME) 27 | } 28 | } catch (e) { 29 | butler.failure(SLACK_TOKEN, "Checkout") 30 | throw e 31 | } 32 | } 33 | } 34 | stage("Build Image") { 35 | parallel( 36 | "Build Docker": { 37 | container("builder") { 38 | try { 39 | butler.build_image() 40 | } catch (e) { 41 | butler.failure(SLACK_TOKEN, "Build Docker") 42 | throw e 43 | } 44 | } 45 | }, 46 | "Build Charts": { 47 | container("builder") { 48 | try { 49 | butler.build_chart() 50 | } catch (e) { 51 | butler.failure(SLACK_TOKEN, "Build Charts") 52 | throw e 53 | } 54 | } 55 | } 56 | ) 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /charts/devops/jenkins.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/jenkins 2 | # chart-version: 0.28.10 3 | # chart-ingress: true 4 | # chart-pvc: jenkins ReadWriteOnce 8Gi 5 | 6 | # nameOverride: jenkins 7 | 8 | rbac: 9 | install: true 10 | 11 | Master: 12 | AdminUser: admin 13 | AdminPassword: PASSWORD 14 | resources: 15 | requests: 16 | cpu: 250m 17 | memory: 3Gi 18 | limits: 19 | cpu: 1000m 20 | memory: 4Gi 21 | # PodAnnotations: 22 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 23 | JavaOpts: "-Dorg.apache.commons.jelly.tags.fmt.timeZone=Asia/Seoul" 24 | ServiceType: SERVICE_TYPE 25 | HostName: INGRESS_DOMAIN 26 | Ingress: 27 | Annotations: 28 | kubernetes.io/ingress.class: nginx 29 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 30 | InstallPlugins: 31 | # https://github.com/helm/charts/blob/master/stable/jenkins/values.yaml 32 | - kubernetes:latest 33 | - workflow-job:latest 34 | - workflow-aggregator:latest 35 | - credentials-binding:latest 36 | # https://plugins.jenkins.io/blueocean 37 | - blueocean:latest 38 | # https://plugins.jenkins.io/kubernetes-credentials-provider 39 | - kubernetes-credentials-provider:latest 40 | # https://plugins.jenkins.io/pipeline-github-lib 41 | - pipeline-github-lib:latest 42 | # https://plugins.jenkins.io/active-directory 43 | - active-directory:latest 44 | # https://plugins.jenkins.io/role-strategy 45 | - role-strategy:latest 46 | # https://plugins.jenkins.io/ldap 47 | - ldap:latest 48 | # https://plugins.jenkins.io/google-login 49 | - google-login:latest 50 | # -- jenkins-jobs -- start -- see: jenkins/jobs.sh # 51 | # -- jenkins-jobs -- end -- # 52 | 53 | # Agent: 54 | # Enabled: true 55 | # Image: quay.io/nalbam/jnlp-slave 56 | # ImageTag: latest 57 | # AlwaysPullImage: true 58 | 59 | Persistence: 60 | Enabled: true 61 | AccessMode: ReadWriteOnce 62 | Size: 8Gi 63 | #:EFS:StorageClass: "efs" 64 | ExistingClaim: jenkins 65 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/image-remove/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER 11 | 12 | dev 13 | 14 | 15 | NAMESPACE 16 | 17 | prod 18 | 19 | 20 | SERVICE_GROUP 21 | 22 | sample 23 | 24 | 25 | SERVICE_NAME 26 | 27 | node 28 | 29 | 30 | SLACK_TOKEN 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 44 | true 45 | 46 | 47 | false 48 | 49 | -------------------------------------------------------------------------------- /custom/sample-node/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | profile: default 4 | 5 | namespace: development 6 | 7 | image: 8 | repository: docker-registry.127.0.0.1.nip.io:30500/sample-node 9 | tag: latest 10 | pullPolicy: Always 11 | 12 | labels: {} 13 | annotations: {} 14 | 15 | pod: 16 | labels: {} 17 | annotations: {} 18 | 19 | pdb: {} 20 | 21 | service: 22 | type: ClusterIP 23 | externalPort: 80 24 | internalPort: 3000 25 | annotations: {} 26 | labels: {} 27 | 28 | ingress: 29 | enabled: true 30 | subdomain: sample-node 31 | basedomain: 127.0.0.1.nip.io 32 | hosts: {} 33 | # hosts: 34 | # - sample-node.opsnow.com 35 | annotations: 36 | kubernetes.io/ingress.class: nginx 37 | # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 38 | labels: {} 39 | 40 | autoscaling: 41 | enabled: true 42 | min: 1 43 | max: 5 44 | cpu: 80 45 | mem: 80 46 | 47 | resources: 48 | requests: 49 | cpu: 100m 50 | memory: 128Mi 51 | limits: 52 | cpu: 120m 53 | memory: 153Mi 54 | 55 | readinessProbe: 56 | httpGet: 57 | path: / 58 | port: 3000 59 | initialDelaySeconds: 3 60 | periodSeconds: 10 61 | failureThreshold: 3 62 | 63 | livenessProbe: 64 | httpGet: 65 | path: / 66 | port: 3000 67 | initialDelaySeconds: 3 68 | periodSeconds: 10 69 | failureThreshold: 3 70 | 71 | # readinessProbe: 72 | # exec: 73 | # command: 74 | # - sh 75 | # - -c 76 | # - ps aux | grep -v grep | grep node 77 | # initialDelaySeconds: 3 78 | # periodSeconds: 10 79 | # livenessProbe: 80 | # exec: 81 | # command: 82 | # - cat 83 | # - /tmp/healthy 84 | # initialDelaySeconds: 3 85 | # periodSeconds: 10 86 | # livenessProbe: 87 | # tcpSocket: 88 | # port: 3000 89 | # initialDelaySeconds: 3 90 | # periodSeconds: 10 91 | 92 | # hostNetwork: true 93 | # dnsPolicy: Default 94 | 95 | nodeSelector: {} 96 | 97 | tolerations: [] 98 | 99 | affinity: {} 100 | 101 | configmap: 102 | enabled: false 103 | 104 | secret: 105 | enabled: false 106 | -------------------------------------------------------------------------------- /custom/sample-web/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | 3 | profile: default 4 | 5 | namespace: development 6 | 7 | image: 8 | repository: docker-registry.127.0.0.1.nip.io:30500/sample-web 9 | tag: latest 10 | pullPolicy: Always 11 | 12 | labels: {} 13 | annotations: {} 14 | 15 | pod: 16 | labels: {} 17 | annotations: {} 18 | 19 | pdb: {} 20 | 21 | service: 22 | type: ClusterIP 23 | externalPort: 80 24 | internalPort: 80 25 | annotations: {} 26 | labels: {} 27 | 28 | ingress: 29 | enabled: true 30 | subdomain: sample-web 31 | basedomain: 127.0.0.1.nip.io 32 | hosts: {} 33 | # hosts: 34 | # - sample-web.opsnow.com 35 | annotations: 36 | kubernetes.io/ingress.class: nginx 37 | # nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 38 | labels: {} 39 | 40 | ingress-istio: 41 | enabled: true 42 | subdomain: sample-web 43 | basedomain: 127.0.0.1.nip.io 44 | hosts: {} 45 | # hosts: 46 | # - sample-web.opsnow.com 47 | annotations: 48 | kubernetes.io/ingress.class: istio 49 | labels: {} 50 | 51 | autoscaling: 52 | enabled: true 53 | min: 1 54 | max: 5 55 | cpu: 80 56 | mem: 80 57 | 58 | resources: 59 | requests: 60 | cpu: 100m 61 | memory: 128Mi 62 | limits: 63 | cpu: 120m 64 | memory: 153Mi 65 | 66 | readinessProbe: 67 | httpGet: 68 | path: / 69 | port: 80 70 | initialDelaySeconds: 3 71 | periodSeconds: 10 72 | failureThreshold: 3 73 | 74 | livenessProbe: 75 | httpGet: 76 | path: / 77 | port: 80 78 | initialDelaySeconds: 3 79 | periodSeconds: 10 80 | failureThreshold: 3 81 | 82 | # livenessProbe: 83 | # exec: 84 | # command: 85 | # - cat 86 | # - /tmp/healthy 87 | # initialDelaySeconds: 3 88 | # periodSeconds: 10 89 | # livenessProbe: 90 | # tcpSocket: 91 | # port: 80 92 | # initialDelaySeconds: 3 93 | # periodSeconds: 10 94 | 95 | # hostNetwork: true 96 | # dnsPolicy: Default 97 | 98 | nodeSelector: {} 99 | 100 | tolerations: [] 101 | 102 | affinity: {} 103 | 104 | configmap: 105 | enabled: false 106 | 107 | secret: 108 | enabled: false 109 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/image-rollback/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER 11 | 12 | dev 13 | 14 | 15 | NAMESPACE 16 | 17 | prod 18 | 19 | 20 | SERVICE_GROUP 21 | 22 | sample 23 | 24 | 25 | SERVICE_NAME 26 | 27 | node 28 | 29 | 30 | REVISION 31 | 32 | 0 33 | 34 | 35 | SLACK_TOKEN 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 49 | true 50 | 51 | 52 | false 53 | 54 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/build-web/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | REPOSITORY_URL 11 | 12 | https://github.com/nalbam/sample-web.git 13 | 14 | 15 | REPOSITORY_SECRET 16 | 17 | 18 | 19 | 20 | BRANCH_NAME 21 | 22 | master 23 | 24 | 25 | SERVICE_GROUP 26 | 27 | sample 28 | 29 | 30 | SERVICE_NAME 31 | 32 | web 33 | 34 | 35 | SLACK_TOKEN 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 49 | true 50 | 51 | 52 | false 53 | 54 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/build-mvn/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | REPOSITORY_URL 11 | 12 | https://github.com/nalbam/sample-spring.git 13 | 14 | 15 | REPOSITORY_SECRET 16 | 17 | 18 | 19 | 20 | BRANCH_NAME 21 | 22 | master 23 | 24 | 25 | SERVICE_GROUP 26 | 27 | sample 28 | 29 | 30 | SERVICE_NAME 31 | 32 | spring 33 | 34 | 35 | SLACK_TOKEN 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 49 | true 50 | 51 | 52 | false 53 | 54 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/build-npm/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | REPOSITORY_URL 11 | 12 | https://github.com/nalbam/sample-node.git 13 | 14 | 15 | REPOSITORY_SECRET 16 | 17 | 18 | 19 | 20 | BRANCH_NAME 21 | 22 | master 23 | 24 | 25 | SERVICE_GROUP 26 | 27 | sample 28 | 29 | 30 | SERVICE_NAME 31 | 32 | node 33 | 34 | 35 | SLACK_TOKEN 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 49 | true 50 | 51 | 52 | false 53 | 54 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/build-command/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | REPOSITORY_URL 11 | 12 | https://github.com/nalbam/sample-web.git 13 | 14 | 15 | REPOSITORY_SECRET 16 | 17 | 18 | 19 | 20 | BRANCH_NAME 21 | 22 | master 23 | 24 | 25 | SERVICE_GROUP 26 | 27 | sample 28 | 29 | 30 | SERVICE_NAME 31 | 32 | web 33 | 34 | 35 | COMMAND 36 | 37 | ls -al 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 49 | true 50 | 51 | 52 | false 53 | 54 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/build-npm/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | def IMAGE_NAME = "${SERVICE_GROUP}-${SERVICE_NAME}" 5 | properties([ 6 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 7 | ]) 8 | podTemplate(label: label, containers: [ 9 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true), 10 | containerTemplate(name: "node", image: "node:10", command: "cat", ttyEnabled: true) 11 | ], volumes: [ 12 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 13 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 14 | ]) { 15 | node(label) { 16 | stage("Prepare") { 17 | container("builder") { 18 | butler.prepare(IMAGE_NAME) 19 | } 20 | } 21 | stage("Checkout") { 22 | container("builder") { 23 | try { 24 | if (REPOSITORY_SECRET) { 25 | git(url: REPOSITORY_URL, branch: BRANCH_NAME, credentialsId: REPOSITORY_SECRET) 26 | } else { 27 | git(url: REPOSITORY_URL, branch: BRANCH_NAME) 28 | } 29 | } catch (e) { 30 | butler.failure(SLACK_TOKEN, "Checkout") 31 | throw e 32 | } 33 | butler.scan("nodejs") 34 | } 35 | } 36 | stage("Build") { 37 | container("node") { 38 | try { 39 | butler.npm_build() 40 | butler.success(SLACK_TOKEN, "Build") 41 | } catch (e) { 42 | butler.failure(SLACK_TOKEN, "Build") 43 | throw e 44 | } 45 | } 46 | } 47 | stage("Tests") { 48 | container("node") { 49 | try { 50 | butler.npm_test() 51 | } catch (e) { 52 | butler.failure(SLACK_TOKEN, "Tests") 53 | throw e 54 | } 55 | } 56 | } 57 | stage("Build Image") { 58 | parallel( 59 | "Build Docker": { 60 | container("builder") { 61 | try { 62 | butler.build_image() 63 | } catch (e) { 64 | butler.failure(SLACK_TOKEN, "Build Docker") 65 | throw e 66 | } 67 | } 68 | }, 69 | "Build Charts": { 70 | container("builder") { 71 | try { 72 | butler.build_chart() 73 | } catch (e) { 74 | butler.failure(SLACK_TOKEN, "Build Charts") 75 | throw e 76 | } 77 | } 78 | } 79 | ) 80 | } 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /charts/monitor/grafana.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/grafana 2 | # chart-version: 3.5.10 3 | # chart-ingress: true 4 | # chart-pvc: grafana ReadWriteOnce 5Gi 5 | # chart-pdb: N 1 6 | 7 | nameOverride: grafana 8 | 9 | adminUser: admin 10 | adminPassword: PASSWORD 11 | 12 | # podAnnotations: 13 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 14 | 15 | service: 16 | type: SERVICE_TYPE 17 | 18 | ingress: 19 | enabled: INGRESS_ENABLED 20 | annotations: 21 | kubernetes.io/ingress.class: nginx 22 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 23 | hosts: 24 | - INGRESS_DOMAIN 25 | 26 | env: 27 | GF_SERVER_ROOT_URL: https://INGRESS_DOMAIN 28 | #:G_AUTH: GF_AUTH_GOOGLE_ENABLED: true 29 | #:G_AUTH: GF_AUTH_GOOGLE_CLIENT_ID: "G_CLIENT_ID" 30 | #:G_AUTH: GF_AUTH_GOOGLE_CLIENT_SECRET: "G_CLIENT_SECRET" 31 | #:G_AUTH: GF_AUTH_GOOGLE_ALLOWED_DOMAINS: "G_ALLOWED_DOMAINS" 32 | 33 | # extraSecretMounts: 34 | # - name: grafana-custom 35 | # mountPath: /usr/share/grafana/conf/custom.ini 36 | # secretName: grafana-custom 37 | # readOnly: true 38 | 39 | #:LDAP:grafana.ini: 40 | #:LDAP: auth.ldap: 41 | #:LDAP: enabled: true 42 | #:LDAP: allow_sign_up: true 43 | #:LDAP: config_file: /etc/grafana/ldap.toml 44 | 45 | #:LDAP:ldap: 46 | #:LDAP: existingSecret: "GRAFANA_LDAP" 47 | 48 | persistence: 49 | enabled: true 50 | accessModes: 51 | - ReadWriteOnce 52 | size: 5Gi 53 | #:EFS:storageClassName: "efs" 54 | existingClaim: grafana 55 | 56 | datasources: 57 | datasources.yaml: 58 | apiVersion: 1 59 | datasources: 60 | - name: Prometheus 61 | type: prometheus 62 | url: http://prometheus-server 63 | access: proxy 64 | isDefault: true 65 | 66 | dashboardProviders: 67 | dashboardproviders.yaml: 68 | apiVersion: 1 69 | providers: 70 | - name: "default" 71 | orgId: 1 72 | folder: "" 73 | type: file 74 | disableDeletion: false 75 | editable: true 76 | options: 77 | path: /var/lib/grafana/dashboards/default 78 | 79 | dashboards: 80 | default: 81 | kube-cluster: 82 | # https://grafana.com/dashboards/10512 83 | gnetId: 10512 84 | revision: 1 85 | datasource: Prometheus 86 | kube-deployment: 87 | # https://grafana.com/dashboards/10515 88 | gnetId: 10515 89 | revision: 1 90 | datasource: Prometheus 91 | nginx-ingress: 92 | # url: https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/grafana/dashboards/nginx.json 93 | # https://grafana.com/dashboards/10516 94 | gnetId: 10516 95 | revision: 1 96 | datasource: Prometheus 97 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/run-pipeline/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | REPOSITORY_URL 11 | 12 | https://github.com/nalbam/sample-spring.git 13 | 14 | 15 | REPOSITORY_SECRET 16 | 17 | 18 | 19 | 20 | BRANCH_NAME 21 | 22 | master 23 | 24 | 25 | SERVICE_GROUP 26 | 27 | sample 28 | 29 | 30 | SERVICE_NAME 31 | 32 | spring 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 2 43 | 44 | 45 | $REPOSITORY_URL 46 | 47 | 48 | 49 | 50 | $BRANCH_NAME 51 | 52 | 53 | false 54 | 55 | 56 | 57 | Jenkinsfile 58 | false 59 | 60 | 61 | false 62 | 63 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/image-deploy/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | CLUSTER 11 | 12 | dev 13 | 14 | 15 | NAMESPACE 16 | 17 | stage 18 | 19 | 20 | SERVICE_GROUP 21 | 22 | sample 23 | 24 | 25 | SERVICE_NAME 26 | 27 | node 28 | 29 | 30 | VERSION 31 | 32 | latest 33 | 34 | 35 | SUB_DOMAIN 36 | 37 | sample-node-stage 38 | 39 | 40 | PROFILE 41 | 42 | stage 43 | 44 | 45 | SLACK_TOKEN 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 59 | true 60 | 61 | 62 | false 63 | 64 | -------------------------------------------------------------------------------- /custom/sample-web/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | replicas: {{ .Values.replicaCount }} 20 | selector: 21 | matchLabels: 22 | app: {{ include "fullname" . }} 23 | # app.kubernetes.io/instance: {{ .Release.Name }} 24 | # app.kubernetes.io/name: {{ include "fullname" . }} 25 | template: 26 | metadata: 27 | labels: 28 | app: {{ include "fullname" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | app.kubernetes.io/managed-by: {{ .Release.Service }} 31 | app.kubernetes.io/name: {{ include "fullname" . }} 32 | version: stable 33 | {{- with .Values.pod.labels }} 34 | {{ toYaml . | indent 8 }} 35 | {{- end }} 36 | annotations: 37 | buildID: {{ .Values.buildID }} 38 | {{- with .Values.pod.annotations }} 39 | {{ toYaml . | indent 8 }} 40 | {{- end }} 41 | spec: 42 | containers: 43 | - name: {{ .Chart.Name }} 44 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 45 | imagePullPolicy: {{ .Values.image.pullPolicy }} 46 | ports: 47 | - containerPort: {{ .Values.service.internalPort }} 48 | {{ if .Values.hostNetwork }} 49 | hostNetwork: {{ .Values.hostNetwork }} 50 | {{ end }} 51 | {{ if .Values.dnsPolicy }} 52 | dnsPolicy: {{ .Values.dnsPolicy }} 53 | {{ end }} 54 | resources: 55 | {{ toYaml .Values.resources | indent 10 }} 56 | readinessProbe: 57 | {{ toYaml .Values.readinessProbe | indent 10 }} 58 | livenessProbe: 59 | {{ toYaml .Values.livenessProbe | indent 10 }} 60 | env: 61 | - name: PROFILE 62 | value: {{ .Values.profile }} 63 | - name: NAMESPACE 64 | value: {{ .Values.namespace }} 65 | {{ if or .Values.configmap.enabled .Values.secret.enabled }} 66 | envFrom: 67 | {{ end }} 68 | {{ if .Values.configmap.enabled }} 69 | - configMapRef: 70 | name: {{ include "fullname" . }} 71 | {{ end }} 72 | {{ if .Values.secret.enabled }} 73 | - secretRef: 74 | name: {{ include "fullname" . }} 75 | {{ end }} 76 | {{- with .Values.nodeSelector }} 77 | nodeSelector: 78 | {{ toYaml . | nindent 8 }} 79 | {{- end }} 80 | {{- with .Values.affinity }} 81 | affinity: 82 | {{ toYaml . | nindent 8 }} 83 | {{- end }} 84 | {{- with .Values.tolerations }} 85 | tolerations: 86 | {{ toYaml . | nindent 8 }} 87 | {{- end }} 88 | -------------------------------------------------------------------------------- /custom/sample-node/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | replicas: {{ .Values.replicaCount }} 20 | selector: 21 | matchLabels: 22 | app: {{ include "fullname" . }} 23 | # app.kubernetes.io/instance: {{ .Release.Name }} 24 | # app.kubernetes.io/name: {{ include "fullname" . }} 25 | template: 26 | metadata: 27 | labels: 28 | app: {{ include "fullname" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | app.kubernetes.io/managed-by: {{ .Release.Service }} 31 | app.kubernetes.io/name: {{ include "fullname" . }} 32 | version: stable 33 | {{- with .Values.pod.labels }} 34 | {{ toYaml . | indent 8 }} 35 | {{- end }} 36 | annotations: 37 | buildID: {{ .Values.buildID }} 38 | {{- with .Values.pod.annotations }} 39 | {{ toYaml . | indent 8 }} 40 | {{- end }} 41 | spec: 42 | containers: 43 | - name: {{ .Chart.Name }} 44 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 45 | imagePullPolicy: {{ .Values.image.pullPolicy }} 46 | ports: 47 | - containerPort: {{ .Values.service.internalPort }} 48 | {{ if .Values.hostNetwork }} 49 | hostNetwork: {{ .Values.hostNetwork }} 50 | {{ end }} 51 | {{ if .Values.dnsPolicy }} 52 | dnsPolicy: {{ .Values.dnsPolicy }} 53 | {{ end }} 54 | resources: 55 | {{ toYaml .Values.resources | indent 10 }} 56 | readinessProbe: 57 | {{ toYaml .Values.readinessProbe | indent 10 }} 58 | livenessProbe: 59 | {{ toYaml .Values.livenessProbe | indent 10 }} 60 | env: 61 | - name: PROFILE 62 | value: {{ .Values.profile }} 63 | - name: NAMESPACE 64 | value: {{ .Values.namespace }} 65 | {{ if or .Values.configmap.enabled .Values.secret.enabled }} 66 | envFrom: 67 | {{ end }} 68 | {{ if .Values.configmap.enabled }} 69 | - configMapRef: 70 | name: {{ include "fullname" . }} 71 | {{ end }} 72 | {{ if .Values.secret.enabled }} 73 | - secretRef: 74 | name: {{ include "fullname" . }} 75 | {{ end }} 76 | {{- with .Values.nodeSelector }} 77 | nodeSelector: 78 | {{ toYaml . | nindent 8 }} 79 | {{- end }} 80 | {{- with .Values.affinity }} 81 | affinity: 82 | {{ toYaml . | nindent 8 }} 83 | {{- end }} 84 | {{- with .Values.tolerations }} 85 | tolerations: 86 | {{ toYaml . | nindent 8 }} 87 | {{- end }} 88 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | replicas: {{ .Values.replicaCount }} 20 | selector: 21 | matchLabels: 22 | app: {{ include "fullname" . }} 23 | # app.kubernetes.io/instance: {{ .Release.Name }} 24 | # app.kubernetes.io/name: {{ include "fullname" . }} 25 | template: 26 | metadata: 27 | labels: 28 | app: {{ include "fullname" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | app.kubernetes.io/managed-by: {{ .Release.Service }} 31 | app.kubernetes.io/name: {{ include "fullname" . }} 32 | version: stable 33 | {{- with .Values.pod.labels }} 34 | {{ toYaml . | indent 8 }} 35 | {{- end }} 36 | annotations: 37 | buildID: {{ .Values.buildID }} 38 | {{- with .Values.pod.annotations }} 39 | {{ toYaml . | indent 8 }} 40 | {{- end }} 41 | spec: 42 | containers: 43 | - name: {{ .Chart.Name }} 44 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 45 | imagePullPolicy: {{ .Values.image.pullPolicy }} 46 | ports: 47 | - containerPort: {{ .Values.service.internalPort }} 48 | {{ if .Values.hostNetwork }} 49 | hostNetwork: {{ .Values.hostNetwork }} 50 | {{ end }} 51 | {{ if .Values.dnsPolicy }} 52 | dnsPolicy: {{ .Values.dnsPolicy }} 53 | {{ end }} 54 | resources: 55 | {{ toYaml .Values.resources | indent 10 }} 56 | readinessProbe: 57 | {{ toYaml .Values.readinessProbe | indent 10 }} 58 | livenessProbe: 59 | {{ toYaml .Values.livenessProbe | indent 10 }} 60 | env: 61 | - name: PROFILE 62 | value: {{ .Values.profile }} 63 | - name: NAMESPACE 64 | value: {{ .Values.namespace }} 65 | {{ if or .Values.configmap.enabled .Values.secret.enabled }} 66 | envFrom: 67 | {{ end }} 68 | {{ if .Values.configmap.enabled }} 69 | - configMapRef: 70 | name: {{ include "fullname" . }} 71 | {{ end }} 72 | {{ if .Values.secret.enabled }} 73 | - secretRef: 74 | name: {{ include "fullname" . }} 75 | {{ end }} 76 | {{- with .Values.nodeSelector }} 77 | nodeSelector: 78 | {{ toYaml . | nindent 8 }} 79 | {{- end }} 80 | {{- with .Values.affinity }} 81 | affinity: 82 | {{ toYaml . | nindent 8 }} 83 | {{- end }} 84 | {{- with .Values.tolerations }} 85 | tolerations: 86 | {{ toYaml . | nindent 8 }} 87 | {{- end }} 88 | -------------------------------------------------------------------------------- /custom/sample-tomcat/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | replicas: {{ .Values.replicaCount }} 20 | selector: 21 | matchLabels: 22 | app: {{ include "fullname" . }} 23 | # app.kubernetes.io/instance: {{ .Release.Name }} 24 | # app.kubernetes.io/name: {{ include "fullname" . }} 25 | template: 26 | metadata: 27 | labels: 28 | app: {{ include "fullname" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | app.kubernetes.io/managed-by: {{ .Release.Service }} 31 | app.kubernetes.io/name: {{ include "fullname" . }} 32 | version: stable 33 | {{- with .Values.pod.labels }} 34 | {{ toYaml . | indent 8 }} 35 | {{- end }} 36 | annotations: 37 | buildID: {{ .Values.buildID }} 38 | {{- with .Values.pod.annotations }} 39 | {{ toYaml . | indent 8 }} 40 | {{- end }} 41 | spec: 42 | containers: 43 | - name: {{ .Chart.Name }} 44 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 45 | imagePullPolicy: {{ .Values.image.pullPolicy }} 46 | ports: 47 | - containerPort: {{ .Values.service.internalPort }} 48 | {{ if .Values.hostNetwork }} 49 | hostNetwork: {{ .Values.hostNetwork }} 50 | {{ end }} 51 | {{ if .Values.dnsPolicy }} 52 | dnsPolicy: {{ .Values.dnsPolicy }} 53 | {{ end }} 54 | resources: 55 | {{ toYaml .Values.resources | indent 10 }} 56 | readinessProbe: 57 | {{ toYaml .Values.readinessProbe | indent 10 }} 58 | livenessProbe: 59 | {{ toYaml .Values.livenessProbe | indent 10 }} 60 | env: 61 | - name: PROFILE 62 | value: {{ .Values.profile }} 63 | - name: NAMESPACE 64 | value: {{ .Values.namespace }} 65 | {{ if or .Values.configmap.enabled .Values.secret.enabled }} 66 | envFrom: 67 | {{ end }} 68 | {{ if .Values.configmap.enabled }} 69 | - configMapRef: 70 | name: {{ include "fullname" . }} 71 | {{ end }} 72 | {{ if .Values.secret.enabled }} 73 | - secretRef: 74 | name: {{ include "fullname" . }} 75 | {{ end }} 76 | {{- with .Values.nodeSelector }} 77 | nodeSelector: 78 | {{ toYaml . | nindent 8 }} 79 | {{- end }} 80 | {{- with .Values.affinity }} 81 | affinity: 82 | {{ toYaml . | nindent 8 }} 83 | {{- end }} 84 | {{- with .Values.tolerations }} 85 | tolerations: 86 | {{ toYaml . | nindent 8 }} 87 | {{- end }} 88 | -------------------------------------------------------------------------------- /custom/sample-webpack/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "fullname" . }} 5 | labels: 6 | app: {{ include "fullname" . }} 7 | app.kubernetes.io/instance: {{ .Release.Name }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service }} 9 | app.kubernetes.io/name: {{ include "fullname" . }} 10 | helm.sh/chart: {{ include "chart" . }} 11 | {{- with .Values.labels }} 12 | {{ toYaml . | indent 4 }} 13 | {{- end }} 14 | {{- with .Values.annotations }} 15 | annotations: 16 | {{ toYaml . | indent 4 }} 17 | {{- end }} 18 | spec: 19 | replicas: {{ .Values.replicaCount }} 20 | selector: 21 | matchLabels: 22 | app: {{ include "fullname" . }} 23 | # app.kubernetes.io/instance: {{ .Release.Name }} 24 | # app.kubernetes.io/name: {{ include "fullname" . }} 25 | template: 26 | metadata: 27 | labels: 28 | app: {{ include "fullname" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | app.kubernetes.io/managed-by: {{ .Release.Service }} 31 | app.kubernetes.io/name: {{ include "fullname" . }} 32 | version: stable 33 | {{- with .Values.pod.labels }} 34 | {{ toYaml . | indent 8 }} 35 | {{- end }} 36 | annotations: 37 | buildID: {{ .Values.buildID }} 38 | {{- with .Values.pod.annotations }} 39 | {{ toYaml . | indent 8 }} 40 | {{- end }} 41 | spec: 42 | containers: 43 | - name: {{ .Chart.Name }} 44 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 45 | imagePullPolicy: {{ .Values.image.pullPolicy }} 46 | ports: 47 | - containerPort: {{ .Values.service.internalPort }} 48 | {{ if .Values.hostNetwork }} 49 | hostNetwork: {{ .Values.hostNetwork }} 50 | {{ end }} 51 | {{ if .Values.dnsPolicy }} 52 | dnsPolicy: {{ .Values.dnsPolicy }} 53 | {{ end }} 54 | resources: 55 | {{ toYaml .Values.resources | indent 10 }} 56 | readinessProbe: 57 | {{ toYaml .Values.readinessProbe | indent 10 }} 58 | livenessProbe: 59 | {{ toYaml .Values.livenessProbe | indent 10 }} 60 | env: 61 | - name: PROFILE 62 | value: {{ .Values.profile }} 63 | - name: NAMESPACE 64 | value: {{ .Values.namespace }} 65 | {{ if or .Values.configmap.enabled .Values.secret.enabled }} 66 | envFrom: 67 | {{ end }} 68 | {{ if .Values.configmap.enabled }} 69 | - configMapRef: 70 | name: {{ include "fullname" . }} 71 | {{ end }} 72 | {{ if .Values.secret.enabled }} 73 | - secretRef: 74 | name: {{ include "fullname" . }} 75 | {{ end }} 76 | {{- with .Values.nodeSelector }} 77 | nodeSelector: 78 | {{ toYaml . | nindent 8 }} 79 | {{- end }} 80 | {{- with .Values.affinity }} 81 | affinity: 82 | {{ toYaml . | nindent 8 }} 83 | {{- end }} 84 | {{- with .Values.tolerations }} 85 | tolerations: 86 | {{ toYaml . | nindent 8 }} 87 | {{- end }} 88 | -------------------------------------------------------------------------------- /custom/sample-spring/templates/deployment-canary.yaml: -------------------------------------------------------------------------------- 1 | {{ if and (not (empty .Values.istio)) (not (empty .Values.canary)) }} 2 | {{ if and (.Values.istio.enabled) (.Values.canary.enabled) }} 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: {{ include "fullname" . }}-canary 7 | labels: 8 | app: {{ include "fullname" . }}-canary 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | app.kubernetes.io/name: {{ include "fullname" . }}-canary 12 | helm.sh/chart: {{ include "chart" . }} 13 | {{- with .Values.labels }} 14 | {{ toYaml . | indent 4 }} 15 | {{- end }} 16 | {{- with .Values.annotations }} 17 | annotations: 18 | {{ toYaml . | indent 4 }} 19 | {{- end }} 20 | spec: 21 | replicas: 1 22 | selector: 23 | matchLabels: 24 | app: {{ include "fullname" . }}-canary 25 | # app.kubernetes.io/instance: {{ .Release.Name }} 26 | # app.kubernetes.io/name: {{ include "fullname" . }}-canary 27 | template: 28 | metadata: 29 | labels: 30 | app: {{ include "fullname" . }}-canary 31 | app.kubernetes.io/instance: {{ .Release.Name }} 32 | app.kubernetes.io/managed-by: {{ .Release.Service }} 33 | app.kubernetes.io/name: {{ include "fullname" . }}-canary 34 | version: canary 35 | {{- with .Values.pod.labels }} 36 | {{ toYaml . | indent 8 }} 37 | {{- end }} 38 | annotations: 39 | buildID: {{ .Values.buildID }} 40 | {{- with .Values.pod.annotations }} 41 | {{ toYaml . | indent 8 }} 42 | {{- end }} 43 | spec: 44 | containers: 45 | - name: {{ .Chart.Name }} 46 | image: "{{ .Values.image.repository }}:{{ .Values.canary.tag }}" 47 | imagePullPolicy: {{ .Values.image.pullPolicy }} 48 | ports: 49 | - containerPort: {{ .Values.service.internalPort }} 50 | hostNetwork: true 51 | dnsPolicy: ClusterFirstWithHostNet 52 | resources: 53 | {{ toYaml .Values.resources | indent 10 }} 54 | readinessProbe: 55 | {{ toYaml .Values.readinessProbe | indent 10 }} 56 | livenessProbe: 57 | {{ toYaml .Values.livenessProbe | indent 10 }} 58 | env: 59 | - name: PROFILE 60 | value: {{ .Values.profile }} 61 | {{ if or .Values.configmap.enabled .Values.secret.enabled }} 62 | envFrom: 63 | {{ end }} 64 | {{ if .Values.configmap.enabled }} 65 | - configMapRef: 66 | name: {{ include "fullname" . }} 67 | {{ end }} 68 | {{ if .Values.secret.enabled }} 69 | - secretRef: 70 | name: {{ include "fullname" . }} 71 | {{ end }} 72 | {{- with .Values.nodeSelector }} 73 | nodeSelector: 74 | {{ toYaml . | nindent 8 }} 75 | {{- end }} 76 | {{- with .Values.affinity }} 77 | affinity: 78 | {{ toYaml . | nindent 8 }} 79 | {{- end }} 80 | {{- with .Values.tolerations }} 81 | tolerations: 82 | {{ toYaml . | nindent 8 }} 83 | {{- end }} 84 | {{ end }} 85 | {{ end }} 86 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/build-mvn/Jenkinsfile: -------------------------------------------------------------------------------- 1 | @Library("github.com/opsnow-tools/valve-butler") 2 | def butler = new com.opsnow.valve.v7.Butler() 3 | def label = "worker-${UUID.randomUUID().toString()}" 4 | def IMAGE_NAME = "${SERVICE_GROUP}-${SERVICE_NAME}" 5 | properties([ 6 | buildDiscarder(logRotator(daysToKeepStr: "60", numToKeepStr: "30")) 7 | ]) 8 | podTemplate(label: label, containers: [ 9 | containerTemplate(name: "builder", image: "opsnowtools/valve-builder:v0.2.2", command: "cat", ttyEnabled: true, alwaysPullImage: true), 10 | containerTemplate(name: "maven", image: "maven:3.5.4-jdk-8-alpine", command: "cat", ttyEnabled: true) 11 | ], volumes: [ 12 | hostPathVolume(mountPath: "/var/run/docker.sock", hostPath: "/var/run/docker.sock"), 13 | hostPathVolume(mountPath: "/home/jenkins/.helm", hostPath: "/home/jenkins/.helm") 14 | ]) { 15 | node(label) { 16 | stage("Prepare") { 17 | container("builder") { 18 | butler.prepare(IMAGE_NAME) 19 | } 20 | } 21 | stage("Checkout") { 22 | container("builder") { 23 | try { 24 | if (REPOSITORY_SECRET) { 25 | git(url: REPOSITORY_URL, branch: BRANCH_NAME, credentialsId: REPOSITORY_SECRET) 26 | } else { 27 | git(url: REPOSITORY_URL, branch: BRANCH_NAME) 28 | } 29 | } catch (e) { 30 | butler.failure(SLACK_TOKEN, "Checkout") 31 | throw e 32 | } 33 | butler.scan("java") 34 | } 35 | } 36 | stage("Build") { 37 | container("maven") { 38 | try { 39 | butler.mvn_build() 40 | butler.success(SLACK_TOKEN, "Build") 41 | } catch (e) { 42 | butler.failure(SLACK_TOKEN, "Build") 43 | throw e 44 | } 45 | } 46 | } 47 | stage("Tests") { 48 | container("maven") { 49 | try { 50 | butler.mvn_test() 51 | } catch (e) { 52 | butler.failure(SLACK_TOKEN, "Tests") 53 | throw e 54 | } 55 | } 56 | } 57 | stage("Code Analysis") { 58 | container("maven") { 59 | try { 60 | butler.mvn_sonar() 61 | } catch (e) { 62 | butler.failure(SLACK_TOKEN_DEV, "Code Analysis") 63 | throw e 64 | } 65 | } 66 | } 67 | stage("Build Image") { 68 | parallel( 69 | "Build Docker": { 70 | container("builder") { 71 | try { 72 | butler.build_image() 73 | } catch (e) { 74 | butler.failure(SLACK_TOKEN, "Build Docker") 75 | throw e 76 | } 77 | } 78 | }, 79 | "Build Charts": { 80 | container("builder") { 81 | try { 82 | butler.build_chart() 83 | } catch (e) { 84 | butler.failure(SLACK_TOKEN, "Build Charts") 85 | throw e 86 | } 87 | } 88 | } 89 | ) 90 | } 91 | } 92 | } 93 | -------------------------------------------------------------------------------- /templates/jenkins/jobs/config-apply/config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | 9 | 10 | REPOSITORY_URL 11 | 12 | https://github.com/nalbam/sample-config.git 13 | 14 | 15 | REPOSITORY_SECRET 16 | 17 | 18 | 19 | 20 | BRANCH_NAME 21 | 22 | master 23 | 24 | 25 | CLUSTER 26 | 27 | dev 28 | 29 | 30 | NAMESPACE 31 | 32 | dev 33 | 34 | 35 | SERVICE_GROUP 36 | 37 | sample 38 | 39 | 40 | SERVICE_NAME 41 | 42 | config 43 | 44 | 45 | CONFIG_TYPE 46 | 47 | secret 48 | 49 | 50 | YAML_PATH 51 | 52 | 53 | 54 | 55 | SLACK_TOKEN 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 69 | true 70 | 71 | 72 | false 73 | 74 | -------------------------------------------------------------------------------- /templates/argo/teardrop.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Workflow 3 | metadata: 4 | generateName: teardrop- 5 | spec: 6 | entrypoint: teardrop 7 | templates: 8 | - name: create-chain 9 | container: 10 | image: alpine:latest 11 | command: ["sh", "-c"] 12 | args: ["touch /tmp/message"] 13 | outputs: 14 | artifacts: 15 | - name: chain 16 | path: /tmp/message 17 | - name: whalesay 18 | inputs: 19 | parameters: 20 | - name: message 21 | artifacts: 22 | - name: chain 23 | path: /tmp/message 24 | container: 25 | image: docker/whalesay 26 | command: ["sh", "-c"] 27 | args: ["echo Chain: ; cat /tmp/message* | sort | uniq | tee /tmp/message; cowsay This is Job {{inputs.parameters.message}}! ; echo {{inputs.parameters.message}} >> /tmp/message"] 28 | outputs: 29 | artifacts: 30 | - name: chain 31 | path: /tmp/message 32 | - name: whalesay-reduce 33 | inputs: 34 | parameters: 35 | - name: message 36 | artifacts: 37 | - name: chain-0 38 | path: /tmp/message.0 39 | - name: chain-1 40 | path: /tmp/message.1 41 | container: 42 | image: docker/whalesay 43 | command: ["sh", "-c"] 44 | args: ["echo Chain: ; cat /tmp/message* | sort | uniq | tee /tmp/message; cowsay This is Job {{inputs.parameters.message}}! ; echo {{inputs.parameters.message}} >> /tmp/message"] 45 | outputs: 46 | artifacts: 47 | - name: chain 48 | path: /tmp/message 49 | - name: teardrop 50 | dag: 51 | tasks: 52 | - name: create-chain 53 | template: create-chain 54 | - name: Alpha 55 | dependencies: [create-chain] 56 | template: whalesay 57 | arguments: 58 | parameters: [{name: message, value: Alpha}] 59 | artifacts: 60 | - name: chain 61 | from: "{{tasks.create-chain.outputs.artifacts.chain}}" 62 | - name: Bravo 63 | dependencies: [Alpha] 64 | template: whalesay 65 | arguments: 66 | parameters: [{name: message, value: Bravo}] 67 | artifacts: 68 | - name: chain 69 | from: "{{tasks.Alpha.outputs.artifacts.chain}}" 70 | - name: Charlie 71 | dependencies: [Alpha] 72 | template: whalesay 73 | arguments: 74 | parameters: [{name: message, value: Charlie}] 75 | artifacts: 76 | - name: chain 77 | from: "{{tasks.Alpha.outputs.artifacts.chain}}" 78 | - name: Delta 79 | dependencies: [Bravo] 80 | template: whalesay 81 | arguments: 82 | parameters: [{name: message, value: Delta}] 83 | artifacts: 84 | - name: chain 85 | from: "{{tasks.Bravo.outputs.artifacts.chain}}" 86 | - name: Echo 87 | dependencies: [Bravo, Charlie] 88 | template: whalesay-reduce 89 | arguments: 90 | parameters: [{name: message, value: Echo}] 91 | artifacts: 92 | - name: chain-0 93 | from: "{{tasks.Bravo.outputs.artifacts.chain}}" 94 | - name: chain-1 95 | from: "{{tasks.Charlie.outputs.artifacts.chain}}" 96 | - name: Foxtrot 97 | dependencies: [Charlie] 98 | template: whalesay 99 | arguments: 100 | parameters: [{name: message, value: Foxtrot}] 101 | artifacts: 102 | - name: chain 103 | from: "{{tasks.create-chain.outputs.artifacts.chain}}" 104 | - name: Golf 105 | dependencies: [Delta, Echo] 106 | template: whalesay-reduce 107 | arguments: 108 | parameters: [{name: message, value: Golf}] 109 | artifacts: 110 | - name: chain-0 111 | from: "{{tasks.Delta.outputs.artifacts.chain}}" 112 | - name: chain-1 113 | from: "{{tasks.Echo.outputs.artifacts.chain}}" 114 | - name: Hotel 115 | dependencies: [Echo, Foxtrot] 116 | template: whalesay-reduce 117 | arguments: 118 | parameters: [{name: message, value: Hotel}] 119 | artifacts: 120 | - name: chain-0 121 | from: "{{tasks.Echo.outputs.artifacts.chain}}" 122 | - name: chain-1 123 | from: "{{tasks.Foxtrot.outputs.artifacts.chain}}" 124 | -------------------------------------------------------------------------------- /templates/argo/argo-main.yaml: -------------------------------------------------------------------------------- 1 | # This is an auto-generated file. DO NOT EDIT 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: workflows.argoproj.io 6 | spec: 7 | group: argoproj.io 8 | names: 9 | kind: Workflow 10 | plural: workflows 11 | shortNames: 12 | - wf 13 | scope: Namespaced 14 | version: v1alpha1 15 | --- 16 | apiVersion: v1 17 | kind: ServiceAccount 18 | metadata: 19 | name: argo 20 | namespace: argo 21 | --- 22 | apiVersion: v1 23 | kind: ServiceAccount 24 | metadata: 25 | name: argo-ui 26 | namespace: argo 27 | --- 28 | apiVersion: rbac.authorization.k8s.io/v1 29 | kind: ClusterRole 30 | metadata: 31 | labels: 32 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 33 | name: argo-aggregate-to-admin 34 | rules: 35 | - apiGroups: 36 | - argoproj.io 37 | resources: 38 | - workflows 39 | - workflows/finalizers 40 | verbs: 41 | - create 42 | - delete 43 | - deletecollection 44 | - get 45 | - list 46 | - patch 47 | - update 48 | - watch 49 | --- 50 | apiVersion: rbac.authorization.k8s.io/v1 51 | kind: ClusterRole 52 | metadata: 53 | labels: 54 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 55 | name: argo-aggregate-to-edit 56 | rules: 57 | - apiGroups: 58 | - argoproj.io 59 | resources: 60 | - workflows 61 | - workflows/finalizers 62 | verbs: 63 | - create 64 | - delete 65 | - deletecollection 66 | - get 67 | - list 68 | - patch 69 | - update 70 | - watch 71 | --- 72 | apiVersion: rbac.authorization.k8s.io/v1 73 | kind: ClusterRole 74 | metadata: 75 | labels: 76 | rbac.authorization.k8s.io/aggregate-to-view: "true" 77 | name: argo-aggregate-to-view 78 | rules: 79 | - apiGroups: 80 | - argoproj.io 81 | resources: 82 | - workflows 83 | - workflows/finalizers 84 | verbs: 85 | - get 86 | - list 87 | - watch 88 | --- 89 | apiVersion: rbac.authorization.k8s.io/v1 90 | kind: ClusterRole 91 | metadata: 92 | name: argo-cluster-role 93 | rules: 94 | - apiGroups: 95 | - "" 96 | resources: 97 | - pods 98 | - pods/exec 99 | verbs: 100 | - create 101 | - get 102 | - list 103 | - watch 104 | - update 105 | - patch 106 | - delete 107 | - apiGroups: 108 | - "" 109 | resources: 110 | - configmaps 111 | verbs: 112 | - get 113 | - watch 114 | - list 115 | - apiGroups: 116 | - "" 117 | resources: 118 | - persistentvolumeclaims 119 | verbs: 120 | - create 121 | - delete 122 | - apiGroups: 123 | - argoproj.io 124 | resources: 125 | - workflows 126 | - workflows/finalizers 127 | verbs: 128 | - get 129 | - list 130 | - watch 131 | - update 132 | - patch 133 | - delete 134 | --- 135 | apiVersion: rbac.authorization.k8s.io/v1 136 | kind: ClusterRole 137 | metadata: 138 | name: argo-ui-cluster-role 139 | rules: 140 | - apiGroups: 141 | - "" 142 | resources: 143 | - pods 144 | - pods/exec 145 | - pods/log 146 | verbs: 147 | - get 148 | - list 149 | - watch 150 | - apiGroups: 151 | - "" 152 | resources: 153 | - secrets 154 | verbs: 155 | - get 156 | - apiGroups: 157 | - argoproj.io 158 | resources: 159 | - workflows 160 | verbs: 161 | - get 162 | - list 163 | - watch 164 | --- 165 | apiVersion: rbac.authorization.k8s.io/v1 166 | kind: ClusterRoleBinding 167 | metadata: 168 | name: argo-binding 169 | roleRef: 170 | apiGroup: rbac.authorization.k8s.io 171 | kind: ClusterRole 172 | name: argo-cluster-role 173 | subjects: 174 | - kind: ServiceAccount 175 | name: argo 176 | namespace: argo 177 | --- 178 | apiVersion: rbac.authorization.k8s.io/v1 179 | kind: ClusterRoleBinding 180 | metadata: 181 | name: argo-ui-binding 182 | roleRef: 183 | apiGroup: rbac.authorization.k8s.io 184 | kind: ClusterRole 185 | name: argo-ui-cluster-role 186 | subjects: 187 | - kind: ServiceAccount 188 | name: argo-ui 189 | namespace: argo 190 | --- 191 | apiVersion: v1 192 | kind: ConfigMap 193 | metadata: 194 | name: workflow-controller-configmap 195 | namespace: argo 196 | --- 197 | apiVersion: v1 198 | kind: Service 199 | metadata: 200 | name: argo-ui 201 | namespace: argo 202 | spec: 203 | ports: 204 | - port: 80 205 | targetPort: 8001 206 | selector: 207 | app: argo-ui 208 | --- 209 | apiVersion: apps/v1beta2 210 | kind: Deployment 211 | metadata: 212 | name: argo-ui 213 | namespace: argo 214 | spec: 215 | selector: 216 | matchLabels: 217 | app: argo-ui 218 | template: 219 | metadata: 220 | labels: 221 | app: argo-ui 222 | spec: 223 | containers: 224 | - env: 225 | - name: ARGO_NAMESPACE 226 | valueFrom: 227 | fieldRef: 228 | apiVersion: v1 229 | fieldPath: metadata.namespace 230 | - name: IN_CLUSTER 231 | value: "true" 232 | - name: ENABLE_WEB_CONSOLE 233 | value: "false" 234 | - name: BASE_HREF 235 | value: / 236 | image: argoproj/argoui:v2.2.1 237 | name: argo-ui 238 | serviceAccountName: argo-ui 239 | --- 240 | apiVersion: apps/v1beta2 241 | kind: Deployment 242 | metadata: 243 | name: workflow-controller 244 | namespace: argo 245 | spec: 246 | selector: 247 | matchLabels: 248 | app: workflow-controller 249 | template: 250 | metadata: 251 | labels: 252 | app: workflow-controller 253 | spec: 254 | containers: 255 | - args: 256 | - --configmap 257 | - workflow-controller-configmap 258 | - --executor-image 259 | - argoproj/argoexec:v2.2.1 260 | command: 261 | - workflow-controller 262 | image: argoproj/workflow-controller:v2.2.1 263 | name: workflow-controller 264 | serviceAccountName: argo 265 | -------------------------------------------------------------------------------- /charts/monitor/prometheus.yaml: -------------------------------------------------------------------------------- 1 | # chart-repo: stable/prometheus 2 | # chart-version: 8.9.1 3 | # chart-ingress: false 4 | # chart-pvc: prometheus-server ReadWriteOnce 8Gi 5 | # chart-pvc: prometheus-alertmanager ReadWriteOnce 2Gi 6 | 7 | nameOverride: prometheus 8 | 9 | server: 10 | #:ING:service: 11 | #:ING: type: SERVICE_TYPE 12 | #:ING:ingress: 13 | #:ING: enabled: INGRESS_ENABLED 14 | #:ING: annotations: 15 | #:ING: kubernetes.io/ingress.class: nginx 16 | #:ING: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 17 | #:ING: hosts: 18 | #:ING: - INGRESS_DOMAIN 19 | persistentVolume: 20 | enabled: true 21 | accessModes: 22 | - ReadWriteOnce 23 | size: 8Gi 24 | #:EFS:storageClass: "efs" 25 | existingClaim: prometheus-server 26 | 27 | alertmanager: 28 | #:ING:service: 29 | #:ING: type: SERVICE_TYPE 30 | #:ING:ingress: 31 | #:ING: enabled: INGRESS_ENABLED 32 | #:ING: annotations: 33 | #:ING: kubernetes.io/ingress.class: nginx 34 | #:ING: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 35 | #:ING: hosts: 36 | #:ING: - alertmanager-INGRESS_DOMAIN 37 | persistentVolume: 38 | enabled: true 39 | accessModes: 40 | - ReadWriteOnce 41 | size: 2Gi 42 | #:EFS:storageClass: "efs" 43 | existingClaim: prometheus-alertmanager 44 | 45 | kubeStateMetrics: 46 | ## If false, kube-state-metrics will not be installed 47 | ## 48 | enabled: KUBE_STATE_METRICS 49 | 50 | 51 | serverFiles: 52 | ## Alerts configuration 53 | ## Ref: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ 54 | alerts: 55 | groups: 56 | - name: InstanceCountChanged 57 | rules: 58 | - alert: InstanceCountChanged 59 | expr: count (kube_node_labels{node=~"^.*$"}) - count (kube_node_labels{node=~"^.*$"} offset 2m) != 0 60 | labels: 61 | severity: Warning 62 | cluster: CLUSTER_NAME 63 | annotations: 64 | summary: 'Instance Count Changed' 65 | description: 'The number of instances changed. (delta: {{ $value }})' 66 | - name: InstanceDown 67 | rules: 68 | - alert: InstanceDown 69 | expr: up{job="kubernetes-nodes"} == 0 70 | labels: 71 | severity: Warning 72 | cluster: CLUSTER_NAME 73 | annotations: 74 | summary: 'Instance Down' 75 | description: 'The instance({{ $labels.instance }}) is down.' 76 | - name: HighCpuUsage 77 | rules: 78 | - alert: HighCpuUsage 79 | expr: 100 - (avg by (instance) (irate(node_cpu_seconds_total{job="kubernetes-service-endpoints",mode="idle"}[5m])) * 100) > 70 80 | for: 5m 81 | labels: 82 | severity: Warning 83 | cluster: CLUSTER_NAME 84 | annotations: 85 | summary: 'High CPU Usage(> 70%)' 86 | description: 'The CPU usage of the instance({{ $labels.instance }}) has exceeded 70 percent for more than 5 minutes.' 87 | - name: HighMemoryUsage 88 | rules: 89 | - alert: HighMemoryUsage 90 | expr: (node_memory_MemTotal_bytes - node_memory_MemFree_bytes - node_memory_Buffers_bytes - node_memory_Cached_bytes) / node_memory_MemTotal_bytes * 100 > 90 91 | for: 5m 92 | labels: 93 | severity: Warning 94 | cluster: CLUSTER_NAME 95 | annotations: 96 | summary: 'High Memory Usage(> 90%)' 97 | description: 'The memory usage of the instance({{ $labels.instance }}) has exceeds 90 percent for more than 5 minutes.' 98 | 99 | - name: PodCrashingLooping 100 | rules: 101 | - alert: PodCrashingLooping 102 | expr: round(increase(kube_pod_container_status_restarts_total[30m])) > 0 103 | for: 5m 104 | labels: 105 | severity: Critical 106 | cluster: CLUSTER_NAME 107 | annotations: 108 | summary: "Pod Crash Looping(> 30m)" 109 | description: 'Namespace : {{ $labels.namespace }} Pod : {{ $labels.pod }} -- crash {{ $value }} times' 110 | 111 | - name: KubeNodeNotReady 112 | rules: 113 | - alert: KubeNodeNotReady 114 | expr: kube_node_status_condition{job="kubernetes-service-endpoints",condition="Ready",status="true"} == 0 115 | for: 5m 116 | labels: 117 | severity: Critical 118 | cluster: CLUSTER_NAME 119 | annotations: 120 | summary: "Kube Node Fail : {{ $labels.condition }}" 121 | description: "Node {{ $labels.node }} is failed. Check node!!" 122 | 123 | - name: AvgResponseTime 124 | rules: 125 | - alert: AvgResponseTime 126 | expr: (sum(rate(nginx_ingress_controller_response_duration_seconds_sum[5m])) by (host) !=0) / (sum(rate(nginx_ingress_controller_response_duration_seconds_count[5m])) by (host) !=0) > 5 127 | for: 5m 128 | labels: 129 | severity: Warning 130 | cluster: CLUSTER_NAME 131 | annotations: 132 | summary: "Average Response Time(> 5s)" 133 | description: "{{ $labels.host }}'s Average Response Time is over 5sec" 134 | 135 | - name: HPAMaxUsage 136 | rules: 137 | - alert: HPAMaxUsage 138 | expr: (kube_hpa_status_current_replicas ) / (kube_hpa_spec_max_replicas != 1) < 1 139 | for: 5m 140 | labels: 141 | severity: Warning 142 | cluster: CLUSTER_NAME 143 | annotations: 144 | summary: "HPA Max Usage" 145 | description: "{{ $labels.hpa }} is using HPA Max." 146 | 147 | alertmanagerFiles: 148 | alertmanager.yml: 149 | global: 150 | slack_api_url: 'https://hooks.slack.com/services/SLACK_TOKEN' 151 | 152 | receivers: 153 | - name: default-receiver 154 | slack_configs: 155 | - channel: '#alerts' 156 | send_resolved: true 157 | username: '{{ template "slack.default.username" . }}' 158 | color: '{{ if eq .Status "firing" }}danger{{ else }}good{{ end }}' 159 | title: '{{ template "slack.default.title" . }}' 160 | title_link: '{{ template "slack.default.titlelink" . }}' 161 | pretext: '{{ .CommonAnnotations.summary }}' 162 | text: |- 163 | {{ range .Alerts }} 164 | *Cluster:* {{ .Labels.cluster }} 165 | *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}` 166 | *Description:* {{ .Annotations.description }} 167 | *Details:* 168 | {{ range .Labels.SortedPairs }} • *{{ .Name }}:* `{{ .Value }}` 169 | {{ end }} 170 | {{ end }} 171 | fallback: '{{ template "slack.default.fallback" . }}' 172 | icon_emoji: '{{ template "slack.default.iconemoji" . }}' 173 | icon_url: '{{ template "slack.default.iconurl" }}' 174 | 175 | route: 176 | group_wait: 10s 177 | group_interval: 1m 178 | receiver: default-receiver 179 | repeat_interval: 8h 180 | -------------------------------------------------------------------------------- /common.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | OS_NAME="$(uname | awk '{print tolower($0)}')" 4 | 5 | L_PAD=" " 6 | 7 | command -v fzf > /dev/null && FZF=true 8 | command -v tput > /dev/null && TPUT=true 9 | 10 | _echo() { 11 | if [ "${TPUT}" != "" ] && [ "$2" != "" ]; then 12 | echo -e "${L_PAD}$(tput setaf $2)$1$(tput sgr0)" 13 | else 14 | echo -e "${L_PAD}$1" 15 | fi 16 | } 17 | 18 | _read() { 19 | echo 20 | if [ "${3}" == "S" ]; then 21 | if [ "${TPUT}" != "" ] && [ "$2" != "" ]; then 22 | read -s -p "${L_PAD}$(tput setaf $2)$1$(tput sgr0)" ANSWER 23 | else 24 | read -s -p "${L_PAD}$1" ANSWER 25 | fi 26 | else 27 | if [ "${TPUT}" != "" ] && [ "$2" != "" ]; then 28 | read -p "${L_PAD}$(tput setaf $2)$1$(tput sgr0)" ANSWER 29 | else 30 | read -p "${L_PAD}$1" ANSWER 31 | fi 32 | fi 33 | } 34 | 35 | _replace() { 36 | if [ "${OS_NAME}" == "darwin" ]; then 37 | sed -i "" -e "$1" $2 38 | else 39 | sed -i -e "$1" $2 40 | fi 41 | } 42 | 43 | _result() { 44 | echo 45 | _echo "# $@" 4 46 | } 47 | 48 | _command() { 49 | echo 50 | _echo "$ $@" 3 51 | } 52 | 53 | _success() { 54 | echo 55 | _echo "+ $@" 2 56 | _exit 0 57 | } 58 | 59 | _error() { 60 | echo 61 | _echo "- $@" 1 62 | _exit 1 63 | } 64 | 65 | _exit() { 66 | echo 67 | exit $1 68 | } 69 | 70 | question() { 71 | _read "${1:-"Enter your choice : "}" 6 72 | 73 | if [ ! -z ${2} ]; then 74 | if ! [[ ${ANSWER} =~ ${2} ]]; then 75 | ANSWER= 76 | fi 77 | fi 78 | } 79 | 80 | password() { 81 | _read "${1:-"Enter your password : "}" 6 S 82 | } 83 | 84 | select_one() { 85 | OPT=$1 86 | 87 | SELECTED= 88 | 89 | CNT=$(cat ${LIST} | wc -l | xargs) 90 | if [ "x${CNT}" == "x0" ]; then 91 | return 92 | fi 93 | 94 | if [ "${OPT}" != "" ] && [ "x${CNT}" == "x1" ]; then 95 | SELECTED="$(cat ${LIST} | xargs)" 96 | else 97 | # if [ "${FZF}" != "" ]; then 98 | # SELECTED=$(cat ${LIST} | fzf --reverse --no-mouse --height=10 --bind=left:page-up,right:page-down) 99 | # else 100 | echo 101 | 102 | IDX=0 103 | while read VAL; do 104 | IDX=$(( ${IDX} + 1 )) 105 | printf "%3s. %s\n" "${IDX}" "${VAL}" 106 | done < ${LIST} 107 | 108 | if [ "${CNT}" != "1" ]; then 109 | CNT="1-${CNT}" 110 | fi 111 | 112 | _read "Please select one. (${CNT}) : " 6 113 | 114 | if [ -z ${ANSWER} ]; then 115 | return 116 | fi 117 | TEST='^[0-9]+$' 118 | if ! [[ ${ANSWER} =~ ${TEST} ]]; then 119 | return 120 | fi 121 | SELECTED=$(sed -n ${ANSWER}p ${LIST}) 122 | # fi 123 | fi 124 | } 125 | 126 | progress() { 127 | if [ "$1" == "start" ]; then 128 | printf '%2s' 129 | elif [ "$1" == "end" ]; then 130 | printf '.\n' 131 | else 132 | printf '.' 133 | sleep 2 134 | fi 135 | } 136 | 137 | waiting() { 138 | SEC=${1:-2} 139 | 140 | echo 141 | progress start 142 | 143 | IDX=0 144 | while true; do 145 | if [ "${IDX}" == "${SEC}" ]; then 146 | break 147 | fi 148 | IDX=$(( ${IDX} + 1 )) 149 | progress ${IDX} 150 | done 151 | 152 | progress end 153 | echo 154 | } 155 | 156 | get_az_list() { 157 | if [ -z ${AZ_LIST} ]; then 158 | AZ_LIST="$(aws ec2 describe-availability-zones | jq -r '.AvailabilityZones[].ZoneName' | head -3 | tr -s '\r\n' ',' | sed 's/.$//')" 159 | fi 160 | } 161 | 162 | get_master_zones() { 163 | if [ "${master_count}" == "1" ]; then 164 | master_zones=$(echo "${AZ_LIST}" | cut -d',' -f1) 165 | else 166 | master_zones="${AZ_LIST}" 167 | fi 168 | } 169 | 170 | get_node_zones() { 171 | if [ "${node_count}" == "1" ]; then 172 | zones=$(echo "${AZ_LIST}" | cut -d',' -f1) 173 | else 174 | zones="${AZ_LIST}" 175 | fi 176 | } 177 | 178 | get_template() { 179 | __FROM=${SHELL_DIR}/${1} 180 | __DIST=${2} 181 | 182 | mkdir -p ${SHELL_DIR}/build/${THIS_NAME} 183 | rm -rf ${__DIST} 184 | 185 | if [ -f ${__FROM} ]; then 186 | cat ${__FROM} > ${__DIST} 187 | else 188 | curl -sL https://raw.githubusercontent.com/${THIS_REPO}/${THIS_NAME}/master/${1} > ${__DIST} 189 | fi 190 | if [ ! -f ${__DIST} ]; then 191 | _error "Template does not exists. [${1}]" 192 | fi 193 | } 194 | 195 | update_tools() { 196 | ${SHELL_DIR}/tools.sh 197 | 198 | _success "Please restart!" 199 | } 200 | 201 | update_self() { 202 | pushd ${SHELL_DIR} 203 | git pull 204 | popd 205 | 206 | _success "Please restart!" 207 | } 208 | 209 | logo() { 210 | if [ "${TPUT}" != "" ]; then 211 | tput clear 212 | tput setaf 3 213 | fi 214 | 215 | cat ${SHELL_DIR}/templates/kops-cui-logo.txt 216 | echo 217 | 218 | if [ "${TPUT}" != "" ]; then 219 | tput sgr0 220 | fi 221 | } 222 | 223 | config_load() { 224 | COUNT=$(kubectl get pod -n kube-system | wc -l | xargs) 225 | 226 | if [ "x${COUNT}" == "x0" ]; then 227 | _error "Unable to connect to the cluster." 228 | fi 229 | 230 | COUNT=$(kubectl get secret -n default | grep ${THIS_NAME}-config | wc -l | xargs) 231 | 232 | if [ "x${COUNT}" != "x0" ]; then 233 | mkdir -p ${SHELL_DIR}/build/${CLUSTER_NAME} 234 | 235 | CONFIG=${SHELL_DIR}/build/${CLUSTER_NAME}/config.sh 236 | 237 | kubectl get secret ${THIS_NAME}-config -n default -o json | jq -r '.data.text' | base64 --decode > ${CONFIG} 238 | 239 | _command "load ${THIS_NAME}-config" 240 | cat ${CONFIG} 241 | 242 | . ${CONFIG} 243 | fi 244 | } 245 | 246 | config_save() { 247 | if [ "${CONFIG_SAVE}" == "" ]; then 248 | return 249 | fi 250 | 251 | CONFIG=${SHELL_DIR}/build/${CLUSTER_NAME}/config.sh 252 | 253 | echo "# ${THIS_NAME} config" > ${CONFIG} 254 | echo "CLUSTER_NAME=${CLUSTER_NAME}" >> ${CONFIG} 255 | echo "ROOT_DOMAIN=${ROOT_DOMAIN}" >> ${CONFIG} 256 | echo "BASE_DOMAIN=${BASE_DOMAIN}" >> ${CONFIG} 257 | echo "ISTIO_DOMAIN=${ISTIO_DOMAIN}" >> ${CONFIG} 258 | echo "CERT_MAN=${CERT_MAN}" >> ${CONFIG} 259 | echo "EFS_ID=${EFS_ID}" >> ${CONFIG} 260 | echo "ISTIO=${ISTIO}" >> ${CONFIG} 261 | 262 | _command "save ${THIS_NAME}-config" 263 | cat ${CONFIG} 264 | 265 | ENCODED=${SHELL_DIR}/build/${CLUSTER_NAME}/config.txt 266 | 267 | if [ "${OS_NAME}" == "darwin" ]; then 268 | cat ${CONFIG} | base64 > ${ENCODED} 269 | else 270 | cat ${CONFIG} | base64 -w 0 > ${ENCODED} 271 | fi 272 | 273 | CONFIG=${SHELL_DIR}/build/${CLUSTER_NAME}/config.yaml 274 | get_template templates/config.yaml ${CONFIG} 275 | 276 | _replace "s/REPLACE-ME/${THIS_NAME}-config/" ${CONFIG} 277 | 278 | sed "s/^/ /" ${ENCODED} >> ${CONFIG} 279 | 280 | _command "kubectl apply -f ${CONFIG} -n default" 281 | kubectl apply -f ${CONFIG} -n default 282 | 283 | CONFIG_SAVE= 284 | } 285 | 286 | variables_domain() { 287 | __KEY=${1} 288 | __VAL=$(kubectl get ing --all-namespaces | grep devops | grep ${__KEY} | awk '{print $3}') 289 | 290 | echo "@Field" >> ${CONFIG} 291 | echo "def ${__KEY} = \"${__VAL}\"" >> ${CONFIG} 292 | } 293 | 294 | variables_save() { 295 | CONFIG=${SHELL_DIR}/build/${CLUSTER_NAME}/variables.groovy 296 | 297 | echo "#!/usr/bin/groovy" > ${CONFIG} 298 | echo "import groovy.transform.Field" >> ${CONFIG} 299 | 300 | echo "@Field" >> ${CONFIG} 301 | echo "def root_domain = \"${ROOT_DOMAIN}\"" >> ${CONFIG} 302 | 303 | echo "@Field" >> ${CONFIG} 304 | echo "def base_domain = \"${BASE_DOMAIN}\"" >> ${CONFIG} 305 | 306 | COUNT=$(kubectl get ing --all-namespaces | grep devops | wc -l | xargs) 307 | if [ "x${COUNT}" == "x0" ]; then 308 | echo "@Field" >> ${CONFIG} 309 | echo "def cluster = \"${CLUSTER_NAME}\"" >> ${CONFIG} 310 | else 311 | echo "@Field" >> ${CONFIG} 312 | echo "def cluster = \"devops\"" >> ${CONFIG} 313 | 314 | variables_domain "chartmuseum" 315 | variables_domain "registry" 316 | variables_domain "jenkins" 317 | variables_domain "sonarqube" 318 | variables_domain "nexus" 319 | fi 320 | 321 | echo "@Field" >> ${CONFIG} 322 | echo "def slack_token = \"\"" >> ${CONFIG} 323 | 324 | echo "return this" >> ${CONFIG} 325 | 326 | ENCODED=${SHELL_DIR}/build/${CLUSTER_NAME}/variables.txt 327 | 328 | if [ "${OS_NAME}" == "darwin" ]; then 329 | cat ${CONFIG} | base64 > ${ENCODED} 330 | else 331 | cat ${CONFIG} | base64 -w 0 > ${ENCODED} 332 | fi 333 | 334 | CONFIG=${SHELL_DIR}/build/${CLUSTER_NAME}/variables.yaml 335 | get_template templates/groovy.yaml ${CONFIG} 336 | 337 | _replace "s/REPLACE-ME/groovy-variables/" ${CONFIG} 338 | 339 | sed "s/^/ /" ${ENCODED} >> ${CONFIG} 340 | 341 | _command "kubectl apply -f ${CONFIG} -n default" 342 | kubectl apply -f ${CONFIG} -n default 343 | } 344 | --------------------------------------------------------------------------------