├── .dockerignore ├── .env ├── .envrc.example ├── .github ├── ct.yaml ├── helm-docs.sh ├── kubeval.yaml └── workflows │ └── release.yml ├── .gitignore ├── .helmignore ├── .pre-commit-config.yaml ├── .pylintrc ├── .tiltignore ├── Brewfile ├── Brewfile-supplemental ├── Glooconfig.yaml ├── Kindconfig.yaml ├── LICENSE ├── README.md ├── Tiltconfig.yaml ├── Tiltfile ├── Tiltfile.global ├── Tiltfile.kafka ├── _config.yml ├── bin ├── integration_test ├── kill_namespace ├── run_smoke_test ├── tidepool ├── tidepool_docker ├── tool_directory └── virtual_hosts ├── charts ├── .gitignore ├── dremio │ ├── Chart.yaml │ ├── README-original.md │ ├── README.md │ ├── config │ │ ├── core-site.xml │ │ ├── dremio-env │ │ ├── dremio.conf │ │ ├── logback-access.xml │ │ ├── logback-admin.xml │ │ └── logback.xml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── dremio-admin.yaml │ │ ├── dremio-configmap.yaml │ │ ├── dremio-coordinator.yaml │ │ ├── dremio-executor.yaml │ │ ├── dremio-master.yaml │ │ └── dremio-service-client.yaml │ └── values.yaml ├── keycloak │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── dev-realm.json │ ├── templates │ │ ├── 0-secret.yaml │ │ ├── 1-upstream.yaml │ │ └── 2-virtual-service.yaml │ └── values.yaml └── tidepool │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── Installation.md │ ├── Issues.md │ ├── README.md │ ├── charts │ ├── abbott │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── auth │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ ├── 0-secret.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── blip │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── blob │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── carelink │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── README.md │ │ │ ├── templates │ │ │ │ └── 0-secret.yaml │ │ │ └── values.yaml │ │ ├── templates │ │ │ ├── 0-secret.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── care-partner-alerts │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── clinic-worker │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 5-hpa.yaml │ │ │ └── 6-pdb.yaml │ │ └── values.yaml │ ├── clinic │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-clinicians-source-kafka-connector.yaml │ │ │ ├── 5-clinics-source-kafka-connector.yaml │ │ │ ├── 5-merge-plans-source-kafka-connector.yaml │ │ │ ├── 5-migrations-source-kafka-connector.yaml │ │ │ ├── 5-patients-source-kafka-connector.yaml │ │ │ ├── 5-redox-scheduled-reports-source-kafka-connector.yaml │ │ │ ├── 5-redox-source-kafka-connector.yaml │ │ │ ├── 6-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── data │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ ├── 0-secret.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-no-authentication-required-routetable.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ ├── 7-serviceprofile.yaml │ │ │ ├── 8-care-partner-alerts-kafka-connector.yaml │ │ │ ├── 8-data-sources-kafka-connector.yaml │ │ │ ├── 8-device-data-kafka-connector.yaml │ │ │ └── 8-summary-kafka-connector.yaml │ │ └── values.yaml │ ├── devices │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ └── 6-pdb.yaml │ │ └── values.yaml │ ├── dexcom │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── export │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-secret.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-servicemonitor.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── gatekeeper │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ ├── 7-serviceprofile.yaml │ │ │ ├── 8-clinicians-permissions-sink.yaml │ │ │ └── 8-patients-permissions-sink.yaml │ │ └── values.yaml │ ├── glooingress │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-auth-config.yaml │ │ │ ├── 1-upstream.yaml │ │ │ ├── 2-http-internal-virtual-service.yaml │ │ │ ├── 3-https-virtual-service.yaml │ │ │ ├── 4-http-virtual-service.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-service.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── highwater │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── charts │ │ │ └── kissmetrics │ │ │ │ ├── .helmignore │ │ │ │ ├── Chart.yaml │ │ │ │ ├── README.md │ │ │ │ ├── templates │ │ │ │ └── kissmetrics-secret.yaml │ │ │ │ └── values.yaml │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── hydrophone │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── jellyfish │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── kafka │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap-env.yaml │ │ │ ├── 0-configmap-jmx.yaml │ │ │ ├── 0-configmap.yaml │ │ │ ├── 1-kafka-connect-mongo-cluster.yaml │ │ │ ├── 1-servicemonitor.yaml │ │ │ ├── 2-users-source-kafka-connector.yaml │ │ │ ├── 3-keycloak-roles-sink.yaml │ │ │ ├── 3-keycloak-user-role-mappings-sink.yaml │ │ │ └── 3-keycloak-users-sink.yaml │ │ └── values.yaml │ ├── mailer │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-servicemonitor.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 5-hpa.yaml │ │ │ └── 6-pdb.yaml │ │ └── values.yaml │ ├── marketo │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── messageapi │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-no-authentication-required-routetable.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── migrations │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ └── deployment.yaml │ │ └── values.yaml │ ├── mongo │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── plotly-orca │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── 0-deployment.yaml │ │ │ └── 1-service.yaml │ │ └── values.yaml │ ├── prescription │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-secret.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ └── 6-pdb.yaml │ │ └── values.yaml │ ├── registry │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── seagull │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── server │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── shoreline │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ ├── 0-secret.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-servicemonitor.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-no-authentication-required-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── task │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ ├── 0-secret.yaml │ │ │ ├── 1-deployment.yaml │ │ │ ├── 3-servicemonitor.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ ├── 7-serviceprofile.yaml │ │ │ └── service.yaml │ │ └── values.yaml │ ├── tidewhisperer │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-servicemonitor.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ ├── 6-pdb.yaml │ │ │ └── 7-serviceprofile.yaml │ │ └── values.yaml │ ├── token-signing-key │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── tools │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 5-hpa.yaml │ │ │ └── 6-pdb.yaml │ │ └── values.yaml │ ├── travis │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── twiist │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 0-configmap.yaml │ │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── uploader │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── 1-deployment.yaml │ │ │ ├── 2-service.yaml │ │ │ ├── 3-upstream.yaml │ │ │ ├── 4-routetable.yaml │ │ │ ├── 5-hpa.yaml │ │ │ └── 6-pdb.yaml │ │ └── values.yaml │ └── userdata │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ └── 0-secret.yaml │ │ └── values.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── namespace.yaml │ └── tests-launcher-job.yaml │ └── values.yaml ├── docker-compose.k8s.yml ├── docker-compose.yml ├── local └── README.md └── tools ├── kafka-ui └── kafka-ui-configMap.yaml ├── kafka ├── kafka.yaml └── kafkauser.yaml └── mongoinit ├── Dockerfile └── dump ├── admin ├── connections.bson ├── connections.metadata.json ├── dump_logs.bson ├── dump_logs.metadata.json ├── schema_analyze_result.bson ├── schema_analyze_result.metadata.json ├── settings.bson └── settings.metadata.json ├── confirm ├── confirmations.bson └── confirmations.metadata.json ├── data ├── deviceData.bson └── deviceData.metadata.json ├── messages ├── messages.bson └── messages.metadata.json ├── seagull ├── seagull.bson └── seagull.metadata.json ├── tidepool ├── provider_sessions.bson ├── provider_sessions.metadata.json ├── restricted_tokens.bson └── restricted_tokens.metadata.json └── user ├── oauth_access.bson ├── oauth_access.metadata.json ├── tokens.bson ├── tokens.metadata.json ├── users.bson └── users.metadata.json /.dockerignore: -------------------------------------------------------------------------------- 1 | draft.toml 2 | charts/ 3 | NOTICE 4 | LICENSE 5 | README.md 6 | *.coverprofile 7 | *.test 8 | -------------------------------------------------------------------------------- /.envrc.example: -------------------------------------------------------------------------------- 1 | kubectx kind 2 | -------------------------------------------------------------------------------- /.github/ct.yaml: -------------------------------------------------------------------------------- 1 | helm-extra-args: --timeout 600 2 | check-version-increment: true 3 | debug: true 4 | 5 | -------------------------------------------------------------------------------- /.github/helm-docs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | HELM_DOCS_VERSION="0.11.0" 5 | 6 | # install helm-docs 7 | curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz 8 | tar -xf /tmp/helm-docs.tar.gz helm-docs 9 | 10 | # validate docs 11 | ./helm-docs 12 | git diff --exit-code 13 | -------------------------------------------------------------------------------- /.github/kubeval.yaml: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | CHART_DIRS="$(git diff --find-renames --name-only "$(git rev-parse --abbrev-ref HEAD)" remotes/origin/master -- charts | grep '[cC]hart.yaml' | sed -e 's#/[Cc]hart.yaml##g')" 5 | KUBEVAL_VERSION="0.14.0" 6 | SCHEMA_LOCATION="https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/master/" 7 | 8 | # install kubeval 9 | curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz https://github.com/instrumenta/kubeval/releases/download/"${KUBEVAL_VERSION}"/kubeval-linux-amd64.tar.gz 10 | tar -xf /tmp/kubeval.tar.gz kubeval 11 | 12 | # validate charts 13 | for CHART_DIR in ${CHART_DIRS}; do 14 | helm template "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}" 15 | done 16 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release Charts 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | release: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Checkout 13 | uses: actions/checkout@v2 14 | with: 15 | fetch-depth: 0 16 | 17 | - name: Configure Git 18 | run: | 19 | git config user.name "$GITHUB_ACTOR" 20 | git config user.email "$GITHUB_ACTOR@users.noreply.github.com" 21 | 22 | - name: Run chart-releaser 23 | uses: helm/chart-releaser-action@v1.0.0 24 | env: 25 | CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | docker-compose.override.yml 2 | *.swp 3 | local/* 4 | !local/README.md 5 | !local/tilt/ 6 | .envrc 7 | .helm 8 | tilt_modules/ 9 | .idea/ 10 | .DS_Store 11 | -------------------------------------------------------------------------------- /.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | *.png 23 | 24 | # known compile time folders 25 | target/ 26 | node_modules/ 27 | vendor/ -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/norwoodj/helm-docs 3 | rev: v1.2.0 4 | hooks: 5 | - id: helm-docs 6 | args: 7 | # Make the tool search for charts only under the `example-charts` directory 8 | - --chart-search-root=charts 9 | 10 | # The `./` makes it relative to the chart-search-root set above 11 | - --template-files=./_templates.gotmpl 12 | 13 | # Repeating the flag adds this to the list, now [./_templates.gotmpl, README.md.gotmpl] 14 | # A base filename makes it relative to each chart directory found 15 | - --template-files=README.md.gotmpl 16 | -------------------------------------------------------------------------------- /.tiltignore: -------------------------------------------------------------------------------- 1 | .git 2 | .gitignore 3 | node_modules 4 | npm-debug.log 5 | _book 6 | artifact.sh 7 | artifact_docker.sh 8 | config/* 9 | !config/local.sh 10 | deploy 11 | dist 12 | test/bin 13 | coverage 14 | tmp 15 | web 16 | *.log 17 | packageMounts 18 | local/* 19 | !local/Tiltconfig.yaml 20 | package.json 21 | *.coverprofile 22 | *.test 23 | -------------------------------------------------------------------------------- /Brewfile: -------------------------------------------------------------------------------- 1 | tap "weaveworks/tap" 2 | brew "awscli" 3 | brew "kubernetes-helm" 4 | brew "eksctl" 5 | brew "kubernetes-cli" 6 | brew "aws-iam-authenticator" 7 | brew "jq" 8 | brew "yq" 9 | brew "derailed/k9s/k9s" 10 | brew "fluxctl" 11 | brew "coreutils" 12 | brew "python3" 13 | brew "hub" 14 | brew "kubecfg" 15 | brew "expect" 16 | brew "cfssl" 17 | brew "weaveworks/tap/eksctl" 18 | -------------------------------------------------------------------------------- /Brewfile-supplemental: -------------------------------------------------------------------------------- 1 | brew "kubectx" 2 | brew "supergloo" 3 | brew "ripgrep" 4 | brew "docker" 5 | brew "git" 6 | brew "glooctl" 7 | brew "hub" 8 | brew "kubeval" 9 | brew "nvm" 10 | brew "tilt" 11 | brew "linkerd" 12 | brew "kail" 13 | -------------------------------------------------------------------------------- /Glooconfig.yaml: -------------------------------------------------------------------------------- 1 | gatewayProxies: 2 | gatewayProxy: 3 | service: 4 | customPorts: 5 | - port: 32000 6 | nodePort: 32000 7 | targetPort: 8080 8 | protocol: TCP 9 | name: keycloak 10 | type: NodePort 11 | httpPort: 80 12 | httpsPort: 443 13 | httpNodePort: 31500 14 | httpsNodePort: 32500 15 | 16 | settings: 17 | create: true 18 | writeNamespace: default 19 | watchNamespaces: 20 | - default 21 | -------------------------------------------------------------------------------- /Kindconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ctlptl.dev/v1alpha1 2 | kind: Cluster 3 | kubernetesVersion: v1.21.12 4 | registry: ctlptl-registry 5 | product: kind 6 | kindV1Alpha4Cluster: 7 | name: tidepool-kind 8 | networking: 9 | ipFamily: ipv4 10 | apiServerAddress: 127.0.0.1 11 | nodes: 12 | - role: control-plane 13 | extraPortMappings: 14 | - containerPort: 31500 15 | hostPort: 31500 16 | protocol: TCP 17 | - containerPort: 32500 18 | hostPort: 32500 19 | protocol: TCP 20 | - containerPort: 32000 21 | hostPort: 32000 22 | protocol: TCP 23 | --- 24 | apiVersion: ctlptl.dev/v1alpha1 25 | kind: Registry 26 | name: ctlptl-registry 27 | port: 5000 28 | -------------------------------------------------------------------------------- /Tiltfile.global: -------------------------------------------------------------------------------- 1 | ### Helpers Start ### 2 | def getAbsoluteDir(relativeDir): 3 | return str(local('mkdir -p {dir} && cd {dir} && pwd'.format(dir=relativeDir))).strip() 4 | 5 | def getNested(dict, path, fallback=None): 6 | value = dict 7 | for path_segment in path.split('.'): 8 | value = value.get(path_segment, {}) 9 | return value or fallback 10 | 11 | def getHelmValuesFile(): 12 | return './Tiltconfig.yaml' 13 | 14 | def getHelmOverridesFile(): 15 | tidepool_helm_overrides_file = getHelmValuesFile() 16 | localOverrides = read_yaml('./local/Tiltconfig.yaml', False) 17 | 18 | if type(localOverrides) == 'dict': 19 | tidepool_helm_overrides_file = './local/Tiltconfig.yaml' 20 | 21 | return tidepool_helm_overrides_file 22 | 23 | def getConfig(): 24 | config = read_yaml(getHelmValuesFile()) 25 | overrides = read_yaml(getHelmOverridesFile()) 26 | config.update(overrides) 27 | return config 28 | 29 | def isShutdown(): 30 | return bool(int(str(local('printf ${SHUTTING_DOWN-0}')))) 31 | ### Helpers End ### 32 | -------------------------------------------------------------------------------- /Tiltfile.kafka: -------------------------------------------------------------------------------- 1 | load('./Tiltfile.global', 'getAbsoluteDir', 'getNested', 'getConfig') 2 | load('ext://helm_remote', 'helm_remote') 3 | 4 | allow_k8s_contexts('kind-admin@mk') 5 | 6 | ### Config Start ### 7 | config = getConfig() 8 | ### Config End ### 9 | 10 | ### Main Start ### 11 | def main(): 12 | 13 | provisionstrimzi() 14 | provisionkafka() 15 | 16 | # Back out of actual provisioning for debugging purposes by uncommenting below 17 | # fail('NOT YET ;)') 18 | ### Main End ### 19 | 20 | def provisionstrimzi(): 21 | # Deploy and watch the helm charts 22 | helm_remote('strimzi-kafka-operator', 23 | repo_name='strimzi', 24 | repo_url='https://strimzi.io/charts/', 25 | namespace='default', 26 | set=['resources.limits.memory=1024Mi', 'resources.requests.memory=Mi'] 27 | ) 28 | 29 | def provisionkafka(): 30 | k8s_yaml( 31 | [ 32 | './tools/kafka/kafka.yaml', 33 | './tools/kafka/kafkauser.yaml' 34 | ] 35 | ) 36 | 37 | # Unleash the beast 38 | main() -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-minimal -------------------------------------------------------------------------------- /bin/kill_namespace: -------------------------------------------------------------------------------- 1 | ( 2 | tmpfile=$(mktemp) 3 | trap "rm -f $tmpfile" EXIT 4 | 5 | NAMESPACE=flux 6 | kubectl proxy & 7 | kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >$tmpfile 8 | curl -k -H "Content-Type: application/json" -X PUT --data-binary @$tempfile 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize 9 | ) 10 | -------------------------------------------------------------------------------- /bin/run_smoke_test: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Run smoke test using GhostInspector 4 | # 5 | # Usage: $0 [${URL}] [${GHOST_SUITE_ID}] ${GHOST_API_KEY} 6 | 7 | # Smoke test a given ENVIRONMENT on a given CLUSTER using a given PROTOCOL 8 | 9 | URL=${1:-https://dev.tidepool.org} 10 | 11 | # Which ghost inspector suite to run 12 | GHOST_SUITE_ID=${2:-5cf5ba3f9ffa2f2438ed2e0f} 13 | 14 | # Tidpool API key for Ghost Inspector 15 | GHOST_API_KEY=$3 16 | 17 | curl "https://api.ghostinspector.com/v1/suites/$GHOST_SUITE_ID/execute/?apiKey=$GHOST_API_KEY&startUrl=${URL}" | grep -c '"passing":false' 18 | -------------------------------------------------------------------------------- /bin/tool_directory: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd 3 | 4 | -------------------------------------------------------------------------------- /bin/virtual_hosts: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # identify virtual hosts in use 3 | # assumes blip is the only service exposing hosts 4 | namespaces=$(kubectl get svc -o yaml --all-namespaces -l app=blip -o json | jq '.items[] | .metadata.namespace' | sed -e 's#"##g' ) 5 | 6 | for namespace in $namespaces 7 | do 8 | if [ "$namespace" == "production" ] 9 | then 10 | prefix=app 11 | else 12 | prefix=${namespace} 13 | fi 14 | echo ${prefix}.tidepool.org 15 | done 16 | -------------------------------------------------------------------------------- /charts/.gitignore: -------------------------------------------------------------------------------- 1 | ingress-cert 2 | keycloak/charts/*.tgz 3 | tidepool/charts/*.tgz -------------------------------------------------------------------------------- /charts/dremio/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | name: "dremio" 3 | version: "0.7.1" 4 | keywords: 5 | - dremio 6 | - data 7 | home: https://www.dremio.com/ 8 | -------------------------------------------------------------------------------- /charts/dremio/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "dremio.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 6 | {{- end -}} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | */}} 12 | {{- define "dremio.fullname" -}} 13 | {{- $name := default .Chart.Name .Values.nameOverride -}} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 15 | {{- end -}} 16 | 17 | {{/* 18 | Calcuate the heap memory used by Dremio 19 | */}} 20 | {{- define "HeapMemory" -}} 21 | {{- $input := int . -}} 22 | {{- if ge $input 32768 -}} 23 | 8192 24 | {{- else if ge $input 16384 -}} 25 | 4096 26 | {{- else if ge $input 4096 -}} 27 | 2048 28 | {{- else -}} 29 | {{- div $input 4 -}} 30 | {{- end -}} 31 | {{- end -}} 32 | 33 | {{/* 34 | Calcuate the direct memory used by Dremio 35 | */}} 36 | {{- define "DirectMemory" -}} 37 | {{- $input := int . -}} 38 | {{- if ge $input 32768 -}} 39 | {{ sub $input 8192 }} 40 | {{- else if ge $input 16384 -}} 41 | {{ sub $input 4096 }} 42 | {{- else if ge $input 4096 -}} 43 | {{ sub $input 2048 }} 44 | {{- else -}} 45 | {{- $t1 := div $input 4 -}} 46 | {{- sub $input $t1 -}} 47 | {{- end -}} 48 | {{- end -}} 49 | -------------------------------------------------------------------------------- /charts/dremio/templates/dremio-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: dremio-config 5 | data: 6 | {{- tpl (.Files.Glob "config/*").AsConfig . | nindent 2 }} 7 | -------------------------------------------------------------------------------- /charts/dremio/templates/dremio-service-client.yaml: -------------------------------------------------------------------------------- 1 | {{ if not .Values.DremioAdmin }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: dremio-client 6 | labels: 7 | app: dremio-client 8 | {{- if .Values.internalLoadBalancer }} 9 | {{- if eq .Values.internalLoadBalancer true }} 10 | annotations: 11 | service.beta.kubernetes.io/azure-load-balancer-internal: "true" 12 | cloud.google.com/load-balancer-type: "Internal" 13 | service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 14 | service.beta.kubernetes.io/openstack-internal-load-balancer: "true" 15 | {{- end }} 16 | {{- end }} 17 | spec: 18 | ports: 19 | - port: {{ .Values.coordinator.client.port | default 31010 }} 20 | targetPort: 31010 21 | name: client 22 | - port: {{ .Values.coordinator.web.port | default 9047 }} 23 | targetPort: 9047 24 | name: web 25 | selector: 26 | app: dremio-coordinator 27 | type: {{ .Values.serviceType | default "NodePort" }} 28 | {{- if .Values.sessionAffinity }} 29 | sessionAffinity: {{ .Values.sessionAffinity }} 30 | {{- end }} 31 | --- 32 | apiVersion: v1 33 | kind: Service 34 | metadata: 35 | name: dremio-cluster-pod 36 | spec: 37 | ports: 38 | - port: 9999 39 | clusterIP: None 40 | selector: 41 | role: dremio-cluster-pod 42 | {{ end }} 43 | -------------------------------------------------------------------------------- /charts/keycloak/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: keycloakx 3 | repository: https://codecentric.github.io/helm-charts 4 | version: 2.5.0 5 | digest: sha256:b9c003e73cc47375022a57a2856419d394d552911c3a27b085938372b4670f1d 6 | generated: "2025-01-15T09:11:39.641398757-07:00" 7 | -------------------------------------------------------------------------------- /charts/keycloak/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: A Helm chart to use Keycloak with Tidepool 3 | name: keycloak 4 | version: 0.4.7 5 | maintainers: 6 | - name: Todd Kazakov 7 | email: todd@tidepool.org 8 | icon: https://www.tidepool.org/static/media/tidepool-t-logo.41feef82.png 9 | home: https://github.com/tidepool-org/development/charts 10 | dependencies: 11 | - name: keycloakx 12 | version: 2.5.0 13 | repository: https://codecentric.github.io/helm-charts 14 | -------------------------------------------------------------------------------- /charts/keycloak/README.md: -------------------------------------------------------------------------------- 1 | # keycloak 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.3.2](https://img.shields.io/badge/AppVersion-1.3.2-informational?style=flat-square) 4 | 5 | A Helm chart to use Keycloak with Tidepool 6 | 7 | **Homepage:** 8 | 9 | ## Maintainers 10 | 11 | | Name | Email | Url | 12 | | ---- | ------ | --- | 13 | | Todd Kazakov | todd@tidepool.org | | 14 | 15 | ---------------------------------------------- 16 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 17 | -------------------------------------------------------------------------------- /charts/keycloak/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | dev-realm.json: {{ .Files.Get "dev-realm.json" | b64enc | quote }} 4 | kind: Secret 5 | metadata: 6 | name: keycloak-realm 7 | namespace: {{ .Release.Namespace }} 8 | type: Opaque 9 | -------------------------------------------------------------------------------- /charts/keycloak/templates/1-upstream.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: gloo.solo.io/v1 2 | kind: Upstream 3 | metadata: 4 | name: keycloak 5 | namespace: {{ .Release.Namespace }} 6 | spec: 7 | kube: 8 | serviceName: keycloak-http 9 | serviceNamespace: {{ .Release.Namespace }} 10 | servicePort: 80 11 | -------------------------------------------------------------------------------- /charts/keycloak/templates/2-virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: gateway.solo.io/v1 2 | kind: VirtualService 3 | metadata: 4 | name: keycloak 5 | namespace: '{{ .Release.Namespace }}' 6 | spec: 7 | displayName: keycloak 8 | virtualHost: 9 | domains: 10 | - '*:32000' 11 | routes: 12 | - matchers: 13 | - prefix: '/' 14 | routeAction: 15 | single: 16 | upstream: 17 | name: keycloak 18 | namespace: '{{ .Release.Namespace }}' -------------------------------------------------------------------------------- /charts/tidepool/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: keycloak 3 | repository: file://../keycloak 4 | version: 0.4.7 5 | digest: sha256:129b939e536f7ee5b5fe8372bf2caf0af13229d85e28e0b31895ff2424f8c5e5 6 | generated: "2025-02-06T14:11:14.268982-08:00" 7 | -------------------------------------------------------------------------------- /charts/tidepool/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: A Helm chart for Tidepool 3 | name: tidepool 4 | version: 0.18.1 5 | maintainers: 6 | - name: Todd Kazakov 7 | email: todd@tidepool.org 8 | url: https://github.com/toddkazakov 9 | icon: https://www.tidepool.org/static/media/tidepool-t-logo.41feef82.png 10 | home: https://github.com/tidepool-org/development/charts 11 | dependencies: 12 | - name: keycloak 13 | version: 0.4.7 14 | repository: 'file://../keycloak' 15 | condition: keycloak.enabled 16 | -------------------------------------------------------------------------------- /charts/tidepool/Issues.md: -------------------------------------------------------------------------------- 1 | Direct service to service calls 2 | (these leak ports and leak which service serves which path)i 3 | 4 | ------------------------------ 5 | gatekeeper -> shoreline 6 | jellyfish -> gatekeeper 7 | jellyfish-> seagull 8 | jellyfish-> shoreline 9 | shoreline -> gatekeeper 10 | shoreline -> highwater 11 | hydrophone -> shoreline 12 | hydrophone -> seagull 13 | hydrophone -> gatekeeper 14 | hydrophone -> highwater 15 | messageapi -> gatekeeper 16 | messageapi -> highwater 17 | messageapi -> seagull 18 | messageapi -> shoreline 19 | highwater -> shoreline 20 | seagull -> gatekeeper 21 | seagull -> highwater 22 | seagull -> shoreline 23 | tidewhisperer -> auth 24 | tidewhisperer -> gatekeeper 25 | tidewhisperer -> seagull 26 | tidewhisperer -> shoreline 27 | 28 | Prefix removal 29 | ---- 30 | user 31 | /userservices/ 32 | 33 | highwater - phase on PR done 34 | /metrics/ 35 | 36 | messageapi - phase one PR done 37 | /message/ 38 | 39 | hydrophone - phase one PR done 40 | /confirm/ 41 | 42 | data 43 | /dataservices 44 | 45 | tidewhisperer - phase one PR done 46 | /data/ 47 | 48 | seagull - phase one PR done 49 | /metadata/ 50 | 51 | shoreline - phase one PR in progress 52 | 53 | 54 | 55 | -------------------------------------------------------------------------------- /charts/tidepool/charts/abbott/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/abbott/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: abbott 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/abbott/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: abbott 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "charts.labels.standard" . }} 9 | data: 10 | {{ if .Values.configmap.redirectURL }} 11 | RedirectURL: {{ .Values.configmap.redirectURL }} 12 | {{ else }} 13 | RedirectURL: "{{include "charts.host.api" .}}/v1/oauth/abbott/redirect" 14 | {{ end }} 15 | TokenURL: {{ .Values.configmap.tokenURL | default "" }} 16 | AuthorizeURL: {{ .Values.configmap.authorizeURL | default "" }} 17 | ClientURL: {{ .Values.configmap.clientURL | default "" }} 18 | Scopes: {{ .Values.configmap.scopes | default "" }} 19 | PartnerURL: {{ .Values.configmap.partnerURL | default "" }} 20 | {{ end }} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/abbott/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | {{ with .Values.secret.data_ -}} 5 | data: 6 | ClientId: {{ .ClientId | default "" | b64enc | quote }} 7 | ClientSecret: {{ .ClientSecret | default "" | b64enc | quote }} 8 | StateSalt: {{ .StateSalt | default "" | b64enc | quote }} 9 | PartnerId: {{ .PartnerId | default "" | b64enc | quote }} 10 | {{- end }} 11 | kind: Secret 12 | metadata: 13 | name: abbott 14 | namespace: {{ .Release.Namespace }} 15 | type: Opaque 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/tidepool/charts/abbott/values.yaml: -------------------------------------------------------------------------------- 1 | configmap: 2 | enabled: true 3 | redirectURL: "" 4 | tokenURL: "" 5 | authorizeURL: "" 6 | clientURL: "" 7 | scopes: "" 8 | partnerURL: "" 9 | secret: 10 | enabled: false 11 | data_: 12 | ClientId: "" 13 | ClientSecret: "" 14 | StateSalt: "" 15 | PartnerId: "" 16 | -------------------------------------------------------------------------------- /charts/tidepool/charts/auth/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/auth/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: Helm chart for the Tidepool auth service 4 | name: auth 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/auth/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: auth 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" . }} 10 | {{ with .Values.configmap.data_ }} 11 | data: 12 | AppleDeviceCheckKeyId: {{ .AppleDeviceCheckKeyId | default "" }} 13 | AppleDeviceCheckKeyIssuer: {{ .AppleDeviceCheckKeyIssuer | default "" }} 14 | AppleDeviceCheckUseDevelopment: "{{ .AppleDeviceCheckUseDevelopment | default "true" }}" 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/tidepool/charts/auth/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | data: 5 | ServiceAuth: {{ .Values.secret.data_.ServiceAuth | default (randAlphaNum 40) | b64enc | quote }} 6 | AppleDeviceCheckKey: {{ .Values.secret.data_.AppleDeviceCheckKey | default "" | b64enc | quote }} 7 | kind: Secret 8 | metadata: 9 | name: auth 10 | namespace: {{ .Release.Namespace }} 11 | labels: 12 | app: auth 13 | type: Opaque 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/tidepool/charts/auth/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: auth 7 | {{ include "charts.labels.standard" .}} 8 | name: auth 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{ .Values.global.ports.auth }} 14 | targetPort: "http" 15 | selector: 16 | app: auth 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/auth/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: auth 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: auth 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.auth }} 12 | 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/tidepool/charts/auth/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: auth 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: auth 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/auth/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blip/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blip/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: blip 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blip/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: blip 7 | {{ include "charts.labels.standard" .}} 8 | name: blip 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.blip}} 14 | targetPort: "http" 15 | {{ range $key, $port := .Values.global.ports.viz }} 16 | - name: 'http-viz-{{ $key }}' 17 | port: {{ $port }} 18 | targetPort: {{ $port }} 19 | {{- end }} 20 | selector: 21 | app: blip 22 | app.kubernetes.io/name: {{ include "charts.name" . }} 23 | app.kubernetes.io/instance: {{ .Release.Name }} 24 | status: 25 | loadBalancer: {} 26 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blip/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: blip 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: blip 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.blip }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blip/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: blip 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | weight: 10000 12 | routes: 13 | - matchers: 14 | - prefix: / 15 | routeAction: 16 | single: 17 | upstream: 18 | name: blip 19 | options: 20 | extauth: 21 | disable: true 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blip/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: blip 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: blip 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blip/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blip/values.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | podAnnotations: {} 3 | # -- default Docker image 4 | image: tidepool/blip:master-latest 5 | replicas: 1 6 | resources: {} 7 | podSecurityContext: {} 8 | podAnnotations: {} 9 | securityContext: {} 10 | hpa: 11 | # -- whether to create a horizontal pod autoscalers for all pods of given deployment 12 | enabled: false 13 | # -- minimum number of replicas that HPA will maintain 14 | minReplicas: 1 15 | # -- maximum number of replicas that HPA will maintain 16 | maxReplicas: null 17 | pdb: 18 | enabled: false 19 | minAvailable: "50%" 20 | nodeSelector: {} 21 | tolerations: [] 22 | affinity: {} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: blob 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/carelink/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/carelink/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: carelink 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/carelink/README.md: -------------------------------------------------------------------------------- 1 | # carelink 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | affinity | object | `{}` | | 14 | | nodeSelector | object | `{}` | | 15 | | secret.data_.CareLinkSalt | string | `""` | | 16 | | secret.enabled | bool | `false` | | 17 | | tolerations | list | `[]` | | 18 | 19 | ---------------------------------------------- 20 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/carelink/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | data: 5 | CarelinkSalt: {{ .Values.secret.data_.CarelinkSalt | default "" | b64enc | quote }} 6 | kind: Secret 7 | metadata: 8 | name: carelink 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | app: carelink 12 | type: Opaque 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/carelink/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | enabled: false 3 | data_: 4 | CareLinkSalt: "" 5 | nodeSelector: {} 6 | tolerations: [] 7 | affinity: {} 8 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | data: 5 | ServiceAuth: {{ .Values.secret.data_.ServiceAuth | default (randAlphaNum 40) | b64enc | quote }} 6 | kind: Secret 7 | metadata: 8 | name: blob 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | app: blob 12 | type: Opaque 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: blob 7 | {{ include "charts.labels.standard" .}} 8 | name: blob 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.blob}} 14 | targetPort: "http" 15 | selector: 16 | app: blob 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: blob 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: blob 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.blob }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: blob 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | regex: /v1/blobs/[^/]+/content 16 | routeAction: 17 | single: 18 | upstream: 19 | name: blob 20 | - matchers: 21 | - methods: 22 | - GET 23 | - POST 24 | - DELETE 25 | regex: /v1/users/[^/]+/blobs 26 | routeAction: 27 | single: 28 | upstream: 29 | name: blob 30 | - matchers: 31 | - methods: 32 | - GET 33 | - DELETE 34 | regex: /v1/blobs/[^/]+ 35 | routeAction: 36 | single: 37 | upstream: 38 | name: blob 39 | - matchers: 40 | - methods: 41 | - GET 42 | - POST 43 | regex: /v1/users/[^/]+/device_logs 44 | routeAction: 45 | single: 46 | upstream: 47 | name: blob 48 | - matchers: 49 | - methods: 50 | - GET 51 | prefix: /v1/device_logs 52 | routeAction: 53 | single: 54 | upstream: 55 | name: blob 56 | {{- end }} 57 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: blob 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: blob 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/blob/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: blob.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /v1/blobs/[^/]+/content 12 | name: /v1/blobs/{id}/content_get_blob 13 | - condition: 14 | method: GET 15 | pathRegex: /v1/users/[^/]+/blobs 16 | name: /v1/users/{id}/blobs_get_blob 17 | - condition: 18 | method: POST 19 | pathRegex: /v1/users/[^/]+/blobs 20 | name: /v1/users/{id}/blobs_post_blob 21 | - condition: 22 | method: DELETE 23 | pathRegex: /v1/users/[^/]+/blobs 24 | name: /v1/users/{id}/blobs_delete_blob 25 | - condition: 26 | method: GET 27 | pathRegex: /v1/blobs/[^/]+ 28 | name: /v1/blobs/{id}_get_blob 29 | - condition: 30 | method: DELETE 31 | pathRegex: /v1/blobs/[^/]+ 32 | name: /v1/blobs/{id}_delete_blob 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/tidepool/charts/care-partner-alerts/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/care-partner-alerts/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: care-partner-alerts 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/care-partner-alerts/README.md: -------------------------------------------------------------------------------- 1 | # care-partner-alerts 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | configmap.data_.APNSBundleID | string | `"org.tidepool.carepartner"` | | 14 | | configmap.data_.APNSKeyID | string | `"QA3495JW4S"` | | 15 | | configmap.data_.APNSTeamID | string | `"75U4X84TEG"` | | 16 | | configmap.enabled | bool | `true` | | 17 | | secret.data_.APNSSigningKey | string | `""` | | 18 | | secret.enabled | bool | `false` | | 19 | 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/care-partner-alerts/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: care-partner-alerts 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" . }} 10 | {{ with .Values.configmap.data_ -}} 11 | data: 12 | APNSKeyID: {{ .APNSKeyID | default "" }} 13 | APNSTeamID: {{ .APNSTeamID | default "" }} 14 | APNSBundleID: {{ .APNSBundleID | default "" }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/tidepool/charts/care-partner-alerts/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | type: Opaque 6 | metadata: 7 | name: care-partner-alerts 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" . }} 11 | {{ with .Values.secret.data_ -}} 12 | data: 13 | APNSSigningKey: {{ .APNSSigningKey | default "" | b64enc | quote }} 14 | {{- end }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/tidepool/charts/care-partner-alerts/values.yaml: -------------------------------------------------------------------------------- 1 | configmap: 2 | enabled: true 3 | data_: 4 | APNSKeyID: "QA3495JW4S" 5 | APNSTeamID: "75U4X84TEG" 6 | APNSBundleID: "org.tidepool.carepartner" 7 | 8 | secret: 9 | enabled: false 10 | data_: 11 | APNSSigningKey: "" 12 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic-worker/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic-worker/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: clinic-worker 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic-worker/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: clinic-worker 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" .}} 10 | data: 11 | RedoxClientId: "" 12 | RedoxSourceId: "" 13 | RedoxSourceName: "" 14 | RedoxTestMode: "true" 15 | RedoxEnabled: "false" 16 | KafkaTopicPrefix: {{ .Values.configmap.data.KafkaTopicPrefix | quote }} 17 | KafkaTopic: {{ .Values.configmap.data.KafkaTopic | quote }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic-worker/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: clinic-worker 7 | {{ include "charts.labels.standard" .}} 8 | name: clinic-worker 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.clinic_worker}} 14 | targetPort: "http" 15 | selector: 16 | app: clinic-worker 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic-worker/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: clinic-worker 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: clinic-worker 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.clinic_worker }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic-worker/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: clinic-worker 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: clinic-worker 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic-worker/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: clinic 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: clinic 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" .}} 10 | data: 11 | XealthEnabled: {{ .Values.configmap.data.XealthEnabled | quote }} 12 | XealthClientId: {{ .Values.configmap.data.XealthClientId | quote }} 13 | XealthTokenUrl: {{ .Values.configmap.data.XealthTokenUrl | quote }} 14 | XealthServerBaseUrl: {{ .Values.configmap.data.XealthServerBaseUrl | quote }} 15 | KafkaTopicPrefix: {{ .Values.configmap.data.KafkaTopicPrefix | quote }} 16 | KafkaTopic: {{ .Values.configmap.data.KafkaTopic | quote }} 17 | KeycloakTokenEndpoint: {{ .Values.configmap.data.KeycloakTokenEndpoint | quote }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: clinic 7 | {{ include "charts.labels.standard" .}} 8 | name: clinic 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.clinic}} 14 | targetPort: "http" 15 | selector: 16 | app: clinic 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: clinic 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: clinic 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.clinic }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/5-clinicians-source-kafka-connector.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: clinicians-source 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: clinicians-source 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSourceConnector 12 | config: 13 | change.stream.full.document: updateLookup 14 | collection: clinicians 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | copy.existing: false 17 | database: clinic 18 | key.converter: org.apache.kafka.connect.json.JsonConverter 19 | key.converter.schemas.enable: false 20 | topic.prefix: {{ .Release.Namespace }} 21 | value.converter: org.apache.kafka.connect.json.JsonConverter 22 | value.converter.schemas.enable: false 23 | heartbeat.interval.ms: {{ .Values.global.kafka.connect.mongoHeartbeatIntervalMs }} 24 | heartbeat.topic.name: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }}-heartbeat 25 | tasksMax: {{ .Values.global.kafka.connect.sourceTasksMax | int }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/5-clinics-source-kafka-connector.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: clinics-source 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: clinics-source 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSourceConnector 12 | config: 13 | change.stream.full.document: updateLookup 14 | collection: clinics 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | copy.existing: false 17 | database: clinic 18 | key.converter: org.apache.kafka.connect.json.JsonConverter 19 | key.converter.schemas.enable: false 20 | topic.prefix: {{ .Release.Namespace }} 21 | value.converter: org.apache.kafka.connect.json.JsonConverter 22 | value.converter.schemas.enable: false 23 | heartbeat.interval.ms: {{ .Values.global.kafka.connect.mongoHeartbeatIntervalMs }} 24 | heartbeat.topic.name: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }}-heartbeat 25 | tasksMax: {{ .Values.global.kafka.connect.sourceTasksMax | int }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/5-merge-plans-source-kafka-connector.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: merge-plans-source 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: merge-plans-source 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSourceConnector 12 | config: 13 | change.stream.full.document: updateLookup 14 | collection: merge_plans 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | database: clinic 17 | topic.prefix: {{ .Release.Namespace }} 18 | output.json.formatter: com.mongodb.kafka.connect.source.json.formatter.ExtendedJson 19 | value.converter: org.apache.kafka.connect.storage.StringConverter 20 | key.converter: org.apache.kafka.connect.storage.StringConverter 21 | heartbeat.interval.ms: {{ .Values.global.kafka.connect.mongoHeartbeatIntervalMs }} 22 | heartbeat.topic.name: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }}-heartbeat 23 | tasksMax: {{ .Values.global.kafka.connect.sourceTasksMax | int }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/5-migrations-source-kafka-connector.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: migrations-source 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: migrations-source 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSourceConnector 12 | config: 13 | change.stream.full.document: updateLookup 14 | collection: migrations 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | copy.existing: false 17 | database: clinic 18 | key.converter: org.apache.kafka.connect.json.JsonConverter 19 | key.converter.schemas.enable: false 20 | topic.prefix: {{ .Release.Namespace }} 21 | value.converter: org.apache.kafka.connect.json.JsonConverter 22 | value.converter.schemas.enable: false 23 | heartbeat.interval.ms: {{ .Values.global.kafka.connect.mongoHeartbeatIntervalMs }} 24 | heartbeat.topic.name: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }}-heartbeat 25 | tasksMax: {{ .Values.global.kafka.connect.sourceTasksMax | int }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/5-redox-scheduled-reports-source-kafka-connector.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: redox-scheduled-reports-source 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: redox-scheduled-reports-source 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSourceConnector 12 | config: 13 | change.stream.full.document: updateLookup 14 | collection: scheduledSummaryAndReportsOrders 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | copy.existing: false 17 | database: clinic 18 | topic.prefix: {{ .Release.Namespace }} 19 | output.json.formatter: com.mongodb.kafka.connect.source.json.formatter.ExtendedJson 20 | value.converter: org.apache.kafka.connect.storage.StringConverter 21 | key.converter: org.apache.kafka.connect.storage.StringConverter 22 | heartbeat.interval.ms: {{ .Values.global.kafka.connect.mongoHeartbeatIntervalMs }} 23 | heartbeat.topic.name: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }}-heartbeat 24 | tasksMax: {{ .Values.global.kafka.connect.sourceTasksMax | int }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/5-redox-source-kafka-connector.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: redox-source 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: redox-source 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSourceConnector 12 | config: 13 | change.stream.full.document: updateLookup 14 | collection: redox 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | copy.existing: false 17 | database: clinic 18 | topic.prefix: {{ .Release.Namespace }} 19 | output.json.formatter: com.mongodb.kafka.connect.source.json.formatter.ExtendedJson 20 | value.converter: org.apache.kafka.connect.storage.StringConverter 21 | key.converter: org.apache.kafka.connect.storage.StringConverter 22 | heartbeat.interval.ms: {{ .Values.global.kafka.connect.mongoHeartbeatIntervalMs }} 23 | heartbeat.topic.name: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }}-heartbeat 24 | tasksMax: {{ .Values.global.kafka.connect.sourceTasksMax | int }} 25 | {{- end }} 26 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/6-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: clinic 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: clinic 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/clinic/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: data 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: data # as in the data service 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" . }} 10 | {{ with .Values.configmap.data_ }} 11 | data: 12 | AlertsRetryDelays: {{ .AlertsRetryDelays | default "0s" }} 13 | PusherAPNSKeyID: {{ .PusherAPNSKeyID | default "" }} 14 | PusherAPNSTeamID: {{ .PusherAPNSTeamID | default "" }} 15 | PusherAPNSBundleID: {{ .PusherAPNSBundleID | default "" }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | data: 5 | ServiceAuth: {{ .Values.secret.data_.ServiceAuth | default (randAlphaNum 40) | b64enc | quote }} 6 | # PusherAPNSSigningKey is the signing key for Apple Push Notification 7 | # Service. It's a file you can find in 1Password. 8 | # 9 | # If you're running locally via the development cluster, you'll need to 10 | # base64-encode the contents of that file, and add the resulting data to the 11 | # secret. You'll also need to enable the secret in local/Tiltconfig.yaml. 12 | PusherAPNSSigningKey: {{ .Values.secret.data_.PusherAPNSSigningKey | default "" | quote }} 13 | kind: Secret 14 | metadata: 15 | name: data 16 | namespace: {{ .Release.Namespace }} 17 | labels: 18 | app: data 19 | type: Opaque 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: data 7 | {{ include "charts.labels.standard" .}} 8 | name: data 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.data}} 14 | targetPort: "http" 15 | selector: 16 | app: data 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: data 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: data 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.data }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/templates/4-no-authentication-required-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: data-no-authentication-required 6 | namespace: "{{ .Release.Namespace }}" 7 | labels: 8 | namespace: "{{ .Release.Namespace }}" 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | exact: /dataservices/status 16 | routeAction: 17 | single: 18 | upstream: 19 | name: data 20 | options: 21 | extauth: 22 | disable: true 23 | prefixRewrite: /status 24 | {{- if .Values.shadowing.enabled }} 25 | {{- include "charts.routing.opts.shadowing" . | nindent 6 }} 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: data 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: data 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/data/templates/8-data-sources-kafka-connector.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: data-sources-source 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: data-sources-source 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSourceConnector 12 | config: 13 | change.stream.full.document: updateLookup 14 | collection: data_sources 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | copy.existing: true 17 | database: tidepool 18 | key.converter: org.apache.kafka.connect.json.JsonConverter 19 | key.converter.schemas.enable: false 20 | topic.prefix: {{ .Release.Namespace }} 21 | value.converter: org.apache.kafka.connect.json.JsonConverter 22 | value.converter.schemas.enable: false 23 | heartbeat.interval.ms: {{ .Values.global.kafka.connect.mongoHeartbeatIntervalMs }} 24 | heartbeat.topic.name: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }}-heartbeat 25 | tasksMax: {{ .Values.global.kafka.connect.sourceTasksMax | int }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/tidepool/charts/devices/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/devices/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: devices 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /charts/tidepool/charts/devices/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: devices 7 | {{ include "charts.labels.standard" .}} 8 | name: devices 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "grpc" 13 | port: {{ .Values.global.ports.devices_grpc }} 14 | targetPort: "grpc" 15 | - name: "http" 16 | port: {{ .Values.global.ports.devices_http }} 17 | targetPort: "http" 18 | selector: 19 | app: devices 20 | app.kubernetes.io/name: {{ include "charts.name" . }} 21 | app.kubernetes.io/instance: {{ .Release.Name }} 22 | status: 23 | loadBalancer: {} 24 | -------------------------------------------------------------------------------- /charts/tidepool/charts/devices/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: devices 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: devices 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.devices_http }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/devices/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: devices 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | prefix: /v1/devices 16 | routeAction: 17 | single: 18 | upstream: 19 | name: devices 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/devices/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: devices 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: devices 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/devices/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/devices/values.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | image: tidepool/devices:master-latest 3 | replicas: 0 4 | # -- annotations for each pod in deployment 5 | podAnnotations: {} 6 | 7 | # -- memory and cpu resources for pods 8 | resources: {} 9 | securityContext: {} 10 | hpa: 11 | # -- whether to create a horizontal pod autoscalers for all pods of given deployment 12 | enabled: false 13 | # -- minimum number of replicas that HPA will maintain 14 | minReplicas: 1 15 | # -- maximum number of replicas that HPA will maintain 16 | maxReplicas: null 17 | pdb: 18 | # -- whether to apply a pod disruption budget 19 | enabled: false 20 | minAvailable: "50%" 21 | # -- node selector configuration 22 | nodeSelector: {} 23 | # -- tolerations 24 | tolerations: [] 25 | # -- affinity 26 | affinity: {} 27 | -------------------------------------------------------------------------------- /charts/tidepool/charts/dexcom/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/dexcom/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: dexcom 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/dexcom/README.md: -------------------------------------------------------------------------------- 1 | # dexcom 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | configmap.enabled | bool | `true` | whether to generate a configmap | 14 | | configmap.redirectURL | string | `""` | | 15 | | secret.data_.ClientId | string | `""` | plaintext Dexcom Oauth2 client id | 16 | | secret.data_.ClientSecret | string | `""` | plaintext Dexcom Oauth2 client secret | 17 | | secret.data_.StateSalt | string | `""` | plaintext Dexcom Oauth2 state salt | 18 | | secret.enabled | bool | `false` | whether to create dexcom secret | 19 | 20 | ---------------------------------------------- 21 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 22 | -------------------------------------------------------------------------------- /charts/tidepool/charts/dexcom/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: dexcom 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "charts.labels.standard" . }} 9 | data: 10 | {{ if .Values.configmap.redirectURL }} 11 | RedirectURL: {{ .Values.configmap.redirectURL }} 12 | {{ else }} 13 | RedirectURL: "{{include "charts.host.api" .}}/v1/oauth/dexcom/redirect" 14 | {{ end }} 15 | TokenURL: {{ .Values.configmap.tokenURL | default "https://api.dexcom.com/v1/oauth2/token" }} 16 | AuthorizeURL: {{ .Values.configmap.authorizeURL | default "https://api.dexcom.com/v1/oauth2/login?prompt=login" }} 17 | ClientURL: {{ .Values.configmap.clientURL | default "https://api.dexcom.com" }} 18 | Scopes: {{ .Values.configmap.scopes | default "offline_access" }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/dexcom/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | {{ with .Values.secret.data_ -}} 5 | data: 6 | ClientId: {{ .ClientId | default "" | b64enc | quote }} 7 | ClientSecret: {{ .ClientSecret | default "" | b64enc | quote }} 8 | StateSalt: {{ .StateSalt | default "" | b64enc | quote }} 9 | {{- end }} 10 | kind: Secret 11 | metadata: 12 | name: dexcom 13 | namespace: {{ .Release.Namespace }} 14 | type: Opaque 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/tidepool/charts/dexcom/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # -- whether to create dexcom secret 3 | enabled: false 4 | data_: 5 | # -- plaintext Dexcom Oauth2 client id 6 | ClientId: "" 7 | # -- plaintext Dexcom Oauth2 client secret 8 | ClientSecret: "" 9 | # -- plaintext Dexcom Oauth2 state salt 10 | StateSalt: "" # the Dexcom client API url 11 | configmap: 12 | # -- whether to generate a configmap 13 | enabled: true 14 | redirectURL: "" 15 | clientURL: "https://api.dexcom.com" 16 | 17 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: export 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | data: 5 | SessionEncryptionKey: {{ .Values.secret.data_.SessionEncryptionKey | default (randAlphaNum 40) | b64enc | quote }} 6 | kind: Secret 7 | metadata: 8 | name: export 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | app: export 12 | type: Opaque 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | labels: 7 | app: export 8 | {{ include "charts.labels.standard" .}} 9 | name: export 10 | namespace: {{.Release.Namespace}} 11 | spec: 12 | ports: 13 | - name: "http" 14 | port: {{.Values.global.ports.export}} 15 | targetPort: "http" 16 | selector: 17 | app: export 18 | app.kubernetes.io/name: {{ include "charts.name" . }} 19 | app.kubernetes.io/instance: {{ .Release.Name }} 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/templates/3-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceMonitor.enabled }} 2 | --- 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | app: {{ include "charts.name" . }} 8 | {{ include "charts.labels.standard" .}} 9 | name: {{ include "charts.name" . }} 10 | namespace: {{.Release.Namespace}} 11 | spec: 12 | endpoints: 13 | - path: /metrics 14 | port: http 15 | jobLabel: tidepool/export 16 | namespaceSelector: 17 | matchNames: 18 | - {{.Release.Namespace}} 19 | selector: 20 | matchLabels: 21 | app: {{ include "charts.name" . }} 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: export 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: export 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.export }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: export 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | exact: /export/status 16 | routeAction: 17 | single: 18 | upstream: 19 | name: export 20 | options: 21 | extauth: 22 | disable: true 23 | - matchers: 24 | - prefix: /export/ 25 | routeAction: 26 | single: 27 | upstream: 28 | name: export 29 | options: 30 | timeout: '6m' 31 | extauth: 32 | disable: true 33 | {{- end }} 34 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: export 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: export 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/export/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: export.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /export/.* 12 | name: /export/_get_export 13 | timeout: 6m 14 | - condition: 15 | method: POST 16 | pathRegex: /export/.* 17 | name: /export/_post_export 18 | timeout: 2m 19 | - condition: 20 | method: PUT 21 | pathRegex: /export/.* 22 | name: /export/_put_export 23 | timeout: 2m 24 | - condition: 25 | method: PATCH 26 | pathRegex: /export/.* 27 | name: /export/_patch_export 28 | timeout: 2m 29 | - condition: 30 | method: DELETE 31 | pathRegex: /export/.* 32 | name: /export/_delete_export 33 | timeout: 2m 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: gatekeeper 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: gatekeeper 7 | {{ include "charts.labels.standard" .}} 8 | name: gatekeeper 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.gatekeeper}} 14 | targetPort: "http" 15 | selector: 16 | app: gatekeeper 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: gatekeeper 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: gatekeeper 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.gatekeeper }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: gatekeeper 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | exact: /access/status 16 | routeAction: 17 | single: 18 | upstream: 19 | name: gatekeeper 20 | options: 21 | extauth: 22 | disable: true 23 | - matchers: 24 | - methods: 25 | - GET 26 | prefix: /access/groups/ 27 | routeAction: 28 | single: 29 | upstream: 30 | name: gatekeeper 31 | - matchers: 32 | - methods: 33 | - GET 34 | - POST 35 | regex: /access/[^/]+/[^/]+ 36 | routeAction: 37 | single: 38 | upstream: 39 | name: gatekeeper 40 | - matchers: 41 | - methods: 42 | - GET 43 | regex: /access/[^/]+ 44 | routeAction: 45 | single: 46 | upstream: 47 | name: gatekeeper 48 | options: 49 | timeout: '30s' 50 | {{- end }} 51 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: gatekeeper 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: gatekeeper 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: gatekeeper.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /access/status.* 12 | name: /access/status_get_gatekeeper 13 | - condition: 14 | method: GET 15 | pathRegex: /access/groups/.* 16 | name: /access/groups/_get_gatekeeper 17 | - condition: 18 | method: GET 19 | pathRegex: /access/[^/]+/[^/]+.* 20 | name: /access/[^/]+/[^/]+_get_gatekeeper 21 | - condition: 22 | method: POST 23 | pathRegex: /access/[^/]+/[^/]+.* 24 | name: /access/[^/]+/[^/]+_post_gatekeeper 25 | - condition: 26 | method: GET 27 | pathRegex: /access/[^/]+.* 28 | name: /access/[^/]+_get_gatekeeper 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/templates/8-clinicians-permissions-sink.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: clinician-permissions-sink 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: clinician-permissions-sink 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSinkConnector 12 | config: 13 | change.data.capture.handler: com.mongodb.kafka.connect.sink.cdc.mongodb.ChangeStreamHandler 14 | collection: clinician_permissions 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | database: gatekeeper 17 | key.converter: org.apache.kafka.connect.json.JsonConverter 18 | key.converter.schemas.enable: false 19 | post.processor.chain: com.mongodb.kafka.connect.sink.processor.AllowListValueProjector 20 | topics: {{ .Release.Namespace }}.clinic.clinicians 21 | value.converter: org.apache.kafka.connect.json.JsonConverter 22 | value.converter.schemas.enable: false 23 | value.projection.list: _id,userId,clinicId,inviteId,permissions 24 | value.projection.type: AllowList 25 | tasksMax: {{ .Values.global.kafka.connect.sinkTasksMax | int }} 26 | {{- end }} -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/templates/8-patients-permissions-sink.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.kafka.connect.enabled }} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: patients-permissions-sink 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: patients-permissions-sink 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSinkConnector 12 | config: 13 | change.data.capture.handler: com.mongodb.kafka.connect.sink.cdc.mongodb.ChangeStreamHandler 14 | collection: patient_permissions 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | database: gatekeeper 17 | key.converter: org.apache.kafka.connect.json.JsonConverter 18 | key.converter.schemas.enable: false 19 | post.processor.chain: com.mongodb.kafka.connect.sink.processor.AllowListValueProjector 20 | topics: {{ .Release.Namespace }}.clinic.patients 21 | value.converter: org.apache.kafka.connect.json.JsonConverter 22 | value.converter.schemas.enable: false 23 | value.projection.list: _id,userId,clinicId,permissions 24 | value.projection.type: AllowList 25 | tasksMax: {{ .Values.global.kafka.connect.sinkTasksMax | int }} 26 | {{- end }} -------------------------------------------------------------------------------- /charts/tidepool/charts/gatekeeper/values.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | # -- Docker image 3 | image: tidepool/gatekeeper:master-latest 4 | # -- number of replicas to deploy 5 | replicas: 1 6 | 7 | # -- memory and cpu resources for pods 8 | resources: {} 9 | # -- security context for each pod in deployment 10 | podSecurityContext: {} 11 | # -- annotations for each pod in deployment 12 | podAnnotations: {} 13 | securityContext: {} 14 | hpa: 15 | # -- whether to create a horizontal pod autoscalers for all pods of given deployment 16 | enabled: false 17 | # -- minimum number of replicas that HPA will maintain 18 | minReplicas: 1 19 | # -- maximum number of replicas that HPA will maintain 20 | maxReplicas: null 21 | pdb: 22 | # -- whether to apply a pod disruption budget 23 | enabled: false 24 | minAvailable: "50%" 25 | mongo: 26 | # -- name of the secret containing the credentials of the mongo database to use 27 | secretName: mongo 28 | kafka: 29 | # -- name of the configmap containing the kafka broker and credentials to use 30 | configmapName: kafka 31 | # -- name of the configmap containing the kafka broker and credentials to use 32 | secretName: kafka 33 | # -- node selector configuration 34 | nodeSelector: {} 35 | # -- tolerations 36 | tolerations: [] 37 | # -- affinity 38 | affinity: {} 39 | -------------------------------------------------------------------------------- /charts/tidepool/charts/glooingress/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: A Helm chart to use Gloo for Tidepool ingress 3 | name: glooingress 4 | version: 0.1.0 5 | appVersion: 1.3.2 6 | maintainers: 7 | - name: Derrick Burns 8 | email: derrick@tidepool.org 9 | icon: https://www.tidepool.org/static/media/tidepool-t-logo.41feef82.png 10 | home: https://github.com/tidepool-org/development/charts 11 | -------------------------------------------------------------------------------- /charts/tidepool/charts/glooingress/templates/1-auth-config.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.global.glooingress.enabled .Values.extauth.enabled }} 2 | apiVersion: enterprise.gloo.solo.io/v1 3 | kind: AuthConfig 4 | metadata: 5 | name: remote-auth 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | configs: 9 | - pluginAuth: 10 | name: RemoteAuth 11 | pluginFileName: RemoteAuth.so 12 | exportedSymbolName: Plugin 13 | config: 14 | AuthUrl: http://shoreline.{{ .Release.Namespace }}.svc.cluster.local:{{.Values.global.ports.shoreline}}/token 15 | ForwardRequestHeaders: 16 | - x-tidepool-session-token 17 | ResponseHeaders: 18 | isserver: x-auth-server-access 19 | userid: x-auth-subject-id 20 | roles: x-auth-roles 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/tidepool/charts/glooingress/templates/1-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: internal 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: internal 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.gateway.proxy.port }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/glooingress/templates/4-routetable.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/charts/tidepool/charts/glooingress/templates/4-routetable.yaml -------------------------------------------------------------------------------- /charts/tidepool/charts/glooingress/templates/5-service.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | {{ $proxy := .Values.global.gateway.proxy }} 3 | --- 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: internal 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | spec: 11 | externalName: {{ $proxy.name }}.{{ $proxy.namespace | default .Release.Namespace }}.svc.cluster.local 12 | ports: 13 | - port: {{ $proxy.port }} 14 | targetPort: {{ $proxy.targetPort | default 0 }} 15 | type: ExternalName 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/tidepool/charts/glooingress/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: internal.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /.* 12 | name: /internal/all 13 | timeout: 3m 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/tidepool/charts/glooingress/values.yaml: -------------------------------------------------------------------------------- 1 | # -- whether to enable the Gloo API Gateway integration 2 | enabled: true 3 | global: 4 | gateway: 5 | proxy: 6 | # -- name of the Gloo gateway proxy that will host the virtual service 7 | name: "gateway-proxy" 8 | # -- namespace of the Gloo gateway proxy that will host the virtual service 9 | #namespace: 10 | port: 80 11 | extauth: 12 | enabled: false 13 | virtualServices: 14 | http: 15 | name: http 16 | # -- DNS names served with HTTP 17 | dnsNames: [ "localhost" ] 18 | # -- whether to accept HTTP requests 19 | enabled: true 20 | # -- whether to redirect HTTP requests to HTTPS 21 | redirect: false 22 | labels: {} 23 | options: {} 24 | https: 25 | name: https 26 | # -- DNS names served with HTTPS 27 | dnsNames: [] 28 | # -- whether to serve HTTPS 29 | enabled: false 30 | # -- whether to require Strict Transport Security 31 | hsts: false 32 | labels: {} 33 | options: {} 34 | httpInternal: 35 | name: http-internal 36 | labels: {} 37 | options: {} 38 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: highwater 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/charts/kissmetrics/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/charts/kissmetrics/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: kissmetrics 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/charts/kissmetrics/README.md: -------------------------------------------------------------------------------- 1 | # kissmetrics 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | secret.data_.APIKey | string | `""` | plaintext Kissmetrics API Key | 14 | | secret.data_.Token | string | `""` | plaintext Kissmetrics Token | 15 | | secret.data_.UCSFAPIKey | string | `""` | plaintext UCSF Kissmetrics Token | 16 | | secret.data_.UCSFWhitelist | string | `""` | plaintext UCSF metrics whitelist | 17 | | secret.enabled | bool | `false` | Whether to use create kissmetrics secret | 18 | 19 | ---------------------------------------------- 20 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/charts/kissmetrics/templates/kissmetrics-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.templated -}} 2 | --- 3 | apiVersion: v1 4 | {{ with .Values.secret.data_ -}} 5 | data: 6 | APIKey: {{ .APIKey | default "" | b64enc | quote }} 7 | Token: {{ .Token | default "" | b64enc | quote }} 8 | UCSFAPIKey: {{ .UCSFAPIKey | default "" | b64enc | quote }} 9 | UCSFWhitelist: {{ .UCSFWhitelist | default "" | b64enc | quote }} 10 | {{- end }} 11 | kind: Secret 12 | metadata: 13 | name: kissmetrics 14 | namespace: {{ .Release.Namespace }} 15 | type: Opaque 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/charts/kissmetrics/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # secret.enabled -- Whether to use create kissmetrics secret 3 | enabled: false 4 | data_: 5 | # secret.data_.APIKey -- plaintext Kissmetrics API Key 6 | APIKey: "" 7 | # secret.data_.Token -- plaintext Kissmetrics Token 8 | Token: "" 9 | # secret.data_.UCSFAPIKey -- plaintext UCSF Kissmetrics Token 10 | UCSFAPIKey: "" 11 | # secret.data_.UCSFWhitelist -- plaintext UCSF metrics whitelist 12 | UCSFWhitelist: "" 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: highwater 7 | {{ include "charts.labels.standard" .}} 8 | name: highwater 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.highwater}} 14 | targetPort: "http" 15 | selector: 16 | app: highwater 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: highwater 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: highwater 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.highwater }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: highwater 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | exact: /metrics/status 16 | routeAction: 17 | single: 18 | upstream: 19 | name: highwater 20 | options: 21 | extauth: 22 | disable: true 23 | - matchers: 24 | - prefix: /metrics/ 25 | routeAction: 26 | single: 27 | upstream: 28 | name: highwater 29 | options: 30 | retries: 31 | retryOn: '5xx' 32 | numRetries: 3 33 | perTryTimeout: '15s' 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: highwater 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: highwater 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: highwater.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /.* 12 | name: /metrics/_get_highwater 13 | - condition: 14 | method: POST 15 | pathRegex: /.* 16 | name: /metrics/_post_highwater 17 | - condition: 18 | method: PUT 19 | pathRegex: /.* 20 | name: /metrics/_put_highwater 21 | - condition: 22 | method: PATCH 23 | pathRegex: /.* 24 | name: /metrics/_patch_highwater 25 | - condition: 26 | method: DELETE 27 | pathRegex: /.* 28 | name: /metrics/_delete_highwater 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/tidepool/charts/highwater/values.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | image: tidepool/highwater:master-latest 3 | replicas: 1 4 | nodeEnvironment: production 5 | 6 | # -- memory and cpu resources for pods 7 | resources: {} 8 | # -- security context for each pod in deployment 9 | podSecurityContext: {} 10 | # -- annotations for each pod in deployment 11 | podAnnotations: {} 12 | securityContext: {} 13 | hpa: 14 | # -- whether to create a horizontal pod autoscalers for all pods of given deployment 15 | enabled: false 16 | # -- minimum number of replicas that HPA will maintain 17 | minReplicas: 1 18 | # -- maximum number of replicas that HPA will maintain 19 | maxReplicas: null 20 | pdb: 21 | # -- whether to apply a pod disruption budget 22 | enabled: false 23 | minAvailable: "50%" 24 | mongo: 25 | # -- name of the secret containing the credentials of the mongo database to use 26 | secretName: mongo 27 | kafka: 28 | # -- name of the configmap containing the kafka broker and credentials to use 29 | configmapName: kafka 30 | # -- name of the configmap containing the kafka broker and credentials to use 31 | secretName: kafka 32 | # -- node selector configuration 33 | nodeSelector: {} 34 | # -- tolerations 35 | tolerations: [] 36 | # -- affinity 37 | affinity: {} 38 | -------------------------------------------------------------------------------- /charts/tidepool/charts/hydrophone/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/hydrophone/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: hydrophone 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/hydrophone/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: hydrophone 7 | {{ include "charts.labels.standard" .}} 8 | name: hydrophone 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.hydrophone}} 14 | targetPort: "http" 15 | selector: 16 | app: hydrophone 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/hydrophone/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: hydrophone 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: hydrophone 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.hydrophone }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/hydrophone/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: hydrophone 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: hydrophone 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/hydrophone/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/hydrophone/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: hydrophone.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /.* 12 | name: /confirm/_get_hydrophone 13 | timeout: 1m 14 | - condition: 15 | method: POST 16 | pathRegex: /.* 17 | name: /confirm/_post_hydrophone 18 | - condition: 19 | method: PUT 20 | pathRegex: /.* 21 | name: /confirm/_put_hydrophone 22 | - condition: 23 | method: PATCH 24 | pathRegex: /.* 25 | name: /confirm/_patch_hydrophone 26 | - condition: 27 | method: DELETE 28 | pathRegex: /.* 29 | name: /confirm/_delete_hydrophone 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: jellyfish 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: jellyfish 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" .}} 10 | data: 11 | MinimumUploaderVersion: {{ .Values.configmap.data.MinimumUploaderVersion | default "2.53.0" }} 12 | AuthRealm: {{ .Values.configmap.data.AuthRealm }} 13 | AuthUrl: {{ .Values.configmap.data.AuthUrl }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: jellyfish 7 | {{ include "charts.labels.standard" .}} 8 | name: jellyfish 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.jellyfish}} 14 | targetPort: "http" 15 | selector: 16 | app: jellyfish 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: jellyfish 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: jellyfish 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.jellyfish }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: jellyfish 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - POST 15 | prefix: /data/ 16 | routeAction: 17 | single: 18 | upstream: 19 | name: jellyfish 20 | options: 21 | timeout: "60s" 22 | {{- if .Values.shadowing.enabled }} 23 | {{- include "charts.routing.opts.shadowing" . | nindent 6 }} 24 | {{- end }} 25 | - matchers: 26 | - methods: 27 | - GET 28 | prefix: /info 29 | options: 30 | extauth: 31 | disable: true 32 | routeAction: 33 | single: 34 | upstream: 35 | name: jellyfish 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: jellyfish 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: jellyfish 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/jellyfish/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: jellyfish.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: POST 11 | pathRegex: /v1/device/upload/cl.* 12 | name: /v1/device/upload/cl_post_jellyfish 13 | - condition: 14 | method: GET 15 | pathRegex: /v1/device/data/.* 16 | name: /v1/device/data/_get_jellyfish 17 | - condition: 18 | method: GET 19 | pathRegex: /v1/synctasks/.* 20 | name: /v1/synctasks/_get_jellyfish 21 | - condition: 22 | method: POST 23 | pathRegex: /data/.* 24 | name: /data/_post_jellyfish 25 | timeout: 60s 26 | - condition: 27 | method: GET 28 | pathRegex: /info.* 29 | name: /info_get_jellyfish 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /charts/tidepool/charts/kafka/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/kafka/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: kafka 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/kafka/templates/0-configmap-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: kafka-connect-env 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{ include "charts.labels.standard" . }} 8 | data: 9 | EnableDebeziumScripting: "true" 10 | -------------------------------------------------------------------------------- /charts/tidepool/charts/kafka/templates/3-keycloak-roles-sink.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.global.kafka.connect.enabled .Values.global.kafka.connect.keycloak.enabled}} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: keycloak-roles-sink 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: keycloak-roles-sink 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSinkConnector 12 | config: 13 | change.data.capture.handler: com.mongodb.kafka.connect.sink.cdc.debezium.rdbms.postgres.PostgresHandler 14 | collection: keycloak_roles 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | database: user 17 | key.converter: org.apache.kafka.connect.json.JsonConverter 18 | key.converter.schemas.enable: false 19 | topics: {{ .Release.Namespace }}.keycloak.public.keycloak_role 20 | value.converter: org.apache.kafka.connect.json.JsonConverter 21 | value.converter.schemas.enable: false 22 | tasksMax: {{ .Values.global.kafka.connect.sinkTasksMax | int }} 23 | {{- end }} -------------------------------------------------------------------------------- /charts/tidepool/charts/kafka/templates/3-keycloak-user-role-mappings-sink.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.global.kafka.connect.enabled .Values.global.kafka.connect.keycloak.enabled}} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: keycloak-user-role-mappings-sink 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: keycloak-user-role-mappings-sink 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSinkConnector 12 | config: 13 | change.data.capture.handler: com.mongodb.kafka.connect.sink.cdc.debezium.rdbms.postgres.PostgresHandler 14 | collection: keycloak_user_role_mappings 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | database: user 17 | key.converter: org.apache.kafka.connect.json.JsonConverter 18 | key.converter.schemas.enable: false 19 | topics: {{ .Release.Namespace }}.keycloak.public.user_role_mapping 20 | value.converter: org.apache.kafka.connect.json.JsonConverter 21 | value.converter.schemas.enable: false 22 | tasksMax: {{ .Values.global.kafka.connect.sinkTasksMax | int }} 23 | {{- end }} -------------------------------------------------------------------------------- /charts/tidepool/charts/kafka/templates/3-keycloak-users-sink.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.global.kafka.connect.enabled .Values.global.kafka.connect.keycloak.enabled}} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: KafkaConnector 4 | metadata: 5 | labels: 6 | app: keycloak-users-sink 7 | strimzi.io/cluster: {{ .Release.Namespace }}-{{ .Values.global.kafka.connect.clusterName }} 8 | name: keycloak-users-sink 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | class: com.mongodb.kafka.connect.MongoSinkConnector 12 | config: 13 | change.data.capture.handler: com.mongodb.kafka.connect.sink.cdc.debezium.rdbms.postgres.PostgresHandler 14 | collection: keycloak_users 15 | connection.uri: {{ .Values.global.kafka.connect.mongoConnectionUri }} 16 | database: user 17 | key.converter: org.apache.kafka.connect.json.JsonConverter 18 | key.converter.schemas.enable: false 19 | topics: {{ .Release.Namespace }}.keycloak.public.user_entity 20 | value.converter: org.apache.kafka.connect.json.JsonConverter 21 | value.converter.schemas.enable: false 22 | tasksMax: {{ .Values.global.kafka.connect.sinkTasksMax | int }} 23 | {{- end }} -------------------------------------------------------------------------------- /charts/tidepool/charts/mailer/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mailer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: mailer 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mailer/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: mailer 7 | {{ include "charts.labels.standard" .}} 8 | name: mailer 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.mailer}} 14 | targetPort: "http" 15 | selector: 16 | app: mailer 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mailer/templates/3-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceMonitor.enabled }} 2 | --- 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | app: {{ include "charts.name" . }} 8 | {{ include "charts.labels.standard" .}} 9 | name: {{ include "charts.name" . }} 10 | namespace: {{.Release.Namespace}} 11 | spec: 12 | endpoints: 13 | - path: /metrics 14 | port: http 15 | jobLabel: tidepool/mailer 16 | namespaceSelector: 17 | matchNames: 18 | - {{.Release.Namespace}} 19 | selector: 20 | matchLabels: 21 | app: {{ include "charts.name" . }} 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mailer/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: mailer 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: mailer 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.mailer }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mailer/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | name: mailer 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" .}} 10 | spec: 11 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 12 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 13 | scaleTargetRef: 14 | apiVersion: extensions/v1beta1 15 | kind: Deployment 16 | name: mailer 17 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mailer/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/marketo/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: marketo 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/marketo/README.md: -------------------------------------------------------------------------------- 1 | # marketo 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | configmap.data_.ClinicRole | string | `"clinic"` | name of role to use for Clinics | 14 | | configmap.data_.PatientRole | string | `"user"` | name of role to use for Patients | 15 | | configmap.data_.Timeout | string | `"15000000"` | timeout for marketo access in microseconds | 16 | | secret.data_.ID | string | `""` | is to use to authenticate with Marketo | 17 | | secret.data_.Secret | string | `""` | shared secret to use to authenticate with Marketo | 18 | | secret.data_.URL | string | `""` | URL of Marketo service | 19 | | secret.enabled | bool | `false` | whether to generate a secret | 20 | 21 | ---------------------------------------------- 22 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/marketo/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | {{ with .Values.configmap.data_ }} 4 | data: 5 | ClinicRole: {{ .ClinicRole | default "" }} 6 | PatientRole: {{ .PatientRole | default "" }} 7 | Timeout: {{ .Timeout | default "15000000" | quote }} 8 | {{- end }} 9 | kind: ConfigMap 10 | metadata: 11 | name: marketo 12 | namespace: {{ .Release.Namespace }} 13 | labels: 14 | app: marketo 15 | -------------------------------------------------------------------------------- /charts/tidepool/charts/marketo/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | {{ with .Values.secret.data_ -}} 5 | data: 6 | ID: {{ .ID | default "" | b64enc | quote }} 7 | Secret: {{ .Secret | default "" | b64enc | quote }} 8 | URL: {{ .URL | default "" | b64enc | quote }} 9 | {{- end }} 10 | kind: Secret 11 | metadata: 12 | name: marketo 13 | namespace: {{ .Release.Namespace }} 14 | labels: 15 | app: marketo 16 | type: Opaque 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/marketo/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # -- whether to generate a secret 3 | enabled: false 4 | data_: 5 | # -- is to use to authenticate with Marketo 6 | ID: "" 7 | # -- shared secret to use to authenticate with Marketo 8 | Secret: "" 9 | # -- URL of Marketo service 10 | URL: "" 11 | configmap: 12 | data_: 13 | # -- name of role to use for Clinics 14 | ClinicRole: "clinic" 15 | # -- name of role to use for Patients 16 | PatientRole: "user" 17 | # -- timeout for marketo access in microseconds 18 | Timeout: "15000000" 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: messageapi 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: message-api 7 | {{ include "charts.labels.standard" .}} 8 | name: message-api 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.messageapi}} 14 | targetPort: "http" 15 | selector: 16 | app: message-api 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: messageapi 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: message-api 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.messageapi }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/templates/4-no-authentication-required-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: messageapi-no-authentication-required 6 | namespace: "{{ .Release.Namespace }}" 7 | labels: 8 | namespace: "{{ .Release.Namespace }}" 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | exact: /message/status 16 | routeAction: 17 | single: 18 | upstream: 19 | name: messageapi 20 | options: 21 | extauth: 22 | disable: true 23 | {{- if .Values.shadowing }} 24 | shadowing: 25 | {{- toYaml .Values.shadowing | nindent 8 }} 26 | {{- end }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: messageapi 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | weight: 10 12 | routes: 13 | - matchers: 14 | - methods: 15 | - GET 16 | - POST 17 | - PUT 18 | - PATCH 19 | - DELETE 20 | prefix: /message/ 21 | routeAction: 22 | single: 23 | upstream: 24 | name: messageapi 25 | options: 26 | timeout: '30s' 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: messageapi 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: messageapi 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: message-api 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/messageapi/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: message-api.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /.* 12 | name: /message/_get_message-api 13 | timeout: 30s 14 | - condition: 15 | method: POST 16 | pathRegex: /.* 17 | name: /message/_post_message-api 18 | timeout: 30s 19 | - condition: 20 | method: PUT 21 | pathRegex: /.* 22 | name: /message/_put_message-api 23 | timeout: 30s 24 | - condition: 25 | method: PATCH 26 | pathRegex: /.* 27 | name: /message/_patch_message-api 28 | timeout: 30s 29 | - condition: 30 | method: DELETE 31 | pathRegex: /.* 32 | name: /message/_delete_message-api 33 | timeout: 30s 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/tidepool/charts/migrations/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/migrations/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: migrations 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/migrations/values.yaml: -------------------------------------------------------------------------------- 1 | # -- enable migrations deployment if true 2 | enabled: true 3 | deployment: 4 | # -- secrets used to pull images 5 | imagePullSecrets: 6 | # -- Docker image 7 | image: tidepool/platform-migrations:master-latest 8 | # -- number of replicas 9 | replicas: 1 10 | 11 | # -- memory and cpu resources for pods 12 | resources: {} 13 | # -- security context for each pod in deployment 14 | podSecurityContext: {} 15 | # -- annotations for each pod in deployment 16 | podAnnotations: {} 17 | securityContext: {} 18 | mongo: 19 | # -- name of the secret containing the credentials of the mongo database to use 20 | secretName: mongo 21 | # -- node selector configuration 22 | nodeSelector: {} 23 | # -- tolerations 24 | tolerations: [] 25 | # -- affinity 26 | affinity: {} 27 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mongo/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mongo/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: mongo 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/mongo/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # -- whether to create mongo secret 3 | enabled: false 4 | data_: 5 | # -- plaintext Mongo DB scheme, either `mongodb` or `mongodb+srv` 6 | Scheme: "" 7 | # -- plaintext comma-separated list of Mongo `host[:port]` addresses 8 | Addresses: "" 9 | # -- plaintext, If non-empty, Mongo username 10 | Username: "" 11 | # -- plaintext Mongo password 12 | Password: "" 13 | # -- plaintext Mongo database name 14 | Database: "" 15 | # -- plaintext, If true, use SSL on Mongo connection 16 | Tls: "" 17 | # -- plaintext additional Mongo connection params 18 | OptParams: "" 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/plotly-orca/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/tidepool/charts/plotly-orca/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | description: A Helm chart to use plotly/orca with Tidepool 3 | name: plotly-orca 4 | version: 0.1.0 5 | icon: https://www.tidepool.org/static/media/tidepool-t-logo.41feef82.png 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/plotly-orca/templates/0-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | labels: 6 | app: plotly-orca 7 | {{ include "charts.labels.standard" .}} 8 | name: plotly-orca 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | selector: 12 | matchLabels: 13 | app: plotly-orca 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | replicas: {{ .Values.deployment.replicas }} 17 | strategy: {} 18 | template: 19 | metadata: 20 | labels: 21 | app: plotly-orca 22 | app.kubernetes.io/name: {{ include "charts.name" . }} 23 | app.kubernetes.io/instance: {{ .Release.Name }} 24 | spec: 25 | containers: 26 | - name: plotly-orca 27 | image: {{ .Values.deployment.image | quote }} 28 | readinessProbe: 29 | httpGet: 30 | path: /ping 31 | port: {{ .Values.global.ports.plotly_orca }} 32 | initialDelaySeconds: 5 33 | periodSeconds: 10 34 | timeoutSeconds: 5 35 | {{ template "charts.service.lifecycle"}} 36 | ports: 37 | - containerPort: {{ .Values.global.ports.plotly_orca }} 38 | name: "http" 39 | restartPolicy: Always 40 | -------------------------------------------------------------------------------- /charts/tidepool/charts/plotly-orca/templates/1-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: plotly-orca 7 | {{ include "charts.labels.standard" .}} 8 | name: plotly-orca 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.plotly_orca}} 14 | targetPort: "http" 15 | selector: 16 | app: plotly-orca 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/plotly-orca/values.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | image: quay.io/plotly/orca 3 | replicas: 1 -------------------------------------------------------------------------------- /charts/tidepool/charts/prescription/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/prescription/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: prescription 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /charts/tidepool/charts/prescription/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | data: 5 | ServiceAuth: {{ .Values.secret.data_.ServiceAuth | default (randAlphaNum 40) | b64enc | quote }} 6 | kind: Secret 7 | metadata: 8 | name: prescription 9 | namespace: {{ .Release.Namespace }} 10 | labels: 11 | app: prescription 12 | type: Opaque 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/tidepool/charts/prescription/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: prescription 7 | {{ include "charts.labels.standard" .}} 8 | name: prescription 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{ .Values.global.ports.prescription }} 14 | targetPort: "http" 15 | selector: 16 | app: prescription 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/prescription/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: prescription 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: prescription 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.prescription }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/prescription/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: prescription 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: prescription 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/prescription/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/registry/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/registry/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: registry 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/registry/README.md: -------------------------------------------------------------------------------- 1 | # dexcom 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | secret.enabled | bool | `false` | whether to create registry secret | 14 | | secret.registry | string | `"https://index.docker.io/v1/"` | registry | 15 | | secret.username | string | `""` | username | 16 | | secret.password | string | `""` | password | 17 | 18 | ---------------------------------------------- 19 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/registry/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: registry 7 | namespace: {{ .Release.Namespace }} 8 | type: kubernetes.io/dockerconfigjson 9 | data: 10 | {{- with .Values.secret }} 11 | .dockerconfigjson: {{ printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .registry (printf "%s:%s" .username .password | b64enc) | b64enc }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/tidepool/charts/registry/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # -- whether to create registry secret 3 | enabled: false 4 | # -- registry 5 | registry: https://index.docker.io/v1/ 6 | # -- username 7 | username: 8 | # -- password 9 | password: 10 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: seagull 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: seagull 7 | {{ include "charts.labels.standard" .}} 8 | name: seagull 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.seagull}} 14 | targetPort: "http" 15 | selector: 16 | app: seagull 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: seagull 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: seagull 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.seagull }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: seagull 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | exact: /metadata/status 16 | routeAction: 17 | single: 18 | upstream: 19 | name: seagull 20 | options: 21 | extauth: 22 | disable: true 23 | - matchers: 24 | - prefix: /metadata/ 25 | routeAction: 26 | single: 27 | upstream: 28 | name: seagull 29 | options: 30 | retries: 31 | retryOn: '5xx' 32 | numRetries: 3 33 | perTryTimeout: '15s' 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: seagull 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: seagull 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: seagull.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /.* 12 | name: /metadata/_get_seagull 13 | - condition: 14 | method: POST 15 | pathRegex: /.* 16 | name: /metadata/_post_seagull 17 | - condition: 18 | method: PUT 19 | pathRegex: /.* 20 | name: /metadata/_put_seagull 21 | - condition: 22 | method: PATCH 23 | pathRegex: /.* 24 | name: /metadata/_patch_seagull 25 | - condition: 26 | method: DELETE 27 | pathRegex: /.* 28 | name: /metadata/_delete_seagull 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/tidepool/charts/seagull/values.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | # -- seagull Docker image 3 | image: tidepool/seagull:master-latest 4 | # -- number of replicas 5 | replicas: 1 6 | nodeEnvironment: production 7 | 8 | # -- memory and cpu resources for pods 9 | resources: {} 10 | # -- security context for each pod in deployment 11 | podSecurityContext: {} 12 | # -- annotations for each pod in deployment 13 | podAnnotations: {} 14 | securityContext: {} 15 | hpa: 16 | # -- whether to create a horizontal pod autoscalers for all pods of given deployment 17 | enabled: false 18 | # -- minimum number of replicas that HPA will maintain 19 | minReplicas: 1 20 | # -- maximum number of replicas that HPA will maintain 21 | maxReplicas: null 22 | pdb: 23 | # -- whether to apply a pod disruption budget 24 | enabled: false 25 | minAvailable: "50%" 26 | mongo: 27 | # -- name of the secret containing the credentials of the mongo database to use 28 | secretName: mongo 29 | kafka: 30 | # -- name of the configmap containing the kafka broker and credentials to use 31 | configmapName: kafka 32 | # -- name of the configmap containing the kafka broker and credentials to use 33 | secretName: kafka 34 | # -- node selector configuration 35 | nodeSelector: {} 36 | # -- tolerations 37 | tolerations: [] 38 | # -- affinity 39 | affinity: {} 40 | -------------------------------------------------------------------------------- /charts/tidepool/charts/server/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/server/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: server 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/server/README.md: -------------------------------------------------------------------------------- 1 | # server 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | secret.data_.ServiceAuth | string | `""` | service authorization, if empty, random value is generated | 14 | | secret.enabled | bool | `false` | whether to create secret | 15 | 16 | ---------------------------------------------- 17 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/server/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | data: 5 | ServiceAuth: {{ .Values.secret.data_.ServiceAuth | default (randAlphaNum 40) | b64enc | quote }} 6 | kind: Secret 7 | metadata: 8 | name: server 9 | namespace: {{ .Release.Namespace }} 10 | type: Opaque 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/tidepool/charts/server/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # -- whether to create secret 3 | enabled: false 4 | data_: 5 | # -- service authorization, if empty, random value is generated 6 | ServiceAuth: "" 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: shoreline 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: shoreline 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" .}} 10 | data: 11 | ClinicDemoUserId: {{ .Values.configmap.data.ClinicDemoUserId | quote }} 12 | KeycloakAdminUsername: {{ .Values.configmap.data.KeycloakAdminUsername | quote }} 13 | KeycloakBaseUrl: {{ .Values.configmap.data.KeycloakBaseUrl | quote }} 14 | KeycloakClientId: {{ .Values.configmap.data.KeycloakClientId | quote }} 15 | KeycloakBackendClientId: {{ .Values.configmap.data.KeycloakBackendClientId | quote }} 16 | KeycloakLongLivedClientId: {{ .Values.configmap.data.KeycloakLongLivedClientId | quote }} 17 | KeycloakRealm: {{ .Values.configmap.data.KeycloakRealm | quote }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | {{- with .Values.secret.data_ }} 5 | data: 6 | ServiceAuth: {{ .ServiceAuth | default (randAlphaNum 40) | b64enc | quote }} 7 | UserLongTermKey: {{ .UserLongTermKey | default (randAlphaNum 40) | b64enc | quote }} 8 | UserMailVerification: {{ .UserMailVerification | default (randAlphaNum 40) | b64enc | quote }} 9 | KeycloakClientSecret: {{ .KeycloakClientSecret | default (randAlphaNum 40) | b64enc | quote }} 10 | KeycloakBackendClientSecret: {{ .KeycloakBackendClientSecret | default (randAlphaNum 40) | b64enc | quote }} 11 | KeycloakLongLivedClientSecret: {{ .KeycloakClientSecret | default (randAlphaNum 40) | b64enc | quote }} 12 | KeycloakAdminPassword: {{ .KeycloakAdminPassword | default (randAlphaNum 40) | b64enc | quote }} 13 | KeycloakMigrationSecret: {{ .KeycloakMigrationSecret | default (randAlphaNum 40) | b64enc | quote }} 14 | {{- end }} 15 | kind: Secret 16 | metadata: 17 | name: shoreline 18 | namespace: {{ .Release.Namespace }} 19 | labels: 20 | app: shoreline 21 | type: Opaque 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: shoreline 7 | {{ include "charts.labels.standard" .}} 8 | name: shoreline 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.shoreline}} 14 | targetPort: "http" 15 | selector: 16 | app: shoreline 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/templates/3-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceMonitor.enabled }} 2 | --- 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | app: {{ include "charts.name" . }} 8 | {{ include "charts.labels.standard" .}} 9 | name: {{ include "charts.name" . }} 10 | namespace: {{.Release.Namespace}} 11 | spec: 12 | endpoints: 13 | - path: /metrics 14 | port: http 15 | jobLabel: tidepool/shoreline 16 | namespaceSelector: 17 | matchNames: 18 | - {{.Release.Namespace}} 19 | selector: 20 | matchLabels: 21 | app: {{ include "charts.name" . }} 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: shoreline 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: shoreline 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.shoreline }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: shoreline 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: shoreline 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/shoreline/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: task 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: task 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | {{ include "charts.labels.standard" . }} 10 | {{ with .Values.configmap.data_ }} 11 | data: 12 | PusherAPNSKeyID: {{ .PusherAPNSKeyID | default "" }} 13 | PusherAPNSTeamID: {{ .PusherAPNSTeamID | default "" }} 14 | PusherAPNSBundleID: {{ .PusherAPNSBundleID | default "" }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | data: 5 | ServiceAuth: {{ .Values.secret.data_.ServiceAuth | default (randAlphaNum 40) | b64enc | quote }} 6 | # PusherAPNSSigningKey is the signing key for Apple Push Notification 7 | # Service. It's a file you can find in 1Password. 8 | # 9 | # If you're running locally via the development cluster, you'll need to 10 | # base64-encode the contents of that file, and add the resulting data to the 11 | # secret. You'll also need to enable the secret in local/Tiltconfig.yaml. 12 | PusherAPNSSigningKey: {{ .Values.secret.data_.PusherAPNSSigningKey | default "" | quote }} 13 | kind: Secret 14 | metadata: 15 | name: task 16 | namespace: {{ .Release.Namespace }} 17 | labels: 18 | app: task 19 | type: Opaque 20 | {{- end }} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/3-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceMonitor.enabled }} 2 | --- 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | app: {{ include "charts.name" . }} 8 | {{ include "charts.labels.standard" .}} 9 | name: {{ include "charts.name" . }} 10 | namespace: {{.Release.Namespace}} 11 | spec: 12 | endpoints: 13 | - path: /v1/metrics 14 | port: http 15 | jobLabel: tidepool/task 16 | namespaceSelector: 17 | matchNames: 18 | - {{.Release.Namespace}} 19 | selector: 20 | matchLabels: 21 | app: {{ include "charts.name" . }} 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: task 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: task 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.task }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: task 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | - PUT 16 | - DELETE 17 | regex: /v1/tasks/[^/]+ 18 | routeAction: 19 | single: 20 | upstream: 21 | name: task 22 | - matchers: 23 | - methods: 24 | - GET 25 | - POST 26 | prefix: /v1/tasks 27 | routeAction: 28 | single: 29 | upstream: 30 | name: task 31 | {{- end }} 32 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: task 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: task 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: task.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /v1/tasks/[^/]+ 12 | name: /v1/tasks/{id}_get_task 13 | - condition: 14 | method: PUT 15 | pathRegex: /v1/tasks/[^/]+ 16 | name: /v1/tasks/{id}_put_task 17 | - condition: 18 | method: DELETE 19 | pathRegex: /v1/tasks/[^/]+ 20 | name: /v1/tasks/{id}_delete_task 21 | - condition: 22 | method: GET 23 | pathRegex: /v1/tasks.* 24 | name: /v1/tasks_get_task 25 | - condition: 26 | method: POST 27 | pathRegex: /v1/tasks.* 28 | name: /v1/tasks_post_task 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /charts/tidepool/charts/task/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: task 7 | {{ include "charts.labels.standard" .}} 8 | name: task 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{ .Values.global.ports.task }} 14 | targetPort: "http" 15 | selector: 16 | app: task 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: tidewhisperer 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: tide-whisperer 7 | {{ include "charts.labels.standard" .}} 8 | name: tide-whisperer 9 | namespace: {{.Release.Namespace}} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{.Values.global.ports.tidewhisperer}} 14 | targetPort: "http" 15 | selector: 16 | app: tide-whisperer 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/templates/3-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.serviceMonitor.enabled }} 2 | --- 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | app: {{ include "charts.name" . }} 8 | {{ include "charts.labels.standard" .}} 9 | name: {{ include "charts.name" . }} 10 | namespace: {{.Release.Namespace}} 11 | spec: 12 | endpoints: 13 | - path: /metrics 14 | port: http 15 | jobLabel: {{ include "charts.name" . }} 16 | namespaceSelector: 17 | matchNames: 18 | - {{.Release.Namespace}} 19 | selector: 20 | matchLabels: 21 | app: tide-whisperer 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: tidewhisperer 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: tide-whisperer 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.tidewhisperer }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: tidewhisperer 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | routes: 12 | - matchers: 13 | - methods: 14 | - GET 15 | exact: /data/status 16 | routeAction: 17 | single: 18 | upstream: 19 | name: tidewhisperer 20 | options: 21 | extauth: 22 | disable: true 23 | {{- if .Values.shadowing.enabled }} 24 | {{- include "charts.routing.opts.shadowing" . | nindent 6 }} 25 | {{ else }} 26 | prefixRewrite: /status 27 | {{ end }} 28 | - matchers: 29 | - methods: 30 | - GET 31 | prefix: /data/ 32 | routeAction: 33 | single: 34 | upstream: 35 | name: tidewhisperer 36 | options: 37 | extauth: 38 | disable: true 39 | timeout: '3m' 40 | {{- if .Values.shadowing.enabled }} 41 | {{- include "charts.routing.opts.shadowing" . | nindent 6 }} 42 | {{- end }} 43 | {{- end }} 44 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: tide-whisperer 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: tide-whisperer 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: tide-whisperer 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/templates/7-serviceprofile.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.linkerdsupport.enabled }} 2 | apiVersion: linkerd.io/v1alpha2 3 | kind: ServiceProfile 4 | metadata: 5 | name: tide-whisperer.{{ .Release.Namespace }}.svc.cluster.local 6 | namespace: '{{ .Release.Namespace }}' 7 | spec: 8 | routes: 9 | - condition: 10 | method: GET 11 | pathRegex: /.* 12 | name: /data/_get_tide-whisperer 13 | timeout: 3m 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tidewhisperer/values.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | # -- tidewhisperer Docker image 3 | image: tidepool/tide-whisperer:master-latest 4 | # -- number of replicas 5 | replicas: 1 6 | serviceMonitor: 7 | # -- whether to generate a prometheus-operator service monitor 8 | enabled: false 9 | # -- memory and cpu resources for pods 10 | resources: {} 11 | # -- security context for each pod in deployment 12 | podSecurityContext: {} 13 | # -- annotations for each pod in deployment 14 | podAnnotations: {} 15 | securityContext: {} 16 | hpa: 17 | # -- whether to create a horizontal pod autoscalers for all pods of given deployment 18 | enabled: false 19 | # -- minimum number of replicas that HPA will maintain 20 | minReplicas: 1 21 | # -- maximum number of replicas that HPA will maintain 22 | maxReplicas: null 23 | pdb: 24 | # -- whether to apply a pod disruption budget 25 | enabled: false 26 | minAvailable: "50%" 27 | mongo: 28 | # -- name of the secret containing the credentials of the mongo database to use 29 | secretName: mongo 30 | # -- node selector configuration 31 | nodeSelector: {} 32 | # -- tolerations 33 | tolerations: [] 34 | # -- affinity 35 | affinity: {} 36 | shadowing: 37 | enabled: false 38 | upstreamName: "tidewhisperer" 39 | namespace: "shadow" 40 | percentage: 0 41 | -------------------------------------------------------------------------------- /charts/tidepool/charts/token-signing-key/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: token-signing-key 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/token-signing-key/README.md: -------------------------------------------------------------------------------- 1 | # token-signing-key 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | secret.data_.private | string | `""` | | 14 | | secret.data_.public | string | `""` | | 15 | | secret.enabled | bool | `false` | whether to generate secret | 16 | 17 | ---------------------------------------------- 18 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/token-signing-key/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | {{ with .Values.secret.data_ -}} 5 | data: 6 | public: {{ .public | default "" | b64enc | quote }} 7 | private: {{ .private | default "" | b64enc | quote }} 8 | {{- end }} 9 | kind: Secret 10 | metadata: 11 | name: token-signing-key 12 | namespace: {{ .Release.Namespace }} 13 | labels: 14 | app: token-signing-key 15 | type: Opaque 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/tidepool/charts/token-signing-key/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # -- whether to generate secret 3 | enabled: false 4 | data_: 5 | public: "" 6 | private: "" 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tools/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tools/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: tools 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tools/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: tools 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: tools 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tools/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/tools/values.yaml: -------------------------------------------------------------------------------- 1 | # -- whether to enable tools service 2 | enabled: true 3 | deployment: 4 | # -- secrets used to pull images 5 | imagePullSecrets: 6 | # -- Docker image 7 | image: tidepool/platform-tools:master-latest 8 | # -- number of replicas 9 | replicas: 1 10 | # -- memory and cpu resources for pods 11 | resources: {} 12 | # -- security context for each pod in deployment 13 | podSecurityContext: {} 14 | # -- annotations for each pod in deployment 15 | podAnnotations: {} 16 | securityContext: {} 17 | hpa: 18 | # -- whether to create a horizontal pod autoscalers for all pods of given deployment 19 | enabled: false 20 | # -- minimum number of replicas that HPA will maintain 21 | minReplicas: 1 22 | # -- maximum number of replicas that HPA will maintain 23 | maxReplicas: null 24 | pdb: 25 | # -- whether to apply a pod disruption budget 26 | enabled: false 27 | minAvailable: "50%" 28 | mongo: 29 | # -- name of the secret containing the credentials of the mongo database to use 30 | secretName: mongo 31 | # -- node selector configuration 32 | nodeSelector: {} 33 | # -- tolerations 34 | tolerations: [] 35 | # -- affinity 36 | affinity: {} 37 | -------------------------------------------------------------------------------- /charts/tidepool/charts/travis/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: travis 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/travis/README.md: -------------------------------------------------------------------------------- 1 | # travis 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | secret.data_.Token | string | `""` | | 14 | | secret.enabled | bool | `false` | whether to generate secret | 15 | 16 | ---------------------------------------------- 17 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/travis/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | {{ with .Values.secret.data_ -}} 5 | data: 6 | Token: {{ .Token | default "" | b64enc | quote }} 7 | {{- end }} 8 | kind: Secret 9 | metadata: 10 | name: travis 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | app: travis 14 | type: Opaque 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/tidepool/charts/travis/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # -- whether to generate secret 3 | enabled: false 4 | data_: 5 | Token: "" 6 | -------------------------------------------------------------------------------- /charts/tidepool/charts/twiist/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/twiist/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: twiist 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/twiist/templates/0-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.configmap.enabled }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: twiist 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "charts.labels.standard" . }} 9 | data: 10 | {{ if .Values.configmap.redirectURL }} 11 | RedirectURL: {{ .Values.configmap.redirectURL }} 12 | {{ else }} 13 | RedirectURL: "{{include "charts.host.api" .}}/v1/oauth/twiist/redirect" 14 | {{ end }} 15 | TokenURL: {{ .Values.configmap.tokenURL | default "" }} 16 | AuthorizeURL: {{ .Values.configmap.authorizeURL | default "" }} 17 | JWKSURL: {{ .Values.configmap.jwksURL | default "" }} 18 | Scopes: {{ .Values.configmap.scopes | default "" }} 19 | ServiceAccountIDs: {{ .Values.configmap.serviceAccountIDs | default "" }} 20 | {{ end }} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/twiist/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.secret.enabled -}} 2 | --- 3 | apiVersion: v1 4 | {{ with .Values.secret.data_ -}} 5 | data: 6 | ClientID: {{ .clientId | default "" | b64enc | quote }} 7 | ClientSecret: {{ .clientSecret | default "" | b64enc | quote }} 8 | StateSalt: {{ .stateSalt | default "" | b64enc | quote }} 9 | {{- end }} 10 | kind: Secret 11 | metadata: 12 | name: twiist 13 | namespace: {{ .Release.Namespace }} 14 | type: Opaque 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/tidepool/charts/twiist/values.yaml: -------------------------------------------------------------------------------- 1 | configmap: 2 | enabled: false 3 | redirectURL: "" 4 | tokenURL: "" 5 | authorizeURL: "" 6 | scopes: "" 7 | jwksURL: "" 8 | serviceAccountIDs: "" 9 | secret: 10 | enabled: false 11 | data_: 12 | clientId: "" 13 | clientSecret: "" 14 | stateSalt: "" 15 | -------------------------------------------------------------------------------- /charts/tidepool/charts/uploader/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/uploader/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: uploader 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/uploader/templates/2-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | app: uploader 7 | {{ include "charts.labels.standard" .}} 8 | name: uploader 9 | namespace: {{ .Release.Namespace }} 10 | spec: 11 | ports: 12 | - name: "http" 13 | port: {{ .Values.global.ports.uploader }} 14 | targetPort: "http" 15 | selector: 16 | app: uploader 17 | app.kubernetes.io/name: {{ include "charts.name" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /charts/tidepool/charts/uploader/templates/3-upstream.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gloo.solo.io/v1 3 | kind: Upstream 4 | metadata: 5 | name: uploader 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | kube: 9 | serviceName: uploader 10 | serviceNamespace: {{ .Release.Namespace }} 11 | servicePort: {{ .Values.global.ports.uploader }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/tidepool/charts/uploader/templates/4-routetable.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.global.glooingress.enabled }} 2 | apiVersion: gateway.solo.io/v1 3 | kind: RouteTable 4 | metadata: 5 | name: uploader 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | namespace: {{ .Release.Namespace }} 9 | app: tidepool 10 | spec: 11 | weight: 9000 12 | routes: 13 | - matchers: 14 | - prefix: /uploader 15 | routeAction: 16 | single: 17 | upstream: 18 | name: uploader 19 | options: 20 | extauth: 21 | disable: true 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/uploader/templates/5-hpa.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.hpa.enabled -}} 2 | --- 3 | apiVersion: autoscaling/v1 4 | kind: HorizontalPodAutoscaler 5 | metadata: 6 | annotations: 7 | name: uploader 8 | namespace: {{ .Release.Namespace }} 9 | labels: 10 | {{ include "charts.labels.standard" .}} 11 | spec: 12 | maxReplicas: {{ .Values.hpa.maxReplicas | default 10 }} 13 | minReplicas: {{ .Values.hpa.minReplicas | default 1 }} 14 | scaleTargetRef: 15 | apiVersion: extensions/v1beta1 16 | kind: Deployment 17 | name: uploader 18 | targetCPUUtilizationPercentage: {{ .Values.hpa.targetCPUUtilizationPercentage | default 50 }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /charts/tidepool/charts/uploader/templates/6-pdb.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.pdb.enabled }} 2 | {{- if or (and .Values.hpa.enabled (gt (.Values.hpa.minReplicas | int) 1)) (gt (.Values.deployment.replicas | int) 1) -}} 3 | --- 4 | apiVersion: policy/v1 5 | kind: PodDisruptionBudget 6 | metadata: 7 | name: {{ include "charts.name" . }} 8 | namespace: {{ .Release.Namespace }} 9 | spec: 10 | minAvailable: {{ .Values.pdb.minAvailable }} 11 | selector: 12 | matchLabels: 13 | app: {{ include "charts.name" . }} 14 | app.kubernetes.io/name: {{ include "charts.name" . }} 15 | app.kubernetes.io/instance: {{ .Release.Name }} 16 | {{ end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/tidepool/charts/uploader/values.yaml: -------------------------------------------------------------------------------- 1 | deployment: 2 | podAnnotations: {} 3 | # -- default Docker image 4 | image: tidepool/uploader:master-latest 5 | replicas: 0 6 | resources: {} 7 | podSecurityContext: {} 8 | podAnnotations: {} 9 | securityContext: {} 10 | hpa: 11 | # -- whether to create a horizontal pod autoscalers for all pods of given deployment 12 | enabled: false 13 | # -- minimum number of replicas that HPA will maintain 14 | minReplicas: 1 15 | # -- maximum number of replicas that HPA will maintain 16 | maxReplicas: null 17 | pdb: 18 | enabled: false 19 | minAvailable: "50%" 20 | nodeSelector: {} 21 | tolerations: [] 22 | affinity: {} 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/userdata/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/tidepool/charts/userdata/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: userdata 5 | version: 0.1.0 6 | home: https://github.com/tidepool-org/development/charts 7 | -------------------------------------------------------------------------------- /charts/tidepool/charts/userdata/README.md: -------------------------------------------------------------------------------- 1 | # userdata 2 | 3 | ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) 4 | 5 | A Helm chart for Kubernetes 6 | 7 | **Homepage:** 8 | 9 | ## Values 10 | 11 | | Key | Type | Default | Description | 12 | |-----|------|---------|-------------| 13 | | secret.data_.UserIdSalt | string | `""` | plaintext user id salt | 14 | | secret.data_.UserPasswordSalt | string | `""` | plaintext user password salt | 15 | | secret.enabled | bool | `false` | whether to create userdata secret | 16 | 17 | ---------------------------------------------- 18 | Autogenerated from chart metadata using [helm-docs v1.3.0](https://github.com/norwoodj/helm-docs/releases/v1.3.0) 19 | -------------------------------------------------------------------------------- /charts/tidepool/charts/userdata/templates/0-secret.yaml: -------------------------------------------------------------------------------- 1 | {{ if or .Values.secret.enabled .Values.global.secret.generated -}} 2 | --- 3 | apiVersion: v1 4 | {{ with .Values.secret.data_ -}} 5 | data: 6 | GroupIdEncryptionKey: {{ .ServiceAuth | default (randAlphaNum 40) | b64enc | quote }} 7 | UserIdSalt: {{ .UserIdSalt | default (randAlphaNum 40) | b64enc | quote }} 8 | UserPasswordSalt: {{ .PasswordSalt | default (randAlphaNum 40) | b64enc | quote }} 9 | {{- end }} 10 | kind: Secret 11 | metadata: 12 | name: userdata 13 | namespace: {{ .Release.Namespace }} 14 | type: Opaque 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/tidepool/charts/userdata/values.yaml: -------------------------------------------------------------------------------- 1 | secret: 2 | # -- whether to create userdata secret 3 | enabled: false 4 | data_: 5 | # -- plaintext user password salt 6 | UserPasswordSalt: "" 7 | # -- plaintext user id salt 8 | UserIdSalt: "" 9 | -------------------------------------------------------------------------------- /charts/tidepool/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.tidepool.namespace.create }} 2 | --- 3 | apiVersion: v1 4 | kind: Namespace 5 | metadata: 6 | name: {{ .Release.Namespace }} 7 | labels: 8 | {{ include "charts.labels.standard" .}} 9 | annotations: 10 | {{- .Values.tidepool.namespace.annotations | toYaml | nindent 4 }} 11 | {{- end }} 12 | 13 | -------------------------------------------------------------------------------- /docker-compose.k8s.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | server: 4 | image: tidepool/kind:latest-1.21 5 | privileged: true 6 | network_mode: bridge 7 | sysctls: 8 | - net.ipv6.conf.all.disable_ipv6=1 9 | dns_opt: ["options", "single-request"] 10 | ports: 11 | - 127.0.0.1:8443:8443 12 | - 127.0.0.1:10080:10080 13 | - 127.0.0.1:2375:2375 14 | volumes: 15 | - ${TIDEPOOL_DOCKER_MONGO_VOLUME}:/data/db 16 | networks: 17 | default: 18 | driver: bridge 19 | driver_opts: 20 | com.docker.network.driver.mtu: 1412 21 | -------------------------------------------------------------------------------- /tools/kafka-ui/kafka-ui-configMap.yaml: -------------------------------------------------------------------------------- 1 | # Add config map: 2 | # kubectl create configmap kafka-ui-helm-values --from-file tools/kafka-ui/kafka-ui-configMap.yaml 3 | 4 | # Provision kafka-ui with: 5 | # helm repo add kafka-ui https://provectus.github.io/kafka-ui-charts 6 | # helm install kafka-ui kafka-ui/kafka-ui --set existingConfigMap="kafka-ui-helm-values" 7 | 8 | apiVersion: v1 9 | kind: ConfigMap 10 | metadata: 11 | name: kafka-ui-helm-values 12 | data: 13 | KAFKA_CLUSTERS_0_NAME: "kafka-kafka" 14 | KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: "kafka-kafka-0:9092" 15 | KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM: "SCRAM-SHA-512" 16 | KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: "SASL_PLAINTEXT" 17 | KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG: "org.apache.kafka.common.security.scram.ScramLoginModule required username='kafka' password='**GET_FROM_KAFKA_SECRET**';" 18 | -------------------------------------------------------------------------------- /tools/kafka/kafka.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kafka.strimzi.io/v1beta2 2 | kind: Kafka 3 | metadata: 4 | name: kafka 5 | spec: 6 | kafka: 7 | replicas: 1 8 | listeners: 9 | - name: plain 10 | port: 9092 11 | type: internal 12 | tls: false 13 | authentication: 14 | type: scram-sha-512 15 | - name: tls 16 | port: 9093 17 | type: internal 18 | tls: true 19 | authentication: 20 | type: tls 21 | - name: external 22 | port: 9094 23 | type: nodeport 24 | tls: false 25 | storage: 26 | type: jbod 27 | volumes: 28 | - id: 0 29 | type: persistent-claim 30 | size: 10Gi 31 | deleteClaim: true 32 | authorization: 33 | type: simple 34 | superUsers: 35 | - CN=kafka 36 | - kafka 37 | config: 38 | offsets.topic.replication.factor: 1 39 | transaction.state.log.replication.factor: 1 40 | transaction.state.log.min.isr: 1 41 | auto.create.topics.enable: "true" 42 | zookeeper: 43 | replicas: 1 44 | storage: 45 | type: persistent-claim 46 | size: 10Gi 47 | deleteClaim: true 48 | entityOperator: 49 | topicOperator: {} 50 | userOperator: {} 51 | -------------------------------------------------------------------------------- /tools/kafka/kafkauser.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kafka.strimzi.io/v1beta1 3 | kind: KafkaUser 4 | metadata: 5 | name: kafka 6 | labels: 7 | strimzi.io/cluster: kafka 8 | spec: 9 | authentication: 10 | type: scram-sha-512 11 | -------------------------------------------------------------------------------- /tools/mongoinit/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mongo 2 | 3 | COPY dump /dump 4 | CMD mongorestore --host mongodb /dump 5 | -------------------------------------------------------------------------------- /tools/mongoinit/dump/admin/connections.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/admin/connections.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/admin/connections.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"admin.connections"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/admin/dump_logs.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/admin/dump_logs.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/admin/dump_logs.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"admin.dump_logs"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/admin/schema_analyze_result.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/admin/schema_analyze_result.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/admin/schema_analyze_result.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"admin.schema_analyze_result"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/admin/settings.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/admin/settings.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/admin/settings.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"admin.settings"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/confirm/confirmations.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/confirm/confirmations.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/confirm/confirmations.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"confirm.confirmations"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/data/deviceData.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/data/deviceData.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/data/deviceData.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"data.deviceData"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/messages/messages.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/messages/messages.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/messages/messages.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"messages.messages"},{"v":1,"key":{"groupid":1,"timestamp":1},"name":"groupid_1_timestamp_1","ns":"messages.messages"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/seagull/seagull.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/seagull/seagull.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/seagull/seagull.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"seagull.seagull"},{"v":1,"unique":true,"key":{"userId":1},"name":"userId_1","ns":"seagull.seagull"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/tidepool/provider_sessions.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/tidepool/provider_sessions.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/tidepool/provider_sessions.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"tidepool.provider_sessions"},{"v":1,"unique":true,"key":{"id":1},"name":"id_1","ns":"tidepool.provider_sessions","background":true},{"v":1,"key":{"userId":1},"name":"userId_1","ns":"tidepool.provider_sessions","background":true},{"v":1,"unique":true,"key":{"userId":1,"type":1,"name":1},"name":"userId_1_type_1_name_1","ns":"tidepool.provider_sessions","background":true}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/tidepool/restricted_tokens.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/tidepool/restricted_tokens.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/tidepool/restricted_tokens.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"tidepool.restricted_tokens"},{"v":1,"unique":true,"key":{"id":1},"name":"id_1","ns":"tidepool.restricted_tokens","background":true},{"v":1,"key":{"userId":1},"name":"userId_1","ns":"tidepool.restricted_tokens","background":true}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/user/oauth_access.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/user/oauth_access.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/user/oauth_access.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"user.oauth_access"},{"v":1,"key":{"refreshtoken":1},"name":"refreshtoken_1","ns":"user.oauth_access","background":true,"sparse":true}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/user/tokens.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/user/tokens.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/user/tokens.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"user.tokens"}]} -------------------------------------------------------------------------------- /tools/mongoinit/dump/user/users.bson: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tidepool-org/development/cdc8035b5f491b90d202b9737b69674dd43042be/tools/mongoinit/dump/user/users.bson -------------------------------------------------------------------------------- /tools/mongoinit/dump/user/users.metadata.json: -------------------------------------------------------------------------------- 1 | {"options":{},"indexes":[{"v":1,"key":{"_id":1},"name":"_id_","ns":"user.users"}]} --------------------------------------------------------------------------------