feat: reuse settings and secrets with a template injection

Author: PJEstrada

.gitignore

@@ -16,3 +16,6 @@ example.com\+5.pem
 example.com\+6-key.pem
 
 example.com\+6.pem
+
+# Chart dependencies
+**/charts/*.tgz

Chart.lock

@@ -1,6 +1,9 @@
 dependencies:
+- name: rabbitmq
+  repository: https://charts.bitnami.com/bitnami
+  version: 9.1.4
 - name: cert-manager
-  repository: https://charts.jetstack.io/
+  repository: https://charts.jetstack.io
   version: v1.1.0
-digest: sha256:50d9686126f61b7d7b8a50112464b41ac426a483ae053b4820c9e5f953cf7b76
-generated: "2021-01-29T14:30:59.744116786-06:00"
+digest: sha256:16a0d329ffcd4f4ec533d51af30ac1c014066795596729f5572bf93a379a5416
+generated: "2022-05-23T09:23:56.111110299-06:00"

Chart.yaml

@@ -15,10 +15,16 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.0.1"
+appVersion: "0.0.1"
+
+dependencies:
+  - name: rabbitmq
+    version: 9.1.4
+    repository: https://charts.bitnami.com/bitnami
+    condition: useRabbitMq

templates/default/configmap.yaml

@@ -3,29 +3,4 @@ kind: ConfigMap
 metadata:
   name: diffgram-default-configmap
 data:
-  USERDOMAIN: {{ .Values.diffgramSettings.USERDOMAIN }}
-  DIFFGRAM_SYSTEM_MODE: {{ .Values.diffgramSettings.DIFFGRAM_SYSTEM_MODE }}
-  DIFFGRAM_STATIC_STORAGE_PROVIDER: {{ .Values.diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER }}
-  DIFFGRAM_S3_BUCKET_NAME: {{ .Values.diffgramSettings.DIFFGRAM_S3_BUCKET_NAME }}
-  ML__DIFFGRAM_S3_BUCKET_NAME: {{ .Values.diffgramSettings.ML__DIFFGRAM_S3_BUCKET_NAME }}
-  GOOGLE_APPLICATION_CREDENTIALS: /etc/gcp/sa_credentials.json # Check the volume in deployment.yaml and service_account_secret.yaml
-  CLOUD_STORAGE_BUCKET:  {{ .Values.diffgramSettings.CLOUD_STORAGE_BUCKET }}
-  ML__CLOUD_STORAGE_BUCKET:  {{ .Values.diffgramSettings.ML__CLOUD_STORAGE_BUCKET }}
-  URL_BASE: {{ .Values.diffgramDomain }}
-  WALRUS_SERVICE_URL_BASE: {{ .Values.diffgramSettings.WALRUS_SERVICE_URL_BASE }}
-  SERVICE_ACCOUNT_FULL_PATH: {{ .Values.diffgramSettings.SERVICE_ACCOUNT_FULL_PATH }}
-  DIFFGRAM_AZURE_CONTAINER_NAME: {{ .Values.diffgramSettings.DIFFGRAM_AZURE_CONTAINER_NAME }}
-  ML__DIFFGRAM_AZURE_CONTAINER_NAME: {{ .Values.diffgramSettings.ML__DIFFGRAM_AZURE_CONTAINER_NAME }}
-  DIFFGRAM_INSTALL_FINGERPRINT: {{ .Values.diffgramSettings.DIFFGRAM_INSTALL_FINGERPRINT }}
-  DIFFGRAM_VERSION_TAG: {{ .Values.diffgramVersion }}
-  DIFFGRAM_HOST_OS: {{ .Values.diffgramSettings.DIFFGRAM_HOST_OS }}
-  DATABASE_CONNECTION_POOL_SIZE: {{ .Values.diffgramSettings.DATABASE_CONNECTION_POOL_SIZE }}
-  PYTHONPATH: "/app:/app/shared:/"
-  PROCESS_MEDIA_NUM_VIDEO_THREADS: {{ .Values.diffgramSettings.PROCESS_MEDIA_NUM_VIDEO_THREADS }}
-  PROCESS_MEDIA_NUM_FRAME_THREADS: {{ .Values.diffgramSettings.PROCESS_MEDIA_NUM_FRAME_THREADS }}
-  NEW_RELIC_LICENSE_KEY: {{ .Values.diffgramSettings.NEW_RELIC_LICENSE_KEY }}
-  EMAIL_DOMAIN_NAME: {{ .Values.diffgramSettings.EMAIL_DOMAIN_NAME }}
-  ALLOW_EVENTHUB: {{ .Values.diffgramSettings.ALLOW_EVENTHUB }}
-  EMAIL_VALIDATION: {{ .Values.diffgramSettings.EMAIL_VALIDATION }}
-  ALLOW_STRIPE_BILLING: {{ .Values.diffgramSettings.ALLOW_STRIPE_BILLING }}
-  IS_OPEN_SOURCE: {{ .Values.diffgramSettings.IS_OPEN_SOURCE }}
+{{- template "diffgram.settings" . }}

templates/default/secrets.yaml

@@ -4,23 +4,4 @@ metadata:
   name: diffgram-default-secrets
 type: Opaque
 stringData:
-  STRIPE_API_KEY: {{ .Values.diffgramSecrets.STRIPE_API_KEY }}
-  DIFFGRAM_AWS_ACCESS_KEY_SECRET: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_SECRET }}
-  DIFFGRAM_AWS_ACCESS_KEY_ID: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_ID }}
-  _ANALYTICS_WRITE_KEY: {{ .Values.diffgramSecrets._ANALYTICS_WRITE_KEY }}
-  MAILGUN_KEY: {{ .Values.diffgramSecrets.MAILGUN_KEY }}
-  HUB_SPOT_KEY: {{ .Values.diffgramSecrets.HUB_SPOT_KEY }}
-  SECRET_KEY: {{ .Values.diffgramSecrets.SECRET_KEY }}
-  INTER_SERVICE_SECRET: {{ .Values.diffgramSecrets.INTER_SERVICE_SECRET }}
-  FERNET_KEY: {{ .Values.diffgramSecrets.FERNET_KEY }}
-  {{ if eq .Values.dbSettings.dbProvider "local"}}
-  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@diffgram-postgres/{{ .Values.dbSettings.dbName }}"
-  {{ end }}
-  {{ if eq .Values.dbSettings.dbProvider "rds"}}
-  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@postgres-rds-service/{{ .Values.dbSettings.dbName }}"
-  {{ end }}
-  {{ if eq .Values.dbSettings.dbProvider "azure"}}
-  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@postgres-azure-service/{{ .Values.dbSettings.dbName }}"
-  {{ end }}
-  USER_PASSWORDS_SECRET:  {{ .Values.diffgramSecrets.USER_PASSWORDS_SECRET }}
-  DIFFGRAM_AZURE_CONNECTION_STRING:  {{ .Values.diffgramSecrets.DIFFGRAM_AZURE_CONNECTION_STRING }}
+{{- template "diffgram.secrets" . }}

templates/diffgram_settings.tpl

@@ -0,0 +1,35 @@
+{{- define "diffgram.settings" }}
+  USERDOMAIN: {{ .Values.diffgramSettings.USERDOMAIN }}
+  DIFFGRAM_SYSTEM_MODE: {{ .Values.diffgramSettings.DIFFGRAM_SYSTEM_MODE }}
+  DIFFGRAM_STATIC_STORAGE_PROVIDER: {{ .Values.diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER }}
+  DIFFGRAM_S3_BUCKET_NAME: {{ .Values.diffgramSettings.DIFFGRAM_S3_BUCKET_NAME }}
+  ML__DIFFGRAM_S3_BUCKET_NAME: {{ .Values.diffgramSettings.ML__DIFFGRAM_S3_BUCKET_NAME }}
+  GOOGLE_APPLICATION_CREDENTIALS: /etc/gcp/sa_credentials.json # Check the volume in deployment.yaml and service_account_secret.yaml
+  CLOUD_STORAGE_BUCKET:  {{ .Values.diffgramSettings.CLOUD_STORAGE_BUCKET }}
+  ML__CLOUD_STORAGE_BUCKET:  {{ .Values.diffgramSettings.ML__CLOUD_STORAGE_BUCKET }}
+  URL_BASE: {{ .Values.diffgramDomain }}
+  WALRUS_SERVICE_URL_BASE: {{ .Values.diffgramSettings.WALRUS_SERVICE_URL_BASE }}
+  SERVICE_ACCOUNT_FULL_PATH: {{ .Values.diffgramSettings.SERVICE_ACCOUNT_FULL_PATH }}
+  DIFFGRAM_AZURE_CONTAINER_NAME: {{ .Values.diffgramSettings.DIFFGRAM_AZURE_CONTAINER_NAME }}
+  ML__DIFFGRAM_AZURE_CONTAINER_NAME: {{ .Values.diffgramSettings.ML__DIFFGRAM_AZURE_CONTAINER_NAME }}
+  DIFFGRAM_INSTALL_FINGERPRINT: {{ .Values.diffgramSettings.DIFFGRAM_INSTALL_FINGERPRINT }}
+  DIFFGRAM_VERSION_TAG: {{ .Values.diffgramVersion }}
+  DIFFGRAM_HOST_OS: {{ .Values.diffgramSettings.DIFFGRAM_HOST_OS }}
+  DATABASE_CONNECTION_POOL_SIZE: {{ .Values.diffgramSettings.DATABASE_CONNECTION_POOL_SIZE }}
+  PYTHONPATH: "/app:/app/shared:/"
+  PROCESS_MEDIA_NUM_VIDEO_THREADS: {{ .Values.diffgramSettings.PROCESS_MEDIA_NUM_VIDEO_THREADS }}
+  PROCESS_MEDIA_NUM_FRAME_THREADS: {{ .Values.diffgramSettings.PROCESS_MEDIA_NUM_FRAME_THREADS }}
+  NEW_RELIC_LICENSE_KEY: {{ .Values.diffgramSettings.NEW_RELIC_LICENSE_KEY }}
+  EMAIL_DOMAIN_NAME: {{ .Values.diffgramSettings.EMAIL_DOMAIN_NAME }}
+  ALLOW_EVENTHUB: {{ .Values.diffgramSettings.ALLOW_EVENTHUB }}
+  EMAIL_VALIDATION: {{ .Values.diffgramSettings.EMAIL_VALIDATION }}
+  ALLOW_STRIPE_BILLING: {{ .Values.diffgramSettings.ALLOW_STRIPE_BILLING }}
+  IS_OPEN_SOURCE: {{ .Values.diffgramSettings.IS_OPEN_SOURCE }}
+  DIFFGRAM_MINIO_ENDPOINT_URL: {{.Values.diffgramSettings.DIFFGRAM_MINIO_ENDPOINT_URL}}
+  DIFFGRAM_MINIO_ACCESS_KEY_ID: {{.Values.diffgramSettings.DIFFGRAM_MINIO_ACCESS_KEY_ID}}
+  DIFFGRAM_MINIO_ACCESS_KEY_SECRET: {{.Values.diffgramSettings.DIFFGRAM_MINIO_ACCESS_KEY_SECRET}}
+  DIFFGRAM_MINIO_DISABLED_SSL_VERIFY: {{.Values.diffgramSettings.DIFFGRAM_MINIO_DISABLED_SSL_VERIFY}}
+  RABBITMQ_HOST: {{.Values.diffgramSettings.RABBITMQ_HOST}}
+  RABBITMQ_PORT: {{.Values.diffgramSettings.RABBITMQ_PORT}}
+  RABBITMQ_DEFAULT_USER: {{.Values.rabbitmq.auth.rabbitmq}}
+{{- end }}

templates/diffgrams_secrets.tpl

@@ -0,0 +1,23 @@
+{{- define "diffgram.secrets" }}
+  STRIPE_API_KEY: {{ .Values.diffgramSecrets.STRIPE_API_KEY }}
+  DIFFGRAM_AWS_ACCESS_KEY_SECRET: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_SECRET }}
+  DIFFGRAM_AWS_ACCESS_KEY_ID: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_ID }}
+  _ANALYTICS_WRITE_KEY: {{ .Values.diffgramSecrets._ANALYTICS_WRITE_KEY }}
+  MAILGUN_KEY: {{ .Values.diffgramSecrets.MAILGUN_KEY }}
+  HUB_SPOT_KEY: {{ .Values.diffgramSecrets.HUB_SPOT_KEY }}
+  SECRET_KEY: {{ .Values.diffgramSecrets.SECRET_KEY }}
+  INTER_SERVICE_SECRET: {{ .Values.diffgramSecrets.INTER_SERVICE_SECRET }}
+  FERNET_KEY: {{ .Values.diffgramSecrets.FERNET_KEY }}
+  {{ if eq .Values.dbSettings.dbProvider "local"}}
+  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@diffgram-postgres/{{ .Values.dbSettings.dbName }}"
+  {{ end }}
+  {{ if eq .Values.dbSettings.dbProvider "rds"}}
+  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@postgres-rds-service/{{ .Values.dbSettings.dbName }}"
+  {{ end }}
+  {{ if eq .Values.dbSettings.dbProvider "azure"}}
+  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@postgres-azure-service/{{ .Values.dbSettings.dbName }}"
+  {{ end }}
+  USER_PASSWORDS_SECRET:  {{ .Values.diffgramSecrets.USER_PASSWORDS_SECRET }}
+  DIFFGRAM_AZURE_CONNECTION_STRING:  {{ .Values.diffgramSecrets.DIFFGRAM_AZURE_CONNECTION_STRING }}
+  RABBITMQ_DEFAULT_PASS:  {{ .Values.rabbitmq.auth.password }}
+{{- end }}

templates/eventhandlers/configmap.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: diffgram-eventhandlers-configmap
+data:
+{{- template "diffgram.settings" . }}

templates/eventhandlers/deployment.yaml

@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: diffgram-eventhandlers
+  name: diffgram-eventhandlers
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.defaultService.numReplicas }}
+  selector:
+    matchLabels:
+      app: diffgram-eventhandlers
+  template:
+    metadata:
+      labels:
+        app: diffgram-eventhandlers
+    spec:
+      {{ if .Values.nodeGroupLabel }}
+      nodeSelector:
+        poolName: {{ .Values.nodeGroupLabel }}
+      {{ end }}
+      {{ if eq .Values.diffgramEdition "enterprise"}}
+      imagePullSecrets:
+      - name: diffgramsecret
+      {{ end }}
+      volumes:
+      {{ if eq .Values.diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER "gcp"}}
+      - name: service-account-credentials-volume
+        secret:
+          secretName: gcp-service-account-credentials
+          items:
+          - key: sa_json
+            path: sa_credentials.json
+      {{ end }}
+      initContainers:
+      - name: check-db-ready
+        image: postgres:11
+        {{ if eq .Values.dbSettings.dbProvider "local"}}
+        command: ['sh', '-c',
+                  'until pg_isready -h diffgram-postgres -p 5432;
+          do echo waiting for database; sleep 2; done;']
+        {{ end }}
+        {{ if eq .Values.dbSettings.dbProvider "rds"}}
+        command: ['sh', '-c', 'until pg_isready -h postgres-rds-service -p 5432; do echo waiting for database; sleep 2; done;']
+        {{ end }}
+        {{ if eq .Values.dbSettings.dbProvider "azure"}}
+        command: ['sh', '-c', 'until pg_isready -h postgres-azure-service -p 5432; do echo waiting for database; sleep 2; done;']
+        {{ end }}
+      containers:
+      {{ if eq .Values.diffgramEdition "enterprise"}}
+      - image: gcr.io/diffgram-enterprise/eventhandlers:{{ .Values.diffgramVersion }}
+      {{ end }}
+      {{ if eq .Values.diffgramEdition "opencore"}}
+      - image: gcr.io/diffgram-open-core/eventhandlers:{{ .Values.diffgramVersion }}
+      {{ end }}
+        imagePullPolicy: Always
+        name: diffgram-default
+        ports:
+        - containerPort: 8080
+      {{ if eq .Values.diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER "gcp"}}
+        volumeMounts:
+        - name: service-account-credentials-volume
+          mountPath: /etc/gcp
+          readOnly: true
+      {{ end }}
+        envFrom:
+        - configMapRef:
+            name: diffgram-eventhandlers-configmap
+        - secretRef:
+            name: diffgram-eventhandlers-secrets
+        resources:
+          requests:
+            cpu: {{ .Values.eventHandlersService.requests.cpu }}
+            memory: {{ .Values.eventHandlersService.requests.memory }}
+          limits:
+            cpu: {{ .Values.eventHandlersService.limits.cpu }}
+            memory: {{ .Values.eventHandlersService.limits.memory }}

templates/eventhandlers/secrets.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: diffgram-eventhandlers-secrets
+type: Opaque
+stringData:
+{{- template "diffgram.secrets" . }}