diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/Chart.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/Chart.yaml new file mode 100644 index 000000000..ee8ef93af --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: nginx +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.16.0 diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/README.md b/scripts/helm/helm/openreplay/charts/nginx-ingress/README.md new file mode 100644 index 000000000..89797d6e4 --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/README.md @@ -0,0 +1,13 @@ +## Description + +This is the frontend of the OpenReplay web app (internet). + +## Endpoints + +- /api -> chalice +- / -> frontend (in minio) +- /assets -> sessions-assets bucket in minio +- /minio -> minio api endpoint +- /ingest -> events ingestor +- /assist -> live sessions and webRTC +- /grafana -> monitoring (Enterprise Edition only) \ No newline at end of file diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/NOTES.txt b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/NOTES.txt new file mode 100644 index 000000000..08bee15ea --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "nginx.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "nginx.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "nginx.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "nginx.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/_helpers.tpl b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/_helpers.tpl new file mode 100644 index 000000000..ad9f4328e --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "nginx.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nginx.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nginx.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "nginx.labels" -}} +helm.sh/chart: {{ include "nginx.chart" . }} +{{ include "nginx.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "nginx.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nginx.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nginx.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "nginx.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/configmap.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/configmap.yaml new file mode 100644 index 000000000..079ac0457 --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/configmap.yaml @@ -0,0 +1,152 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx + namespace: {{ .Release.Namespace }} +data: + location.list: |- + location ~* /general_stats { + deny all; + } + location /healthz { + return 200 'OK'; + } + location ~ ^/(mobs|sessions-assets|frontend|static|sourcemaps|ios-images)/ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; + + proxy_pass http://minio.db.svc.cluster.local:9000; + } + + location /minio/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://minio.db.svc.cluster.local:9000; + } + location /ingest/ { + rewrite ^/ingest/(.*) /$1 break; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header X-Forwarded-For $real_ip; + proxy_set_header X-Forwarded-Host $real_ip; + proxy_set_header X-Real-IP $real_ip; + proxy_set_header Host $host; + proxy_pass http://http-openreplay.app.svc.cluster.local; + proxy_read_timeout 300; + proxy_connect_timeout 120; + proxy_send_timeout 300; + } + location /grafana { + set $target http://monitoring-grafana.monitoring.svc.cluster.local; + rewrite ^/grafana/(.*) /$1 break; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass $target; + } + location /api/ { + rewrite ^/api/(.*) /$1 break; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://chalice-openreplay.app.svc.cluster.local:8000; + } + location /assist/ { + rewrite ^/assist/(.*) /$1 break; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://utilities-openreplay.app.svc.cluster.local:9000; + } + location /assets/ { + rewrite ^/assets/(.*) /sessions-assets/$1 break; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_pass http://minio.db.svc.cluster.local:9000; + } + location / { + index /index.html; + rewrite ^((?!.(js|css|png|svg|jpg|woff|woff2)).)*$ /frontend/index.html break; + include /etc/nginx/conf.d/compression.conf; + proxy_set_header Host $http_host; + proxy_pass http://minio.db.svc.cluster.local:9000/frontend/; + proxy_intercept_errors on; # see http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_intercept_errors + error_page 404 =200 /index.html; + } + compression.conf: |- + # Compression + gzip on; + gzip_comp_level 5; + gzip_min_length 256; # 256Bytes + gzip_proxied any; + gzip_vary on; + # Content types for compression + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + ; + + sites.conf: |- + resolver {{ .Values.kubeDnsIP }}; + # Need real ip address for flags in replay. + # Some LBs will forward real ips as x-forwarded-for + # So making that as priority + map $http_x_forwarded_for $real_ip { + ~^(\d+\.\d+\.\d+\.\d+) $1; + default $remote_addr; + } + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + server { + listen 80 default_server; + listen [::]:80 default_server; + # server_name _; + {{ .Values.customServerConfigs }} + include /etc/nginx/conf.d/location.list; + client_max_body_size 10M; + } + server { + listen 443 ssl; + ssl_certificate /etc/secrets/site.crt; + ssl_certificate_key /etc/secrets/site.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; + include /etc/nginx/conf.d/location.list; + client_max_body_size 10M; + } diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/deployment.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/deployment.yaml new file mode 100644 index 000000000..9cc018dc1 --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "nginx.fullname" . }} + labels: + {{- include "nginx.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "nginx.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + nginxRolloutID: {{ randAlphaNum 5 | quote }} # Restart nginx after every deployment + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "nginx.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "nginx.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: https + containerPort: 443 + protocol: TCP + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: http + readinessProbe: + httpGet: + path: /healthz + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: nginx + mountPath: /etc/nginx/conf.d/ + - name: ssl + mountPath: /etc/secrets/ + volumes: + - name: nginx + configMap: + name: nginx + - name: ssl + secret: + secretName: ssl diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/hpa.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/hpa.yaml new file mode 100644 index 000000000..9af6c1b79 --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "nginx.fullname" . }} + labels: + {{- include "nginx.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "nginx.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/ingress.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/ingress.yaml new file mode 100644 index 000000000..c90297ca9 --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "nginx.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "nginx.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/service.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/service.yaml new file mode 100644 index 000000000..38912bf78 --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nginx.fullname" . }} + labels: + {{- include "nginx.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + # Make sure to get client ip + externalTrafficPolicy: Local + ports: + {{- range .Values.service.ports }} + - port: {{ .port }} + targetPort: {{ .targetPort }} + protocol: TCP + name: {{ .targetPort }} + {{- end }} + selector: + {{- include "nginx.selectorLabels" . | nindent 4 }} diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/serviceaccount.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/serviceaccount.yaml new file mode 100644 index 000000000..365060380 --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "nginx.serviceAccountName" . }} + labels: + {{- include "nginx.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/tests/test-connection.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/tests/test-connection.yaml new file mode 100644 index 000000000..5879b4f6f --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "nginx.fullname" . }}-test-connection" + labels: + {{- include "nginx.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "nginx.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/tls.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/tls.yaml new file mode 100644 index 000000000..6be88049a --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/tls.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZKRENDQkF5Z0F3SUJBZ0lTQkdrb0hRbThITEJ1dlR0RGZacHVBcTk3TUEwR0NTcUdTSWIzRFFFQkN3VUEKTURJeEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZRUUtFdzFNWlhRbmN5QkZibU55ZVhCME1Rc3dDUVlEVlFRRApFd0pTTXpBZUZ3MHlNVEF4TWpJeE5USTRORE5hRncweU1UQTBNakl4TlRJNE5ETmFNQnN4R1RBWEJnTlZCQU1UCkVHOXVjSEpsYlM1aGMyRjVaWEl1YVc4d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUIKQVFEQzA2bGJUNGJJWmlTSTBaOFZ3M2VyZVp1TjVnckdYV2YxNkZOd0kxb2pqU0RhVHJpSithU0FORklzcVpZcwozbm1hYjFKVDhaa1dHVVg0RWJaalJKR2JVZnZZYWQvWUlLbnpIRGRaa080MXY4ZzNYZWFseFltSmtMNVFBR0d6CnIwbTBHSENENmdxTU0xYThOd05FZTV0enRaZ0VwOWM0U2FZQ3ZzQkZ4YWdCMTZ0SnNBU0VaZkF6djh2Z05WenkKcE1SYURWNWc2UWVZdXBkeWZGb2Q5bldmdHZoTWgvZHROMWt5ZVlyanJSelpKOGRpQWRUWCtPZGJiNG52K3d3UwpwVGR4cVhsOFNxemh5U0V5aDVoRXArcVd3NEVWb3FzeFM5VU1rRmg0dktuNkExSGFGWGxmeERVWmxUVzdqeXpTCndiZmlXOTJhTFlUTHlxYk4wTU5pMEdJaEFnTUJBQUdqZ2dKSk1JSUNSVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXcKSFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRApWUjBPQkJZRUZHa05sY2FKRk1XMlMrR2IvS0N3ZmF0M2lyUUpNQjhHQTFVZEl3UVlNQmFBRkJRdXN4ZTNXRmJMCnJsQUpRT1lmcjUyTEZNTEdNRlVHQ0NzR0FRVUZCd0VCQkVrd1J6QWhCZ2dyQmdFRkJRY3dBWVlWYUhSMGNEb3YKTDNJekxtOHViR1Z1WTNJdWIzSm5NQ0lHQ0NzR0FRVUZCekFDaGhab2RIUndPaTh2Y2pNdWFTNXNaVzVqY2k1dgpjbWN2TUJzR0ExVWRFUVFVTUJLQ0VHOXVjSEpsYlM1aGMyRjVaWEl1YVc4d1RBWURWUjBnQkVVd1F6QUlCZ1puCmdRd0JBZ0V3TndZTEt3WUJCQUdDM3hNQkFRRXdLREFtQmdnckJnRUZCUWNDQVJZYWFIUjBjRG92TDJOd2N5NXMKWlhSelpXNWpjbmx3ZEM1dmNtY3dnZ0VDQmdvckJnRUVBZFo1QWdRQ0JJSHpCSUh3QU80QWRRQ1VJTHdlanRXTgpiSWh6SDRLTElpd04wZHBOWG14UGxEMWgyMDR2V0UyaXdnQUFBWGNxN1RIS0FBQUVBd0JHTUVRQ0lIalMrMUl4CmxtdDNkditvWDRmbTRXeDZ3YVBBUGlhcXBuSGVrL3I3LytXQ0FpQXhpTEdzMUttOXQzTm5tNnV1bGpkUWY3UHYKRW0rS056T01rbXg3OW9YVDBnQjFBSDArOHZpUC80aFZhQ1RDd01xZVVvbDVLOFVPZUFsL0xtcVhhSmwrSXZEWApBQUFCZHlydE1mUUFBQVFEQUVZd1JBSWdlVzRwUWl2bWNIMGwva1g0WDNaQTRoWGVDR1lCWkx1LzBFWjEzUkVQCjk4TUNJR1d4N3RvRlhJV3NEZ1Nhc241RWlhZFlmY29PTnFYVC9PVEpJL0FMOXdqOE1BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUI5Nm1HVUtaTG9QQk9lVm5sVFR3Vy9sSytLYnhsUkJrcXYrc2x1VGVUTmdrSFdSTy9JVGRMYQpDaDVidUdKc253dklCQktpSnIzSG04U3hkWXdKdUpmRUJsTW9kK1dHWktXQTQ1YjJkd1RTRll4OXdjL0lSWi91CjE1QldmVW9tOFhoVHd1Q1o0bG0xN05ET0w0eUpmWWNXVFZmZUo4SFJXK2N3QVo2OUE3Vm5tK2E3YWxCQkpSQksKUUNZL3hZTm8zT21WcE1IVVlicGJHSlg1QkVSMjJmV3lSU2wvWXZBNmJ5c0YxR3ZZMlJGcS83cHVQM3BQamZsbwpVU3FMYkJCL3ZzeXZiNkUxZW5OTkRORmFaMkk0dlZ4WUJaU1hvOEZpTmkycGI3elNpY1JkTjljeThFdlVnS05oCkRUVEJ0TFVjcStpQjlhNkNveTYrNERQMENldVM3YW1kCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVaVENDQTAyZ0F3SUJBZ0lRUUFGMUJJTVVwTWdoaklTcERCYk4zekFOQmdrcWhraUc5dzBCQVFzRkFEQS8KTVNRd0lnWURWUVFLRXh0RWFXZHBkR0ZzSUZOcFoyNWhkSFZ5WlNCVWNuVnpkQ0JEYnk0eEZ6QVZCZ05WQkFNVApEa1JUVkNCU2IyOTBJRU5CSUZnek1CNFhEVEl3TVRBd056RTVNakUwTUZvWERUSXhNRGt5T1RFNU1qRTBNRm93Ck1qRUxNQWtHQTFVRUJoTUNWVk14RmpBVUJnTlZCQW9URFV4bGRDZHpJRVZ1WTNKNWNIUXhDekFKQmdOVkJBTVQKQWxJek1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdXdJVktNejJvSlRURHhMcwpqVldTdy9pQzhabW1la0tJcDEwbXFyVXJ1Y1ZNc2ErT2EvbDF5S1BYRDBlVUZGVTFWNHllcUtJNUdmV0NQRUtwClRtNzFPOE11MjQzQXNGenpXVGpuN2M5cDhGb0xHNzdBbENRbGgvbzNjYk1UNXh5czRadnYyK1E3UlZKRmxxbkIKVTg0MHlGTHV0YTd0ajk1Z2NPS2xWS3UyYlE2WHBVQTBheXZUdkdiclpqUjgrbXVMajFjcG1mZ3dGMTI2Y20vNwpnY1d0MG9aWVBSZkg1d203OFN2M2h0ekIybkZkMUVianpLMGx3WWk4WUdkMVpyUHhHUGVpWE9aVC96cUl0a2VsCi94TVk2cGdKZHorZFUvblBBZVgxcG5BWEZLOWpwUCtaczVPZDNGT25CdjVJaFIyaGFhNGxkYnNUekZJRDllMVIKb1l2YkZRSURBUUFCbzRJQmFEQ0NBV1F3RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQURBT0JnTlZIUThCQWY4RQpCQU1DQVlZd1N3WUlLd1lCQlFVSEFRRUVQekE5TURzR0NDc0dBUVVGQnpBQ2hpOW9kSFJ3T2k4dllYQndjeTVwClpHVnVkSEoxYzNRdVkyOXRMM0p2YjNSekwyUnpkSEp2YjNSallYZ3pMbkEzWXpBZkJnTlZIU01FR0RBV2dCVEUKcDdHa2V5eHgrdHZoUzVCMS84UVZZSVdKRURCVUJnTlZIU0FFVFRCTE1BZ0dCbWVCREFFQ0FUQS9CZ3NyQmdFRQpBWUxmRXdFQkFUQXdNQzRHQ0NzR0FRVUZCd0lCRmlKb2RIUndPaTh2WTNCekxuSnZiM1F0ZURFdWJHVjBjMlZ1ClkzSjVjSFF1YjNKbk1Ed0dBMVVkSHdRMU1ETXdNYUF2b0MyR0syaDBkSEE2THk5amNtd3VhV1JsYm5SeWRYTjAKTG1OdmJTOUVVMVJTVDA5VVEwRllNME5TVEM1amNtd3dIUVlEVlIwT0JCWUVGQlF1c3hlM1dGYkxybEFKUU9ZZgpyNTJMRk1MR01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQVFFQTJVemd5ZldFaURjeDI3c1Q0clA4aTJ0aUVteFl0MGwrUEFLM3FCOG9ZZXZPNEM1ejcwa0gKZWpXRUh4MnRhUERZL2xhQkwyMS9XS1p1TlRZUUhIUEQ1YjF0WGdIWGJuTDdLcUM0MDFkazVWdkNhZFRRc3ZkOApTOE1Yam9oeWM5ejkvRzI5NDhrTGptRTZGbGg5ZERZclZZQTl4Mk8raEVQR09hRU9hMWVlUHluQmdQYXl2VWZMCnFqQnN0ekxoV1ZRTEdBa1hYbU5zKzVablBCeHpESk9MeGhGMkpJYmVRQWNINUgwdFpyVWxvNVpZeU9xQTdzOXAKTzViODVvM0FNL09KK0NrdEZCUXRmdkJoY0pWZDl3dmx3UHNrK3V5T3kySEk3bU54S0tnc0JUdDM3NXRlQTJUdwpVZEhraFZOY3NBS1gxSDdHTk5MT0VBRGtzZDg2d3VvWHZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRREMwNmxiVDRiSVppU0kKMFo4VnczZXJlWnVONWdyR1hXZjE2Rk53STFvampTRGFUcmlKK2FTQU5GSXNxWllzM25tYWIxSlQ4WmtXR1VYNApFYlpqUkpHYlVmdllhZC9ZSUtuekhEZFprTzQxdjhnM1hlYWx4WW1Ka0w1UUFHR3pyMG0wR0hDRDZncU1NMWE4Ck53TkVlNXR6dFpnRXA5YzRTYVlDdnNCRnhhZ0IxNnRKc0FTRVpmQXp2OHZnTlZ6eXBNUmFEVjVnNlFlWXVwZHkKZkZvZDluV2Z0dmhNaC9kdE4xa3llWXJqclJ6Wko4ZGlBZFRYK09kYmI0bnYrd3dTcFRkeHFYbDhTcXpoeVNFeQpoNWhFcCtxV3c0RVZvcXN4UzlVTWtGaDR2S242QTFIYUZYbGZ4RFVabFRXN2p5elN3YmZpVzkyYUxZVEx5cWJOCjBNTmkwR0loQWdNQkFBRUNnZ0VBQ1dOVnA5YS9NZXpxR2NXd0dzWmVmOTdPUmhvdHJyMVZneDM4MTB4OHpYWEIKZllPSmxPeDRwc3plb05SVExqcFNOY1RqZkxRSm9tejVXQ2pTVnhvNHdmbERYM3hLa3dtUDV1MFhKYk84SnM3bApBUFgvWlVHTmpSbHljanh5ZU13Yml4Z2FZK0RsUFRoRUY3RzI4SmZjTjhrcVdCOFdXZG9DcStNeE5LdC9td2NKCjdad2hDRXQrd1E3a2tzbU42VHpBcC9RY1U4R244dVpScXluYm4wVFNydVR4VVlKY3pVQit1bXdtVFF3bUNQNGYKUE1LS2pKTFRFMjIxeWdvV1FrYWtaOHMvL052ZmZiWG9FR2hXZkJ4U05wdGNwak82bU1Pcnp0UGhrUFR6d3oxaQpoajJmVHBuZXcvN3U3K0pkekwrZDloMHNuTCszV2RJS3VhQ2tBMDdvMlFLQmdRRGlFOHBsMEdYcWRtR2hwNHFkCk9rVjNxampraEx5NkJId3FkNGhqMVFYWlFMTWFiVkswOXd3WWY1SVJXR3NhZHB0WWwyUnczSThlWllkWFdVWXoKL1gxV2dHMEdBNWgxYWMySmk4R1JydTRWdk5YTExaQzVBYUJZTjFsUU42eXpRS2trUldFTXRCZTIrdi9TWjFBaQpCdFpKRnRRR21UcHNaR1gzNjdrbGx0YjNid0tCZ1FEY25RRjBNUFU4cC83ZEV3ci9ERXo4M05iaW12Kzk0NEN3Cm9Td29JUVUwZUZaZllDQW9ZK2ZQSW9vSHk1WVE0a3JxR1cxTGFRLyttcm8zZVF3TGNxRnJYVDNFQ2t4Zk9VbkIKbmZ4dHFYQ3ZmSlBLTlRaY0xZcGQvUFltTGcwbU5rS0d5QlppN01ENDNIV3lpeG9hUlQwV2RRWTlvdzBIRi8vMQpISUo4NDVIM2J3S0JnQWVQd2VWRjR5TEVjdCtGU3cyWE5WdWJSZXZleExFMEZUTVdiR2xxWnBldG9rL3YrQ1ExClh5SXlvaUFTWlFLdGxPU1JxN3BhcGk3T0ZvakZZNk81aHNldDQvZWZoeW5tTUFtNXN1KzhlaG9nQnNhVTc1SkEKaTZ4bnJZVVJWNlZuTkVFU1VQeXJ5VjlGWmVrVHE0cDMwQk1Cd0hXNENrdzF6M05MWHhYeXhaM2hBb0dBTEJQYQpoSUo3blFEYnRRUG5BSXBPbjM3b0dDSnIwbDZ3Q1pwS0hrSnFyYzhWUXIwTDc4WDJQTFpqNmFiTmR0WWZyYUlpCjZodzFxK0x5TGI4cm51WHFSbTg4dGZ4d3dkM0tWTHJpQW04R0txbXpSWVZZTlJhTVBMY2Izd2o0YTVnUHRxb24KZnVCYXRkNG1UZVBvOVRLOFA4NWx6czdTL1lYWUIvc0lQemVncEZVQ2dZQjJCdWN0OFZMS2d3aWx4aDFpU1NSMAo3UTl6S25WbWVld0haeG9tVFlxMGhyM0J0ZkJlWDIwZ2VWSTVHRUNVSFhxa0doS3RhNE9pbjl5WVNmY0ljdm1XClV1NFRVS3VaaGs0QkxFSGVHaGM3K1lKM2tJb09NZkpla0tQMEYydlk3SitYNkFOdm40UmQrbmdCclMwQjZZdnQKUXRSYzVBci9RMlhSZGZXQlhrL3dIdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + creationTimestamp: null + name: tls + namespace: nginx-ingress +type: kubernetes.io/tls diff --git a/scripts/helm/helm/openreplay/charts/nginx-ingress/values.yaml b/scripts/helm/helm/openreplay/charts/nginx-ingress/values.yaml new file mode 100644 index 000000000..9a703e387 --- /dev/null +++ b/scripts/helm/helm/openreplay/charts/nginx-ingress/values.yaml @@ -0,0 +1,86 @@ +# Default values for nginx. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +# DNS address of the kubernetes resolver +kubeDnsIP: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: LoadBalancer + ports: + - port: 80 + targetPort: http + - port: 443 + targetPort: https + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {}