diff --git a/.github/workflows/charts.yml b/.github/workflows/charts.yml index d6628532..bf911a9e 100644 --- a/.github/workflows/charts.yml +++ b/.github/workflows/charts.yml @@ -27,6 +27,7 @@ jobs: helm repo add keda https://kedacore.github.io/charts helm repo add opa https://open-policy-agent.github.io/kube-mgmt/charts helm repo add prometheus https://prometheus-community.github.io/helm-charts + helm repo add bitnami https://charts.bitnami.com/bitnami - name: Lint run: > diff --git a/charts/xchemlab/Chart.lock b/charts/xchemlab/Chart.lock index 8799909a..7566ce56 100644 --- a/charts/xchemlab/Chart.lock +++ b/charts/xchemlab/Chart.lock @@ -29,17 +29,23 @@ dependencies: - name: prometheus repository: https://prometheus-community.github.io/helm-charts version: 25.0.0 +- name: postgresql-ha + repository: https://charts.bitnami.com/bitnami + version: 11.5.1 - name: thanos repository: oci://docker.io/bitnamicharts version: 12.11.0 - name: rabbitmq repository: oci://docker.io/bitnamicharts version: 12.0.7 +- name: router + repository: oci://ghcr.io/apollographql/helm-charts + version: 1.41.1 - name: oauth2-proxy repository: oci://registry-1.docker.io/bitnamicharts version: 3.7.4 - name: oauth2-proxy repository: oci://registry-1.docker.io/bitnamicharts version: 3.7.4 -digest: sha256:2738fe6bf788e283ebdd64f5bbf8c0094b9e7271b40fe693b661117d4bed9eb9 -generated: "2024-03-06T11:37:40.525320982Z" +digest: sha256:392add4e5d0d1eadb60a80376f5422e17b58638eb604042e90381aa8a9ce7f71 +generated: "2024-03-13T12:10:55.03395991Z" diff --git a/charts/xchemlab/Chart.yaml b/charts/xchemlab/Chart.yaml index 10476304..c6ea8493 100644 --- a/charts/xchemlab/Chart.yaml +++ b/charts/xchemlab/Chart.yaml @@ -6,7 +6,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.0 +version: 0.11.0 dependencies: - name: chimp-chomp @@ -43,6 +43,10 @@ dependencies: repository: https://prometheus-community.github.io/helm-charts version: 25.0.0 condition: prometheus.enabled + - name: postgresql-ha + repository: https://charts.bitnami.com/bitnami + version: 11.5.1 + condition: postgresql-ha.enabled - name: thanos repository: oci://docker.io/bitnamicharts version: 12.11.0 @@ -51,6 +55,10 @@ dependencies: repository: oci://docker.io/bitnamicharts version: 12.0.7 condition: rabbitmq.enabled + - name: router + repository: oci://ghcr.io/apollographql/helm-charts + version: 1.41.1 + condition: apollo-router.enabled - alias: oauth2-proxy-thanos name: oauth2-proxy repository: oci://registry-1.docker.io/bitnamicharts diff --git a/charts/xchemlab/templates/application-secret.yaml b/charts/xchemlab/templates/application-secret.yaml new file mode 100644 index 00000000..a71dc806 --- /dev/null +++ b/charts/xchemlab/templates/application-secret.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: application-passwords + namespace: xchemlab +spec: + encryptedData: + passwords: AgCALIOXYoCZlI3qJHUwxAGlCF5T2RqhzRGJ6WILt/feRkKdwkicFpCpdjbkLoZMutgIFbmSZtCxUopvocUTVVvy08thDwy/Vuc/tpVhGuKqGbhf7YB8Kohy4lXKfNQjuyIlIlrKlp2EvweNDC2czBwkKP2IKNcBjwO66CyE8JNUuva15UdVA+PrEeaQ+9t5bQclGafYoPnAfh/JBDVdUoHu5UESDycyXTl6IA6jXhgckXuN4mRfrkdXxJgpob2DQCmGDj8d6QBhsNjhYaJJVkK3wr3hbdHvsZGzRMsrZEeNgYGKjBkAyRxgBQqWJITA25yQIi+oWiCW0plkQZw0zEzIDH5ZP85gWCTksY/kBbSW0oaSfdIOj/6X/WpEhfjowEX99pyr6zeYCC+JvXMx/PfkkwbVdevWC4IydXXUi+kctPgBk0Cww12+vGk2u22u0tHX6QpyWcmvETlHHC13oJta/K6CdHbRtyBpnyVORwMYuIuc+gh3BSAzIlYekzWp+/998/0uywg1PUBR7TbpbZyyEFZb2ShYaqYajV7YeYP72wAG3NjvIRQAa4cyk5iXVms/hHKED5IqveeJf88ksrvdmeTqoSdTlxCaixDgyhUzaLIv6ZPv9olFS6k5IyWZ20bwjm4cPGlq5MHs6buDIRZYWs2pXIGuhA8PWByaptWtCJQWB2jOfCzUdSv0+gYjIAJOe525moLuBDUbT9YpDmH3 + usernames: AgCQwvol+C036DNxeVfjDDtfr1LQcl+CI9R/ZjOJ/5Ctx5yawz3Xnv8AfIpvDR79+wFLkXwwng2vY3rSw462Cjj/X5FxHqzqkp9S2bNV8SlG5cb8X9wYoFrqvOq5IPDJv+HgwIdAv15kgBnT1eBr23FGovBa4TasfKQIF63DD2xx4xKsUllkXr9MrdmOz/dgtyJxwPLDE2DtTVD71IXvFucLavr6oFXCKIJ12NR556hKE1xdZZgKaNnJeLil33KA5P1MiQ8tXrco1aPbUqZ5JB2FPF3wNxW6Wmw/AeptT3QJj6QObYdSEM4/HGB+zxHEvRAXrk+9CwFZ+w57fODnDffghxrPkReFmWKLOiXBPB8YqVz5MPK8fpPMPVrFcG4YPy03LHJtboaTs1Slk0O+HxzQeeA0BOrl6Uy9TmNxZIOt202jbrkGhtLhJJnAZFfr4vrhdmALF7+aAAkDeVTF0nycCnnmo2ZHGrvlIK02PaphhGw6iuLR+8/efZNl8IErVIehwCH9+u0sIik7+FwPYNlpYeRcNmsQoJmJuy1avyowcDnHInf57s+ZlAxKbbjUX/EIO5ebuoT45kLV5MpeDIQbYS77fg3SRdaMO3OnMEv2WwYc6Tg+N8q89UAk6wqqu0VEVfng39hg/tZQmKb9O4oCosFSdobFC9I3Kf49Qh8/N4FnfaPYRWsjf6zVCVwz+hGbkmqhadv7gA== + template: + metadata: + creationTimestamp: null + name: application-passwords + namespace: xchemlab diff --git a/charts/xchemlab/templates/pgpool-secret.yaml b/charts/xchemlab/templates/pgpool-secret.yaml new file mode 100644 index 00000000..e3399c87 --- /dev/null +++ b/charts/xchemlab/templates/pgpool-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: pgpool-passwords + namespace: xchemlab +spec: + encryptedData: + admin-password: AgA+DTJgyISrh2I9MCWM8k6vR9aO61FIIxRWJ82OyNnA1yHdFgQcKsnSbEVJaYBPTerUyJUC7OuKiTs/IRlu6jAtJabiknoS0XVnTHp0RF42baMPBvR0d6pXBt+d9EFFv9vXKG5Ko6cd1fQkuI38i8qsrmBq0y8Z2vlvdq+hG9p/zFKLXON622NQWkLvc8d8y58nl+q1gOco/I+lP4E+2woHkhnsPHlh3+FhpaZXEaZRbSKkdB79rzeumlUrjwugWBxovz/8J4LjMtMv5Xt4LqNo2AAl1TRBxBG8RCaX59vRU4WFZf3gEsnCXBDWBwQTiIr/kt9L43hXqZK/FLUSPLcJruxrCdPRpe2dqvU1GfeDneg1aCgV6msc73K2zIOTVbACsb/glUwHRgr+C8c12oD1p/T+mL9E/dV37kRLHxOunmfcrsnpmWHtJB5y955HwBzw8MYiB7F7EFd78+8D7gQXvCdffRtELnhN9ynewCQd0P8DzK97JfJUIbB7+Wl6C8u9A1v0i6Tw7ofRNROuykVyNtK3jrGNeCxRH1cgowRVK6DlOBuZvEhAvE6/f5nLgF4FtLPYZkECqPMprpnSgLEj1ogNOq/+WpnXCfavX+tmrqBLmqtJfBVcl9LBjBgXiqsMXQ0zw2QSEzAaJHymc3Kur2BLnkHQ035UMrZ+CgExjFLSHqlo34VMQzytmuMy2dW0fFPSQMig1fduEJXJMzdcb+GTslJNjJM= + template: + metadata: + creationTimestamp: null + name: pgpool-passwords + namespace: xchemlab diff --git a/charts/xchemlab/templates/postgres-secret.yaml b/charts/xchemlab/templates/postgres-secret.yaml new file mode 100644 index 00000000..e9a72006 --- /dev/null +++ b/charts/xchemlab/templates/postgres-secret.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: postgres-passwords + namespace: xchemlab +spec: + encryptedData: + password: AgBsk50Y8gy4qdfpauAD7opsqUSQnDnooUn7ADb/O7laUW3TVg1NSRNmmP2GUV462DGLAf3mg6wreTP+MatZKFvyfOo3Cn526BCdIBD98DikGKQMatzmQL6K7Ou5e7UnqVPM3nFAP5ggsb7+VKkQ/WoKr6hTnLRKQ+yreghhO51YGk9/VJF65SyVrJsdtXMWVcVasBsbOprfueBfgl1EEA5vNFw4EodSgjk6ulfEB1DEXgBtitYplKjW1D5IorC3+ZI3ig1U5LzLnCRfy0yF4C5zuuHl9wFqTibQW1AQMLHFSk0YMNEeIbmtzkSZA2EVc1pvAmBynZobOLC/FEYKO/6LJcI8wp6JevWr/JkWS1bWH4IXcWhO8T/ma+QsGdc7eXlAOdBdqTd+rsaxKaI6UTa0Vee+BCUzAzOetf1CYVtAnJWGArujhuzREOLAZ2nTJXZJUrp4AFnfBbykzqZ2G+5x5bT2xdgps3vEDAdVXz4IXnJ4l0fkCK6c3PMo4dUCegKTCmKN7fUDD8Qyn039T8nBd9Oee3zhxZE470plHLGV/wZq8uXSJ1FF8KOrOb4GeuWiFKvHlilLW3Vhda2CiqjtKIkoYj5ZW3oOiWnLe0HJwhLbmn8QC1I1+dy0+xeq+/V1RiEtZ9g9fcd5wf5UU7ZiCz87KqEA8NlXnJ0+s/6jUlJlRFydVlsOHrZ31Qgk91AVShVOpBxRKw14ffIN4YjYykBuNH1ZLJM= + repmgr-password: AgC7LcCkCtvVS8kRfJMQqMZz3UwWV9l+HEv5HaH5QOUSnuCQrKje0MNxAeNJxx7XYupfr8m/2dr1YUnXBPlV8Wc17I186P7jN9H/UF3O8kdqz64UnjqaB9y7CQ0Si1FrVZZfgxbE4spLOT04zk+EIYu/qiK615ythb7KXr41V1kDK4dAIyIuwCuZWzXaw1wL6N8DcnTfMKMa/wxNFIjx9SbrAJfD9kPzu5w9RKXJPsBKLjzDzNKgTDE0SC/rOYH/ncoKAtsIJxr80e7YS4boTfA03N73/GSB+8/74SEpVIm+1qghDm/9LSW53q1k11jCC9VZgvW9XJWxd6GHgkEMMqRNpQAspxCdZRAwFJ8KJl9QOxsN3p7n6K77V8Br9Y0OG46ewXmf9gaSf6eKqQkNJodR1hejXC2ys+3CGmpf/fwOiXmyH+4jMUQcCiuXyMt3/6gcH08MrLpIJDf75rxTQpuuhWvgnNPdfwEvcw6dKBmweQLiM5aybnFB1DdKkWHaDOJEn0iFhJttKHYRUNeLrdeW2ua4F48qnnf9tFAFafGU9tPsEZi2CJDIhnrB4dEz8e1OvZy9j5gTKWmeAbTZUWbtAOd7QuARxkdJl0bZCZQgF0gvEAoR0KTohzjImcgDQ0lDhjwJ2mo1Ic3oPJO2QwEi05QhZ2o8F5TU95VFknQiKzQuEusZo/a8WMhVMcisS8XiShNgQad13yUcLL64HYNuXEznl1qL7aE= + template: + metadata: + creationTimestamp: null + name: postgres-passwords + namespace: xchemlab diff --git a/charts/xchemlab/templates/router-apikey-secret.yaml b/charts/xchemlab/templates/router-apikey-secret.yaml new file mode 100644 index 00000000..ba396290 --- /dev/null +++ b/charts/xchemlab/templates/router-apikey-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: router-apikey + namespace: xchemlab +spec: + encryptedData: + managedFederationApiKey: AgC16KXRwfTLl+eBBMOwQzW3RWMvJOVe9nNUYivBKgNj85hnOp9RKkwOOwIO0lGHsxgL+X4Mo6n/xXx9BtPijlRvAPTUULwWeKgquc+NM8xeJYcgawRO4Yug8tpA2oQurGNKYWyf6L1aRWEFUNPsohlBAS7cRUuNldRcmOa98z1+IOde/Vj8bUPjz5hyLPb70T40dF04fJkIqmGit3BTh/niNk7vBfpltgcAI7PCLGj/H8D8+IBB1FiEx8jOKNf9QPzCI+dPi1jiSJ3WVZhF0zaCHDvzO9PfSVw9I2Ybvi3/Fqw/E7SZoLKysi4tUBk5UUPNloYUUyNAxemziDlNHDGL4c+kX6wpGtsmuyHWJBcmRMY+7f7NoydFzLOLXFl97BuFn3LdIWaUX0jnJgfeRB9Z7M4ujYqrBpnDSoQFyOh8p1arQQRzvfd7HWf6rPwy8M9x1HR3TWaNOeHkZ6iEfFj6SVHOuEqZ6TmeHbX7q4D+3QfCbg2fKhn+8DWnkE42cMX10+afscqLFLjbuOBqQVvspUooGS5z/aeee/aovCgXmxaZab2Pml+4x9iVpIOZgn9inJ6ny18sQ/EczFMg8AcvAitiBPLk5jB4xXSaFDaElXsWnLo9aA94M/1ifQ1q1ENET11v3mB50QqHjcjIl8rR86KugJJhapW1qTGoAMuHzqgzCr7BTZak85k/gp5gVlIAUBXZfjO2QSu9E6yApKOTaM+4FPECNlAkshtgZ0lwxIJH/c15LOQ= + template: + metadata: + name: router-apikey + namespace: xchemlab diff --git a/charts/xchemlab/values.yaml b/charts/xchemlab/values.yaml index 352a55b0..ab5efecf 100644 --- a/charts/xchemlab/values.yaml +++ b/charts/xchemlab/values.yaml @@ -22,44 +22,44 @@ chimp-chomp: compound-library: enabled: true database: - host: postgres://postgresql-ha-pgpool - user: postgres + host: postgres://xchemlab-postgresql-ha-pgpool.xchemlab.svc.cluster.local + user: xchemlab password: - secretName: postgres-passwords - secretKey: password + secretName: application-passwords + secretKey: passwords opa: url: http://{{ .Release.Name }}-opa-kube-mgmt:8181 compound-soaking: enabled: true database: - host: postgres://postgresql-ha-pgpool - user: postgres + host: postgres://xchemlab-postgresql-ha-pgpool.xchemlab.svc.cluster.local + user: xchemlab password: - secretName: postgres-passwords - secretKey: password + secretName: application-passwords + secretKey: passwords opa: url: http://{{ .Release.Name }}-opa-kube-mgmt:8181 crystal-library: enabled: true database: - host: postgres://postgresql-ha-pgpool - user: postgres + host: postgres://xchemlab-postgresql-ha-pgpool.xchemlab.svc.cluster.local + user: xchemlab password: - secretName: postgres-passwords - secretKey: password + secretName: application-passwords + secretKey: passwords opa: url: http://{{ .Release.Name }}-opa-kube-mgmt:8181 pin-packing: enabled: true database: - host: postgres://postgresql-ha-pgpool - user: postgres + host: postgres://xchemlab-postgresql-ha-pgpool.xchemlab.svc.cluster.local + user: xchemlab password: - secretName: postgres-passwords - secretKey: password + secretName: application-passwords + secretKey: passwords opa: url: http://{{ .Release.Name }}-opa-kube-mgmt:8181 @@ -77,11 +77,11 @@ targeting: secretName: targeting-s3-secret secretKey: secret-access-key database: - host: postgres://postgresql-ha-pgpool - user: postgres + host: postgres://xchemlab-postgresql-ha-pgpool.xchemlab.svc.cluster.local + user: xchemlab password: - secretName: postgres-passwords - secretKey: password + secretName: application-passwords + secretKey: passwords opa: url: http://{{ .Release.Name }}-opa-kube-mgmt:8181 @@ -156,6 +156,64 @@ opa-kube-mgmt: rbac: create: false +postgresql-ha: + postgresql: + existingSecret: postgres-passwords + podAntiAffinityPreset: hard + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 2 + memory: 2Gi + initdbScripts: + db-init.sql: | + SELECT 'CREATE DATABASE compound_library' OWNER xchemlab WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'compound_library')\gexec; + SELECT 'CREATE DATABASE compound_soaking' OWNER xchemlab WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'compound_soaking')\gexec; + SELECT 'CREATE DATABASE crystal_library' OWNER xchemlab WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'crystal_library')\gexec; + SELECT 'CREATE DATABASE targeting' OWNER xchemlab WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'targeting')\gexec; + SELECT 'CREATE DATABASE pin_packing' OWNER xchemlab WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'pin_packing')\gexec; + + pgpool: + existingSecret: pgpool-passwords + customUsersSecret: application-passwords + resources: + requests: + cpu: 500m + memory: 256Mi + limits: + cpu: 1 + memory: 512Mi + + persistence: + storageClass: db-nvme-storage + size: 50Gi + +router: + enabled: true + managedFederation: + existingSecret: router-apikey + graphRef: xchemlab@current + ingress: + enabled: true + hosts: + - host: xchemlab.diamond.ac.uk + paths: + - path: / + pathType: Prefix + router: + args: + - --hot-reload + - --dev + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 1 + memory: 128Mi + prometheus: enabled: true