Merge pull request #12 from diffgram/rabbit-eventhandlers-support

Rabbit MQ & Eventhandlers Service

Author: PJEstrada

.gitignore

@@ -16,3 +16,11 @@ example.com\+5.pem
 example.com\+6-key.pem
 
 example.com\+6.pem
+
+# Chart dependencies
+**/charts/*.tgz
+ca.crt
+
+ca.key
+
+local-ca.crt

Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
-- name: cert-manager
-  repository: https://charts.jetstack.io/
-  version: v1.1.0
-digest: sha256:50d9686126f61b7d7b8a50112464b41ac426a483ae053b4820c9e5f953cf7b76
-generated: "2021-01-29T14:30:59.744116786-06:00"
+- name: rabbitmq
+  repository: https://charts.bitnami.com/bitnami
+  version: 9.1.4
+digest: sha256:a92c6d671ae303d36df25c5c05705ee5193e1e22a6987e1476f4f815aa9887d7
+generated: "2022-05-24T22:45:09.592488539-06:00"

Chart.yaml

@@ -15,10 +15,16 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 1.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.0.1"
+appVersion: "0.0.1"
+
+dependencies:
+  - name: rabbitmq
+    version: 9.1.4
+    repository: https://charts.bitnami.com/bitnami
+    condition: useRabbitMq

README.md

@@ -46,15 +46,41 @@ imagePullCredentials:
 ### TLS Ceritificates
 #### Using minikube (For local testing) 
 Install Cert Manager
-`helm repo add jetstack https://charts.jetstack.io`
+```
+helm repo add jetstack https://charts.jetstack.io
+helm install cert-manager --namespace default jetstack/cert-manager --set installCRDs=true
+```
 
-`helm install cert-manager --namespace default jetstack/cert-manager --set installCRDs=true`
 
 Default domain on diffgram is: `example.com` so make sure you add that to your local hosts file:
 
 `echo "$(minikube ip) example.com" | sudo tee -a /etc/hosts`
 
-#### Using cert-manager             
+In order for TLS to work on your local machine, you will need to provide local certificate authorities.
+Otherwise your web browser will detect the certificates as invalid.
+
+To do that you can generate a key and certificate like this:
+```
+# Generate key
+openssl genrsa -out ca.key 2048
+# Create CA certificate signing it with the previous key.
+openssl req -x509 -new -nodes -key ca.key -sha256 -subj "/CN=sampleissuer.local" -days 1024 -out ca.crt -extensions v3_ca
+```
+Now create the certificates as secrets on your minkube cluster:
+```angular2html
+kubectl create secret tls my-local-ca-key-pair --key=ca.key --cert=ca.crt
+```
+Finally Modify your `values.yaml` so that helm chart can grab the secret using cert-manager
+issuers. Set `tlsIssuer` to `issuer-local` and `localCaSecretName` to the name you have to the secret created above:
+
+```angular2html
+tlsIssuer: issuer-local # One of: "issuer-local", "letsencrypt-staging", or "letsencrypt-prod"
+localCaSecretName: my-local-ca-key-pair
+
+```
+
+
+#### Using cert-manager & Public Domains           
 
 1. If you want to have TLS connections, please make sure you have a domain available and access to the name servers so you can modify the records to point to the IP addresses of the ingress.
 
@@ -69,15 +95,15 @@ Default domain on diffgram is: `example.com` so make sure you add that to your l
 3. Reinstall the helm chart
 
 
-`helm upgrade diffgram -f diffgram/new_updated_values_from_above_step.yaml`
+`helm upgrade -n diffgram-ns diffgram -f diffgram/new_updated_values_from_above_step.yaml`
 
 4. After a few minutes you should be able to see the issuer and the certificate generated. You can confirm this by running:
 `kubectl describe issuer letsencrypt-prod`
 
 ## B. Installation
 `git clone https://github.com/diffgram/diffgram-helm/`
 
-`helm install diffgram ./diffgram-helm --create-namespace`
+`helm install -n diffgram-ns diffgram ./diffgram-helm --create-namespace`
 
 If you don't change anything on `values.yaml`. You will have the namespace `default` created on your cluster
 

templates/default/configmap.yaml

@@ -3,29 +3,4 @@ kind: ConfigMap
 metadata:
   name: diffgram-default-configmap
 data:
-  USERDOMAIN: {{ .Values.diffgramSettings.USERDOMAIN }}
-  DIFFGRAM_SYSTEM_MODE: {{ .Values.diffgramSettings.DIFFGRAM_SYSTEM_MODE }}
-  DIFFGRAM_STATIC_STORAGE_PROVIDER: {{ .Values.diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER }}
-  DIFFGRAM_S3_BUCKET_NAME: {{ .Values.diffgramSettings.DIFFGRAM_S3_BUCKET_NAME }}
-  ML__DIFFGRAM_S3_BUCKET_NAME: {{ .Values.diffgramSettings.ML__DIFFGRAM_S3_BUCKET_NAME }}
-  GOOGLE_APPLICATION_CREDENTIALS: /etc/gcp/sa_credentials.json # Check the volume in deployment.yaml and service_account_secret.yaml
-  CLOUD_STORAGE_BUCKET:  {{ .Values.diffgramSettings.CLOUD_STORAGE_BUCKET }}
-  ML__CLOUD_STORAGE_BUCKET:  {{ .Values.diffgramSettings.ML__CLOUD_STORAGE_BUCKET }}
-  URL_BASE: {{ .Values.diffgramDomain }}
-  WALRUS_SERVICE_URL_BASE: {{ .Values.diffgramSettings.WALRUS_SERVICE_URL_BASE }}
-  SERVICE_ACCOUNT_FULL_PATH: {{ .Values.diffgramSettings.SERVICE_ACCOUNT_FULL_PATH }}
-  DIFFGRAM_AZURE_CONTAINER_NAME: {{ .Values.diffgramSettings.DIFFGRAM_AZURE_CONTAINER_NAME }}
-  ML__DIFFGRAM_AZURE_CONTAINER_NAME: {{ .Values.diffgramSettings.ML__DIFFGRAM_AZURE_CONTAINER_NAME }}
-  DIFFGRAM_INSTALL_FINGERPRINT: {{ .Values.diffgramSettings.DIFFGRAM_INSTALL_FINGERPRINT }}
-  DIFFGRAM_VERSION_TAG: {{ .Values.diffgramVersion }}
-  DIFFGRAM_HOST_OS: {{ .Values.diffgramSettings.DIFFGRAM_HOST_OS }}
-  DATABASE_CONNECTION_POOL_SIZE: {{ .Values.diffgramSettings.DATABASE_CONNECTION_POOL_SIZE }}
-  PYTHONPATH: "/app:/app/shared:/"
-  PROCESS_MEDIA_NUM_VIDEO_THREADS: {{ .Values.diffgramSettings.PROCESS_MEDIA_NUM_VIDEO_THREADS }}
-  PROCESS_MEDIA_NUM_FRAME_THREADS: {{ .Values.diffgramSettings.PROCESS_MEDIA_NUM_FRAME_THREADS }}
-  NEW_RELIC_LICENSE_KEY: {{ .Values.diffgramSettings.NEW_RELIC_LICENSE_KEY }}
-  EMAIL_DOMAIN_NAME: {{ .Values.diffgramSettings.EMAIL_DOMAIN_NAME }}
-  ALLOW_EVENTHUB: {{ .Values.diffgramSettings.ALLOW_EVENTHUB }}
-  EMAIL_VALIDATION: {{ .Values.diffgramSettings.EMAIL_VALIDATION }}
-  ALLOW_STRIPE_BILLING: {{ .Values.diffgramSettings.ALLOW_STRIPE_BILLING }}
-  IS_OPEN_SOURCE: {{ .Values.diffgramSettings.IS_OPEN_SOURCE }}
+{{- template "diffgram.settings" . }}

templates/default/secrets.yaml

@@ -4,23 +4,4 @@ metadata:
   name: diffgram-default-secrets
 type: Opaque
 stringData:
-  STRIPE_API_KEY: {{ .Values.diffgramSecrets.STRIPE_API_KEY }}
-  DIFFGRAM_AWS_ACCESS_KEY_SECRET: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_SECRET }}
-  DIFFGRAM_AWS_ACCESS_KEY_ID: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_ID }}
-  _ANALYTICS_WRITE_KEY: {{ .Values.diffgramSecrets._ANALYTICS_WRITE_KEY }}
-  MAILGUN_KEY: {{ .Values.diffgramSecrets.MAILGUN_KEY }}
-  HUB_SPOT_KEY: {{ .Values.diffgramSecrets.HUB_SPOT_KEY }}
-  SECRET_KEY: {{ .Values.diffgramSecrets.SECRET_KEY }}
-  INTER_SERVICE_SECRET: {{ .Values.diffgramSecrets.INTER_SERVICE_SECRET }}
-  FERNET_KEY: {{ .Values.diffgramSecrets.FERNET_KEY }}
-  {{ if eq .Values.dbSettings.dbProvider "local"}}
-  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@diffgram-postgres/{{ .Values.dbSettings.dbName }}"
-  {{ end }}
-  {{ if eq .Values.dbSettings.dbProvider "rds"}}
-  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@postgres-rds-service/{{ .Values.dbSettings.dbName }}"
-  {{ end }}
-  {{ if eq .Values.dbSettings.dbProvider "azure"}}
-  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@postgres-azure-service/{{ .Values.dbSettings.dbName }}"
-  {{ end }}
-  USER_PASSWORDS_SECRET:  {{ .Values.diffgramSecrets.USER_PASSWORDS_SECRET }}
-  DIFFGRAM_AZURE_CONNECTION_STRING:  {{ .Values.diffgramSecrets.DIFFGRAM_AZURE_CONNECTION_STRING }}
+{{- template "diffgram.secrets" . }}

templates/diffgram_settings.tpl

@@ -0,0 +1,35 @@
+{{- define "diffgram.settings" }}
+  USERDOMAIN: {{ .Values.diffgramSettings.USERDOMAIN }}
+  DIFFGRAM_SYSTEM_MODE: {{ .Values.diffgramSettings.DIFFGRAM_SYSTEM_MODE }}
+  DIFFGRAM_STATIC_STORAGE_PROVIDER: {{ .Values.diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER }}
+  DIFFGRAM_S3_BUCKET_NAME: {{ .Values.diffgramSettings.DIFFGRAM_S3_BUCKET_NAME }}
+  ML__DIFFGRAM_S3_BUCKET_NAME: {{ .Values.diffgramSettings.ML__DIFFGRAM_S3_BUCKET_NAME }}
+  GOOGLE_APPLICATION_CREDENTIALS: /etc/gcp/sa_credentials.json # Check the volume in deployment.yaml and service_account_secret.yaml
+  CLOUD_STORAGE_BUCKET:  {{ .Values.diffgramSettings.CLOUD_STORAGE_BUCKET }}
+  ML__CLOUD_STORAGE_BUCKET:  {{ .Values.diffgramSettings.ML__CLOUD_STORAGE_BUCKET }}
+  URL_BASE: {{ .Values.diffgramDomain }}
+  WALRUS_SERVICE_URL_BASE: https://{{ .Values.diffgramDomain }}
+  SERVICE_ACCOUNT_FULL_PATH: {{ .Values.diffgramSettings.SERVICE_ACCOUNT_FULL_PATH }}
+  DIFFGRAM_AZURE_CONTAINER_NAME: {{ .Values.diffgramSettings.DIFFGRAM_AZURE_CONTAINER_NAME }}
+  ML__DIFFGRAM_AZURE_CONTAINER_NAME: {{ .Values.diffgramSettings.ML__DIFFGRAM_AZURE_CONTAINER_NAME }}
+  DIFFGRAM_INSTALL_FINGERPRINT: {{ .Values.diffgramSettings.DIFFGRAM_INSTALL_FINGERPRINT }}
+  DIFFGRAM_VERSION_TAG: {{ .Values.diffgramVersion }}
+  DIFFGRAM_HOST_OS: {{ .Values.diffgramSettings.DIFFGRAM_HOST_OS }}
+  DATABASE_CONNECTION_POOL_SIZE: {{ .Values.diffgramSettings.DATABASE_CONNECTION_POOL_SIZE }}
+  PYTHONPATH: "/app:/app/shared:/"
+  PROCESS_MEDIA_NUM_VIDEO_THREADS: {{ .Values.diffgramSettings.PROCESS_MEDIA_NUM_VIDEO_THREADS }}
+  PROCESS_MEDIA_NUM_FRAME_THREADS: {{ .Values.diffgramSettings.PROCESS_MEDIA_NUM_FRAME_THREADS }}
+  NEW_RELIC_LICENSE_KEY: {{ .Values.diffgramSettings.NEW_RELIC_LICENSE_KEY }}
+  EMAIL_DOMAIN_NAME: {{ .Values.diffgramSettings.EMAIL_DOMAIN_NAME }}
+  ALLOW_EVENTHUB: {{ .Values.diffgramSettings.ALLOW_EVENTHUB }}
+  EMAIL_VALIDATION: {{ .Values.diffgramSettings.EMAIL_VALIDATION }}
+  ALLOW_STRIPE_BILLING: {{ .Values.diffgramSettings.ALLOW_STRIPE_BILLING }}
+  IS_OPEN_SOURCE: {{ .Values.diffgramSettings.IS_OPEN_SOURCE }}
+  DIFFGRAM_MINIO_ENDPOINT_URL: {{.Values.diffgramSettings.DIFFGRAM_MINIO_ENDPOINT_URL}}
+  DIFFGRAM_MINIO_ACCESS_KEY_ID: {{.Values.diffgramSettings.DIFFGRAM_MINIO_ACCESS_KEY_ID}}
+  DIFFGRAM_MINIO_ACCESS_KEY_SECRET: {{.Values.diffgramSettings.DIFFGRAM_MINIO_ACCESS_KEY_SECRET}}
+  DIFFGRAM_MINIO_DISABLED_SSL_VERIFY: {{.Values.diffgramSettings.DIFFGRAM_MINIO_DISABLED_SSL_VERIFY}}
+  RABBITMQ_HOST: {{.Values.diffgramSettings.RABBITMQ_HOST}}
+  RABBITMQ_PORT: {{.Values.diffgramSettings.RABBITMQ_PORT}}
+  RABBITMQ_DEFAULT_USER: {{.Values.rabbitmq.auth.username}}
+{{- end }}

templates/diffgrams_secrets.tpl

@@ -0,0 +1,23 @@
+{{- define "diffgram.secrets" }}
+  STRIPE_API_KEY: {{ .Values.diffgramSecrets.STRIPE_API_KEY }}
+  DIFFGRAM_AWS_ACCESS_KEY_SECRET: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_SECRET }}
+  DIFFGRAM_AWS_ACCESS_KEY_ID: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_ID }}
+  _ANALYTICS_WRITE_KEY: {{ .Values.diffgramSecrets._ANALYTICS_WRITE_KEY }}
+  MAILGUN_KEY: {{ .Values.diffgramSecrets.MAILGUN_KEY }}
+  HUB_SPOT_KEY: {{ .Values.diffgramSecrets.HUB_SPOT_KEY }}
+  SECRET_KEY: {{ .Values.diffgramSecrets.SECRET_KEY }}
+  INTER_SERVICE_SECRET: {{ .Values.diffgramSecrets.INTER_SERVICE_SECRET }}
+  FERNET_KEY: {{ .Values.diffgramSecrets.FERNET_KEY }}
+  {{ if eq .Values.dbSettings.dbProvider "local"}}
+  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@diffgram-postgres/{{ .Values.dbSettings.dbName }}"
+  {{ end }}
+  {{ if eq .Values.dbSettings.dbProvider "rds"}}
+  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@postgres-rds-service/{{ .Values.dbSettings.dbName }}"
+  {{ end }}
+  {{ if eq .Values.dbSettings.dbProvider "azure"}}
+  DATABASE_URL:  "postgresql+psycopg2://{{ .Values.dbSettings.dbUser }}:{{ .Values.dbSettings.dbPassword }}@postgres-azure-service/{{ .Values.dbSettings.dbName }}"
+  {{ end }}
+  USER_PASSWORDS_SECRET:  {{ .Values.diffgramSecrets.USER_PASSWORDS_SECRET }}
+  DIFFGRAM_AZURE_CONNECTION_STRING:  {{ .Values.diffgramSecrets.DIFFGRAM_AZURE_CONNECTION_STRING }}
+  RABBITMQ_DEFAULT_PASS:  {{ .Values.rabbitmq.auth.password }}
+{{- end }}

templates/eventhandlers/configmap.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: diffgram-eventhandlers-configmap
+data:
+{{- template "diffgram.settings" . }}

templates/eventhandlers/deployment.yaml

@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: diffgram-eventhandlers
+  name: diffgram-eventhandlers
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.defaultService.numReplicas }}
+  selector:
+    matchLabels:
+      app: diffgram-eventhandlers
+  template:
+    metadata:
+      labels:
+        app: diffgram-eventhandlers
+    spec:
+      {{ if .Values.nodeGroupLabel }}
+      nodeSelector:
+        poolName: {{ .Values.nodeGroupLabel }}
+      {{ end }}
+      {{ if eq .Values.diffgramEdition "enterprise"}}
+      imagePullSecrets:
+      - name: diffgramsecret
+      {{ end }}
+      volumes:
+      {{ if eq .Values.diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER "gcp"}}
+      - name: service-account-credentials-volume
+        secret:
+          secretName: gcp-service-account-credentials
+          items:
+          - key: sa_json
+            path: sa_credentials.json
+      {{ end }}
+      initContainers:
+      - name: check-db-ready
+        image: postgres:11
+        {{ if eq .Values.dbSettings.dbProvider "local"}}
+        command: ['sh', '-c',
+                  'until pg_isready -h diffgram-postgres -p 5432;
+          do echo waiting for database; sleep 2; done;']
+        {{ end }}
+        {{ if eq .Values.dbSettings.dbProvider "rds"}}
+        command: ['sh', '-c', 'until pg_isready -h postgres-rds-service -p 5432; do echo waiting for database; sleep 2; done;']
+        {{ end }}
+        {{ if eq .Values.dbSettings.dbProvider "azure"}}
+        command: ['sh', '-c', 'until pg_isready -h postgres-azure-service -p 5432; do echo waiting for database; sleep 2; done;']
+        {{ end }}
+      containers:
+      {{ if eq .Values.diffgramEdition "enterprise"}}
+      - image: gcr.io/diffgram-enterprise/eventhandlers:{{ .Values.diffgramVersion }}
+      {{ end }}
+      {{ if eq .Values.diffgramEdition "opencore"}}
+      - image: gcr.io/diffgram-open-core/eventhandlers:{{ .Values.diffgramVersion }}
+      {{ end }}
+        imagePullPolicy: Always
+        name: diffgram-default
+        ports:
+        - containerPort: 8080
+      {{ if eq .Values.diffgramSettings.DIFFGRAM_STATIC_STORAGE_PROVIDER "gcp"}}
+        volumeMounts:
+        - name: service-account-credentials-volume
+          mountPath: /etc/gcp
+          readOnly: true
+      {{ end }}
+        envFrom:
+        - configMapRef:
+            name: diffgram-eventhandlers-configmap
+        - secretRef:
+            name: diffgram-eventhandlers-secrets
+        resources:
+          requests:
+            cpu: {{ .Values.eventHandlersService.requests.cpu }}
+            memory: {{ .Values.eventHandlersService.requests.memory }}
+          limits:
+            cpu: {{ .Values.eventHandlersService.limits.cpu }}
+            memory: {{ .Values.eventHandlersService.limits.memory }}