axiomhq · a-khaledf · Jul 25, 2023 · Jul 25, 2023 · Jul 25, 2023 · Jul 28, 2023
diff --git a/Chart.yaml b/Chart.yaml
@@ -2,8 +2,10 @@ apiVersion: v2
 name: axiom
 description: Axiom Private
 type: application
-version: 0.21.0
+version: 0.22.0
 appVersion: 1.21.0
+kubeVersion: ">=1.16.0-0"
+home: https://github.com/axiomhq/axiom-helm-charts
 maintainers:
 - name: Axiom Inc.
   email: hello@axiom.co
diff --git a/README.md b/README.md
@@ -1,5 +1,17 @@
 # axiom-helm-chart
 
+# Installation Instructions
+
+You can install the Axiom Helm chart using the following command
+```
+$ helm repo add axiom https://axiomhq.github.io/axiom-helm-charts
+$ helm repo update
+$ helm upgrade -i -f ./values.yaml axiom axiom/axiom -n <namespace>
+```
+
+# Values
+
+
 See [Runing Axiom on Kubernetes](https://www.axiom.co/docs/install/kubernetes)
 for usage instructions.
 

diff --git a/templates/NOTES.txt b/templates/NOTES.txt
@@ -1,11 +1,9 @@
 {{- if .Values.ingress.enabled }}
 Your application should be available at this URL:
 {{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . | trimSuffix "*" }}
-  {{- end }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}
 {{- end }}
 {{- else }}
 Connect to the application by running this command:
-  $ kubectl -n {{ $.Release.Namespace }} port-forward svc/axiom-core :80
-{{- end }}
+  $ kubectl -n {{ $.Release.Namespace }} port-forward svc/axiom-app 8080:80
+{{- end }}
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -54,7 +54,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 Docker registry configuration
 */}}
 {{- define "axiomImagePullSecret" }}
-{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" "https://index.docker.io/v1/" "axiomcust" .Values.registryAccessToken "not@val.id" (printf "%s:%s" "axiomcust" .Values.registryAccessToken | b64enc) | b64enc }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .Values.imageRegistryCredentials.registry .Values.imageRegistryCredentials.username .Values.imageRegistryCredentials.password .Values.imageRegistryCredentials.email (printf "%s:%s" .Values.imageRegistryCredentials.username .Values.imageRegistryCredentials.password | b64enc) | b64enc }}
 {{- end }}
 
 {{/*

diff --git a/templates/api.yaml b/templates/api.yaml
@@ -0,0 +1,129 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "axiom.fullname" . }}-api
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "axiom.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "axiom.fullname" . }}-api
+  replicas: {{ .Values.api.replicas }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "axiom.fullname" . }}-api
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                  - key: app
+                    operator: In
+                    values:
+                    - {{ template "axiom.fullname" . }}-api
+                topologyKey: "kubernetes.io/hostname"
+      topologySpreadConstraints:
+        - labelSelector:
+            matchLabels:
+              app: {{ template "axiom.fullname" . }}-api
+          maxSkew: 1
+          topologyKey: topology.kubernetes.io/zone
+          whenUnsatisfiable: ScheduleAnyway
+      containers:
+        - name: axiom-api-pod
+          image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.api.image.pullPolicy }}
+          args: ["serve", "api"]
+          ports:
+            - containerPort: 8080
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          livenessProbe:
+            httpGet:
+              path: /metrics
+              port: 8080
+            initialDelaySeconds: 15
+            periodSeconds: 30
+          resources:
+            {{- toYaml .Values.api.resources | nindent 12 }}
+          {{- with .Values.api.envFrom }}
+          envFrom:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          env:
+            - name: AXIOM_MODE
+              value: self-host
+            - name: AXIOM_DB_URL
+              value: http://{{ template "axiom.fullname" . }}-db-service
+            - name: AXIOM_DB_QUERY_URL
+              value: http://{{ template "axiom.fullname" . }}-db-query-runner
+            - name: AXIOM_LOGIN_JWT_PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: login-jwt-public-key
+                  name: {{ template "axiom.fullname" . }}-secrets
+            - name: AXIOM_LOGIN_JWT_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: login-jwt-private-key
+                  name: {{ template "axiom.fullname" . }}-secrets
+            - name: AXIOM_POSTGRES_URL
+              valueFrom:
+                secretKeyRef:
+                  key: postgres-url
+                  name: {{ template "axiom.fullname" . }}-secrets
+            - name: AXIOM_REDIS_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "axiom.fullname" . }}-secrets
+                  key: redis-url
+            - name: AXIOM_APP_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ template "axiom.fullname" . }}-config
+                  key: public-url
+            - name: AXIOM_PUBLIC_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ template "axiom.fullname" . }}-config
+                  key: public-url
+            {{- range .Values.api.extraEnvs }}
+            - name: {{ quote .name }}
+              value: {{ quote .value }}
+            {{- end }}
+      {{- if or .Values.imagePullSecrets .Values.imageRegistryCredentials }}
+      imagePullSecrets:
+        {{- if .Values.imageRegistryCredentials }}
+        - name: {{ template "axiom.fullname" . }}-registry
+        {{- end }}
+        {{- range .Values.imagePullSecrets }}
+        - name: {{ quote .name }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.api.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.api.podSecurityContext | nindent 8 }}
+      {{- end }}
+      {{- with .Values.api.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.api.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.api.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/templates/app.yaml b/templates/app.yaml
@@ -0,0 +1,129 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "axiom.fullname" . }}-app
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "axiom.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "axiom.fullname" . }}-app
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: {{ template "axiom.fullname" . }}-app
+    spec:
+      topologySpreadConstraints:
+        - labelSelector:
+            matchLabels:
+              app: {{ template "axiom.fullname" . }}-app
+          maxSkew: 1
+          topologyKey: topology.kubernetes.io/zone
+          whenUnsatisfiable: ScheduleAnyway
+      initContainers:
+        - name: init-axiom-app-pod
+          image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag | default .Chart.AppVersion }}"
+          command: 
+          - sh
+          - -c
+          - "/opt/axiom/core issue-app-token > /env/login_token"
+          volumeMounts:
+            - name: envdir
+              mountPath: "/env"
+          env:
+            - name: AXIOM_LOGIN_JWT_PUBLIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: login-jwt-public-key
+                  name: {{ template "axiom.fullname" . }}-secrets
+            - name: AXIOM_LOGIN_JWT_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: login-jwt-private-key
+                  name: {{ template "axiom.fullname" . }}-secrets
+      containers:
+        - name: axiom-app-pod
+          image: "{{ .Values.app.image.repository }}:{{ .Values.app.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.app.image.pullPolicy }}
+          ports:
+            - containerPort: 3000
+          volumeMounts:
+            - name: envdir
+              mountPath: "/env"
+          resources:
+            {{- toYaml .Values.app.resources | nindent 12 }}
+          livenessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /
+              port: 3000
+              scheme: HTTP
+            initialDelaySeconds: 15
+            periodSeconds: 30
+            successThreshold: 1
+            timeoutSeconds: 1
+          {{- with .Values.app.envFrom }}
+          envFrom:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          env:
+            - name: LOGIN_TOKEN_FILE_PATH
+              value: "/env/login_token"
+            - name: AWS_ELB
+              value: "1"
+            - name: HOST_MODE
+              value: "self-host"
+            - name: API_URL
+              value: "/api"
+            - name: API_URL_INTERNAL
+              value: "http://{{ template "axiom.fullname" . }}-api/api"
+            - name: LOGIN_URL
+              value: "http://{{ template "axiom.fullname" . }}-login"
+            - name: LOGIN_URL_INTERNAL
+              value: "http://{{ template "axiom.fullname" . }}-login"
+            - name: ENABLE_API_PROXY
+              value: "true"
+            - name: NEXTAUTH_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "axiom.fullname" . }}-secrets
+                  key: nextauth-secret
+            - name: NEXTAUTH_URL
+              value: "{{ .Values.externalUrl }}/frapi/auth"
+            {{- range .Values.app.extraEnvs }}
+            - name: {{ quote .name }}
+              value: {{ quote .value }}
+            {{- end }}
+      volumes:
+      - name: envdir
+        emptyDir: {}
+      {{- if or .Values.imagePullSecrets .Values.imageRegistryCredentials }}
+      imagePullSecrets:
+        {{- if .Values.imageRegistryCredentials }}
+        - name: {{ template "axiom.fullname" . }}-registry
+        {{- end }}
+        {{- range .Values.imagePullSecrets }}
+        - name: {{ quote .name }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.app.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.app.podSecurityContext | nindent 8 }}
+      {{- end }}
+      {{- with .Values.app.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.app.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.app.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/templates/configmaps.yaml b/templates/configmaps.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "axiom.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "axiom.labels" . | nindent 4 }}
+data:
+  app-url: "{{ .Values.externalUrl }}"
+  public-url: "{{ .Values.externalUrl }}"
+  aximetrics-ingest-url: http://{{ template "axiom.fullname" . }}-db-service
+  backlog-mode: legacy
+  core-tracing-sample-rate: "0"
+  dataset-limit: "100"
+  db-query-runner-postgres-conns: "20"
+  lambda-url: {{ .Values.queryRunner.lambdaUrl | default (printf "http://%s-db-query-fn" (include "axiom.fullname" .)) }}
+  login-oauth-app-callback: http://localhost
+  parallel-function-invocations: "16"
+  postgres-conns: "20"
+  pubsub-backend: redis
+  query-batch-size: "512"
+  server-debug: "0"
+  skip-shutdown-block-flush: "1"