fix: helm charts for better minikube support

Author: PJEstrada

.gitignore

@@ -8,4 +8,11 @@ values_production*
 
 values_staging.yaml
 
-.vs
+.vs
+example.com\+5-key.pem
+
+example.com\+5.pem
+
+example.com\+6-key.pem
+
+example.com\+6.pem

templates/default/secrets.yaml

@@ -6,6 +6,7 @@ type: Opaque
 stringData:
   STRIPE_API_KEY: {{ .Values.diffgramSecrets.STRIPE_API_KEY }}
   DIFFGRAM_AWS_ACCESS_KEY_SECRET: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_SECRET }}
+  DIFFGRAM_AWS_ACCESS_KEY_ID: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_ID }}
   _ANALYTICS_WRITE_KEY: {{ .Values.diffgramSecrets._ANALYTICS_WRITE_KEY }}
   MAILGUN_KEY: {{ .Values.diffgramSecrets.MAILGUN_KEY }}
   HUB_SPOT_KEY: {{ .Values.diffgramSecrets.HUB_SPOT_KEY }}

templates/hooks/secrets_db_migrations.yaml

@@ -10,6 +10,7 @@ metadata:
 type: Opaque
 stringData:
   STRIPE_API_KEY: {{ .Values.diffgramSecrets.STRIPE_API_KEY }}
+  DIFFGRAM_AWS_ACCESS_KEY_ID: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_ID }}
   DIFFGRAM_AWS_ACCESS_KEY_SECRET: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_SECRET }}
   _ANALYTICS_WRITE_KEY: {{ .Values.diffgramSecrets._ANALYTICS_WRITE_KEY }}
   MAILGUN_KEY: {{ .Values.diffgramSecrets.MAILGUN_KEY }}

templates/ingress.yaml

@@ -6,18 +6,37 @@ metadata:
   annotations:
     kubernetes.io/ingress.class: "nginx"
     nginx.ingress.kubernetes.io/use-regex: "true"
+    {{ if eq .Values.useTls false}}
     nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/hsts: "false"
+    hsts: "false"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      add_header Access-Control-Allow-Methods "POST, GET, PUT, PATCH, DELETE, OPTIONS";
+      add_header Access-Control-Allow-Credentials true;
+      add_header Access-Control-Allow-Headers *;
+      add_header Access-Control-Expose-Headers "X-NewRelic-App-Data";
+      proxy_pass_header directory_id;
+      more_clear_headers 'Strict-Transport-Security';
+      if ($scheme = https) {
+        add_header  Strict-Transport-Security "max-age=0;";
+      }
+    {{ end }}
+    {{ if eq .Values.useTls true}}
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      proxy_pass_header directory_id;
+    {{ end }}
+
     nginx.org/proxy-pass-headers: directory_id
     {{ if eq .Values.useTls true}}
     cert-manager.io/issuer: "letsencrypt-prod"
     {{ end }}
     watch-namespace: {{ .Release.Namespace }}
-#    nginx.ingress.kubernetes.io/ssl-redirect: "false"
 #    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
     # Limit uploads to 8TB
     nginx.ingress.kubernetes.io/proxy-body-size: 800000m
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      proxy_pass_header directory_id;
+
 spec:
  {{ if eq .Values.useTls true}}
   tls:

templates/ingress_configmap.yaml

@@ -1,10 +1,14 @@
 apiVersion: v1
 kind: ConfigMap
 data:
+  {{ if eq .Values.useTls false}}
+  hsts: "false"
+  ssl-redirect: "false"
+  {{ end }}
   enable-underscores-in-headers: "true"
   ignore-invalid-headers: "false"
   use-gzip: "true" # ENABLE GZIP COMPRESSION
   gzip-types: "*" # SPECIFY MIME TYPES TO COMPRESS ("*" FOR ALL) 
 metadata:
-  name: nginx-configuration
+  name: ingress-nginx-controller
   namespace: {{ .Release.Namespace }}

templates/postgres/deployment.yaml

@@ -5,7 +5,7 @@ apiVersion: "apps/v1"
 kind: "Deployment"
 metadata:
   name: "postgres"
-  namespace: {{ .Release.Namespace }}"
+  namespace: {{ .Release.Namespace }}
   labels:
     app: "postgres"
   annotations:
@@ -44,7 +44,7 @@ spec:
         - name: postgres-storage
           persistentVolumeClaim:
             claimName: postgres-pv-claim
-    {{ if eq .Values.nodeGroupLabel }}
+    {{ if .Values.nodeGroupLabel }}
     nodeSelector:
       poolName: {{ .Values.nodeGroupLabel }}
     {{ end }}

templates/walrus/secrets.yaml

@@ -6,6 +6,7 @@ type: Opaque
 stringData:
   STRIPE_API_KEY: {{ .Values.diffgramSecrets.STRIPE_API_KEY }}
   DIFFGRAM_AWS_ACCESS_KEY_SECRET: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_SECRET }}
+  DIFFGRAM_AWS_ACCESS_KEY_ID: {{ .Values.diffgramSecrets.DIFFGRAM_AWS_ACCESS_KEY_ID }}
   _ANALYTICS_WRITE_KEY: {{ .Values.diffgramSecrets._ANALYTICS_WRITE_KEY }}
   MAILGUN_KEY: {{ .Values.diffgramSecrets.MAILGUN_KEY }}
   HUB_SPOT_KEY: {{ .Values.diffgramSecrets.HUB_SPOT_KEY }}

values.yaml

@@ -3,7 +3,7 @@
 # Declare variables to be passed into your templates.
 
 # The Diffgram Version. Whenever a new update arrives, this will be changed.
-diffgramVersion: latest
+diffgramVersion: 0.13.3
 
 # Either 'opencore' or 'enterprise'. Please note that selecting 'enterprise'
 # requires that you also set imagePullCredentials.gcrCredentials.
@@ -15,9 +15,9 @@ diffgramEdition: opencore
 diffgramDomain: example.com
 
 # Set this to true if you want to use cert manager for TLS certificates generation.
-useCertManager: false
+useCertManager: true
 # Use it to activate TLS on the nginx ingress
-useTls: false
+useTls: true
 
 dbSettings:
   # Specify How the DB Service should be created
@@ -38,8 +38,8 @@ dbSettings:
 # All the Secrets Used in Diffgram.
 diffgramSecrets:
   STRIPE_API_KEY: none
-  DIFFGRAM_AWS_ACCESS_KEY_ID: none
-  DIFFGRAM_AWS_ACCESS_KEY_SECRET: none
+  DIFFGRAM_AWS_ACCESS_KEY_ID: write_your_aws_access_key
+  DIFFGRAM_AWS_ACCESS_KEY_SECRET: write_your_aws_access_key_secret
   _ANALYTICS_WRITE_KEY: provided_by_diffgram_team
   MAILGUN_KEY: provided_by_diffgram_team
   HUB_SPOT_KEY: provided_by_diffgram_team
@@ -58,17 +58,17 @@ diffgramSettings:
   USERDOMAIN: kubernetes
   WALRUS_SERVICE_URL_BASE: example.com
   DIFFGRAM_SYSTEM_MODE: production
-  DIFFGRAM_STATIC_STORAGE_PROVIDER: gcp
+  DIFFGRAM_STATIC_STORAGE_PROVIDER: aws
   DIFFGRAM_S3_BUCKET_NAME: none
   DIFFGRAM_AZURE_CONTAINER_NAME: none
   ML__DIFFGRAM_AZURE_CONTAINER_NAME: none
   ML__DIFFGRAM_S3_BUCKET_NAME: diffgram-testing
   CLOUD_STORAGE_BUCKET: diffgram-testing
   ML__CLOUD_STORAGE_BUCKET: diffgram-testing
   SERVICE_ACCOUNT_FULL_PATH: /etc/gcp/sa_credentials.json
-  PROCESS_MEDIA_NUM_VIDEO_THREADS: "1"
-  PROCESS_MEDIA_NUM_FRAME_THREADS: "4"
-  DATABASE_CONNECTION_POOL_SIZE: "10"
+  PROCESS_MEDIA_NUM_VIDEO_THREADS: '"1"'
+  PROCESS_MEDIA_NUM_FRAME_THREADS: '"4"'
+  DATABASE_CONNECTION_POOL_SIZE: '"10"'
   GOOGLE_APPLICATION_CREDENTIALS: /etc/gcp/sa_credentials.json # Check the volume in deployment.yaml and service_account_secret.yaml
   EMAIL_DOMAIN_NAME: example.com
 
@@ -81,10 +81,10 @@ diffgramSettings:
   # If you know the OS diffgram is running ON put it here, otherwise leave default
   DIFFGRAM_HOST_OS: helm_os_default
   NEW_RELIC_LICENSE_KEY: none
-  ALLOW_EVENTHUB: False
-  EMAIL_VALIDATION: False
-  ALLOW_STRIPE_BILLING: False
-  IS_OPEN_SOURCE: True
+  ALLOW_EVENTHUB: '"False"'
+  EMAIL_VALIDATION: '"False"'
+  ALLOW_STRIPE_BILLING: '"False"'
+  IS_OPEN_SOURCE: '"True"'
 
 imagePullCredentials:
   # The service account with permissions to pull from the GCR Repository. [Should be Provided by Diffgram Team.]
@@ -95,30 +95,30 @@ nodeGroupLabel: null
 # The service for API calls.
 # This are minimal defaults. Please feel free to change them as you start having more usage
 defaultService:
-  numReplicas: 2
+  numReplicas: 1
   requests:
-    cpu: "2.0"
-    memory: "4G"
+    cpu: "1.0"
+    memory: "1G"
   limits:
     cpu: "2.0"
-    memory: "4G"
+    memory: "2G"
 # The service for the UI frontend.
 # This are minimal defaults. Please feel free to change them as you start having more usage
 frontendService:
   numReplicas: 1
   requests:
-    cpu: "2.0"
-    memory: "2G"
+    cpu: "1.0"
+    memory: "1G"
   limits:
-    cpu: "2.0"
-    memory: "2G"
+    cpu: "1.0"
+    memory: "1G"
 # The service for video processing. This is where the heavy processing takes place.
 # This are minimal defaults. Please feel free to change them as you start having more usage
 walrusService:
-  numReplicas: 2
+  numReplicas: 1
   requests:
-    cpu: "4.0"
-    memory: "14G"
+    cpu: "1.0"
+    memory: "1G"
   limits:
-    cpu: "8.0"
-    memory: "32G"
+    cpu: "2.0"
+    memory: "2G"