diff --git a/Chart.yaml b/Chart.yaml index b24d12a..bce9999 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,3 +12,7 @@ dependencies: version: '18.2.1' repository: https://charts.bitnami.com/bitnami condition: redis.enabled + - name: minio + version: '5.2.0' + repository: https://charts.min.io/ + condition: minio.enabled \ No newline at end of file diff --git a/README.md b/README.md index b453b25..097d213 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,120 @@ # Lago Helm Chart -Version: 1.11.0 -Lago Version : v1.11.0 +This Helm chart deploys the Lago billing system with various optional dependencies such as Redis, PostgreSQL, and MinIO. Below are details about configuring the chart for different environments. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.5+ +- Persistent storage provisioner enabled in the cluster +- Optionally: A managed Redis, Minio and PostgreSQL service for production environments + +## Installation + +To install the chart with the release name `my-lago-release`: + +helm install my-lago-release . + +You can customize the installation by overriding values in `values.yaml` with your own. The full list of configurable parameters can be found in the following sections. + +### Sample Command + +helm install my-lago-release . \ + --set apiUrl=mydomain.dev \ + --set frontUrl=mydomain.dev + ## Configuration -You can start with a very small configuration. -The only fields required are `frontUrl` and `apiUrl`, since no ingress is managed with this version right now, you have to define the URL your application will be deployed to. +### Global Parameters + +| Parameter | Description | Default | +|----------------------------|-----------------------------------------------------------------------------------------------------|---------------| +| `global.license` | Lago Premium License key | `""` | +| `global.databaseUrl` | PostgreSQL connection string, should follow this format: postgresql://USER:PASSWORD@HOST:PORT/DB | `""` | +| `global.redisUrl` | Redis connection string, should follow this format: redis://... or redis+sentinel://... | `""` | +| `global.existingSecret` | Name of the secret containing sensitive values (database URL, Redis URL, AWS keys, SMTP credentials) | `""` | +| `global.s3.enabled` | Enable S3 storage for file uploads | `false` | +| `global.s3.accessKeyId` | AWS S3 access key ID (not required if using existing secret) | `""` | +| `global.s3.secretAccessKey` | AWS S3 secret access key (not required if using existing secret) | `""` | +| `global.s3.bucket` | AWS S3 bucket name | `""` | +| `global.smtp.enabled` | Enable SMTP configuration for email sending | `false` | +| `global.signup.enabled` | Enable or disable Lago's signup feature | `true` | +| `global.ingress.enabled` | Enable ingress resources for the application | `false` | + +### Redis Configuration + +| Parameter | Description | Default | +|---------------------------------|-----------------------------------------------------|-----------| +| `redis.enabled` | Enable Redis as a dependency | `true` | +| `redis.image.tag` | Redis image tag | `6.2.14` | +| `redis.replica.replicaCount` | Number of Redis replicas | `0` | +| `redis.auth.enabled` | Enable Redis authentication | `false` | +| `redis.master.service.ports` | Redis service port | `6379` | + +### PostgreSQL Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `postgresql.enabled` | Enable PostgreSQL as a dependency | `true` | +| `global.postgresql.auth.username` | PostgreSQL database username | `lago` | +| `global.postgresql.auth.password` | PostgreSQL database password | `lago` | +| `global.postgresql.auth.database` | PostgreSQL database name | `lago` | +| `global.postgresql.service.ports` | PostgreSQL service port | `5432` | + +### Frontend Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `front.replicas` | Number of frontend replicas | `1` | +| `front.service.port` | Frontend service port | `80` | +| `front.resources.requests.memory` | Memory request for the frontend | `512Mi` | +| `front.resources.requests.cpu` | CPU request for the frontend | `200m` | + +### API Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `api.replicas` | Number of API replicas | `1` | +| `api.service.port` | API service port | `3000` | +| `api.rails.maxThreads` | Maximum number of threads for the Rails app | `10` | +| `api.rails.webConcurrency` | Web concurrency setting for Rails | `4` | +| `api.rails.env` | Rails environment | `production` | +| `api.resources.requests.memory` | Memory request for the API | `1Gi` | +| `api.resources.requests.cpu` | CPU request for the API | `1000m` | + +### Worker Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `worker.replicas` | Number of worker replicas | `1` | +| `worker.rails.sidekiqConcurrency` | Sidekiq concurrency | `100` | +| `worker.rails.env` | Worker environment | `production` | +| `worker.resources.requests.memory` | Memory request for the worker | `1Gi` | +| `worker.resources.requests.cpu` | CPU request for the worker | `1000m` | + +### MinIO Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `minio.enabled` | Enable MinIO for object storage | `true` | +| `minio.replicas` | Number of MinIO replicas | `2` | +| `minio.persistence.size` | Persistent volume size for MinIO | `10Gi` | +| `minio.ingress.enabled` | Enable ingress for MinIO | `true` | +| `minio.ingress.hosts` | Hostnames for MinIO ingress | `minio.lago.dev` | +| `minio.buckets` | List of S3 buckets to create on MinIO | `[]` | +| `minio.buckets[].name` | Name of the bucket | `my-lago-minio` | +| `minio.buckets[].policy` | Access policy for the bucket (none, readonly, writeonly, readwrite) | `none` | +| `minio.buckets[].purge` | If true, purges the bucket upon deletion | `false` | +| `minio.buckets[].versioning` | Enable versioning for the bucket | `false` | +| `minio.buckets[].objectlocking` | Enable object locking for the bucket | `false` | + + + +For additional customization, refer to the comments in `values.yaml`. + +## Uninstall + +To uninstall/delete the `my-lago-release`: + +helm delete my-lago-release diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 199cc55..c0774ab 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -41,6 +41,15 @@ spec: - pod/{{ .Release.Name }}-redis-master-0 - --for=condition=ready - --timeout=180s + {{ end }} + {{ if .Values.minio.enabled }} + - name: wait-for-minio + image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" + args: + - wait + - pod/{{ .Release.Name }}-minio-0 + - --for=condition=ready + - --timeout=180s {{ end }} - name: wait-for-migrations image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" @@ -128,32 +137,71 @@ spec: name: {{ .Release.Name }}-secrets key: license {{ end }} - {{ if .Values.global.s3.enabled }} + + + {{ if or .Values.global.s3.enabled .Values.minio.enabled }} - name: LAGO_USE_AWS_S3 value: "true" - {{ if .Values.global.s3.aws.endpoint }} + {{- if .Values.minio.enabled }} + - name: LAGO_AWS_S3_PATH_STYLE + value: "true" + {{- end }} + {{ if or .Values.global.s3.endpoint .Values.minio.endpoint }} - name: LAGO_AWS_S3_ENDPOINT - value: {{ .Values.global.s3.aws.endpoint | quote }} + value: {{ if .Values.minio.enabled }} + {{ .Values.minio.endpoint | quote }} + {{ else }} + {{ .Values.global.s3.endpoint | quote }} + {{ end }} {{ end }} - {{ if or .Values.global.s3.aws.accessKeyId .Values.global.existingSecret }} + + {{ if or .Values.global.s3.accessKeyId .Values.minio.enabled .Values.global.existingSecret }} - name: LAGO_AWS_S3_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: {{ include "secret-path" . }} - key: awsS3AccessKeyId + name: {{ if .Values.minio.enabled }} + {{ .Release.Name }}-minio + {{ else }} + {{ include "secret-path" . }} + {{ end }} + key: {{ if .Values.minio.enabled }} + rootUser + {{ else }} + awsS3AccessKeyId + {{ end }} {{ end }} - {{ if or .Values.global.s3.aws.secretAccessKey .Values.global.existingSecret }} + + {{ if or .Values.global.s3.secretAccessKey .Values.minio.enabled .Values.global.existingSecret }} - name: LAGO_AWS_S3_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ include "secret-path" . }} - key: awsS3SecretAccessKey + name: {{ if .Values.minio.enabled }} + {{ .Release.Name }}-minio + {{ else }} + {{ include "secret-path" . }} + {{ end }} + key: {{ if .Values.minio.enabled }} + rootPassword + {{ else }} + awsS3SecretAccessKey + {{ end }} {{ end }} + + - name: LAGO_AWS_S3_BUCKET - value: {{ .Values.global.s3.aws.bucket | quote }} + value: {{ if .Values.minio.enabled }} + {{ (index .Values.minio.buckets 0).name | quote }} + {{ else }} + {{ .Values.global.s3.bucket | quote }} + {{ end }} - name: LAGO_AWS_S3_REGION - value: {{ .Values.global.s3.aws.region | quote }} - {{ end }} + value: {{ if .Values.global.s3.enabled }} + {{ .Values.global.s3.aws.region | quote }} + {{ else if .Values.minio.enabled }} + {{ default "us-east-1" .Values.minio.region | quote }} + {{ end }} + {{ end }} + {{ if .Values.global.smtp.enabled }} - name: LAGO_FROM_EMAIL value: {{ .Values.global.smtp.fromEmail }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml index a06656e..79803e2 100644 --- a/templates/secrets.yaml +++ b/templates/secrets.yaml @@ -59,6 +59,14 @@ data: {{ if .Values.global.s3.aws.secretAccessKey }} awsS3SecretAccessKey: {{ .Values.global.s3.aws.secretAccessKey | b64enc }} {{ end }} + {{ if eq .Values.global.s3.provider "minio" }} + {{ if .Values.global.s3.minio.accessKeyId }} + rootUser: {{ .Values.global.s3.minio.accessKeyId | b64enc }} + {{ end }} + {{ if .Values.global.s3.minio.secretAccessKey }} + minioSecretAccessKey: {{ .Values.global.s3.minio.secretAccessKey | b64enc }} + {{ end }} + {{ end }} {{ end }} {{- end }} @@ -71,4 +79,4 @@ data: {{ if .Values.global.newRelic.enabled }} newRelicKey: {{ .Values.global.newRelic.key | b64enc }} - {{ end }} \ No newline at end of file + {{ end }} diff --git a/templates/serviceaccount.yml b/templates/serviceaccount.yml index 05e0212..a54df71 100644 --- a/templates/serviceaccount.yml +++ b/templates/serviceaccount.yml @@ -26,6 +26,9 @@ rules: {{ if .Values.redis.enabled }} - {{ .Release.Name }}-redis-master-0 {{ end}} + {{ if .Values.minio.enabled }} + - {{ .Release.Name }}-minio-0 + {{ end}} - {{ include "migrateJobName" . }} verbs: - get diff --git a/values.yaml b/values.yaml index 3a9b355..46b4654 100644 --- a/values.yaml +++ b/values.yaml @@ -55,12 +55,12 @@ global: s3: enabled: false # accessKeyId and secretAccessKey are not required here if using existingSecret - # aws: - # accessKeyId: - # secretAccessKey: - # bucket: - # region: - # endpoint: + #accessKeyId: "" + #secretAccessKey: "" + #bucket: "" + #region: "" + #endpoint: "https://s3..amazonaws.com" # Leave empty for default AWS S3 endpoint + smtp: # username and password are not required here if using existingSecret enabled: false @@ -183,3 +183,35 @@ job: podAnnotations: {} podLabels: {} resources: {} + +minio: + enabled: false + # replicas: 2 + # fullnameOverride: "my-lago-minio" + # endpoint: "http://minio.lago.dev" + # nameOverride: "minio" + # resources: + # requests: + # memory: "512Mi" + # cpu: "500m" + # limits: + # memory: "1Gi" + # cpu: "1" + # persistence: + # size: 10Gi + # ingress: + # enabled: true + # ingressClassName: nginx + # labels: {} + # annotations: {} + # path: / + # hosts: + # - minio.lago.dev + # tls: [] + # Note : only the first one will be used + # buckets: + # - name: my-lago-minio + # policy: none + # purge: false + # versioning: false + # objectlocking: false \ No newline at end of file