From a96bcea8064fcd6bfbd2797bf93b68e11e66edee Mon Sep 17 00:00:00 2001
From: Elmar Kresse <elmar.kresse@stud.htwk-leipzig.de>
Date: Fri, 22 Nov 2024 03:53:42 +0100
Subject: [PATCH] refactor: standardize namespace and PVC names in Helm
 templates

---
 templates/PersistentVolumes.yaml |  33 ------
 templates/configMap.yml          |   4 +-
 templates/deploy.yml             | 192 ++++++-------------------------
 templates/ingress.yml            |  36 +-----
 templates/service.yml            |  64 +----------
 templates/volumeClaim.yml        |   8 +-
 values.yaml                      |  16 +--
 7 files changed, 51 insertions(+), 302 deletions(-)
 delete mode 100644 templates/PersistentVolumes.yaml

diff --git a/templates/PersistentVolumes.yaml b/templates/PersistentVolumes.yaml
deleted file mode 100644
index 3febd6f..0000000
--- a/templates/PersistentVolumes.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-{{ if .Values.pv.enabled }}
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: {{ .Values.pv.koha.name }}
-spec:
-  capacity:
-    storage: 10Gi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteMany
-  persistentVolumeReclaimPolicy: Recycle
-  nfs:
-    path: {{ .Values.pv.koha.path }}
-    server: {{ .Values.pv.koha.server }}
-{{ if not .Values.db.external }}
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: {{ .Values.pv.mysql.name }}
-spec:
-  capacity:
-    storage: 10Gi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Recycle
-  nfs:
-    path: {{ .Values.pv.mysql.path }}
-    server: {{ .Values.pv.mysql.server }}
-{{ end }}
-{{ end }}
diff --git a/templates/configMap.yml b/templates/configMap.yml
index 52f8330..e5a183f 100644
--- a/templates/configMap.yml
+++ b/templates/configMap.yml
@@ -2,11 +2,11 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: koha-map
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     app: koha
 data:
-    KOHA_INSTANCE: {{ required "You must provide an instance name, either using --set instance=myinstance or in a custom values.yaml" .Values.instance | quote }}
+    KOHA_INSTANCE: {{ .Values.instance | quote }}
     KOHA_DOMAIN: {{ .Values.global.domain | quote }}
     KOHA_INTRANET_PORT: {{ .Values.staff.port | quote }}
     {{ with .Values.staff.prefix }}
diff --git a/templates/deploy.yml b/templates/deploy.yml
index e0576af..b3253a8 100644
--- a/templates/deploy.yml
+++ b/templates/deploy.yml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: koha
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     app: koha
     component: plack
@@ -24,6 +24,8 @@ spec:
           env:
             - name: USE_PLACK
               value: "1"
+            - name: USE_BACKEND
+              value: "1"
           envFrom:
             - configMapRef:
                 name: koha-map
@@ -41,13 +43,13 @@ spec:
       volumes:
         - name: koha-pv
           persistentVolumeClaim:
-            claimName: koha-{{ .Values.instance }}-pvc
+            claimName: koha-pvc
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: koha-apache
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     app: koha
     component: apache
@@ -67,16 +69,27 @@ spec:
         - name: init-wait
           image: alpine
           command: ["sh", "-c", "for i in $(seq 1 300); do nc -zvw1 {{ .Values.instance }}-plack 5000 && exit 0 || sleep 3; done; exit 1"]
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 1000  # Set a non-root user
+            seccompProfile:
+              type: RuntimeDefault
       containers:
         - name: apache
           image: {{ .Values.docker.registry }}:{{ .Values.docker.tag }}
           securityContext:
             capabilities:
               add:
-                - ALL
+                - NET_BIND_SERVICE
           env:
             - name: USE_APACHE2
               value: "1"
+            - name: USE_BACKEND
+              value: "0"
           envFrom:
             - configMapRef:
                 name: koha-map
@@ -93,14 +106,14 @@ spec:
       volumes:
         - name: koha-pv
           persistentVolumeClaim:
-            claimName: koha-{{ .Values.instance }}-pvc
+            claimName: koha-pvc
 {{ if not .Values.db.external }}
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: koha-mysql
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     app: koha
     component: db
@@ -133,7 +146,7 @@ spec:
       volumes:
         - name: koha-mysql-pv
           persistentVolumeClaim:
-            claimName: koha-{{ .Values.instance }}-mysql-pvc
+            claimName: koha-mysql-pvc
 {{ end }}
 {{ if and .Values.elasticsearch.enabled (not .Values.elasticsearch.external) }}
 ---
@@ -141,7 +154,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: koha-es
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     app: koha
     component: es
@@ -161,10 +174,13 @@ spec:
         - name: es
           image: koha/elasticsearch-icu
           securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
             capabilities:
-              add:
-                - IPC_LOCK
-                - SYS_RESOURCE
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
           env:
             - name: cluster.name
               value: "docker-cluster"
@@ -180,159 +196,23 @@ spec:
         - name: set-max-map-count
           image: alpine
           securityContext:
-            privileged: true
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: 1000
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault          
           command: ["sh", "-c", "sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536"]
 {{ end }}
-{{ if .Values.sip.enabled }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: koha-sip
-  namespace: koha-{{ .Values.instance }}
-  labels:
-    app: koha
-    component: sip
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: koha
-      component: sip
-  template:
-    metadata:
-      labels:
-        app: koha
-        component: sip
-    spec:
-      initContainers:
-        - name: init-wait
-          image: alpine
-          command: ["sh", "-c", "for i in $(seq 1 300); do nc -zvw1 {{ .Values.instance }}-plack 5000 && exit 0 || sleep 3; done; exit 1"]
-      containers:
-        - name: sip
-          image: {{ .Values.docker.registry }}:{{ .Values.docker.tag }}
-          env:
-            - name: USE_SIP
-              value: "1"
-          envFrom:
-            - configMapRef:
-                name: koha-map
-          volumeMounts:
-            - name: koha-pv
-              mountPath: /etc/koha/sites
-              subPath: sites
-            - name: koha-pv
-              mountPath: /tmp/libshare
-              subPath: lib
-          ports:
-            - containerPort: 6001
-      volumes:
-        - name: koha-pv
-          persistentVolumeClaim:
-            claimName: koha-{{ .Values.instance }}-pvc
-{{ end }}
-{{ if .Values.z3950.enabled }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: koha-z3950
-  namespace: koha-{{ .Values.instance }}
-  labels:
-    app: koha
-    component: z3950
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: koha
-      component: z3950
-  template:
-    metadata:
-      labels:
-        app: koha
-        component: z3950
-    spec:
-      initContainers:
-        - name: init-wait
-          image: alpine
-          command: ["sh", "-c", "for i in $(seq 1 300); do nc -zvw1 {{ .Values.instance }}-plack 5000 && exit 0 || sleep 3; done; exit 1"]
-      containers:
-        - name: z3950
-          image: {{ .Values.docker.registry }}:{{ .Values.docker.tag }}
-          env:
-            - name: USE_Z3950
-              value: "1"
-          envFrom:
-            - configMapRef:
-                name: koha-map
-          volumeMounts:
-            - name: koha-pv
-              mountPath: /etc/koha/sites
-              subPath: sites
-            - name: koha-pv
-              mountPath: /tmp/libshare
-              subPath: lib
-          ports:
-            - containerPort: 2100
-      volumes:
-        - name: koha-pv
-          persistentVolumeClaim:
-            claimName: koha-{{ .Values.instance }}-pvc
-{{ end }}
-{{ if .Values.ncip.enabled }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: koha-ncip
-  namespace: koha-{{ .Values.instance }}
-  labels:
-    app: koha
-    component: ncip
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: koha
-      component: ncip
-  template:
-    metadata:
-      labels:
-        app: koha
-        component: ncip
-    spec:
-      initContainers:
-        - name: init-wait
-          image: alpine
-          command: ["sh", "-c", "for i in $(seq 1 300); do nc -zvw1 {{ .Values.instance }}-plack 5000 && exit 0 || sleep 3; done; exit 1"]
-      containers:
-        - name: ncip
-          image: bywater/koha-ncip-server:v19.05-latest
-          env:
-            - name: KOHA_CONF
-              value: "/conf/{{ .Values.instance }}/koha-conf.xml"
-          volumeMounts:
-            - name: koha-pv
-              mountPath: /conf
-              subPath: sites
-            - name: koha-pv
-              mountPath: /usr/share/koha/lib
-              subPath: lib
-      volumes:
-        - name: koha-pv
-          persistentVolumeClaim:
-            claimName: koha-{{ .Values.instance }}-pvc
-{{ end }}
-
 {{ if and .Values.memcached.enabled (not .Values.memcached.external) }}
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: koha-memcached
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     app: koha
     component: memcached
diff --git a/templates/ingress.yml b/templates/ingress.yml
index 510f601..313398e 100644
--- a/templates/ingress.yml
+++ b/templates/ingress.yml
@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: koha-ingress
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   {{ if and .Values.tls.enabled .Values.tls.cert_manager.enabled }}
   annotations:
     {{ if eq .Values.tls.cert_manager.kind "cluster-issuer" }}
@@ -39,36 +39,4 @@ spec:
                 name: {{ .Values.instance }}-koha
                 port:
                   number: {{ .Values.opac.port }}
-            pathType: ImplementationSpecific
-    {{ if .Values.sip.enabled }}
-    - host: {{ .Values.instance }}{{ .Values.sip.suffix }}{{ .Values.global.domain }}
-      http:
-        paths:
-          - backend:
-              service:
-                name: {{ .Values.instance }}-sip
-                port:
-                  number: 6001
-    {{ end }}
-    {{ if .Values.ncip.enabled }}
-    - host: {{ .Values.instance }}{{ .Values.ncip.suffix }}{{ .Values.global.domain }}
-      http:
-        paths:
-          - backend:
-              service:
-                name: {{ .Values.instance }}-ncip
-                port:
-                  number: 3000
-            pathType: ImplementationSpecific
-    {{ end }}
-    {{ if .Values.z3950.enabled }}
-    - host: {{ .Values.instance }}{{ .Values.z3950.suffix }}{{ .Values.global.domain }}
-      http:
-        paths:
-          - backend:
-              service:
-                name: {{ .Values.instance }}-z3950
-                port:
-                  number: 2100
-            pathType: ImplementationSpecific
-    {{ end }}
\ No newline at end of file
+            pathType: ImplementationSpecific
\ No newline at end of file
diff --git a/templates/service.yml b/templates/service.yml
index c32e08e..502b857 100644
--- a/templates/service.yml
+++ b/templates/service.yml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Values.instance }}-koha
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     run: {{ .Values.instance }}-koha
 spec:
@@ -22,7 +22,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Values.instance }}-plack
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     run: {{ .Values.instance }}-plack
 spec:
@@ -33,67 +33,13 @@ spec:
   selector:
     app: koha
     component: plack
-{{ if .Values.sip.enabled }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.instance }}-sip
-  namespace: koha-{{ .Values.instance }}
-  labels:
-    run: {{ .Values.instance }}-sip
-spec:
-  type: ClusterIP
-  ports:
-  - port: 6001
-    protocol: TCP
-  selector:
-    app: koha
-    component: sip
-{{ end }}
-{{ if .Values.ncip.enabled }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.instance }}-ncip
-  namespace: koha-{{ .Values.instance }}
-  labels:
-    run: {{ .Values.instance }}-ncip
-spec:
-  type: ClusterIP
-  ports:
-  - port: 3000
-    protocol: TCP
-  selector:
-    app: koha
-    component: ncip
-{{ end }}
-{{ if .Values.z3950.enabled }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.instance }}-z3950
-  namespace: koha-{{ .Values.instance }}
-  labels:
-    run: {{ .Values.instance }}-z3950
-spec:
-  type: ClusterIP
-  ports:
-  - port: 2100
-    protocol: TCP
-  selector:
-    app: koha
-    component: z3950
-{{ end }}
 {{ if and .Values.elasticsearch.enabled (not .Values.elasticsearch.external) }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Values.instance }}-es
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     run: {{ .Values.instance }}-es
 spec:
@@ -111,7 +57,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Values.instance }}-db
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     run: {{ .Values.instance }}-db
 spec:
@@ -129,7 +75,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ .Values.instance }}-memcached
-  namespace: koha-{{ .Values.instance }}
+  namespace: koha
   labels:
     run: {{ .Values.instance }}-memcached
 spec:
diff --git a/templates/volumeClaim.yml b/templates/volumeClaim.yml
index 3b57131..45a96ef 100644
--- a/templates/volumeClaim.yml
+++ b/templates/volumeClaim.yml
@@ -1,8 +1,8 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: koha-{{ .Values.instance }}-pvc
-  namespace: koha-{{ .Values.instance }}
+  name: koha-pvc
+  namespace: koha
   labels:
     app: koha
 spec:
@@ -17,8 +17,8 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: koha-{{ .Values.instance }}-mysql-pvc
-  namespace: koha-{{ .Values.instance }}
+  name: koha-mysql-pvc
+  namespace: koha
   labels:
     app: koha
 spec:
diff --git a/values.yaml b/values.yaml
index 7de983e..52e2ffa 100644
--- a/values.yaml
+++ b/values.yaml
@@ -1,9 +1,8 @@
 # On purpose we don't include a instance default value. It must be provided on install.
-instance: htwk-fsrim
+instance: fsrim
 
 global:
   domain: .koha.fsr.imn.htwk-leipzig.de
-  
   marc_flavour: "marc21"
 
   # Set alternate languages to install as an array
@@ -86,18 +85,7 @@ memcached:
 zebra:
   marc_format: marc21
 
-sip:
-  enabled: false
-  suffix: -sip
-
-z3950:
-  enabled: false
-  suffix: -z3950
-
-ncip:
-  enabled: false
-  suffix: -ncip
-
+# pv stands for Persistent Volume. It is a storage solution that allows you to store data on a disk that is separate from the main server disk
 pv:
   enabled: false
     
\ No newline at end of file