helm, kubernetes init environments

docker/Dockerfile

@@ -0,0 +1,43 @@
+# Phase 1 - create php container
+FROM php:7.4-fpm as php_base
+
+USER root
+
+WORKDIR /var/www/html
+
+ARG NR_INSTALL_SILENT=true
+ARG NR_INSTALL_KEY=""
+
+# Install composer
+COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+
+# Install dependencies
+RUN apt-get update \
+	# gd
+	&& apt-get install -y --no-install-recommends build-essential  openssl nginx libfreetype6-dev libjpeg-dev libpng-dev libwebp-dev zlib1g-dev libzip-dev gcc g++ make vim unzip curl git jpegoptim optipng pngquant gifsicle locales libonig-dev libzstd-dev libmagickwand-dev gettext gnupg wget libssl-dev pkg-config \
+	&& docker-php-ext-configure gd  \
+	&& docker-php-ext-install gd \
+	# gmp
+	&& apt-get install -y --no-install-recommends libgmp-dev \
+    && echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | tee /etc/apt/sources.list.d/newrelic.list \
+    && wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add - \
+    && apt-get update \
+    && apt-get install newrelic-php5 -y --no-install-recommends \ 
+	&& docker-php-ext-install gmp \
+	# pdo_mysql
+	&& docker-php-ext-install pdo_mysql mbstring \
+	# pdo
+	&& docker-php-ext-install pdo \
+	# opcache
+	&& docker-php-ext-enable opcache \
+	# zip
+	&& docker-php-ext-install zip \
+    && newrelic-install install \
+    && pecl install  "mongodb-1.7.1" redis \
+    && echo "" | pecl install imagick-beta \
+    && docker-php-ext-install bcmath exif gettext \
+    && docker-php-ext-enable redis mongodb imagick \
+	&& apt-get autoclean -y \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& rm -rf /tmp/pear/
+

docker/Dockerfile-php8

@@ -0,0 +1,38 @@
+# Phase 1 - create php container
+FROM php:8.2-fpm as php_base
+
+USER root
+
+WORKDIR /var/www/html
+
+ARG NR_INSTALL_SILENT=true
+ARG NR_INSTALL_KEY=""
+
+# Install composer
+COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+
+# Install dependencies
+RUN apt-get update \
+	# gd
+	&& apt-get install -y --no-install-recommends build-essential  openssl nginx libfreetype6-dev libjpeg-dev libpng-dev libwebp-dev zlib1g-dev libzip-dev gcc g++ make vim unzip curl git jpegoptim optipng pngquant gifsicle locales libonig-dev libzstd-dev libmagickwand-dev gettext gnupg wget libssl-dev pkg-config \
+	&& docker-php-ext-configure gd  \
+	&& docker-php-ext-install gd \
+	# gmp
+	&& apt-get install -y --no-install-recommends libgmp-dev \
+	&& docker-php-ext-install gmp \
+	# pdo_mysql
+	&& docker-php-ext-install pdo_mysql mbstring \
+	# pdo
+	&& docker-php-ext-install pdo \
+	# opcache
+	&& docker-php-ext-enable opcache \
+	# zip
+	&& docker-php-ext-install zip \
+    && pecl install  "mongodb-1.7.1" redis \
+    && echo "" | pecl install imagick-beta \
+    && docker-php-ext-install bcmath exif gettext \
+    && docker-php-ext-enable redis imagick \
+	&& apt-get autoclean -y \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& rm -rf /tmp/pear/
+

docker/README.md

@@ -0,0 +1,24 @@
+# Base PHP FPM Dockerfile 
+
+This is **Dockerfile**, the DoSomething.org base image for services. It's our single "source of builds" for developers.
+
+To learn more about: # TODO
+
+### Build
+
+`docker build -f Dockerfile -t dosomething/infrastructure:php_base .`  
+
+### Optimization
+
+We must consider to build tighter images - on alpine
+
+### Security 
+We take security very seriously. Any vulnerabilities in Northstar should be reported to [security@dosomething.org](mailto:security@dosomething.org),
+and will be promptly addressed. Thank you for taking the time to responsibly disclose any issues you find.
+
+### License
+
+©2019 DoSomething.org. Northstar is free software, and may be redistributed under the terms specified
+in the [LICENSE](https://github.com/DoSomething/northstar/blob/dev/LICENSE) file. The name and logo for
+DoSomething.org are trademarks of Do Something, Inc and may not be used without permission.
+

helm-charts/charts/blink/values-qa-web.yaml

@@ -0,0 +1,104 @@
+# Deployment BinaryCortex
+
+replicaCount: 2
+
+image:
+  repository: "dosomething/blink"
+  #pullPolicy: IfNotPresent
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "0.1.0"
+
+imagePullSecrets: {} 
+
+shortCommit: ""
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: true
+  className: ""
+  annotations:
+     kubernetes.io/ingress.class: external
+     cert-manager.io/cluster-issuer: letsencrypt-qa-external
+     nginx.ingress.kubernetes.io/http-snippet: |
+       proxy_cache dosomething;
+       proxy_cache_lock on;
+       proxy_cache_valid any 60m;
+       proxy_ignore_headers Cache-Control;
+       add_header X-Cache-Status $upstream_cache_status;  
+     nginx.ingress.kubernetes.io/proxy-body-size: 100m
+     nginx.ingress.kubernetes.io/proxy-buffering: "on"
+  hosts:
+    - host: "blink.nyc.qa.dosomething.org"
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - secretName: blink.nyc.qa.dosomething.org
+      hosts:
+        - blink.nyc.qa.dosomething.org
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+deployment:
+  httpPort: 8080
+  #livenessProbePath: /
+  #readinessProbePath: /
+  env: []
+  envFrom:
+    - secretRef:
+        name: blink
+  command: ["/bin/sh", "-c"]
+  args: 
+    - "npm run web"
+
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

helm-charts/charts/blink/values-qa-worker.yaml

@@ -0,0 +1,83 @@
+# Deployment BinaryCortex
+
+replicaCount: 2
+
+image:
+  repository: "dosomething/blink"
+  #pullPolicy: IfNotPresent
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "0.1.0"
+
+imagePullSecrets: {} 
+
+shortCommit: ""
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+deployment:
+  httpPort: 8080
+  #livenessProbePath: /
+  #readinessProbePath: /
+  env: []
+  envFrom:
+    - secretRef:
+        name: blink
+  command: ["/bin/sh","-c"]
+  args: 
+    - "npm run worker"
+
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}