Helm chart for deploying Mailchimp Open Commerce ontop of Kubernetes/Openshift.

License: Apache License 2.0

Mustache 100.00%

mailchimp-open-commerce-helm-chart's Introduction

This repository contains a helm chart for deploying the open source Open Commerce platform on top of a Kubernetes cluster.

Open Commerce is an API-first, modular commerce stack made for ambitious brands and retailers. Open Commerces’s service-based architecture is built to deliver flexibility and freedom at scale.

This chart packages the following components from the Open Commerce platform:

Service	Description
Open Commerce API	The Open Commerce API, which includes a GraphQL endpoint. See GraphQL Playground.
Open Commerce Admin	A user interface for administrators and shop managers to configure shops, manage products, and process orders.
Example Storefront	An example Open Commerce storefront UI built with Next.JS.

Current chart version is 0.4.0

Chart Requirements

Repository	Name	Version
https://charts.bitnami.com/bitnami/	mongodb	11.1.10

Chart Values

Key	Type	Default	Description
admin.enabled	bool	`true`	Enables or disables the admin interface
admin.host	string	`"admin.example.shop"`	The hostname of the admin interface
admin.image.pullPolicy	string	`"IfNotPresent"`	Default image pull policy
admin.image.repository	string	`"reactioncommerce/admin"`	Image repository
admin.image.tag	string	`"4.0.0-beta.12"`	Image tag
admin.ingress.annotations	object	`{}`	A set of custom annotations to apply to the admin ingress resource
admin.ingress.enabled	bool	`true`	Enable or disables the ingress resource
admin.ingress.livenessPath	string	`nil`	Liveness probe path for the ingress
admin.ingress.path	string	`"/"`	Default virtual path on the admin ingress
admin.ingress.tls.enabled	bool	`true`	Enables or disables TLS on the ingress
admin.ingress.tls.secretName	string	`"tls-secret"`	Secret path for tls certs
admin.replicaCount	int	`2`	Pod replica count
admin.service.annotations	object	`{}`	Service annotations
admin.service.type	string	`"ClusterIP"`	Service type
admin.ssl	bool	`true`	Enables external SSL support
admin.resources.requests.cpu	string	`"500m"`	CPU Resource Constraint
admin.resources.requests.memory	string	`"1Gi"`	Memory Resource Constraint
kinetic.enabled	bool	`true`	Enables or disables the kinetic admin interface
kinetic.host	string	`"kinetic.example.shop"`	The hostname of the kinetic admin interface
kinetic.image.pullPolicy	string	`"IfNotPresent"`	Default image pull policy
kinetic.image.repository	string	`"reactioncommerce/kinetic"`	Image repository
kinetic.image.tag	string	`"latest"`	Image tag
kinetic.ingress.annotations	object	`{}`	A set of custom annotations to apply to the kinetic admin ingress resource
kinetic.ingress.enabled	bool	`true`	Enable or disables the ingress resource
kinetic.ingress.livenessPath	string	`nil`	Liveness probe path for the ingress
kinetic.ingress.path	string	`"/"`	Default virtual path on the kinetic admin ingress
kinetic.ingress.tls.enabled	bool	`true`	Enables or disables TLS on the ingress
kinetic.ingress.tls.secretName	string	`"tls-secret"`	Secret path for tls certs
kinetic.replicaCount	int	`2`	Pod replica count
kinetic.service.annotations	object	`{}`	Service annotations
kinetic.service.type	string	`"ClusterIP"`	Service type
kinetic.ssl	bool	`true`	Enables external SSL support
kinetic.resources.requests.cpu	string	`"500m"`	CPU Resource Constraint
kinetic.resources.requests.memory	string	`"1Gi"`	Memory Resource Constraint
api.enabled	bool	`true`	Enables or disables the Open Commerce api
api.enableGraphQlPlayground	bool	`false`	Serve the GraphQL Playground UI from /graphql
api.enableGraphQlIntrospection	bool	`false`	Allow introspection of the GraphQL API.
api.host	string	`"api.example.shop"`	The hostname of the Open Commerce api
api.image.pullPolicy	string	`"IfNotPresent"`	Default image pull policy
api.image.repository	string	`"reactioncommerce/reaction"`	Image repository
api.image.tag	string	`"4.1.4"`	Image tag
api.ingress.annotations	object	`{}`	A set of custom annotations to apply to the api ingress resource
api.ingress.enabled	bool	`true`	Enable or disables the ingress resource
api.ingress.livenessPath	string	`nil`	Liveness probe path for the ingress
api.ingress.path	string	`"/"`	Default virtual path on the admin ingress
api.ingress.tls.enabled	bool	`true`	Enables or disables TLS on the ingress
api.ingress.tls.secretName	string	`"tls-secret"`	Secret path for tls certs
api.replicaCount	int	`2`	Pod replica count
api.service.annotations	object	`{}`	Service annotations
api.service.type	string	`"ClusterIP"`	Service type
api.ssl	bool	`true`	Enables external SSL support
api.resources.requests.cpu	string	`"500m"`	CPU Resource Constraint
api.resources.requests.memory	string	`"1Gi"`	Memory Resource Constraint
global.segmentKey	string	`"YOUR_PRIVATE_SEGMENT_API_KEY"`	Set this if you want to track storefront analytics such as page views with Segment. You can find this key on your Segment dashboard
global.stripeKey	string	`"YOUR_PRIVATE_STRIPE_API_KEY"`	The Stripe secret key from your Stripe account dashboard.
mongodb.enabled	bool	`true`	Enables or disables MongoDB deployment
mongodb.auth.enabled	bool	`true`	Enable or disable MongoDB Authentication
mongodb.auth.rootPassword	string	`""`	MongoDB Root User Password
mongodb.auth.rootUser	string	`admin`	MongoDB Root Username
mongodb.architecture	string	`replicaset`	MongoDB Architecture
mongodb.replicaSetName	string	`rs0`	MongoDB Replica Set Name
mongodb.replicaCount	int	`2`	MongoDB Count of Replicas
mongodb.replicaSetHostnames	bool	`true`	Enable or Disable hostnames for MongoDB replicas
mongodb.persistence.enabled	bool	`true`	Enable or Disable persistence for MongoDB
mongodb.persistence.size	string	`8Gi`	Storage size for MongoDB persistence
mongodb.perssitence.storageClass	string	`""`	Storage class for MongoDB persistence
mongodb.arbiter.enabled	bool	`true`	Enable or disable MongoDB Arbiter
mongodb.service.annotations	object	`{}`	MongoDB Service Annotations
mongodb.service.type	string	`ClusterIP`	Service type
mongodb.service.port	int	`27017`	Service port
web.enabled	bool	`true`	Enables or disables the template StoreFront
web.host	string	`"example.shop"`	The hostname of the template StoreFront
web.image.pullPolicy	string	`"IfNotPresent"`	Default image pull policy
web.image.repository	string	`"reactioncommerce/example-storefront"`	Image repository
web.image.tag	string	`"5.1.0"`	Image tag
web.ingress.annotations	object	`{}`	A set of custom annotations to apply to the web ingress resource
web.ingress.enabled	bool	`true`	Enable or disables the ingress resource
web.ingress.livenessPath	string	`nil`	Liveness probe path for the ingress
web.ingress.path	string	`"/"`	Default virtual path on the admin ingress
web.ingress.tls.enabled	bool	`true`	Enables or disables TLS on the ingress
web.ingress.tls.secretName	string	`"tls-secret"`	Secret path for tls certs
web.replicaCount	int	`2`	Pod replica count
web.service.annotations	object	`{}`	Service annotations
web.service.type	string	`"ClusterIP"`	Service type
web.ssl	bool	`true`	Enables external SSL support
web.resources.requests.cpu	string	`"500m"`	CPU Resource Constraint
web.resources.requests.memory	string	`"1Gi"`	Memory Resource Constraint

mailchimp-open-commerce-helm-chart's People

Contributors

Stargazers

Watchers

Forkers

merkg9 merchstack drpaulnguyen bugslifesolutions

mailchimp-open-commerce-helm-chart's Issues

Deploying locally on docker-desktop for mac

Howdy team, I was going through the blog post trying to set reaction up locally to test out the helm chart.
I am fairly new to kubernetes and totally new to Reaction so if I have made any obvious errors, apologies.
Any assistance to get this up and running would be most appreciated. After I get this test working locally I will attempt to load this into GKE.

I have run into a couple of issues so I will raise them all here in one place rather than seperate github issues. If desired I can break it up too.
Issues:

ssl and tls, Using the default settings I was getting no interpod connectivity this was due to ssl issues as such I had to disable it all as a first step in the values.yaml.
https://github.com/slingshotlabs/reaction-oss-helm-chart/blob/b3e1b425217bab52b15ae4b5cbca77c4859efc4b/templates/web-deployment.yaml#L46-L49 Here both the internal and external urls are set to the same value. This was causing me issues as the external host url was not accessible from inside the cluster so for my example I changed it to http://test-web:4000/graphql for testing and I was now able to connect.
Once I got web-deployment able to talk to graphql I then got the following error:

networkError:
{ ServerParseError: Unexpected token N in JSON at position 0
at JSON.parse (<anonymous>)
at /usr/local/src/app/node_modules/apollo-link-http-common/lib/index.js:35:25
at process._tickCallback (internal/process/next_tick.js:68:7)
name: 'ServerParseError',
response:
Body {
url: 'http://test-web:4000/graphql',
status: 501,
statusText: 'Not Implemented',
headers: [Headers],
ok: false,
body: [PassThrough],
bodyUsed: true,
size: 0,
timeout: 0,
_raw: [Array],
_abort: false,
_bytes: 15 },
statusCode: 501,
bodyText: 'Not Implemented' },
message: 'Network error: Unexpected token N in JSON at position 0',
extraInfo: undefined }

Steps to reproduce

git clone
helm dependency update
helm install test . -f ./myvalues.yaml
helm repo add nginx-stable https://helm.nginx.com/stable
helm repo update
helm install nginx nginx-stable/nginx-ingress

Then i changed my etc/hosts to have 
127.0.0.1 localhost admin.example.shop
127.0.0.1 localhost api.example.shop
127.0.0.1 localhost private.example.shop
127.0.0.1 localhost hydra.example.shop
127.0.0.1 localhost identity.example.shop
127.0.0.1 localhost www.example.shop

myvalues.yaml

##
## Global configuration
global:
  ##
  ## The Stripe secret key from your Stripe account dashboard.
  ## Required if you want Stripe payments to work.
  stripeKey: YOUR_PRIVATE_STRIPE_API_KEY

  ##
  ## Set this if you want to track storefront analytics such as
  ## page views with Segment. You can find this key on your Segment dashboard.
  segmentKey: YOUR_PRIVATE_SEGMENT_API_KEY

  ##
  ## The MongoDB database URL.
  ## Note: This overrides the Mongo subchart values i.e. bring your own
  # mongoUrl:

  ##
  ## The oplog URL for the MongoDB deployment.
  ## Note: This overrides the Mongo subchart values i.e. bring your own
  # mongoOplogUrl:


##
## Admin panel configuration
admin:
  enabled: true
  ssl: false
  host: admin.example.shop
  replicaCount: 2
  image:
    repository: reactioncommerce/admin
    tag: 3.0.0-beta.6
    pullPolicy: IfNotPresent
    # imagePullSecret:
  service:
    annotations: {}
    type: ClusterIP
  ingress:
    enabled: true
    path: ""
    annotations:
      kubernetes.io/ingress.class: nginx
      # nginx.ingress.kubernetes.io/ssl-redirect: "true"
      # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
      nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
      nginx.ingress.kubernetes.io/proxy-buffers-number: "4 256k"
      nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
      nginx.ingress.kubernetes.io/proxy-send-timeout: 3600
      nginx.ingress.kubernetes.io/proxy-read-timeout: 3600
    livenessPath:
    tls:
      enabled: false
      secretName: tls-secret

##
## API configuration
api:
  enabled: true
  host: api.example.shop
  ssl: false
  replicaCount: 2

  ##
  ## An SMTP mail url, e.g. smtp://user:[email protected]:465, that is
  ## used to send all transactional emails from the email-smtp plugin.
  # mailUrl: smtp://user:[email protected]:465

  ##
  ## If this is true, on startup the API will auto-initialize a MongoDB
  ## replica set if one isn't found.
  # initReplicaSet: false
  image:
    repository: reactioncommerce/reaction
    tag: 3.7.1
    pullPolicy: IfNotPresent
    # imagePullSecret:
  service:
    annotations: {}
    type: ClusterIP
  ingress:
    enabled: true
    path: ""
    annotations:
      kubernetes.io/ingress.class: nginx
    livenessPath:
    tls:
      enabled: false
      secretName: tls-secret

##
## Identity service configuration
identity:
  enabled: true
  host: identity.example.shop
  ssl: false
  replicaCount: 2
  image:
    repository: reactioncommerce/identity
    tag: 3.0.0
    pullPolicy: IfNotPresent
    # imagePullSecret:
  service:
    annotations: {}
    type: ClusterIP
  ingress:
    enabled: true
    path: ""
    annotations:
      kubernetes.io/ingress.class: nginx
    livenessPath:
    tls:
      enabled: false
      secretName: tls-secret

##
## Example storefront configuration
web:
  enabled: true
  host: www.example.shop
  ssl: false
  replicaCount: 2
  # sessionSecret: CHANGEME
  image:
    repository: reactioncommerce/example-storefront
    tag: 3.0.0
    pullPolicy: IfNotPresent
    # imagePullSecret:
  service:
    annotations: {}
    type: ClusterIP
  ingress:
    enabled: true
    path: ""
    annotations:
      kubernetes.io/ingress.class: nginx
    livenessPath:
    tls:
      enabled: false
      secretName: tls-secret

##
## MongoDB chart configuration
mongodb:
  enabled: true
  usePassword: true
  # existingSecret: name-of-existing-secret
  mongodbRootPassword: reaction
  service:
    annotations:
    type: ClusterIP
    port: 27017
  replicaSet:
    enabled: true
    useHostnames: true
    name: rs0
    replicas:
      secondary: 1
      arbiter: 1

##
## PostgreSQL chart configuration (for Hydra)
postgresql:
  enabled: true
  postgresqlUsername: postgres
  postgresqlPassword: hydra
  postgresqlDatabase: hydra
  # existingSecret: postgres-secret
  # existingSecretKey: postgres-password
  service:
    port: 5432
  persistence:
    enabled: true
    # storageClass: classname
    accessMode: ReadWriteOnce

##
## Hydra chart configuration
hydra:
  enabled: true
  replicaCount: 1
  ssl: false
  image:
    repository: oryd/hydra
    tag: v1.0.8
    pullPolicy: IfNotPresent
    # imagePullSecret:

  ##
  ## Refer to https://www.ory.sh/docs/oryos.9/hydra/advanced#openid-connect
  pairwiseSalt: youReallyNeedToChangeThis

  ##
  ## A key or keys used to encrypt sensitive data using AES-GCM (256 bit) and
  ## validate HMAC signatures. Must be at least 16 characters long. This may be
  ## a single key or a comma-separated list where the first item in the list is
  ## used for signing and encryption and the whole list is used for verifying
  ## signatures and decryption. See https://www.ory.sh/docs/hydra/configuration
  secretsSystem: youReallyNeedToChangeThis
  service:
    annotations: {}
    type: ClusterIP
  frontend:
    host: hydra.example.shop
    ingress:
      enabled: true
      path: ""
      annotations:
        kubernetes.io/ingress.class: nginx
      livenessPath:
      tls:
        enabled: false
        secretName: tls-secret

  admin:
    host: private.example.shop
    ingress:
      enabled: true
      path: ""
      annotations:
        kubernetes.io/ingress.class: nginx
      livenessPath:
      tls:
        enabled: false
        secretName: tls-secret

Add NODE_ENV as value for api to allow graphql playground

It looks like we need to enable a setting for NODE_ENV other than production so that it's possible to create a deployment that has a graphql playground available.

Include ability to provide postgresql connection string

Right now we have the ability to provide a MongoDB connection string outside of the K8S cluster. We should include the same for Postgres, as a production setup really shouldn't include that db in containers

Implement Environment Variables as Config Map

Environment variables are becoming unwieldy this is a placeholder issue to move them to a dedicated ConfigMap.

SSL causes cypher mismatch

I've gotten the application running on AWS's EKS product. I'm trying to get the domain to resolve correctly. I have ssl enabled for each of the services in the chart and have been able to get the IP for the ingress controller. I'm using Cloudflare for my DNS provider and have added an un-proxied A record that points to the external IPV4 for the ingress controller.

When I try to access the application, however, I get an error that the browser can't get a secure connection - Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.

@dcrdev is there additional setup necessary on Cloudflare to get ssl to terminate correctly?

HTTPS Redirection

How to implement redirection to https using this chart?
I was driven by this example:
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/tasks/ssl_redirect/

I wrote this instructions:

annotations:
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/target-type: ip
      alb.ingress.kubernetes.io/cetificate-arn: arn:aws:acm:eu-west-3:999722084027:certificate/6c66eca8-4da5-476f-9529-e6890de3f11a
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/actions.ssl-redirect: '443'

spec:
  ingressClassName: alb
  rules:
    - http:
        paths:
         - path: /users/*
           pathType: ImplementationSpecific
           backend:
             service:
               name: user-service
               port:
                 number: 80
         - path: /*
           pathType: ImplementationSpecific
           backend:
             service:
               name: default-service
               port:
                 number: 80

But it is does not help(

Typo in api deployment template for mailUrl

PR here: #9

Investigate Reaction Prometheus Plugin

According to https://github.com/reactioncommerce/reaction/blob/d3ba8c0af37ba2dca3ebc55f7ed9fd984e45b763/CHANGELOG.md#L1276 there is a prometheus metrics plugin - want to investigate how to enable that and find out what the exporter endpoint is; docs seem non existent. Aim here is to introduce support for the prometheus operator, by offering configuration for service monitors.

No ingress controller created with default values

@dcrdev Thank you for putting this default helm chart together! I ran through the linked blog post, but after enabling the ingress controller / annotations on each section there isn't an nginx controller these don't exist in the pods / services output:

nginx-ingress-nginx-controller             LoadBalancer   10.100.35.91     <REDACTED>   80:31935/TCP,443:32226/TCP   7d3h
nginx-ingress-nginx-controller-admission   ClusterIP      10.100.203.35    <none>                                                                  443/TCP                      7d3h

Is there something else necessary to getting those to launch?

An architecture diagram of all the pieces and how they fit together
Call outs for any pieces that @RickyHolland will not build himself (e.g. a webapp)
Grey screens of all the user inputs we need
The plan for the order it will be built including milestones
A plan for a series of blog posts talking about how it was built

Websocket errors causing admin to load extremely slowly

I'm getting a ton of these errors on the admin side which is causing a very slow load:

Firefox can’t establish a connection to the server at wss://example.com/sockjs/183/b1ktd5sf/websocket. e91c6e6cd55e480b2e7fe25514ac0bc01a831f74.js:612:22976
The connection to wss://example.com/sockjs/183/b1ktd5sf/websocket was interrupted while the page was loading.

Are websockets enabled with this helm chart or would this be caused by a different issue?

reactioncommerce / mailchimp-open-commerce-helm-chart Goto Github PK