Major change that brought the chart in line with others. Mainly by more heavily relyng on subcharts and *.tpl files for code modularity and reusability (and consistency)

2025-12-24 19:07:22 -06:00 · 2025-12-24 19:07:22 -06:00 · 563a76b84e
commit 563a76b84e
parent 84a322eb28
34 changed files with 621 additions and 1103 deletions
--- a/templates/_sidecars.tpl
+++ b/templates/_sidecars.tpl
@ -0,0 +1,61 @@
+{{- define "backupSidecar" -}}
+- name: {{ .Values.backupSidecar.name }}
+  image: {{ .Values.backupSidecar.image.repository }}:{{ .Values.backupSidecar.image.tag }}
+  imagePullPolicy: {{ .Values.backupSidecar.image.pullPolicy }}
+  ports:
+  - containerPort: {{ .Values.backupSidecar.port }}
+  env:
+  # Release name (used to identify the service/release the backups came from in remote storage)
+  - name: RELEASE_NAME
+    value: {{ .Release.Name }}
+  {{- include "db.envVars" . | nindent 2 -}}
+  {{- if .Values.vault.create.snapshotServer.enabled }}
+  - name: VAULT_NAME
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Release.Name }}-pass-vault-secret
+        key: vault-name
+  - name: VAULT_SNAPSHOT_SERVER_PORT
+    valueFrom:
+      configMapKeyRef:
+        name: {{ .Release.Name }}-pass-vault-snapshot-config
+        key: port
+  {{- end }}
+  {{- if eq .Values.nosql.type "mongodb" }}
+  # NoSQL storage related environment variables
+  # Note, we only worry about self-hosted options as cloud-based should have their own backups etc...
+  - name: STORAGE_ACCOUNT_CONNECTION_STRING
+    valueFrom:
+      secretKeyRef:
+        name: {{ .Release.Name }}-mongo-credentials
+        key: connection-string
+  {{- end }}
+  # Redis is used for BullMQ, which is how we schedule backups
+  # We use this instead of, for instance cron jobs, as it lets us deal with failures
+  {{- include "cache.envVars" . | nindent 2 }}
+  resources:
+    requests:
+      cpu: {{ .Values.backupSidecar.resources.requests.cpu }}
+      memory: {{ .Values.backupSidecar.resources.requests.memory }}
+      ephemeral-storage: {{ .Values.backupSidecar.resources.requests.ephemeralStorage }}
+    limits:
+      cpu: {{ .Values.backupSidecar.resources.limits.cpu }}
+      memory: {{ .Values.backupSidecar.resources.limits.memory }}
+      ephemeral-storage: {{ .Values.backupSidecar.resources.limits.ephemeralStorage }}
+  {{- if .Values.vault.create.snapshotServer.enabled }}
+  volumeMounts:
+  # Mount for a shared volume for Vault credentials
+  # This is separate from the app's `role vars` volume because it includes other credentials
+  # In particular, the unseal keys which we require when/if we restore from the backup
+  # This volume is also read-only where the `role-vars` is read-write (see description below for why)
+  - name: creds
+    mountPath: /vault-creds
+    readOnly: true
+  # Mount for a shared volume for the Vault's role variables for the app
+  # This is required by the backup sidecar because if a restart of the app occurs AFTER a vault has been reset (ex. vault using a different container instance),
+  # despite the vault data being restored the app would receive incorrect credentials (because this is ONLY written during setup of the vault)
+  # The backup sidecar mitigates this by doing it's own write (to overwrite) once it's done a restore
+  - name: role-vars
+    mountPath: /role_vars
+  {{- end }}
+{{- end -}}
--- a/templates/_thirdParty.tpl
+++ b/templates/_thirdParty.tpl
@ -0,0 +1,77 @@
+{{- define "stripe.envVars" -}}
+# Stripe Environment Variables
+- name: STRIPE_PUBLIC_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-stripe-secret
+      key: live-public-key
+- name: STRIPE_SECRET_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-stripe-secret
+      key: live-secret-key
+- name: STRIPE_TEST_PUBLIC_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-stripe-secret
+      key: test-public-key
+- name: STRIPE_TEST_SECRET_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-stripe-secret
+      key: test-secret-key
+{{- end -}}
+
+{{- define "moneris.envVars" -}}
+# Moneris Environment Variables
+- name: MONERIS_MERCHANT_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: merchant-id
+- name: MONERIS_STORE_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: store-id
+- name: MONERIS_HT_PROFILE_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: ht-profile-id
+- name: MONERIS_APP_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: app-id
+- name: MONERIS_APP_SECRET
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: app-secret
+- name: MONERIS_TEST_MERCHANT_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: test-merchant-id
+- name: MONERIS_TEST_STORE_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: test-store-id
+- name: MONERIS_TEST_HT_PROFILE_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: test-ht-profile-id
+- name: MONERIS_TEST_APP_ID
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: test-app-id
+- name: MONERIS_TEST_APP_SECRET
+  valueFrom:
+    secretKeyRef:
+      name: {{ .Release.Name }}-moneris-secret
+      key: test-app-secret
+{{- end -}}
--- a/templates/cache-configmap.yaml
+++ b/templates/cache-configmap.yaml
@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-cache-configmap
-  namespace: {{ .Release.Namespace }}
-data:
-  {{- if and (eq .Values.cache.type "redis") (.Values.cache.create) }}
-  hostname: {{ .Release.Name }}-redis
-  {{- else }}
-  hostname: {{ .Values.cache.hostname }}
-  {{- end }}
-  port: {{ .Values.cache.port | quote }}
--- a/templates/cache-credentials-secret.yaml
+++ b/templates/cache-credentials-secret.yaml
@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-cache-credentials
-type: Opaque
-data:
-  password: {{ .Values.cache.password | b64enc }}
--- a/templates/database.yaml
+++ b/templates/database.yaml
@ -1,37 +0,0 @@
-{{- if and (eq .Values.database.type "postgres") (.Values.database.create) -}}
-apiVersion: postgresql.org/v1
-kind: PostgresDatabase
-metadata:
-  name: {{ .Release.Name }}-db
-  namespace: {{ .Release.Namespace }}
-spec:
-  dbName:
-    envFrom:
-      configMapKeyRef:
-        - name: {{ .Release.Name }}-db-credentials
-          namespace: postgres-controller
-          key: db-name
-  dbRoleName:
-    envFrom:
-      configMapKeyRef:
-        - name: {{ .Release.Name }}-db-credentials
-          namespace: postgres-controller
-          key: db-user
-  dbRolePassword:
-    envFrom:
-      secretKeyRef:
-        - name: {{ .Release.Name }}-db-password
-          namespace: postgres-controller
-          key: password
-  # Because we've adopted a "throw away"/"ephemeral"/"container-esk" approach to our database, we want it to be dropped/deleted when everything else is deleted.
-  # This is because we re-create it and restore from a backup on every deploy.
-  # Which helps keep the data current and reinforces the utility of the backup and restore systems.
-  onDeletion:
-    # Whether to drop the database when the resource is deleted
-    dropDB: true
-    # Whether to drop the role when the resource is deleted
-    dropRole: true
-{{- if .Values.database.instance_id }}
-  dbInstanceId: {{ .Values.database.instance_id }}
-{{- end }}
-{{- end -}}
--- a/templates/db-credentials-config-map-postgres-controller.yaml
+++ b/templates/db-credentials-config-map-postgres-controller.yaml
@ -1,16 +0,0 @@
-{{- if and (eq .Values.database.type "postgres") (.Values.database.create) -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-db-credentials
-  namespace: postgres-controller
-data:
-  db-host: {{ .Values.database.host }}
-  db-name: {{ .Values.database.name }}
-  db-user: {{ .Values.database.user }}
-  {{- if .Values.database.port }}
-  db-port: {{ .Values.database.port | quote }}
-  {{- else }}
-  db-port: "5432"
-  {{- end }}
-{{- end -}}
--- a/templates/db-credentials-config-map.yaml
+++ b/templates/db-credentials-config-map.yaml
@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-db-credentials
-data:
-  db-host: {{ .Values.database.host }}
-  db-name: {{ .Values.database.name }}
-  db-user: {{ .Values.database.user }}
-  {{- if .Values.database.port }}
-  db-port: {{ .Values.database.port | quote }}
-  {{- else }}
-  db-port: "5432"
-  {{- end }}
--- a/templates/db-password-secret-postgres-controller.yaml
+++ b/templates/db-password-secret-postgres-controller.yaml
@ -1,10 +0,0 @@
-{{- if and (eq .Values.database.type "postgres") (.Values.database.create) -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-db-password
-  namespace: postgres-controller
-type: Opaque
-data:
-  password: {{ .Values.database.password | b64enc }}
-{{- end -}}
--- a/templates/db-password-secret.yaml
+++ b/templates/db-password-secret.yaml
@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-db-password
-type: Opaque
-data:
-  password: {{ .Values.database.password | b64enc }}
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@ -5,7 +5,7 @@ metadata:
  labels:
    app: {{ .Release.Name }}
 spec:
-  replicas: {{ .Values.replicaCount }}
+  replicas: {{ .Values.app.replicaCount }}
  selector:
    matchLabels:
      app: {{ .Release.Name }}
@ -16,15 +16,15 @@ spec:
    spec:
      containers:
      - name: {{ .Release.Name }}
-        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        image: {{ .Values.app.image.repository }}:{{ .Values.app.image.tag }}
+        imagePullPolicy: {{ .Values.app.image.pullPolicy }}
        ports:
-        - containerPort: {{ .Values.container.port }}
+        - containerPort: {{ .Values.app.container.port }}
        env:
        - name: NODE_ENV
-          value: {{ .Values.container.env }}
+          value: {{ .Values.app.container.env }}
        - name: PORT
-          value: "{{ .Values.container.port }}"
+          value: "{{ .Values.app.container.port }}"
        - name: DOMAIN
          value: "bridgemanaccessible.ca"
        - name: ACCOUNTS_DEV_PORT
@ -57,51 +57,9 @@ spec:
            configMapKeyRef:
              name: {{ .Release.Name }}-oauth-credentials
              key: dev-port
-        # Database credentials
-        - name: DB_HOST
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-db-credentials
-              key: db-host
-        - name: DB_NAME
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-db-credentials
-              key: db-name
-        - name: DB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-db-password
-              key: password
-        - name: DB_PORT
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-db-credentials
-              key: db-port
-        - name: DB_USER
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-db-credentials
-              key: db-user
-        # NoSQL Credentials
-        {{- if eq .Values.nosql.type "mongodb" }}
-        - name: STORAGE_ACCOUNT_CONNECTION_STRING
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-mongo-credentials
-              key: connection-string
-        {{- else if eq .Values.nosql.type "azure" }}
-        - name: STORAGE_ACCOUNT_KEY
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-azure-tables-credentials
-              key: key
-        - name: STORAGE_ACCOUNT_NAME
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-azure-tables-config
-              key: name
-        {{- end }}
+        {{- include "db.envVars" . | nindent 8 }}
+        {{- include "cache.envVars" . | nindent 8 }}
+        {{- include "nosql.envVars" . | nindent 8 }}
        # NoSQL Grouping Names
        - name: ACCESS_PROPERTIES_STORAGE_TABLE_NAME
          valueFrom:
@ -169,22 +127,6 @@ spec:
              key: vault-port
        {{- end }}
        {{- end }}
-        # Caching Server Variables
-        - name: CACHE_HOSTNAME
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-cache-configmap
-              key: hostname
-        - name: CACHE_PORT
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-cache-configmap
-              key: port
-        - name: CACHE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-cache-credentials
-              key: password
        # Email (Azure Communication Services API credentials, etc...)
        {{- if and (.Values.comms.email.enabled) (eq .Values.comms.email.type "acs") }}
        - name: EMAIL_CONNECTION_STRING
@ -195,91 +137,23 @@ spec:
        {{- end }}
        # Third-Party Integrations
        {{- if .Values.thirdParty.stripe.enabled }}
-        - name: STRIPE_PUBLIC_KEY
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-stripe-secret
-              key: public-key
-        - name: STRIPE_SECRET_KEY
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-stripe-secret
-              key: secret-key
-        - name: STRIPE_TEST_PUBLIC_KEY
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-stripe-secret
-              key: test-public-key
-        - name: STRIPE_TEST_SECRET_KEY
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-stripe-secret
-              key: test-secret-key
+        {{- /* This injects the YAML defined in the `_thirdParty.tpl` file */ -}}
+        {{ include "stripe.envVars" . | nindent 8 }}
        {{- end }}
        {{- if .Values.thirdParty.moneris.enabled }}
-        - name: MONERIS_MERCHANT_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: merchant-id
-        - name: MONERIS_STORE_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: store-id
-        - name: MONERIS_HT_PROFILE_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: ht-profile-id
-        - name: MONERIS_APP_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: app-id
-        - name: MONERIS_APP_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: app-secret
-        - name: MONERIS_TEST_MERCHANT_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: test-merchant-id
-        - name: MONERIS_TEST_STORE_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: test-store-id
-        - name: MONERIS_TEST_HT_PROFILE_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: test-ht-profile-id
-        - name: MONERIS_TEST_APP_ID
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: test-app-id
-        - name: MONERIS_TEST_APP_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-moneris-secret
-              key: test-app-secret
+        {{- /* This injects the YAML defined in the `_thirdParty.tpl` file */ -}}
+        {{ include "moneris.envVars" . | nindent 8 }}
        {{- end }}
        - name: INITIAL_USER_ID
          value: {{ .Values.initialUserID | quote }}
-        # Logging Sidecar related environment variables
        {{- if .Values.loggingSidecar.enabled }}
-        - name: LOGGING_SIDE_CAR_PORT
-          value: {{ .Values.loggingSidecar.port | quote }}
+        {{- include "logging.envVars" . | nindent 8 }}
        {{- end }}
+        {{- if ne .Values.app.restoreFromBackup "" }}
        # Due to subtleties related to how the entrypoint scripts detects how/when to proceed
        # This environment variable indicates if the entrypoint should wait for a restore to complete
-        {{- if ne .Values.container.restoreFromBackup "" }}
        - name: RESTORE_FROM_BACKUP
-          value: {{ .Values.container.restoreFromBackup | quote }}
+          value: {{ .Values.app.restoreFromBackup | quote }}
        {{- end }}
        {{- if .Values.vault.create.enabled }}
        volumeMounts:
@ -292,120 +166,23 @@ spec:
          mountPath: /role_vars
          readOnly: true
        {{- end }}
+        resources:
+          requests:
+            cpu: {{ .Values.app.resources.requests.cpu }}
+            memory: {{ .Values.app.resources.requests.memory }}
+            ephemeral-storage: {{ .Values.app.resources.requests.ephemeralStorage }}
+          limits:
+            cpu: {{ .Values.app.resources.limits.cpu }}
+            memory: {{ .Values.app.resources.limits.memory }}
+            ephemeral-storage: {{ .Values.app.resources.limits.ephemeralStorage }}
      # Logging sidecar for sending logs to a log aggregator
      {{- if .Values.loggingSidecar.enabled }}
-      - name: {{ .Values.loggingSidecar.name }}
-        image: {{ .Values.loggingSidecar.image.repository }}:{{ .Values.loggingSidecar.image.tag }}
-        imagePullPolicy: {{ .Values.loggingSidecar.image.pullPolicy }}
-        ports:
-        - containerPort: {{ .Values.loggingSidecar.port }}
-        env:
-        - name: PORT
-          value: {{ .Values.loggingSidecar.port | quote }}
-        # Log aggregator (OpenObserve) auth variables
-        - name: LOGGER_AUTH_USERNAME
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-logging-sidecar-credentials
-              key: username
-        - name: LOGGER_AUTH_PASSWORD
-          valueFrom: 
-            secretKeyRef:
-              name: {{ .Release.Name }}-logging-sidecar-password
-              key: password
+      {{ include "logging.sidecar" . | nindent 6 }}
      {{- end }}
      # Backup sidecar for backing up service data
      {{- if .Values.backupSidecar.enabled }}
-      - name: {{ .Values.backupSidecar.name }}
-        image: {{ .Values.backupSidecar.image.repository }}:{{ .Values.backupSidecar.image.tag }}
-        imagePullPolicy: {{ .Values.backupSidecar.image.pullPolicy }}
-        ports:
-        - containerPort: {{ .Values.backupSidecar.port }}
-        env:
-        # Release name (used to identify the service/release the backups came from in remote storage)
-        - name: RELEASE_NAME
-          value: {{ .Release.Name }}
-        # Database related environment variables
-        - name: DB_HOST
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-db-credentials
-              key: db-host
-        - name: DB_NAME
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-db-credentials
-              key: db-name
-        - name: DB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-db-password
-              key: password
-        - name: DB_PORT
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-db-credentials
-              key: db-port
-        - name: DB_USER
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-db-credentials
-              key: db-user
-        {{- if .Values.vault.create.snapshotServer.enabled }}
-        - name: VAULT_NAME
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-vault-secret
-              key: vault-name
-        - name: VAULT_SNAPSHOT_SERVER_PORT
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-vault-snapshot-config
-              key: port
-        {{- end }}
-        # NoSQL storage related environment variables
-        # Note, we only worry about self-hosted options as cloud-based should have their own backups etc...
-        {{- if eq .Values.nosql.type "mongodb" }}
-        - name: STORAGE_ACCOUNT_CONNECTION_STRING
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-mongo-credentials
-              key: connection-string
-        {{- end }}
-        # Redis related environment variables
-        # Redis is used for BullMQ, which is how we schedule backups
-        # We use this instead of, for instance cron jobs, as it lets us deal with failures
-        - name: REDIS_HOSTNAME
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-cache-configmap
-              key: hostname
-        - name: REDIS_PORT
-          valueFrom:
-            configMapKeyRef:
-              name: {{ .Release.Name }}-cache-configmap
-              key: port
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Release.Name }}-cache-credentials
-              key: password
-        {{- if .Values.vault.create.snapshotServer.enabled }}
-        volumeMounts:
-        # Mount for a shared volume for Vault credentials
-        # This is separate from the app's `role vars` volume because it includes other credentials
-        # In particular, the unseal keys which we require when/if we restore from the backup
-        # This volume is also read-only where the `role-vars` is read-write (see description below for why)
-        - name: creds
-          mountPath: /vault-creds
-          readOnly: true
-        # Mount for a shared volume for the Vault's role variables for the app
-        # This is required by the backup sidecar because if a restart of the app occurs AFTER a vault has been reset (ex. vault using a different container instance),
-        # despite the vault data being restored the app would receive incorrect credentials (because this is ONLY written during setup of the vault)
-        # The backup sidecar mitigates this by doing it's own write (to overwrite) once it's done a restore
-        - name: role-vars
-          mountPath: /role_vars
-        {{- end }}
+      {{- /* This injects the YAML defined in the `_sidecar.tpl` file */ -}}
+      {{ include "backupSidecar" . | nindent 6 }}
      {{- end }}
      {{- if .Values.vault.create.enabled }}
      volumes:
--- a/templates/logging-sidecar-credentials-configmap.yaml
+++ b/templates/logging-sidecar-credentials-configmap.yaml
@ -1,10 +0,0 @@
-{{- if .Values.loggingSidecar.enabled -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-logging-sidecar-credentials
-  labels:
-    app: {{ .Values.loggingSidecar.name }}
-data:
-  username: {{ .Values.loggingSidecar.auth.username | quote }}
-{{- end -}}
--- a/templates/logging-sidecar-password-secret.yaml
+++ b/templates/logging-sidecar-password-secret.yaml
@ -1,11 +0,0 @@
-{{- if .Values.loggingSidecar.enabled -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-logging-sidecar-password
-  labels:
-    app: {{ .Values.loggingSidecar.name }}
-type: opaque
-data:
-  password: {{ .Values.loggingSidecar.auth.password | b64enc | quote }}
-{{- end -}}
--- a/templates/mongo-credentials-secret.yaml
+++ b/templates/mongo-credentials-secret.yaml
@ -1,15 +0,0 @@
-{{- if eq .Values.nosql.type "mongodb" -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-mongo-credentials
-type: Opaque
-data:
-  user: {{ .Values.nosql.user | b64enc }}
-  password: {{ .Values.nosql.password | b64enc }}
-  {{- if and (.Values.nosql.connectionString) (not .values.nosql.create) }}
-  connection-string: {{ .Values.nosql.connectionString | b64enc }}
-  {{- else if .Values.nosql.create }}
-  connection-string: {{ printf "mongodb://%s:%s@%s-mongo-svc.%s.svc.cluster.local:27017/%s?replicaSet=%s-mongo" .Values.nosql.user .Values.nosql.password .Release.Name .Release.Namespace .Values.nosql.name .Release.Name | b64enc }}
-  {{- end }}
-{{- end -}}
--- a/templates/mongo-role-binding-database.yaml
+++ b/templates/mongo-role-binding-database.yaml
@ -1,16 +0,0 @@
-{{- if and (eq .Values.nosql.type "mongodb") (.Values.nosql.create) -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: mongodb-database
-  namespace: {{ .Release.Namespace }}
-subjects:
- kind: ServiceAccount
-  name: mongodb-database
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: Role
-  name: mongodb-database
-  namespace: {{ .Release.Namespace }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end -}}
--- a/templates/mongo-role-database.yaml
+++ b/templates/mongo-role-database.yaml
@ -1,22 +0,0 @@
-{{- if and (eq .Values.nosql.type "mongodb") (.Values.nosql.create) -}}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: mongodb-database
-  namespace: {{ .Release.Namespace }}
-rules:
-  - apiGroups:
-    - ""
-    resources:
-    - secrets
-    verbs:
-    - get
-  - apiGroups:
-    - ""
-    resources:
-    - pods
-    verbs:
-    - patch
-    - delete
-    - get
-{{- end -}}
--- a/templates/mongo-service-account-database.yaml
+++ b/templates/mongo-service-account-database.yaml
@ -1,7 +0,0 @@
-{{- if and (eq .Values.nosql.type "mongodb") (.Values.nosql.create) -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: mongodb-database
-  namespace: {{ .Release.Namespace }}
-{{- end -}}
--- a/templates/mongo.yaml
+++ b/templates/mongo.yaml
@ -1,31 +0,0 @@
-{{- if and (eq .Values.nosql.type "mongodb") (.Values.nosql.create) -}}
-apiVersion: mongodbcommunity.mongodb.com/v1
-kind: MongoDBCommunity
-metadata:
-  name: {{ .Release.Name }}-mongo
-  namespace: {{ .Release.Namespace }}
-spec:
-  members: {{ .Values.nosql.replicaCount }}
-  type: ReplicaSet
-  version: 4.4.0
-  security:
-    authentication:
-      ignoreUnknownUsers: true
-      modes:
-      - SCRAM
-    tls:
-      enabled: {{ .Values.nosql.tls.enabled }}
-  readinessProbe:
-    initialDelaySeconds: 30
-    periodSeconds: 10
-  users:
-    - name: {{ .Values.nosql.user }}
-      db: {{ .Values.nosql.name }}
-      passwordSecretRef:
-        name: {{ .Release.Name }}-mongo-credentials
-        key: password
-      roles:
-        - name: readWrite
-          db: {{ .Values.nosql.name }}
-      scramCredentialsSecretName: {{ .Release.Name }}-mongo-scram
-{{- end -}}
--- a/templates/nosql-grouping-config-map.yaml
+++ b/templates/nosql-grouping-config-map.yaml
@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-nosql-grouping
-  labels:
-    app: {{ .Release.Name }}
-data:
-  access-properties: {{ .Values.nosql.grouping.accessProperties }}
-  locales: {{ .Values.nosql.grouping.locales }}
-  order-properties: {{ .Values.nosql.grouping.orderProperties }}
-  price-properties: {{ .Values.nosql.grouping.priceProperties }}
-  service-category-properties: {{ .Values.nosql.grouping.serviceCategoryProperties }}
-  service-properties: {{ .Values.nosql.grouping.serviceProperties }}
--- a/templates/redis-deployment.yaml
+++ b/templates/redis-deployment.yaml
@ -1,49 +0,0 @@
-{{- if and (eq .Values.cache.type "redis") (.Values.cache.create) -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-redis
-  labels:
-    app: redis
-spec:
-  replicas: {{ .Values.cache.replicaCount }}
-  selector:
-    matchLabels:
-      app: redis
-  template:
-    metadata:
-      labels:
-        app: redis
-    spec:
-      containers:
-        - name: redis
-          image: {{ .Values.cache.image.repository | default "bitnami/redis" }}:{{ .Values.cache.image.tag | default "7.0.5" }}
-          ports:
-            - containerPort: {{ .Values.cache.port }}
-            {{- if .Values.cache.tls.enabled }}
-            - containerPort: {{ .Values.cache.tls.port }}
-            {{- end }}
-          env:
-            - name: ALLOW_EMPTY_PASSWORD
-              value: "false"
-            - name: REDIS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .Release.Name }}-cache-credentials
-                  key: password
-            - name: REDIS_DISABLE_COMMANDS
-              value: "FLUSHDB,FLUSHALL"
-            # TLS configuration
-            #- name: REDIS_TLS_ENABLED
-            #  value: "{{ .Values.cache.tls.enabled }}"
-            #- name: REDIS_TLS_AUTH_CLIENTS
-            #  value: "yes"
-            #- name: REDIS_TLS_PORT_NUMBER
-            #  value: "{{ .Values.cache.tls.port }}"
-          volumeMounts:
-            - name: redis-data
-              mountPath: /bitnami/redis
-      volumes:
-        - name: redis-data
-          emptyDir: {}
-{{- end -}}
--- a/templates/redis-service.yaml
+++ b/templates/redis-service.yaml
@ -1,15 +0,0 @@
-{{- if and (eq .Values.cache.type "redis") (.Values.cache.create) -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-redis
-  labels:
-    app: redis
-spec:
-  ports:
-    - port: {{ .Values.cache.port }}
-      targetPort: {{ .Values.cache.port }}
-  selector:
-    app: redis
-  type: ClusterIP
-{{- end -}}
--- a/templates/service.yaml
+++ b/templates/service.yaml
@ -8,4 +8,4 @@ spec:
  ports:
    - protocol: TCP
      port: 80
-      targetPort: {{ .Values.container.port }}
+      targetPort: {{ .Values.app.container.port }}
--- a/templates/vault-creds-persistant-volume-claim.yaml
+++ b/templates/vault-creds-persistant-volume-claim.yaml
@ -1,15 +0,0 @@
-{{- if .Values.vault.create.enabled -}}
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Release.Name }}-vault-creds
-  labels:
-    app: {{ .Release.Name }}-vault
-spec:
-  storageClassName: {{ .Values.vault.create.storage.storageClass }}
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: {{ .Values.vault.create.storage.size }}
-{{- end -}}
--- a/templates/vault-deployment.yaml
+++ b/templates/vault-deployment.yaml
@ -1,66 +0,0 @@
-{{- if and (.Values.vault.create.enabled) (eq .Values.vault.type "hashicorp") -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}-vault
-  labels:
-    app: {{ .Release.Name }}-vault
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: {{ .Release.Name }}-vault
-  template:
-    metadata:
-      labels:
-        app: {{ .Release.Name }}-vault
-    spec:
-      containers:
-      - name: {{ .Release.Name }}-vault
-        image: {{ .Values.vault.create.image.repository }}:{{ .Values.vault.create.image.tag }}
-        ports:
-        - containerPort: 8200
-        - containerPort: 8201
-        {{- if .Values.vault.create.snapshotServer.enabled }}
-        - containerPort: {{ .Values.vault.create.snapshotServer.internalPort }}
-        {{- end }}
-        env:
-        - name: VAULT_ADDR
-          value: http://0.0.0.0:8200
-        - name: POLICY_CAPABILITIES
-          value: {{ .Values.vault.create.policyCapabilities | join "," }}
-        - name: ROLE_ID_SECRET_NAME
-          value: VAULT_ROLE_ID
-        - name: SECRET_ID_SECRET_NAME
-          value: VAULT_SECRET_ID
-        {{- if .Values.vault.create.snapshotServer.enabled }}
-        - name: SNAPSHOT_SERVER_PORT
-          value: {{ .Values.vault.create.snapshotServer.internalPort | quote }}
-        {{- end }}
-        volumeMounts:
-        - name: vault-data
-          mountPath: /vault/data
-        - name: vault-log
-          mountPath: /vault/logs
-        - name: vault-creds
-          mountPath: /vault/creds
-        - name: vault-role-vars
-          mountPath: /role_vars
-        capAdd:
-        - IPC_LOCK
-      volumes:
-      - name: vault-data
-        emptyDir: {}
-      - name: vault-log
-        emptyDir: {}
-      - name: vault-creds
-        {{- if .Values.vault.create.snapshotServer.enabled }}
-        persistentVolumeClaim:
-          claimName: {{ .Release.Name }}-vault-creds
-        {{- else }}
-        emptyDir: {}
-        {{- end }}
-      - name: vault-role-vars
-        persistentVolumeClaim:
-          claimName: {{ .Release.Name }}-vault-role-vars
-{{- end -}}
--- a/templates/vault-hashicorp-secret.yaml
+++ b/templates/vault-hashicorp-secret.yaml
@ -1,24 +0,0 @@
-{{- if and (.Values.vault.enabled) (eq .Values.vault.type "hashicorp") -}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-vault-secret
-type: opaque
-data:
-  {{- if .Values.vault.create.enabled }}
-  # Because we create the Hashicorp Vault instance as part of the Helm chart, 
-  # we can use the name of the created resource (utilizing k8s built-in container connections)
-  # to connect to the Vault instance without having to hard-code the Vault name.
-  vault-name: {{ printf "%s-vault" .Release.Name | b64enc }}
-  # Because we create the Hashicorp Vault instance as part of the Helm chart,
-  # We know the port that the Vault instance is running on.
-  vault-port: {{ printf "%d" 80 | b64enc }}
-  {{- else }}
-  # Because the Vault wasn't created as part of the Helm chart,
-  # we need the deployer to specify the name of the Vault instance to connect to.
-  vault-name: {{ .Values.vault.vaultName | b64enc }}
-  # Because the Vault wasn't created as part of the Helm chart,
-  # we need the deployer to specify the port that the Vault instance is running on.
-  vault-port: {{ .Values.passVault.vaultPort | b64enc }}
-  {{- end }}
-{{- end -}}
--- a/templates/vault-ingress.yaml
+++ b/templates/vault-ingress.yaml
@ -1,21 +0,0 @@
-{{- if .Values.vault.create.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}-vault-ingress
-  labels:
-    app: {{ .Release.Name }}-vault
-spec:
-  ingressClassName: nginx
-  rules:
-    - host: {{ .Values.vault.create.ingress.host }}
-      http:
-        paths:
-        - path: /
-          pathType: Prefix
-          backend:
-            service:
-              name: {{ .Release.Name }}-vault
-              port:
-                number: 80
-{{- end -}}
--- a/templates/vault-role-vars-persistent-volume-claim.yaml
+++ b/templates/vault-role-vars-persistent-volume-claim.yaml
@ -1,15 +0,0 @@
-{{- if .Values.vault.create.enabled -}}
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Release.Name }}-vault-role-vars
-  labels:
-    app: {{ .Release.Name }}-vault
-spec:
-  storageClassName: {{ .Values.vault.create.storage.storageClass }}
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: {{ .Values.vault.create.storage.size }}
-{{- end -}}
--- a/templates/vault-service.yaml
+++ b/templates/vault-service.yaml
@ -1,22 +0,0 @@
-{{- if .Values.vault.create.enabled -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}-vault
-  labels:
-    app: {{ .Release.Name }}-vault
-spec:
-  selector:
-    app: {{ .Release.Name }}-vault
-  ports:
-    {{- if .Values.vault.create.snapshotServer.enabled }}
-    - name: custom-snapshot-server
-      protocol: TCP
-      port: {{ .Values.vault.create.snapshotServer.externalPort }}
-      targetPort: {{ .Values.vault.create.snapshotServer.internalPort }}
-    {{- end }}
-    - name: http
-      protocol: TCP
-      port: 80
-      targetPort: 8200
-{{- end -}}
--- a/templates/vault-snapshot-server-configmap.yaml
+++ b/templates/vault-snapshot-server-configmap.yaml
@ -1,8 +0,0 @@
-{{- if .Values.vault.create.snapshotServer.enabled -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-vault-snapshot-config
-data:
-  port: {{ .Values.vault.create.snapshotServer.externalPort | quote }}
-{{- end -}}