README.md

<!--- Deploy -->

# GC Policy service

## Introduction

This chart deploys policy service on a [Kubernetes](https://kubernetes.io) cluster using [Helm](https://helm.sh) package manager.

## Prerequisites

The code was tested on **Kubernetes cluster** (v1.23.12) with **Istio** (1.15)

> It is possible to use other versions, but it hasn't been tested

### Operation system

The code works in Debian-based Linux (Debian 10 and Ubuntu 20.04) and Windows WSL 2. Also, it works but is not guaranteed in Google Cloud Shell. All other operating systems, including macOS, are not verified and supported.

### Packages

Packages are only needed for installation from a local computer.

- **HELM** (version: v3.7.1 or higher) [helm](https://helm.sh/docs/intro/install/)
- **Kubectl** (version: v1.23.12 or higher) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)

## Installation

First you need to set variables in **values.yaml** file using any code editor. Some of the values are prefilled, but you need to specify some values as well. You can find more information about them below.

### Global variables

| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**global.domain** | your domain for the external endpoint, ex `example.com` | string | - | yes
**global.onPremEnabled** | whether baremetal is enabled | boolean | false | yes
**global.limitsEnabled** | whether CPU and memory limits are enabled | boolean | true | yes

### Common variables

| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**data.logLevel** | logging level | string | INFO | yes
**data.image** | policy image name | string | - | yes
**data.requestsCpu** | amount of requests CPU | string | 10m | yes
**data.requestsMemory** | amount of requests memory| string | 200Mi | yes
**data.limitsCpu** | CPU limit | string | 1 | only if `global.limitsEnabled` is true
**data.limitsMemory** | memory limit | string | 1G | only if `global.limitsEnabled` is true
**data.serviceAccountName** | name of your service account | string | - | yes
**data.imagePullPolicy** | when to pull image | string | IfNotPresent | yes
**data.bucketName** | bucket name | string | - | yes
**data.scopes** | scope of OPA | string | "<https://www.googleapis.com/auth/devstorage.read_only>" | yes
**data.entitlementsHost** | Entitlements host | string | "<http://entitlements>" | yes
**data.entitlementsBasePath** | Entitlements path | string | "/api/entitlements/v2/groups" | yes
**data.useBundles** | use bundle or not | string | "yes" | yes
**data.legalHost** | Legal host | string | "<http://legal>" | yes
**data.partitionHost** | Partition host | string | "<http://partition>" | yes

### Baremetal variables

| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**data.minioHost** | minio host | string | <http://minio:9000> | yes
**conf.minioSecretName** | secret name for the app | string | "policy-minio-secret" | yes

### Config variables

| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**conf.appName** | name of the app | string | policy | yes
**conf.configmap** | configmap to be used | string | policy-config | yes
**conf.bootstrapSecretName** | secret name for the bootstrap | string | "minio-bootstrap-secret" | yes
**data.dataPartitionId** | data partition id | string | - | yes
**data.dataPartitionIdList** | list of secondary data partition ids in case of multipartition | string | - | yes
**conf.minDelaySeconds** | min delay for bundle download | num | 6 | yes
**conf.maxDelaySeconds** | max delay for bundle download | num | 12 | yes

### Bootstrap variables

| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**data.bootstrapImage** | image for bootstrap deployment | string | - | yes
**data.bootstrapServiceAccountName** | service account for bootstrap deployment | string | - | yes

### OPA variables

| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**opa.conf.configmap** | configmap to be used | string | opa-config | yes
**opa.conf.envConfig** | configmap with env vars | string | opa-env-config | yes
**opa.conf.appName** | name of the app | string | opa | yes
**opa.data.serviceAccountName** | name of your service account | string | opa-k8s | yes
**opa.data.image** | image name | string | - | yes

### ISTIO variables

| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
**istio.proxyCPU** | CPU request for Envoy sidecars | string | 10m | yes
**istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | 500m | yes
**istio.proxyMemory** | memory request for Envoy sidecars | string | 100Mi | yes
**istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | 512Mi | yes
**istio.bootstrapProxyCPU** | CPU request for Envoy sidecars | string | 10m | yes
**istio.bootstrapProxyCPULimit** | CPU limit for Envoy sidecars | string | 100m | yes

### Install the helm chart

Run this command from within this directory:

```console
helm install gc-policy-deploy .
```

## Uninstalling the Chart

To uninstall the helm deployment:

```console
helm uninstall gc-policy-deploy
```

[Move-to-Top](#gc-policy-service)