From fccf53a176789ecc728032bda99cc2f55ab018b8 Mon Sep 17 00:00:00 2001
From: roschaefer <git@roschaefer.de>
Date: Tue, 17 Sep 2019 23:28:17 +0200
Subject: [PATCH] Implement services and maintenance deployment

Also found:
```
Some users have raised concerns that the Neo4j image changes file permissions on the host machine.

By default, Neo4j runs as the user neo4j who only exists in the container, not on the host. That means that it's hard to set up mount folders on the host which this new user has write permissions for. We have updated the error messaging with advice about how to fix file permission errors. We also introduced writability checks and reduced the amount of file permission changes the image will perform. This has been found to interfere with some Kubernetes setups, so is currently an opt-in feature.

To enforce stricter file permissions checking you can pass this environment variable to the container:

--env SECURE_FILE_PERMISSIONS=yes
```
from https://hub.docker.com/_/neo4j

Implemented the above :point_up:
---
 .../templates/deployment-maintenance.yaml     | 26 +++++++++++++++++++
 .../templates/deployment-neo4j.yaml           |  2 ++
 .../templates/service-backend.yaml            | 11 ++++++++
 .../templates/service-maintenance.yaml        | 11 ++++++++
 .../templates/service-neo4j.yaml              | 14 ++++++++++
 .../templates/service-webapp.yaml             | 11 ++++++++
 6 files changed, 75 insertions(+)
 create mode 100644 deployment/helm/human-connection/templates/deployment-maintenance.yaml
 create mode 100644 deployment/helm/human-connection/templates/service-backend.yaml
 create mode 100644 deployment/helm/human-connection/templates/service-maintenance.yaml
 create mode 100644 deployment/helm/human-connection/templates/service-neo4j.yaml
 create mode 100644 deployment/helm/human-connection/templates/service-webapp.yaml

diff --git a/deployment/helm/human-connection/templates/deployment-maintenance.yaml b/deployment/helm/human-connection/templates/deployment-maintenance.yaml
new file mode 100644
index 000000000..8ce4442b9
--- /dev/null
+++ b/deployment/helm/human-connection/templates/deployment-maintenance.yaml
@@ -0,0 +1,26 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name:  {{ .Release.Name }}-maintenance
+spec:
+  selector:
+    matchLabels:
+      human-connection.org/selector: deployment-maintenance
+  template:
+    metadata:
+      labels:
+        human-connection.org/commit: {{ .Values.commit }}
+        human-connection.org/selector: deployment-maintenance
+      name: maintenance
+    spec:
+      containers:
+        - name: maintenance
+          env:
+            - name: HOST
+              value: 0.0.0.0
+          image: humanconnection/maintenance:latest
+          ports:
+            - containerPort: 80
+          imagePullPolicy: Always
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
diff --git a/deployment/helm/human-connection/templates/deployment-neo4j.yaml b/deployment/helm/human-connection/templates/deployment-neo4j.yaml
index 692533abf..290f79332 100644
--- a/deployment/helm/human-connection/templates/deployment-neo4j.yaml
+++ b/deployment/helm/human-connection/templates/deployment-neo4j.yaml
@@ -35,6 +35,8 @@ spec:
         env:
         - name: NEO4J_dbms_security_procedures_unrestricted
           value: "algo.*,apoc.*"
+        - name: SECURE_FILE_PERMISSIONS
+          value: "yes"
           {{- range $key, $val := .Values.neo4jConfig }}
         - name: NEO4J_{{ $key }}
           value: {{ $val | quote }}
diff --git a/deployment/helm/human-connection/templates/service-backend.yaml b/deployment/helm/human-connection/templates/service-backend.yaml
new file mode 100644
index 000000000..b9d40ef8a
--- /dev/null
+++ b/deployment/helm/human-connection/templates/service-backend.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ .Release.Name }}-backend
+spec:
+  ports:
+    - name: graphql
+      port: 4000
+      targetPort: 4000
+  selector:
+    human-connection.org/selector: deployment-backend
diff --git a/deployment/helm/human-connection/templates/service-maintenance.yaml b/deployment/helm/human-connection/templates/service-maintenance.yaml
new file mode 100644
index 000000000..a82473e2e
--- /dev/null
+++ b/deployment/helm/human-connection/templates/service-maintenance.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ .Release.Name }}-maintenance
+spec:
+  ports:
+    - name: web
+      port: 80
+      targetPort: 80
+  selector:
+    human-connection.org/selector: deployment-maintenance
diff --git a/deployment/helm/human-connection/templates/service-neo4j.yaml b/deployment/helm/human-connection/templates/service-neo4j.yaml
new file mode 100644
index 000000000..547dad6c7
--- /dev/null
+++ b/deployment/helm/human-connection/templates/service-neo4j.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ .Release.Name }}-neo4j
+spec:
+  ports:
+  - name: bolt
+    port: 7687
+    targetPort: 7687
+  - name: web
+    port: 7474
+    targetPort: 7474
+  selector:
+    human-connection.org/selector: deployment-neo4j
diff --git a/deployment/helm/human-connection/templates/service-webapp.yaml b/deployment/helm/human-connection/templates/service-webapp.yaml
new file mode 100644
index 000000000..c1a9771ee
--- /dev/null
+++ b/deployment/helm/human-connection/templates/service-webapp.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name:  {{ .Release.Name }}-webapp
+spec:
+  ports:
+    - name: web
+      port: 3000
+      targetPort: 3000
+  selector:
+    human-connection.org/selector: deployment-webapp