Set up new deployment of idmapper K8s resources.

rcsb · May 21, 2024 · ed922c2 · ed922c2
1 parent 8b4bff4
commit ed922c2
Show file tree

Hide file tree

Showing 10 changed files with 468 additions and 44 deletions.
diff --git a/.github/workflows/workflow-java.yaml b/.github/workflows/workflow-java.yaml
@@ -0,0 +1,14 @@
+name: Run CI/CD Workflow
+
+on:
+  push:
+    paths-ignore:
+      - "k8s/**"
+  workflow_dispatch:
+
+jobs:
+  run-workflow:
+    name: "Run automated workflow"
+    uses: rcsb/devops-cicd-github-actions/.github/workflows/workflow-java.yaml@master
+    with:
+      do_production_build: true
diff --git a/k8s/helm/templates/_helpers.tpl b/k8s/helm/templates/_helpers.tpl
@@ -0,0 +1,53 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "helm_chart.fullname" -}}
+{{- if contains .Chart.Name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "helm_chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "helm_chart.labels" -}}
+helm.sh/chart: {{ include "helm_chart.chart" . }}
+{{ include "helm_chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "helm_chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ .Chart.Name }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Persistent volume name. Utilize namespace aware naming to allow deployments of cluster resources for different environments.
+*/}}
+{{- define "helm_chart.pvname" -}}
+{{- printf "%s-%s" .Release.Namespace .Chart.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+ConfigMap resource name. Ensure names conform to character limits in Kubernetes
+*/}}
+{{- define "helm_chart.configmapName" -}}
+{{- printf "%s-config" (include "helm_chart.fullname" . | trunc 56 | trimSuffix "-") }}
+{{- end }}
diff --git a/k8s/helm/templates/configmap.yaml b/k8s/helm/templates/configmap.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.useAppConfigs }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "helm_chart.configmapName" . }}
+  labels:
+    {{- include "helm_chart.labels" . | nindent 4 }}
+data:
+{{- range $file, $_ := .Values.appConfigs }}
+  {{ $file }}: |
+{{ $_.value | indent 4 }}
+{{- end -}}
+{{- end }}
diff --git a/k8s/helm/templates/deployment.yaml b/k8s/helm/templates/deployment.yaml
@@ -1,27 +1,101 @@
+{{- range tuple "a" "b" }}
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ .Chart.Name }}
-  namespace: {{ .Release.Namespace }}
+  name: {{ include "helm_chart.fullname" $ }}-{{ . }}
+  labels:
+    {{- include "helm_chart.labels" $ | nindent 4 }}
+    rcsb.org/path: {{ . | quote }}
 spec:
-  replicas: {{ .Values.number_of_replicas }}
+  {{- if not $.Values.autoscaling.enabled }}
+  replicas: {{ $.Values.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
-      app: {{ .Chart.Name }}
+      {{- include "helm_chart.selectorLabels" $ | nindent 6 }}
+      rcsb.org/path: {{ . | quote }}
+  strategy:
+    type: {{ $.Values.deploymentStrategy.type }}
+    {{- if eq $.Values.deploymentStrategy.type "RollingUpdate" }}
+    rollingUpdate:
+      maxSurge: {{ $.Values.deploymentStrategy.maxSurge }}
+      maxUnavailable: {{ $.Values.deploymentStrategy.maxUnavailable }}
+    {{- end }}
   template:
     metadata:
       labels:
-        app: {{ .Chart.Name }}
+        {{- include "helm_chart.selectorLabels" $ | nindent 8 }}
+        rcsb.org/path: {{ . | quote }}
     spec:
+      {{- with $.Values.imagePullSecrets }}
       imagePullSecrets:
-        - name: harbor-docker-registry-conf
+        - name: {{ . }}
+      {{- end }}
       containers:
-        - name: {{ .Chart.Name }}
-          image: "{{.Values.image.registry}}/{{.Values.image.repository}}:{{.Values.image.tag}}"
-          imagePullPolicy: Always
-          env:
-            - name: MONGODB_URI
-              value: "{{ .Values.mongodb_uri }}"
+        - name: {{ $.Chart.Name }}
+          securityContext:
+            {{- toYaml $.Values.securityContext | nindent 12 }}
+          image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}"
+          imagePullPolicy: {{ $.Values.image.pullPolicy }}
           ports:
-            - containerPort: {{ .Values.http_port }}
-            - containerPort: {{ .Values.rsocket_port }}
+            - name: http
+              containerPort: {{ $.Values.service.port }}
+              protocol: TCP
+          {{- if $.Values.livenessProbe.enable }}
+          livenessProbe:
+            initialDelaySeconds: {{ $.Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ $.Values.livenessProbe.periodSeconds }}
+            failureThreshold: {{ $.Values.livenessProbe.failureThreshold }}
+            httpGet:
+              path: {{ $.Values.livenessProbe.http.path }}
+              port: http
+          {{- end }}
+          {{- if $.Values.readinessProbe.enable }}
+          readinessProbe:
+            initialDelaySeconds: {{ $.Values.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ $.Values.readinessProbe.periodSeconds }}
+            failureThreshold: {{ $.Values.readinessProbe.failureThreshold }}
+            httpGet:
+              path: {{ $.Values.readinessProbe.http.path }}
+              port: http
+          {{- end }}
+          resources:
+            {{- toYaml $.Values.resources | nindent 12 }}
+          {{- if or $.Values.usePersistentVolume $.Values.useSecretsVolume $.Values.useAppConfigs }}
+          volumeMounts:
+            {{- if $.Values.usePersistentVolume }}
+            - mountPath: {{ $.Values.persistentVolumeMountPath }}
+              name: {{ include "helm_chart.pvname" . }}-{{ . }}
+              readOnly: {{ $.Values.persistentVolumeReadOnly }}
+            {{- end }}
+            {{- range $.Values.secretVolumes }}
+            - name: {{ .name | quote }}
+              mountPath: "{{ .mountPath }}/{{ .filename }}"
+              subPath: {{ .filename | quote }}
+            {{- end }}
+            {{- range $.Values.appConfigs }}
+            - name: {{ include "helm_chart.configmapName" $ }}
+              mountPath: "{{ .mountPath }}/{{ .filename }}"
+              subPath: {{ .filename | quote }}
+            {{- end }}
+          {{- end }}
+      {{- if or $.Values.usePersistentVolume $.Values.useSecretsVolume $.Values.useAppConfigs}}
+      volumes:
+        {{- if $.Values.usePersistentVolume }}
+        - name: {{ include "helm_chart.pvname" . }}-{{ . }}
+          persistentVolumeClaim:
+            claimName: {{ include "helm_chart.pvname" . }}-{{ . }}
+        {{- end }}
+        {{- range $.Values.secretVolumes }}
+        - name: {{ .name | quote }}
+          secret:
+            secretName: {{ .secretName | quote }}
+        {{- end }}
+        {{- if $.Values.useAppConfigs }}
+        - name: {{ include "helm_chart.configmapName" . }}
+          configMap:
+            name: {{ include "helm_chart.configmapName" . }}
+        {{- end }}
+      {{- end }}
+{{- end }}
diff --git a/k8s/helm/templates/externalSecrets.yaml b/k8s/helm/templates/externalSecrets.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.externalSecret.enabled -}}
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ include "helm_chart.fullname" . }}
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.externalSecret.secretStoreRefName }}
+    kind: ClusterSecretStore
+  {{- range .Values.externalSecret.targets }}
+  target:
+    name: {{ .secretName }}
+  data:
+    {{- toYaml .data | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/k8s/helm/templates/filesystem.yaml b/k8s/helm/templates/filesystem.yaml
@@ -0,0 +1,54 @@
+{{ if .Values.usePersistentVolume }}
+{{- range tuple "a" "b" }}
+---
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+  name: {{ include "helm_chart.pvname" $ }}-{{ . }}
+  namespace: rook-ceph
+spec:
+  metadataPool:
+    replicated:
+      size: {{ $.Values.rookCeph.metadataPoolSize }}
+  dataPools:
+    - name: replicated
+      replicated:
+        size: {{ $.Values.rookCeph.dataPoolSize }}
+  preserveFilesystemOnDelete: {{ $.Values.rookCeph.preserveFilesystemOnDelete }}
+  metadataServer:
+    activeCount: 1
+    activeStandby: true
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: {{ include "helm_chart.pvname" $ }}-{{ . }}
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+  clusterID: rook-ceph
+  fsName: {{ include "helm_chart.pvname" $ }}-{{ . }}
+  pool: {{ include "helm_chart.pvname" $ }}-{{ . }}
+  csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+  csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+  csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+  csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+  csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+  csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+reclaimPolicy: {{ $.Values.rookCeph.reclaimPolicy }}
+allowVolumeExpansion: {{ $.Values.rookCeph.allowVolumeExpansion }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "helm_chart.pvname" $ }}-{{ . }}
+spec:
+  storageClassName: {{ include "helm_chart.pvname" $ }}-{{ . }}
+  accessModes:
+    {{- range $.Values.rookCeph.pvcAccessModes }}
+    - {{ . }}
+    {{- end }}
+  resources:
+    requests:
+      storage: {{ $.Values.rookCeph.pvcRequestStorageSize }}
+{{- end }}
+{{ end }}
diff --git a/k8s/helm/templates/hpa.yaml b/k8s/helm/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "helm_chart.fullname" . }}
+  labels:
+    {{- include "helm_chart.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "helm_chart.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/k8s/helm/templates/ingress.yaml b/k8s/helm/templates/ingress.yaml
@@ -1,26 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "helm_chart.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ .Chart.Name }}-ingress
-  namespace: {{ .Release.Namespace }}
+  name: {{ include "helm_chart.fullname" . }}
+  labels:
+    {{- include "helm_chart.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
   annotations:
-    ingress.class: "haproxy"
-#    haproxy.org/path-rewrite: "/"
-#    nginx.ingress.kubernetes.io/rewrite-target: /
-#    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" #important
-#    nginx.ingress.kubernetes.io/enable-access-log: "true"
-#    nginx.ingress.kubernetes.io/access-log-format: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
-#    nginx.ingress.kubernetes.io/server-snippet: |
-#      access_log /var/log/nginx/west-haproxy.log;
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
   rules:
-    - host: {{ .Chart.Name }}.{{ .Release.Namespace }}.k8s.rcsb.org
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
       http:
         paths:
-          - path: /
-            pathType: Prefix
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
             backend:
               service:
-                name: {{ .Chart.Name }}-service
+                name: {{ $fullName }}
                 port:
-                  number: {{ .Values.http_port }}
+                  number: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+{{- end }}