[MOSIP-35490] moved required helm and deploy scripts to modular repo (#…

…684)

* [MOSIP-35490] moved required helm and deploy scripts to modular repo

Signed-off-by: Chandra Keshav Mishra <[email protected]>

* Update values.yaml

Signed-off-by: Praful Rakhade <[email protected]>

---------

Signed-off-by: Chandra Keshav Mishra <[email protected]>
Signed-off-by: Praful Rakhade <[email protected]>
Co-authored-by: Praful Rakhade <[email protected]>

helm/dslrig/.gitignore

@@ -0,0 +1 @@
+charts/

helm/dslrig/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

helm/dslrig/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: dslrig
+description: A Helm chart to deploy dslrig to test working of MOSIP modules
+type: application
+version: 0.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - dslrig
+maintainers:
+  - email: [email protected]
+    name: MOSIP

helm/dslrig/README.md

@@ -0,0 +1,10 @@
+# dslrig [Work In Progress (WIP)]
+
+Helm chart to deploy dslrig for `MOSIP` modules
+
+## TL;DR
+
+```console
+$ helm repo add mosip https://mosip.github.io
+$ helm install my-release mosip/dslrig
+```

helm/dslrig/templates/NOTES.txt

@@ -0,0 +1 @@
+

helm/dslrig/templates/_helpers.tpl

@@ -0,0 +1,61 @@
+{{/*
+Return the proper  image name
+*/}}
+
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "dslrig.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "dslrig.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "dslrig.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "dslrig.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "dslrig.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "dslrig.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "dslrig.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+{{/* Create the name for restart cronjob */}}
+{{- define "dslrig.cronjob" -}}
+{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- end -}}

helm/dslrig/templates/configmaps.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.dslrig.configmaps }}
+{{- range $cm_name, $cm_value := .Values.dslrig.configmaps }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $cm_name }}
+  namespace: {{ $.Release.Namespace }}
+  labels: {{- include "common.labels.standard" $ | nindent 8 }}
+    {{- if $.Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }}
+    {{- end }}
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }}
+  {{- end }}
+data:
+  {{- range $key, $value := $cm_value }}
+  {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+{{- end }}

helm/dslrig/templates/cronjob.yaml

@@ -0,0 +1,160 @@
+{{- range $type := $.Values.types }}
+{{- if $type.enabled }}
+---
+apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }}
+kind: CronJob
+metadata:
+  name: {{ template "dslrig.cronjob" $ }}-{{ $type.name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  {{- if eq $type.name "full" }}
+  suspend: false
+  {{- end }}
+  {{- if eq $type.name "sanity" }}
+  suspend: true
+  {{- end }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1  # remove jobs which are successfully executed
+  failedJobsHistoryLimit: 1      # except 1 recent failed job, remove jobs which are not successfully executed
+  #schedule: '*/3 * * * *' # cron spec of time
+  schedule: {{ $.Values.crontime }}
+  jobTemplate:
+    spec:
+      backoffLimit: 0 # this has very low chance of failing, as all this does
+                      # is prompt kubernetes to schedule new replica set for
+      # the deployment
+      # activeDeadlineSeconds: 600 # timeout, makes most sense with
+      # "waiting for rollout" variant specified below
+      template:
+        spec:
+          serviceAccountName: {{ template "dslrig.serviceAccountName" $ }}
+          restartPolicy: Never
+          initContainers:
+            - name: volume-permissions
+              image: {{ include "common.images.image" (dict "imageRoot" $.Values.containers.dslorchestrator.image "global" $.Values.global) }}
+              imagePullPolicy: {{ $.Values.containers.dslorchestrator.image.pullPolicy }}
+              securityContext:
+                runAsUser: 0
+              command:
+                - /bin/bash
+                - -c
+                - chown -R mosip:mosip
+                  {{- range $key, $value := $.Values.containers }}
+                  {{- if $value.volumes }}
+                  {{- range $value.volumes }}
+                  {{ .mountDir }}
+                  {{- end }}
+                  {{- end }}
+                  {{- end }}
+              volumeMounts:
+              {{- range $key, $value := (omit $.Values.containers "authdemo" ) }}
+              {{- if $value.volumes }}
+              {{- range $value.volumes  }}
+              - name: {{ .pvc_name }}
+                mountPath: {{ .mountDir }}
+              {{- end }}
+              {{- end }}
+              {{- end }}
+            {{- if $.Values.enable_insecure }}
+            {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 12 }}
+            {{- end }}
+          containers:
+          {{ range $key, $value := $.Values.containers }}
+          - name: {{ $key }}
+            image: {{ include "common.images.image" (dict "imageRoot" $value.image "global" $.Values.global) }}
+            imagePullPolicy: {{ $value.image.pullPolicy }}
+            {{- if $.Values.lifecycleHooks }}
+            lifecycle: {{- include "common.tpvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }}
+            {{- end }}
+            {{- if $.Values.containerSecurityContext.enabled }}
+            securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+            {{- end }}
+            {{- if $value.command }}
+            command:
+              - {{- $value.command | quote | indent 1 }}
+            {{- end }}
+            {{- if $value.args }}
+            args:
+            {{- range $value.args }}
+              - {{- . | quote | indent 1 }}
+            {{- end }}
+            {{- end }}
+            env:
+            {{- if $.Values.extraEnvVars }}
+            {{- include "common.tpvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+            {{- if eq $type.name "full" }}
+              - name: TESTLEVEL
+                value: "full"
+            {{- end }}
+            {{- if eq $type.name "sanity" }}
+              - name: TESTLEVEL
+                value: "sanity"
+            {{- end }}
+            {{- if $value.envVars }}
+            {{- range $envName, $envValue := $value.envVars }}
+              - name: {{ $envName  }}
+                value: {{ $envValue }}
+            {{- end }}
+            {{- end }}
+            envFrom:
+            {{- if $value.envVarsCM }}
+            {{- range $value.envVarsCM }}
+              - configMapRef:
+                  name: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- if $value.envVarsSecret }}
+            {{- range $value.envVarsSecret }}
+              - secretRef:
+                  name: {{ . }}
+            {{- end }}
+            {{- end }}
+            ports:
+              - name: spring-service
+                containerPort: {{ $value.springServicePort }}
+            {{- if $value.healthcheck.startupProbe.enabled }}
+            startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $value.healthcheck.startupProbe "enabled") "context" $) | nindent 14 }}
+            {{- end }}
+            {{- if $value.healthcheck.livenessProbe.enabled }}
+            livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $value.healthcheck.livenessProbe "enabled") "context" $) | nindent 14 }}
+            {{- end }}
+            {{- if $value.healthcheck.readinessProbe.enabled }}
+            readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $value.healthcheck.readinessProbe "enabled") "context" $) | nindent 14 }}
+            {{- end }}
+            {{- if $.Values.resources }}
+            resources: {{- toYaml $.Values.resources | nindent 14 }}
+            {{- end }}
+            volumeMounts:
+              - name: del-cm
+                mountPath: /home/mosip/scripts/
+              {{- if $value.volumes }}
+              {{- range $value.volumes }}
+              - name: {{ .pvc_name }}
+                mountPath: {{ .mountDir }}
+              {{- end }}
+              {{- end }}
+              {{- if $.Values.enable_insecure }}
+              - mountPath: /usr/local/openjdk-11/lib/security/cacerts
+                name: cacerts
+                subPath: cacerts
+              {{- end }}
+          {{- end }}
+          volumes:
+          {{- range $volume_name, $volume := $.Values.volumes }}
+          {{- if and $volume.enabled (not $volume.existingClaim) }}
+          - name: {{ $volume_name }}
+            persistentVolumeClaim:
+              claimName: {{ $volume_name }}
+          {{- end }}
+          {{- end }}
+          {{- if $.Values.enable_insecure }}
+          - name: cacerts
+            emptyDir: {}
+          {{- end }}
+          - name: del-cm
+            configMap:
+              name: del
+              defaultMode: 511
+{{- end }}
+{{- end }}

helm/dslrig/templates/extra-list.yaml

@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}

helm/dslrig/templates/pod-reader-role-binding.yaml

@@ -0,0 +1,14 @@
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: exec-pod-rolebinding
+  namespace: {{ .Release.Namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "dslrig.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: exec-pod-role
+  apiGroup: rbac.authorization.k8s.io

helm/dslrig/templates/pod-reader-role.yaml

@@ -0,0 +1,9 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: exec-pod-role
+rules:
+  - apiGroups: [""]
+    resources: ["pods","pods/exec"]
+    verbs: ["get", "list", "delete", "exec", "create"]

helm/dslrig/templates/pvc.yaml

@@ -0,0 +1,35 @@
+{{- range $volume_name, $volume := .Values.volumes }}
+{{- if and $volume.enabled (not $volume.existingClaim) }}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ $volume_name }}
+  namespace: {{ $.Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" $ | nindent 4 }}
+    {{- if $.Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if $.Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+    "helm.sh/resource-policy": keep 
+spec:
+  accessModes:
+  {{- if not (empty $volume.accessModes) }}
+  {{- range $volume.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  {{- else }}
+    - {{ $volume.accessMode | quote }}
+  {{- end }}
+  resources:
+    requests:
+      storage: {{ $volume.size | quote }}
+  {{- include "common.storage.class" (dict "persistence" $volume "global" $.Values.global) | nindent 2 }}
+  {{- if $volume.dataSource }}
+  dataSource: {{- include "common.tplvalues.render" (dict "value" $volume.dataSource "context" $) | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}

helm/dslrig/templates/secrets.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.dslrig.secrets }}
+{{- range $secret_name, $secret_value := .Values.dslrig.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secret_name }}
+  namespace: {{ $.Release.Namespace }}
+  labels: {{- include "common.labels.standard" $ | nindent 8 }}
+    {{- if $.Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }}
+    {{- end }}
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }}
+  {{- end }}
+type: Opaque
+data:
+  {{- range $key, $value := $secret_value }}
+  {{ $key }}: {{ $value | b64enc | quote }}
+  {{- end }}
+{{- end }}
+{{- end }}