Merge pull request #44 from mosip/ckm007-patch-1

[MOSIP-35490] moved required helm and deploy scripts to modular repo

.github/workflows/chart-lint-publish.yml

@@ -0,0 +1,62 @@
+name: Validate / Publish helm charts
+
+on:
+  release:
+    types: [published]
+  pull_request:
+    types: [opened, reopened, synchronize]
+    paths:
+      - 'helm/**'
+  workflow_dispatch:
+    inputs:
+      IGNORE_CHARTS:
+        description: 'Provide list of charts to be ignored separated by pipe(|)'
+        required: false
+        default: '""'
+        type: string
+      CHART_PUBLISH:
+        description: 'Chart publishing to gh-pages branch'
+        required: false
+        default: 'NO'
+        type: string
+        options:
+          - YES
+          - NO
+      INCLUDE_ALL_CHARTS:
+        description: 'Include all charts for Linting/Publishing (YES/NO)'
+        required: false
+        default: 'NO'
+        type: string
+        options:
+          - YES
+          - NO
+  push:
+    branches:
+      - '!release-branch'
+      - '!master'
+      - 1.*
+      - 0.*
+      - develop
+      - release*
+    paths:
+      - 'helm/**'
+
+jobs:
+  chart-lint-publish:
+    uses: mosip/kattu/.github/workflows/chart-lint-publish.yml@master
+    with:
+      CHARTS_DIR: ./helm
+      CHARTS_URL: https://mosip.github.io/mosip-helm
+      REPOSITORY: mosip-helm
+      BRANCH: gh-pages
+      INCLUDE_ALL_CHARTS: "${{ inputs.INCLUDE_ALL_CHARTS || 'NO' }}"
+      IGNORE_CHARTS: "${{ inputs.IGNORE_CHARTS || '\"\"' }}"
+      CHART_PUBLISH: "${{ inputs.CHART_PUBLISH || 'YES' }}"
+      LINTING_CHART_SCHEMA_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/chart-schema.yaml"
+      LINTING_LINTCONF_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/lintconf.yaml"
+      LINTING_CHART_TESTING_CONFIG_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/chart-testing-config.yaml"
+      LINTING_HEALTH_CHECK_SCHEMA_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/health-check-schema.yaml"
+      DEPENDENCIES: "mosip,https://mosip.github.io/mosip-helm;"
+    secrets:
+      TOKEN: ${{ secrets.ACTION_PAT }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

helm/opencrvs-mediator/.gitignore

@@ -0,0 +1 @@
+charts/

helm/opencrvs-mediator/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: opencrvs-mediator
+description: A Helm chart for mosip-opencrvs mediator.
+type: application
+version: 0.0.1-develop
+appVersion: ""
+home: https://mosip.io
+dependencies:
+- name: common
+  repository: https://charts.bitnami.com/bitnami
+  tags:
+   - bitnami-common
+  version: 1.x.x
+keywords:
+ - mosip
+ - mosip-opencrvs-mediator
+ - opencrvs-mediator
+ - opencrvs
+maintainers:
+ - email: [email protected]
+   name: MOSIP

helm/opencrvs-mediator/README.md

@@ -0,0 +1,10 @@
+# MOSIP Opencrvs Mediator
+
+Helm chart for installing for Opencrvs Mediator.
+
+## Install
+
+```console
+$ helm repo add mosip https://mosip.github.io
+$ helm install my-release mosip/opencrvs-mediator
+```

helm/opencrvs-mediator/templates/NOTES.txt

@@ -0,0 +1 @@
+Installation done

helm/opencrvs-mediator/templates/_helpers.tpl

@@ -0,0 +1,58 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "mediator.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "mediator.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "mediator.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "mediator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "mediator.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "mediator.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "mediator.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "mediator.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}

helm/opencrvs-mediator/templates/deployment.yaml

@@ -0,0 +1,199 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+      {{- if .Values.commonLabels }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+      {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+      {{- end }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  {{- if .Values.updateStrategy }}
+  strategy:
+    {{- toYaml .Values.updateStrategy | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "common.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- if .Values.commonAnnotations }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }}
+          {{- end }}
+          {{- if .Values.podAnnotations }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $ ) | nindent 8 }}
+          {{- end }}
+      labels:
+        {{- include "common.labels.standard" . | nindent 8 }}
+          {{- if .Values.commonLabels }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+          {{- end }}
+          {{- if .Values.podLabels }}
+          {{- include "common.tplvalues.render" ( dict "value" .Values.podLabels "context" $ ) | nindent 8 }}
+          {{- end }}
+    spec:
+      serviceAccountName: {{- include "mediator.serviceAccountName" . | nindent 8 }}
+      {{- include "mediator.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.hostAliases }}
+      hostAliases:
+        {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity:
+        {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+        - name: volume-permissions
+          image: {{- include "mediator.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - %%commands%%
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: foo
+              mountPath: bar
+        {{- end }}
+        {{- if .Values.initContainers }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: mediator
+          image: {{ template "mediator.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            - name: opencrvs_auth_url
+              value: {{ .Values.mediator.opencrvs.authUrl }}
+            - name: kernel_auth_adapter_available
+              value: {{ .Values.mediator.kernelAuthAdapterAvailable | quote }}
+            - name: opencrvs_receive_credential_url
+              value: {{ .Values.mediator.opencrvs.receiveCredentialUrl }}
+            - name: opencrvs_locations_url
+              value: {{ .Values.mediator.opencrvs.locationsUrl }}
+            - name: mosip_opencrvs_client_id
+              value: {{ .Values.mediator.opencrvs.mosipOpencrvsClientId }}
+            - name: mosip_opencrvs_client_secret_key
+              valueFrom:
+                secretKeyRef:
+                  key: mosip_resident_client_secret
+                  name: keycloak-client-secrets
+            - name: opencrvs_client_sha_secret
+              valueFrom:
+                secretKeyRef:
+                  key: mosip_resident_client_secret
+                  name: keycloak-client-secrets
+            - name: mosip_opencrvs_death_client_secret
+              valueFrom:
+                secretKeyRef:
+                  key: mosip_idrepo_client_secret
+                  name: keycloak-client-secrets
+            - name: mosip_opencrvs_db_datasource_password
+              valueFrom:
+                secretKeyRef:
+                  key: db-dbuser-password
+                  name: db-common-secrets
+            - name: mosip_opencrvs_death_client_id
+              value: {{ .Values.mediator.opencrvs.mosipOpencrvsDeathClientId }}
+            - name: mosip_receive_credential_url
+              value: http://{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}/opencrvs/v1/internal/receiveCredentialBirth
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+
+          envFrom:
+            {{- if .Values.envVarsCM }}
+              {{- range .Values.envVarsCM }}
+              - configMapRef:
+                  name: {{ . }}
+              {{- end }}
+              {{- end }}
+              {{- if .Values.envVarsSecret }}
+              {{- range .Values.envVarsSecret }}
+              - secretRef:
+                  name: {{ . }}
+              {{- end }}
+
+              {{- end }}
+              {{- if .Values.extraEnvVarsCM }}
+              {{- range .Values.extraEnvVarsCM }}
+              - configMapRef:
+                  name: {{ . }}
+              {{- end }}
+              {{- end }}
+              {{- if .Values.extraEnvVarsSecret }}
+              {{- range .Values.extraEnvVarsSecret }}
+              - secretRef:
+                  name: {{ . }}
+              {{- end }}
+              {{- end }}
+
+          ports:
+            - name: container-port
+              containerPort: {{ .Values.containerPort }}
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: opencrvs-certs
+              mountPath: /certs/mnt
+      {{- if .Values.sidecars }}
+      {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: opencrvs-certs
+          secret:
+            secretName: {{ .Values.mediator.opencrvs.certsKeysSecretName }}

helm/opencrvs-mediator/templates/extra-list.yaml

@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}

helm/opencrvs-mediator/templates/service-account.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "mediator.serviceAccountName" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  namespace: {{ .Release.Namespace }}