From 429158af4d6d3a0a22a5a06458a798e1030ed363 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Mon, 6 May 2024 15:57:15 +0200 Subject: [PATCH 01/38] feat: add initial draft for helm chart (docker-plain) --- docker-plain/files/chart/.helmignore | 23 ++++ docker-plain/files/chart/Chart.yaml | 32 ++++++ docker-plain/files/chart/DEVNOTES.md | 32 ++++++ docker-plain/files/chart/templates/NOTES.txt | 1 + .../files/chart/templates/_affinity.tpl | 51 +++++++++ .../files/chart/templates/_helpers.tpl | 63 +++++++++++ .../files/chart/templates/_labels.tpl | 11 ++ .../files/chart/templates/deployment.yaml | 70 ++++++++++++ .../files/chart/templates/service.yaml | 15 +++ .../templates/tests/test-connection.yaml | 15 +++ docker-plain/files/chart/values.schema.json | 100 ++++++++++++++++++ docker-plain/files/chart/values.yaml | 92 ++++++++++++++++ 12 files changed, 505 insertions(+) create mode 100644 docker-plain/files/chart/.helmignore create mode 100644 docker-plain/files/chart/Chart.yaml create mode 100644 docker-plain/files/chart/DEVNOTES.md create mode 100644 docker-plain/files/chart/templates/NOTES.txt create mode 100644 docker-plain/files/chart/templates/_affinity.tpl create mode 100644 docker-plain/files/chart/templates/_helpers.tpl create mode 100644 docker-plain/files/chart/templates/_labels.tpl create mode 100644 docker-plain/files/chart/templates/deployment.yaml create mode 100644 docker-plain/files/chart/templates/service.yaml create mode 100644 docker-plain/files/chart/templates/tests/test-connection.yaml create mode 100644 docker-plain/files/chart/values.schema.json create mode 100644 docker-plain/files/chart/values.yaml diff --git a/docker-plain/files/chart/.helmignore b/docker-plain/files/chart/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/docker-plain/files/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/docker-plain/files/chart/Chart.yaml b/docker-plain/files/chart/Chart.yaml new file mode 100644 index 000000000..24926dcbd --- /dev/null +++ b/docker-plain/files/chart/Chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +# Here you can replace this for your project name +name: docker-plain +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" + +# dependencies: +# - name: common +# repository: oci://registry-1.docker.io/bitnamicharts +# tags: +# - bitnami-common +# version: 2.x.x \ No newline at end of file diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md new file mode 100644 index 000000000..07b2dd109 --- /dev/null +++ b/docker-plain/files/chart/DEVNOTES.md @@ -0,0 +1,32 @@ +# TODO +Can we adapt NOTES.txt to display some deployed resources and other important information for release documentation? Do we need it? + +- helm linting preps, hence to add values schema validation in the chart together with the values.yaml + - add a test for helm lint + - future add as a Jenkins shared lib stage + - now either we do it as an added manually in the jenkinsfiles or documented and test locally + - make use of it on the github actions when PRs on quickstarters (reuse max as possible) +- we will move to values.yaml + - [X] the probes + - the affinity (missing labels now and some additions required) + - the route (with timeout values and example for ACME usage) + - rolling update strategy? +- remove provisioning resources creation -> get rid odsQuickstarterStageCreateOpenShiftResources +- jenkinsfile with values.env.yaml ready, so we will provide all the env values too +- update test-conection.yaml with better image (to not suffer dockerhub rate limiting) +- golden tests do not check anymore imagetags nor deploymentconfigs +- start defining howtos/FAQS we detect on the way (goal to keep simple the chart but to show how to improve it and have good practises) bitnami examples (more elaborated affinity, ...) + + +- example of chart dependency +- example of configmap and secret +- example of secret resource management in code +- add support for extra secret operator + +Later +- with the common folder with tpl files we provide a more clean and fitting approach for us +- create a new pipeline step provisioning that copies over .tpl files required from common +- creation of template files folder in common, so we try to centralise the chart creation and maintenance from one place (as it is done already with openshift templates/tailor) + +Decisions: +- To stay close to default helm templates: Remove the Values.componentId and use chart.fullname instead -> Otherwise breaks DEV + PREVIEW. Chart.Name should be the source for componentId. If we want to automate -> template the Chart.yaml on provisioning \ No newline at end of file diff --git a/docker-plain/files/chart/templates/NOTES.txt b/docker-plain/files/chart/templates/NOTES.txt new file mode 100644 index 000000000..a21b2fa26 --- /dev/null +++ b/docker-plain/files/chart/templates/NOTES.txt @@ -0,0 +1 @@ +Component {{ .Values.componentId }} on version {{ .Values.imageTag }} released with Helm! \ No newline at end of file diff --git a/docker-plain/files/chart/templates/_affinity.tpl b/docker-plain/files/chart/templates/_affinity.tpl new file mode 100644 index 000000000..3df10ff0b --- /dev/null +++ b/docker-plain/files/chart/templates/_affinity.tpl @@ -0,0 +1,51 @@ +{{/* +Part of the ODS helm tpl library + +Version: 1.0 +*/}} + + +{{/* +Pod affinity/anti-affinity (soft) + +Usage: Include where needed, e.g. +```` +apiVersion: apps/v1 +kind: Deployment +spec: + template: + spec: + affinity: + podAntiAffinity: {{- include "common.affinities.pods.soft" . | nindent 10}} +```` +*/}} +{{- define "common.affinities.pods.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: {{- include "common.matchLabels" . | nindent 10 }} + topologyKey: "kubernetes.io/hostname" +{{- end -}} + +{{/* +Pod affinity/anti-affinity (hard) + +Usage: Include where needed, e.g. +```` +apiVersion: apps/v1 +kind: Deployment +spec: + template: + spec: + affinity: + podAntiAffinity: {{- include "common.affinities.pods.hard" . | nindent 10}} +```` +*/}} +{{- define "common.affinities.pods.hard" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- include "common.matchLabels" . | nindent 10 }} + topologyKey: "kubernetes.io/hostname" +{{- end -}} \ No newline at end of file diff --git a/docker-plain/files/chart/templates/_helpers.tpl b/docker-plain/files/chart/templates/_helpers.tpl new file mode 100644 index 000000000..e155589f3 --- /dev/null +++ b/docker-plain/files/chart/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "chart.labels" -}} +helm.sh/chart: {{ include "chart.chart" . }} +{{ include "chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "chart.selectorLabels" -}} +app: {{ .Values.componentId }} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/docker-plain/files/chart/templates/_labels.tpl b/docker-plain/files/chart/templates/_labels.tpl new file mode 100644 index 000000000..21c7ca2cc --- /dev/null +++ b/docker-plain/files/chart/templates/_labels.tpl @@ -0,0 +1,11 @@ +{{/* +Part of the ODS helm tpl library + +Version: 1.0 +*/}} + + +{{- define "common.matchLabels" -}} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/docker-plain/files/chart/templates/deployment.yaml b/docker-plain/files/chart/templates/deployment.yaml new file mode 100644 index 000000000..690c9a83d --- /dev/null +++ b/docker-plain/files/chart/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "chart.fullname" . }} + labels: + {{- include "chart.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0% + maxSurge: 50% + selector: + matchLabels: + {{- include "chart.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "chart.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "chart.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.registry }}/{{ .Values.imageNamespace }}/{{ .Values.componentId }}:{{ .Values.imageTag }}" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.probes.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.probes.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + + affinity: + {{- with .Values.affinity }} + {{- toYaml .Values.affinity | nindent 8 }} + {{- end }} + {{- if eq .Values.podAntiAffinity "soft" }} + podAntiAffinity: {{- include "common.affinities.pods.soft" . | nindent 10}} + {{- end }} + {{- if eq .Values.podAntiAffinity "hard" }} + podAntiAffinity: {{- include "common.affinities.pods.hard" . | nindent 10}} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/docker-plain/files/chart/templates/service.yaml b/docker-plain/files/chart/templates/service.yaml new file mode 100644 index 000000000..119f2ab65 --- /dev/null +++ b/docker-plain/files/chart/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.componentId }} + labels: + {{- include "chart.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: {{ .Values.componentId }} + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + protocol: TCP + selector: + {{- include "chart.selectorLabels" . | nindent 4 }} diff --git a/docker-plain/files/chart/templates/tests/test-connection.yaml b/docker-plain/files/chart/templates/tests/test-connection.yaml new file mode 100644 index 000000000..8dfed872d --- /dev/null +++ b/docker-plain/files/chart/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "chart.fullname" . }}-test-connection" + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "chart.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/docker-plain/files/chart/values.schema.json b/docker-plain/files/chart/values.schema.json new file mode 100644 index 000000000..cab65c847 --- /dev/null +++ b/docker-plain/files/chart/values.schema.json @@ -0,0 +1,100 @@ + +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "replicaCount": { + "description": "Number of replicas to deploy", + "type": "integer", + "minimum": 1, + "default": 1 + }, + "image": { + "description": "Container image to deploy", + "type": "object", + "properties": { + "repository": { + "type": "string", + "default": "nginx" + }, + "pullPolicy": { + "type": "string", + "default": "IfNotPresent" + }, + "tag": { + "type": "string", + "default": "latest" + } + } + }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "default": "ClusterIP" + }, + "port": { + "type": "integer", + "default": 80 + } + } + }, + "ingress": { + "description": "Ingress configuration for the Helm chart", + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "default": false + }, + "annotations": { + "type": "object" + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "type": "string", + + "paths": { + "type": "array", + "items": { + "type": "object", + "properties": { + "path": "string", + "pathType": "string" + } + } + } + } + } + } + }, + "tls": { + "type": "array", + "items": { + "type": "object", + "properties": { + "hosts": { + "type": "array", + "items": { + "type": "string" + } + }, + "secretName": { + "type": "string" + } + } + } + } + } + }, + "resources": { + "description": "Resource requests and limits for the Helm chart", + "type": "object" + } + } + } diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml new file mode 100644 index 000000000..8213ea5a6 --- /dev/null +++ b/docker-plain/files/chart/values.yaml @@ -0,0 +1,92 @@ +# Default values for chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +# TODO: Values are injected from Jenkins pipeline, needs to be discussed +# TODO: Adapt deployment.yaml +image: + registry: "ab" + path: "cd" + name: "ef" + tag: "gh" + +service: + enabled: true + port: 8080 + type: ClusterIP + +probes: + livenessProbe: + failureThreshold: 3 + httpGet: + path: "/v1/status" + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + + readinessProbe: + failureThreshold: 1 + httpGet: + path: "/v1/status" + port: 8080 + scheme: HTTP + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "default" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: + limits: + cpu: 1000m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + # bugmenot: "true" + +# possible values: soft, hard +podAntiAffinity: "soft" \ No newline at end of file From a8df74ddca33966e0e6a4d83afc246965f401b2a Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Fri, 10 May 2024 08:54:42 +0200 Subject: [PATCH 02/38] test: docker-plain chart test use AWS ECR busybox --- docker-plain/files/chart/DEVNOTES.md | 2 +- docker-plain/files/chart/templates/tests/test-connection.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md index 07b2dd109..7f0696894 100644 --- a/docker-plain/files/chart/DEVNOTES.md +++ b/docker-plain/files/chart/DEVNOTES.md @@ -13,7 +13,7 @@ Can we adapt NOTES.txt to display some deployed resources and other important in - rolling update strategy? - remove provisioning resources creation -> get rid odsQuickstarterStageCreateOpenShiftResources - jenkinsfile with values.env.yaml ready, so we will provide all the env values too -- update test-conection.yaml with better image (to not suffer dockerhub rate limiting) +- [X] update test-conection.yaml with better image (to not suffer dockerhub rate limiting) - golden tests do not check anymore imagetags nor deploymentconfigs - start defining howtos/FAQS we detect on the way (goal to keep simple the chart but to show how to improve it and have good practises) bitnami examples (more elaborated affinity, ...) diff --git a/docker-plain/files/chart/templates/tests/test-connection.yaml b/docker-plain/files/chart/templates/tests/test-connection.yaml index 8dfed872d..2ad42849f 100644 --- a/docker-plain/files/chart/templates/tests/test-connection.yaml +++ b/docker-plain/files/chart/templates/tests/test-connection.yaml @@ -9,7 +9,7 @@ metadata: spec: containers: - name: wget - image: busybox + image: public.ecr.aws/docker/library/busybox command: ['wget'] args: ['{{ include "chart.fullname" . }}:{{ .Values.service.port }}'] restartPolicy: Never From 55df77c092a3cb54837a80a4871c80a39ec06f70 Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Fri, 10 May 2024 10:06:22 +0200 Subject: [PATCH 03/38] test: update docker-plain golden tests with helm integration --- docker-plain/files/chart/DEVNOTES.md | 2 +- docker-plain/testdata/steps.yml | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md index 7f0696894..3c17e781b 100644 --- a/docker-plain/files/chart/DEVNOTES.md +++ b/docker-plain/files/chart/DEVNOTES.md @@ -14,7 +14,7 @@ Can we adapt NOTES.txt to display some deployed resources and other important in - remove provisioning resources creation -> get rid odsQuickstarterStageCreateOpenShiftResources - jenkinsfile with values.env.yaml ready, so we will provide all the env values too - [X] update test-conection.yaml with better image (to not suffer dockerhub rate limiting) -- golden tests do not check anymore imagetags nor deploymentconfigs +- [X] golden tests do not check anymore imagetags nor deploymentconfigs - start defining howtos/FAQS we detect on the way (goal to keep simple the chart but to show how to improve it and have good practises) bitnami examples (more elaborated affinity, ...) diff --git a/docker-plain/testdata/steps.yml b/docker-plain/testdata/steps.yml index d9a0b7610..b89e746f0 100644 --- a/docker-plain/testdata/steps.yml +++ b/docker-plain/testdata/steps.yml @@ -9,12 +9,7 @@ steps: verify: jenkinsStages: golden/jenkins-build-stages.json openShiftResources: - imageTags: - - name: "{{.ComponentID}}" - tag: latest imageStreams: - "{{.ComponentID}}" - deploymentConfigs: - - "{{.ComponentID}}" services: - "{{.ComponentID}}" From abcd6c14054f055aa0b82a0ef5f384bc66c7eed8 Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Fri, 10 May 2024 10:08:42 +0200 Subject: [PATCH 04/38] feat: docker-plain remove provisioning resources creation --- docker-plain/Jenkinsfile | 5 ----- docker-plain/files/chart/DEVNOTES.md | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/docker-plain/Jenkinsfile b/docker-plain/Jenkinsfile index 7c859cc0f..bb91d7a74 100644 --- a/docker-plain/Jenkinsfile +++ b/docker-plain/Jenkinsfile @@ -20,11 +20,6 @@ odsQuickstarterPipeline( odsQuickstarterStageCopyFiles(context) - odsQuickstarterStageCreateOpenShiftResources( - context, - [directory: 'common/ocp-config/component-environment'] - ) - odsQuickstarterStageRenderJenkinsfile(context) odsQuickstarterStageRenderSonarProperties(context) diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md index 3c17e781b..aaf064687 100644 --- a/docker-plain/files/chart/DEVNOTES.md +++ b/docker-plain/files/chart/DEVNOTES.md @@ -11,7 +11,7 @@ Can we adapt NOTES.txt to display some deployed resources and other important in - the affinity (missing labels now and some additions required) - the route (with timeout values and example for ACME usage) - rolling update strategy? -- remove provisioning resources creation -> get rid odsQuickstarterStageCreateOpenShiftResources +- [X] remove provisioning resources creation -> get rid odsQuickstarterStageCreateOpenShiftResources - jenkinsfile with values.env.yaml ready, so we will provide all the env values too - [X] update test-conection.yaml with better image (to not suffer dockerhub rate limiting) - [X] golden tests do not check anymore imagetags nor deploymentconfigs From 8be1e7aa51408ca16362b9a7bf0bf75b701f1cbd Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Fri, 10 May 2024 10:11:35 +0200 Subject: [PATCH 05/38] drop: comment on docker-plain chart name --- docker-plain/files/chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-plain/files/chart/Chart.yaml b/docker-plain/files/chart/Chart.yaml index 24926dcbd..2baf017d7 100644 --- a/docker-plain/files/chart/Chart.yaml +++ b/docker-plain/files/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 # Here you can replace this for your project name -name: docker-plain +name: docker-plain <- replace this for ? description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. From 5fb6f7ec07dd1990f00dabd65392b67ff9fbd2b3 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Wed, 17 Jul 2024 11:25:22 +0000 Subject: [PATCH 06/38] feat: prepare Chart.yaml for templating the componend_id --- docker-plain/files/chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-plain/files/chart/Chart.yaml b/docker-plain/files/chart/Chart.yaml index 2baf017d7..ebbf1a356 100644 --- a/docker-plain/files/chart/Chart.yaml +++ b/docker-plain/files/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 # Here you can replace this for your project name -name: docker-plain <- replace this for ? +name: @component_id@ description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. From 3dc157bf0fafaa8514a414f3bf385aeb0e8ec2aa Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Wed, 17 Jul 2024 11:26:59 +0000 Subject: [PATCH 07/38] fix: remove custom app label, prefer the labels suggested by kubernetes --- docker-plain/files/chart/templates/_helpers.tpl | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-plain/files/chart/templates/_helpers.tpl b/docker-plain/files/chart/templates/_helpers.tpl index e155589f3..7ba5edc27 100644 --- a/docker-plain/files/chart/templates/_helpers.tpl +++ b/docker-plain/files/chart/templates/_helpers.tpl @@ -46,7 +46,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} Selector labels */}} {{- define "chart.selectorLabels" -}} -app: {{ .Values.componentId }} app.kubernetes.io/name: {{ include "chart.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} From ed3b1601aa41ea3f88291057d39594a51c280bf1 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Wed, 17 Jul 2024 11:28:22 +0000 Subject: [PATCH 08/38] fix: remove componentId since this should be covered by the helm chart name and release name --- docker-plain/files/chart/templates/service.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-plain/files/chart/templates/service.yaml b/docker-plain/files/chart/templates/service.yaml index 119f2ab65..dfc5b3a33 100644 --- a/docker-plain/files/chart/templates/service.yaml +++ b/docker-plain/files/chart/templates/service.yaml @@ -1,15 +1,15 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.componentId }} + name: {{ include "chart.fullname" . }} labels: {{- include "chart.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: - - name: {{ .Values.componentId }} - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.port }} + - port: {{ .Values.service.port }} + targetPort: http protocol: TCP + name: http selector: {{- include "chart.selectorLabels" . | nindent 4 }} From f83dba3b31fac572a5aeed379c481b8495a66eb5 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Wed, 17 Jul 2024 12:37:26 +0000 Subject: [PATCH 09/38] feat: update image section --- docker-plain/files/chart/templates/NOTES.txt | 11 +++- .../files/chart/templates/deployment.yaml | 2 +- .../files/chart/templates/ingress.yaml | 64 +++++++++++++++++++ docker-plain/files/chart/values.yaml | 50 +++++++++++---- 4 files changed, 113 insertions(+), 14 deletions(-) create mode 100644 docker-plain/files/chart/templates/ingress.yaml diff --git a/docker-plain/files/chart/templates/NOTES.txt b/docker-plain/files/chart/templates/NOTES.txt index a21b2fa26..b6a4a176a 100644 --- a/docker-plain/files/chart/templates/NOTES.txt +++ b/docker-plain/files/chart/templates/NOTES.txt @@ -1 +1,10 @@ -Component {{ .Values.componentId }} on version {{ .Values.imageTag }} released with Helm! \ No newline at end of file +Component '{{ include "chart.fullname" . }}' on version '{{ .Values.image.tag }}' released with Helm! +{{- if .Values.ingress.enabled }} +The component is exposed via the following routes: +{{- $appUrl := .Values.appUrl -}} +{{- range .Values.ingress.hosts }} +{{ printf "https://%s" .host }} +{{- end }} +{{- else }} +The component is not exposed. +{{- end }} \ No newline at end of file diff --git a/docker-plain/files/chart/templates/deployment.yaml b/docker-plain/files/chart/templates/deployment.yaml index 690c9a83d..834d5ed4d 100644 --- a/docker-plain/files/chart/templates/deployment.yaml +++ b/docker-plain/files/chart/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.registry }}/{{ .Values.imageNamespace }}/{{ .Values.componentId }}:{{ .Values.imageTag }}" + image: "{{ .Values.image.registry }}{{- if .Values.image.path }}/{{ .Values.image.path }}{{end}}/{{ .Values.image.name }}:{{ .Values.image.tag }}" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/docker-plain/files/chart/templates/ingress.yaml b/docker-plain/files/chart/templates/ingress.yaml new file mode 100644 index 000000000..b52f4e0a1 --- /dev/null +++ b/docker-plain/files/chart/templates/ingress.yaml @@ -0,0 +1,64 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "chart.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- if .Values.ingress.router }} + router: {{ .Values.ingress.router }} + {{- end }} + {{- include "chart.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 8213ea5a6..5b70826e4 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -1,7 +1,10 @@ -# Default values for chart. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. +## Default values for chart. +## This is a YAML-formatted file. Intendation matters! +## Comments are prefixed with two hashes (##), examples are commented with one hash (#) +## Declare variables to be passed into your templates. +## The number of replicas to deploy. +## For high availability use more than 1 replica replicaCount: 1 imagePullSecrets: [] @@ -9,12 +12,33 @@ nameOverride: "" fullnameOverride: "" # TODO: Values are injected from Jenkins pipeline, needs to be discussed -# TODO: Adapt deployment.yaml image: - registry: "ab" - path: "cd" - name: "ef" - tag: "gh" + registry: "docker.io" + path: "nginxinc" + name: "nginx-unprivileged" + tag: "latest" + +## Prefer using ingress over openshift routes +ingress: + enabled: false + className: 'openshift-default' + # router: external + annotations: + ## adjust openshift timeouts (default is 60s) + haproxy.router.openshift.io/timeout: 300s + haproxy.router.openshift.io/timeout-tunnel: 300s + ## e.g. add cert-manager support by annotating the ingress https://cert-manager.io/docs/usage/ingress/ + ## ask in your company for good defaults + + hosts: [] + # - host: yourapp.yourdomain.com + # paths: + # - path: / + # pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - yourapp.yourdomain.com service: enabled: true @@ -25,7 +49,7 @@ probes: livenessProbe: failureThreshold: 3 httpGet: - path: "/v1/status" + path: "/" port: 8080 scheme: HTTP initialDelaySeconds: 5 @@ -36,7 +60,7 @@ probes: readinessProbe: failureThreshold: 1 httpGet: - path: "/v1/status" + path: "/" port: 8080 scheme: HTTP initialDelaySeconds: 3 @@ -88,5 +112,7 @@ tolerations: [] affinity: {} # bugmenot: "true" -# possible values: soft, hard -podAntiAffinity: "soft" \ No newline at end of file +## PodAntiAffinity is a way to control that not all of your pods are scheduled +## onto the same node. +## possible values: soft, hard, null +podAntiAffinity: soft \ No newline at end of file From 1d7229df3377ea3fd9f6343b792191cb72e0c6c6 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Wed, 17 Jul 2024 12:37:32 +0000 Subject: [PATCH 10/38] update devnotes --- docker-plain/files/chart/DEVNOTES.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md index aaf064687..ca0875010 100644 --- a/docker-plain/files/chart/DEVNOTES.md +++ b/docker-plain/files/chart/DEVNOTES.md @@ -8,13 +8,15 @@ Can we adapt NOTES.txt to display some deployed resources and other important in - make use of it on the github actions when PRs on quickstarters (reuse max as possible) - we will move to values.yaml - [X] the probes - - the affinity (missing labels now and some additions required) - - the route (with timeout values and example for ACME usage) - - rolling update strategy? + - [x] the affinity (missing labels now and some additions required) + - [x] the route (with timeout values and example for ACME usage) + - [x] rolling update strategy? - [X] remove provisioning resources creation -> get rid odsQuickstarterStageCreateOpenShiftResources -- jenkinsfile with values.env.yaml ready, so we will provide all the env values too +- jenkinsfile with values.env.yaml ready, so we will provide all the env values too: Different replicaCount + ingress hosts - [X] update test-conection.yaml with better image (to not suffer dockerhub rate limiting) - [X] golden tests do not check anymore imagetags nor deploymentconfigs +- [] Test ingress on Openshift without hostname -> is there a generated one? -> Gerard +- [] Make ingress more standard helm (e.g. list of hosts) -> Sebastian - start defining howtos/FAQS we detect on the way (goal to keep simple the chart but to show how to improve it and have good practises) bitnami examples (more elaborated affinity, ...) @@ -29,4 +31,9 @@ Later - creation of template files folder in common, so we try to centralise the chart creation and maintenance from one place (as it is done already with openshift templates/tailor) Decisions: -- To stay close to default helm templates: Remove the Values.componentId and use chart.fullname instead -> Otherwise breaks DEV + PREVIEW. Chart.Name should be the source for componentId. If we want to automate -> template the Chart.yaml on provisioning \ No newline at end of file +- To stay close to default helm templates: Remove the Values.componentId and use chart.fullname instead -> Otherwise breaks DEV + PREVIEW. Chart.Name should be the source for componentId. If we want to automate -> template the Chart.yaml on provisioning + +Shared library ToDo's: +- Match required labels (app) +- Review helm install command +- Release manager image checks \ No newline at end of file From 543e5e2e9c6fae1fd994c73192b441a70d4cad75 Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Wed, 17 Jul 2024 16:02:48 +0200 Subject: [PATCH 11/38] fix TODO note regarding image Values values.yaml --- docker-plain/files/chart/Chart.yaml | 2 +- docker-plain/files/chart/templates/NOTES.txt | 2 +- .../files/chart/templates/_affinity.tpl | 2 +- .../files/chart/templates/_labels.tpl | 2 +- .../files/chart/templates/deployment.yaml | 6 ++-- .../files/chart/templates/ingress.yaml | 2 +- docker-plain/files/chart/values.yaml | 35 ++++++++++--------- 7 files changed, 26 insertions(+), 25 deletions(-) diff --git a/docker-plain/files/chart/Chart.yaml b/docker-plain/files/chart/Chart.yaml index ebbf1a356..7ce0a8f50 100644 --- a/docker-plain/files/chart/Chart.yaml +++ b/docker-plain/files/chart/Chart.yaml @@ -29,4 +29,4 @@ appVersion: "1.0.0" # repository: oci://registry-1.docker.io/bitnamicharts # tags: # - bitnami-common -# version: 2.x.x \ No newline at end of file +# version: 2.x.x diff --git a/docker-plain/files/chart/templates/NOTES.txt b/docker-plain/files/chart/templates/NOTES.txt index b6a4a176a..6fff7fa63 100644 --- a/docker-plain/files/chart/templates/NOTES.txt +++ b/docker-plain/files/chart/templates/NOTES.txt @@ -7,4 +7,4 @@ The component is exposed via the following routes: {{- end }} {{- else }} The component is not exposed. -{{- end }} \ No newline at end of file +{{- end }} diff --git a/docker-plain/files/chart/templates/_affinity.tpl b/docker-plain/files/chart/templates/_affinity.tpl index 3df10ff0b..cc9c3519c 100644 --- a/docker-plain/files/chart/templates/_affinity.tpl +++ b/docker-plain/files/chart/templates/_affinity.tpl @@ -48,4 +48,4 @@ preferredDuringSchedulingIgnoredDuringExecution: labelSelector: matchLabels: {{- include "common.matchLabels" . | nindent 10 }} topologyKey: "kubernetes.io/hostname" -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/docker-plain/files/chart/templates/_labels.tpl b/docker-plain/files/chart/templates/_labels.tpl index 21c7ca2cc..6a222c379 100644 --- a/docker-plain/files/chart/templates/_labels.tpl +++ b/docker-plain/files/chart/templates/_labels.tpl @@ -8,4 +8,4 @@ Version: 1.0 {{- define "common.matchLabels" -}} app.kubernetes.io/name: {{ include "chart.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/docker-plain/files/chart/templates/deployment.yaml b/docker-plain/files/chart/templates/deployment.yaml index 834d5ed4d..702e66f47 100644 --- a/docker-plain/files/chart/templates/deployment.yaml +++ b/docker-plain/files/chart/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}{{- if .Values.image.path }}/{{ .Values.image.path }}{{end}}/{{ .Values.image.name }}:{{ .Values.image.tag }}" + image: "{{ .Values.registry }}/{{ .Values.imageNamespace }}/{{ .Values.componentId }}:{{ .Values.imageTag }}" imagePullPolicy: IfNotPresent ports: - name: http @@ -48,8 +48,8 @@ spec: {{- toYaml .Values.probes.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} - - affinity: + + affinity: {{- with .Values.affinity }} {{- toYaml .Values.affinity | nindent 8 }} {{- end }} diff --git a/docker-plain/files/chart/templates/ingress.yaml b/docker-plain/files/chart/templates/ingress.yaml index b52f4e0a1..1ac5922e8 100644 --- a/docker-plain/files/chart/templates/ingress.yaml +++ b/docker-plain/files/chart/templates/ingress.yaml @@ -61,4 +61,4 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 5b70826e4..56253f286 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -3,7 +3,7 @@ ## Comments are prefixed with two hashes (##), examples are commented with one hash (#) ## Declare variables to be passed into your templates. -## The number of replicas to deploy. +## The number of replicas to deploy. ## For high availability use more than 1 replica replicaCount: 1 @@ -11,12 +11,13 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -# TODO: Values are injected from Jenkins pipeline, needs to be discussed -image: - registry: "docker.io" - path: "nginxinc" - name: "nginx-unprivileged" - tag: "latest" +# NOTE: By default image Values are injected from Jenkins pipeline, one can change that default to use values defined here +# and, one can also make dinamically change (e.g. tag value) via the `helmValues` argument in the `odsComponentStageRolloutOpenShiftDeployment` +# image: +# registry: "docker.io" +# path: "nginxinc" +# name: "nginx-unprivileged" +# tag: "latest" ## Prefer using ingress over openshift routes ingress: @@ -29,16 +30,16 @@ ingress: haproxy.router.openshift.io/timeout-tunnel: 300s ## e.g. add cert-manager support by annotating the ingress https://cert-manager.io/docs/usage/ingress/ ## ask in your company for good defaults - + hosts: [] - # - host: yourapp.yourdomain.com - # paths: - # - path: / - # pathType: Prefix + # - host: yourapp.yourdomain.com + # paths: + # - path: / + # pathType: Prefix tls: [] - # - secretName: chart-example-tls - # hosts: - # - yourapp.yourdomain.com + # - secretName: chart-example-tls + # hosts: + # - yourapp.yourdomain.com service: enabled: true @@ -92,7 +93,7 @@ securityContext: {} resources: limits: - cpu: 1000m + cpu: 100m memory: 128Mi requests: cpu: 50m @@ -115,4 +116,4 @@ affinity: {} ## PodAntiAffinity is a way to control that not all of your pods are scheduled ## onto the same node. ## possible values: soft, hard, null -podAntiAffinity: soft \ No newline at end of file +podAntiAffinity: soft From e48a7296b33e076e537b42dc0d41fa2c28750d00 Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Wed, 17 Jul 2024 22:01:02 +0200 Subject: [PATCH 12/38] feat: docker-plain ingress with default tls templating, fix imagetag on helm notes and remove switch cases on k8s version on ingress template --- docker-plain/files/chart/templates/NOTES.txt | 2 +- .../files/chart/templates/ingress.yaml | 23 ++++--------------- docker-plain/files/chart/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 21 deletions(-) diff --git a/docker-plain/files/chart/templates/NOTES.txt b/docker-plain/files/chart/templates/NOTES.txt index 6fff7fa63..1708ecef9 100644 --- a/docker-plain/files/chart/templates/NOTES.txt +++ b/docker-plain/files/chart/templates/NOTES.txt @@ -1,4 +1,4 @@ -Component '{{ include "chart.fullname" . }}' on version '{{ .Values.image.tag }}' released with Helm! +Component '{{ include "chart.fullname" . }}' on version '{{ .Values.imageTag }}' released with Helm! {{- if .Values.ingress.enabled }} The component is exposed via the following routes: {{- $appUrl := .Values.appUrl -}} diff --git a/docker-plain/files/chart/templates/ingress.yaml b/docker-plain/files/chart/templates/ingress.yaml index 1ac5922e8..8b1e204d0 100644 --- a/docker-plain/files/chart/templates/ingress.yaml +++ b/docker-plain/files/chart/templates/ingress.yaml @@ -1,18 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "chart.fullname" . -}} {{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} kind: Ingress metadata: name: {{ $fullName }} @@ -26,7 +15,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + {{- if .Values.ingress.className }} ingressClassName: {{ .Values.ingress.className }} {{- end }} {{- if .Values.ingress.tls }} @@ -38,6 +27,9 @@ spec: {{- end }} secretName: {{ .secretName }} {{- end }} + {{- else }} + tls: + - {} {{- end }} rules: {{- range .Values.ingress.hosts }} @@ -46,19 +38,14 @@ spec: paths: {{- range .paths }} - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + {{- if .pathType }} pathType: {{ .pathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: name: {{ $fullName }} port: number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 56253f286..50fd2e975 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -31,12 +31,12 @@ ingress: ## e.g. add cert-manager support by annotating the ingress https://cert-manager.io/docs/usage/ingress/ ## ask in your company for good defaults - hosts: [] + hosts: [] # When defining a host you must define also a path # - host: yourapp.yourdomain.com # paths: # - path: / # pathType: Prefix - tls: [] + tls: [] # If `tls` is left empty then the default OpenShift TLS config will be loaded (i.e.: TLS edge termination with HTTP redirect to HTTPS) # - secretName: chart-example-tls # hosts: # - yourapp.yourdomain.com From 3c9e7655cd83684a27d8d77f3ffabea11b452c4f Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Wed, 17 Jul 2024 22:03:13 +0200 Subject: [PATCH 13/38] fix: align tabs on ingress.yaml and update devnotes todo --- docker-plain/files/chart/DEVNOTES.md | 5 +++-- docker-plain/files/chart/templates/ingress.yaml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md index ca0875010..7d3129b9f 100644 --- a/docker-plain/files/chart/DEVNOTES.md +++ b/docker-plain/files/chart/DEVNOTES.md @@ -15,7 +15,7 @@ Can we adapt NOTES.txt to display some deployed resources and other important in - jenkinsfile with values.env.yaml ready, so we will provide all the env values too: Different replicaCount + ingress hosts - [X] update test-conection.yaml with better image (to not suffer dockerhub rate limiting) - [X] golden tests do not check anymore imagetags nor deploymentconfigs -- [] Test ingress on Openshift without hostname -> is there a generated one? -> Gerard +- [X] Test ingress on Openshift without hostname -> is there a generated one? NO -> host value is required but tls can be left empty now with default OpenShift TLS (See ingress.yaml and values.yaml). host value is required as ingress approach is a rules based system. - [] Make ingress more standard helm (e.g. list of hosts) -> Sebastian - start defining howtos/FAQS we detect on the way (goal to keep simple the chart but to show how to improve it and have good practises) bitnami examples (more elaborated affinity, ...) @@ -36,4 +36,5 @@ Decisions: Shared library ToDo's: - Match required labels (app) - Review helm install command -- Release manager image checks \ No newline at end of file +- Release manager image checks +- Agree if helm install requires overwritting values on image (see helm notes and deployment, and values.yaml) diff --git a/docker-plain/files/chart/templates/ingress.yaml b/docker-plain/files/chart/templates/ingress.yaml index 8b1e204d0..a2c5cb5c4 100644 --- a/docker-plain/files/chart/templates/ingress.yaml +++ b/docker-plain/files/chart/templates/ingress.yaml @@ -27,7 +27,7 @@ spec: {{- end }} secretName: {{ .secretName }} {{- end }} - {{- else }} + {{- else }} tls: - {} {{- end }} From 065868309e69f3a7d58e625e0fc1975b2e789eec Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Thu, 18 Jul 2024 13:52:46 +0200 Subject: [PATCH 14/38] feat: docker-plain render Helm chart Chart.yaml file --- docker-plain/Chart.yaml.template | 31 ++++++++++++++++++++++++++ docker-plain/Jenkinsfile | 15 +++++++++++++ docker-plain/files/chart/Chart.yaml | 33 +--------------------------- docker-plain/files/chart/DEVNOTES.md | 2 +- 4 files changed, 48 insertions(+), 33 deletions(-) create mode 100644 docker-plain/Chart.yaml.template diff --git a/docker-plain/Chart.yaml.template b/docker-plain/Chart.yaml.template new file mode 100644 index 000000000..33b378423 --- /dev/null +++ b/docker-plain/Chart.yaml.template @@ -0,0 +1,31 @@ +apiVersion: v2 +name: @component_id@ +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" + +# dependencies: +# - name: common +# repository: oci://registry-1.docker.io/bitnamicharts +# tags: +# - bitnami-common +# version: 2.x.x diff --git a/docker-plain/Jenkinsfile b/docker-plain/Jenkinsfile index bb91d7a74..08468805d 100644 --- a/docker-plain/Jenkinsfile +++ b/docker-plain/Jenkinsfile @@ -23,4 +23,19 @@ odsQuickstarterPipeline( odsQuickstarterStageRenderJenkinsfile(context) odsQuickstarterStageRenderSonarProperties(context) + + renderHelmChart(context) +} + +def renderHelmChart(def context) { + def relativeSourceFilePath = "Chart.yaml.template" + def relativeDestinationFilePath = "chart/Chart.yaml" + def absoluteSourceFilePath = "${context.sourceDir}/${relativeSourceFilePath}" + def absoluteDestinationFilePath = "${context.targetDir}/${relativeDestinationFilePath}" + script.sh( + script: """ + sed 's|@component_id@|${context.componentId}|g' ${absoluteSourceFilePath} > ${absoluteDestinationFilePath} + """, + label: "Render Helm Chart.yaml file" + ) } diff --git a/docker-plain/files/chart/Chart.yaml b/docker-plain/files/chart/Chart.yaml index 7ce0a8f50..6f08cdff3 100644 --- a/docker-plain/files/chart/Chart.yaml +++ b/docker-plain/files/chart/Chart.yaml @@ -1,32 +1 @@ -apiVersion: v2 -# Here you can replace this for your project name -name: @component_id@ -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.0.0" - -# dependencies: -# - name: common -# repository: oci://registry-1.docker.io/bitnamicharts -# tags: -# - bitnami-common -# version: 2.x.x +# Content will be rendered from the Chart.yaml.template file by the Jenkins shared library provision job diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md index 7d3129b9f..eff7c99e5 100644 --- a/docker-plain/files/chart/DEVNOTES.md +++ b/docker-plain/files/chart/DEVNOTES.md @@ -31,7 +31,7 @@ Later - creation of template files folder in common, so we try to centralise the chart creation and maintenance from one place (as it is done already with openshift templates/tailor) Decisions: -- To stay close to default helm templates: Remove the Values.componentId and use chart.fullname instead -> Otherwise breaks DEV + PREVIEW. Chart.Name should be the source for componentId. If we want to automate -> template the Chart.yaml on provisioning +- To stay close to default helm templates: Remove the Values.componentId and use chart.fullname instead -> Otherwise breaks DEV + PREVIEW. Chart.Name should be the source for componentId. If we want to automate -> template the Chart.yaml on provisioning <- DONE Shared library ToDo's: - Match required labels (app) From 0b541a80bbf7d5f83876b04cd29ebab28f4f90e8 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Fri, 2 Aug 2024 09:14:29 +0000 Subject: [PATCH 15/38] update devnotes, remove dependencies in Chart.yml for now --- docker-plain/Chart.yaml.template | 7 ------- docker-plain/files/chart/DEVNOTES.md | 2 +- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/docker-plain/Chart.yaml.template b/docker-plain/Chart.yaml.template index 33b378423..2c1f7a8dd 100644 --- a/docker-plain/Chart.yaml.template +++ b/docker-plain/Chart.yaml.template @@ -22,10 +22,3 @@ version: 1.0.0 # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "1.0.0" - -# dependencies: -# - name: common -# repository: oci://registry-1.docker.io/bitnamicharts -# tags: -# - bitnami-common -# version: 2.x.x diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md index eff7c99e5..6b11bf12d 100644 --- a/docker-plain/files/chart/DEVNOTES.md +++ b/docker-plain/files/chart/DEVNOTES.md @@ -16,7 +16,7 @@ Can we adapt NOTES.txt to display some deployed resources and other important in - [X] update test-conection.yaml with better image (to not suffer dockerhub rate limiting) - [X] golden tests do not check anymore imagetags nor deploymentconfigs - [X] Test ingress on Openshift without hostname -> is there a generated one? NO -> host value is required but tls can be left empty now with default OpenShift TLS (See ingress.yaml and values.yaml). host value is required as ingress approach is a rules based system. -- [] Make ingress more standard helm (e.g. list of hosts) -> Sebastian +- [X] Make ingress more standard helm (e.g. list of hosts) -> Sebastian - start defining howtos/FAQS we detect on the way (goal to keep simple the chart but to show how to improve it and have good practises) bitnami examples (more elaborated affinity, ...) From b97f813244de0033e98eb250fd8078dd613ea974 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Fri, 2 Aug 2024 09:31:09 +0000 Subject: [PATCH 16/38] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 121227873..b93b39a11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Update Rust Axum Quickstarter ([#1024](https://github.com/opendevstack/ods-quickstarters/pull/1024)) - Gitleaks docs fix and update ([#1028](https://github.com/opendevstack/ods-quickstarters/issues/1028)) - Enable OpenSSL vendored compilation for Rust Jenkins Agent ([#1026](https://github.com/opendevstack/ods-quickstarters/pull/1026)) +- Add Helm Chart to Docker Plain Quickstarter ([#1035](https://github.com/opendevstack/ods-quickstarters/pull/1035)) ### Added From 8b87c2c93be8ed89c6abee58a9ab50a4d0505f38 Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Wed, 21 Aug 2024 13:19:50 +0200 Subject: [PATCH 17/38] enable chart testing and enable deploymentStrategy to be set via values.yaml config --- docker-plain/files/chart/Chart.yaml | 27 ++++++++++++++++++- docker-plain/files/chart/DEVNOTES.md | 1 + .../files/chart/templates/deployment.yaml | 5 +--- docker-plain/files/chart/values.yaml | 8 ++++++ 4 files changed, 36 insertions(+), 5 deletions(-) diff --git a/docker-plain/files/chart/Chart.yaml b/docker-plain/files/chart/Chart.yaml index 6f08cdff3..64267e8c4 100644 --- a/docker-plain/files/chart/Chart.yaml +++ b/docker-plain/files/chart/Chart.yaml @@ -1 +1,26 @@ -# Content will be rendered from the Chart.yaml.template file by the Jenkins shared library provision job +# IMPORTANT: Content will be recreated from the Chart.yaml.template file by the Jenkins shared library provision job +# NOTE: The content is provided for testing purposes +apiVersion: v2 +name: Your helm chart +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" diff --git a/docker-plain/files/chart/DEVNOTES.md b/docker-plain/files/chart/DEVNOTES.md index 6b11bf12d..50bf60bfb 100644 --- a/docker-plain/files/chart/DEVNOTES.md +++ b/docker-plain/files/chart/DEVNOTES.md @@ -38,3 +38,4 @@ Shared library ToDo's: - Review helm install command - Release manager image checks - Agree if helm install requires overwritting values on image (see helm notes and deployment, and values.yaml) +- provide docs on how to test chart updates, by running `helm --debug template . ` under the chart folder to be tested diff --git a/docker-plain/files/chart/templates/deployment.yaml b/docker-plain/files/chart/templates/deployment.yaml index 702e66f47..ebc51c0aa 100644 --- a/docker-plain/files/chart/templates/deployment.yaml +++ b/docker-plain/files/chart/templates/deployment.yaml @@ -9,10 +9,7 @@ spec: replicas: {{ .Values.replicaCount }} {{- end }} strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0% - maxSurge: 50% + {{- toYaml .Values.deploymentStrategy | nindent 4 }} selector: matchLabels: {{- include "chart.selectorLabels" . | nindent 6 }} diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 50fd2e975..525d5e578 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -46,6 +46,14 @@ service: port: 8080 type: ClusterIP +# There are two types of strategy: `Recreate` and `RollingUpdate` +# Please refer to https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +deploymentStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0% + maxSurge: 50% + probes: livenessProbe: failureThreshold: 3 From b2452c0abb04249f311b5daeadd18abc10158c40 Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Wed, 21 Aug 2024 16:38:31 +0200 Subject: [PATCH 18/38] avoid dependency on Jenkins lib only provided image values - enable chart usage out of Jenkins CICD pipeline context --- .../files/chart/templates/deployment.yaml | 5 +++-- docker-plain/files/chart/values.yaml | 16 +++++++++------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/docker-plain/files/chart/templates/deployment.yaml b/docker-plain/files/chart/templates/deployment.yaml index ebc51c0aa..a11ac217d 100644 --- a/docker-plain/files/chart/templates/deployment.yaml +++ b/docker-plain/files/chart/templates/deployment.yaml @@ -33,8 +33,9 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.registry }}/{{ .Values.imageNamespace }}/{{ .Values.componentId }}:{{ .Values.imageTag }}" - imagePullPolicy: IfNotPresent + # Priority is on Values from CICD jenkins injected Helm values, if not then use values from values.yaml + image: "{{ or .Values.registry .Values.image.registry }}/{{ or .Values.imageNamespace .Values.image.path }}/{{ or .Values.componentId .Values.image.name }}:{{ or .Values.imageTag .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: {{ .Values.service.port }} diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 525d5e578..9811cf91f 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -11,13 +11,15 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -# NOTE: By default image Values are injected from Jenkins pipeline, one can change that default to use values defined here -# and, one can also make dinamically change (e.g. tag value) via the `helmValues` argument in the `odsComponentStageRolloutOpenShiftDeployment` -# image: -# registry: "docker.io" -# path: "nginxinc" -# name: "nginx-unprivileged" -# tag: "latest" +# NOTE: By default image Values are injected from CICD Jenkins pipeline, values defined here are used when not being on CICD Jenkins pipeline context. +# Default values here are provided in case one needs to use the chart without CICD (i.e.: testing the chart). +image: + registry: "docker.io" + path: "nginxinc" + name: "nginx-unprivileged" + tag: "latest" + # You might consider using `IfNotPresent` policy, see https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + pullPolicy: Always ## Prefer using ingress over openshift routes ingress: From 6148c6702827c205180a72d18714335d7f6ac00c Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Tue, 27 Aug 2024 15:55:51 +0200 Subject: [PATCH 19/38] fix: add missing tpl for serviceAccount --- .../files/chart/templates/serviceaccount.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 docker-plain/files/chart/templates/serviceaccount.yaml diff --git a/docker-plain/files/chart/templates/serviceaccount.yaml b/docker-plain/files/chart/templates/serviceaccount.yaml new file mode 100644 index 000000000..1df935010 --- /dev/null +++ b/docker-plain/files/chart/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.serviceAccountName" . }} + labels: + {{- include "chart.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} From 2b4a064299ec9f87cf371e97378ded465a1c920a Mon Sep 17 00:00:00 2001 From: "Vazquez,Brais (IT EDP)" Date: Thu, 5 Sep 2024 14:55:30 +0200 Subject: [PATCH 20/38] fix no property error --- docker-plain/Jenkinsfile | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/docker-plain/Jenkinsfile b/docker-plain/Jenkinsfile index 08468805d..2da7169e9 100644 --- a/docker-plain/Jenkinsfile +++ b/docker-plain/Jenkinsfile @@ -32,10 +32,5 @@ def renderHelmChart(def context) { def relativeDestinationFilePath = "chart/Chart.yaml" def absoluteSourceFilePath = "${context.sourceDir}/${relativeSourceFilePath}" def absoluteDestinationFilePath = "${context.targetDir}/${relativeDestinationFilePath}" - script.sh( - script: """ - sed 's|@component_id@|${context.componentId}|g' ${absoluteSourceFilePath} > ${absoluteDestinationFilePath} - """, - label: "Render Helm Chart.yaml file" - ) + sh(script: "source use-j21.sh && ./gradlew clean build --stacktrace --no-daemon && source use-j11.sh", label: "Render Helm Chart.yaml file") } From 9b6e866f356f904451baff9691da9830f4122037 Mon Sep 17 00:00:00 2001 From: "Vazquez,Brais (IT EDP)" Date: Thu, 5 Sep 2024 14:57:05 +0200 Subject: [PATCH 21/38] fix --- docker-plain/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-plain/Jenkinsfile b/docker-plain/Jenkinsfile index 2da7169e9..c1eee50ad 100644 --- a/docker-plain/Jenkinsfile +++ b/docker-plain/Jenkinsfile @@ -32,5 +32,5 @@ def renderHelmChart(def context) { def relativeDestinationFilePath = "chart/Chart.yaml" def absoluteSourceFilePath = "${context.sourceDir}/${relativeSourceFilePath}" def absoluteDestinationFilePath = "${context.targetDir}/${relativeDestinationFilePath}" - sh(script: "source use-j21.sh && ./gradlew clean build --stacktrace --no-daemon && source use-j11.sh", label: "Render Helm Chart.yaml file") + sh(script: "sed 's|@component_id@|${context.componentId}|g' ${absoluteSourceFilePath} > ${absoluteDestinationFilePath}", label: "Render Helm Chart.yaml file") } From 37271df6af62f0c1d3982ba20f1df7db1201724d Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Thu, 5 Sep 2024 15:29:51 +0200 Subject: [PATCH 22/38] skip SA creation on default, use chart fullname --- docker-plain/files/chart/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 9811cf91f..35d1be245 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -81,12 +81,12 @@ probes: serviceAccount: # Specifies whether a service account should be created - create: true + create: false # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template - name: "default" + # name: "default" podAnnotations: {} From b64fd8272edb0106a1eee3aac64a95395c483096 Mon Sep 17 00:00:00 2001 From: "Vazquez,Brais (IT EDP)" Date: Thu, 5 Sep 2024 16:57:49 +0200 Subject: [PATCH 23/38] Change to nginxinc image --- docker-plain/files/docker/Dockerfile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docker-plain/files/docker/Dockerfile b/docker-plain/files/docker/Dockerfile index 681c5069b..866c1998f 100644 --- a/docker-plain/files/docker/Dockerfile +++ b/docker-plain/files/docker/Dockerfile @@ -1,8 +1,10 @@ # add /overwrite FROM with your base image, and do whatever you like here :) -FROM alpine:latest +FROM nginxinc/nginx-unprivileged:latest -RUN echo "building simple container" +USER root -EXPOSE 8080 +RUN apt-get update -y && \ + apt-get upgrade -y && \ + apt-get clean -CMD ["/bin/sh", "-c", "/usr/bin/nc -lk -p 8080 -e echo -e \"HTTP/1.1 200 OK\n\nHello World!\n$(date)\""] +USER 1001 From 6cd786f875d2e9c21c87840aa19246103594d5f8 Mon Sep 17 00:00:00 2001 From: "Vazquez,Brais (IT EDP)" Date: Fri, 6 Sep 2024 14:26:32 +0200 Subject: [PATCH 24/38] Specify selector for Release manager pipeline --- docker-plain/Jenkinsfile.template | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-plain/Jenkinsfile.template b/docker-plain/Jenkinsfile.template index d885ca418..9f93839b3 100644 --- a/docker-plain/Jenkinsfile.template +++ b/docker-plain/Jenkinsfile.template @@ -20,7 +20,9 @@ odsComponentPipeline( */ odsComponentStageBuildOpenShiftImage(context) } - odsComponentStageRolloutOpenShiftDeployment(context) + odsComponentStageRolloutOpenShiftDeployment(context, [ + 'selector': "app.kubernetes.io/name=${context.componentId}" + ]) } def stageBuild(def context) { From 1d9ff9c7564ea0a9834374466a40204e5262eb59 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Tue, 10 Sep 2024 09:59:54 +0200 Subject: [PATCH 25/38] Remove value --- docker-plain/files/chart/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 35d1be245..5eef5c249 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -121,7 +121,6 @@ nodeSelector: {} tolerations: [] affinity: {} - # bugmenot: "true" ## PodAntiAffinity is a way to control that not all of your pods are scheduled ## onto the same node. From 865c7382244a6452bc1e2ccb2cc9e0e3320fe100 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Tue, 17 Sep 2024 13:53:07 +0200 Subject: [PATCH 26/38] use nginx image from redhat --- docker-plain/files/docker/Dockerfile | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/docker-plain/files/docker/Dockerfile b/docker-plain/files/docker/Dockerfile index 866c1998f..89137ce5d 100644 --- a/docker-plain/files/docker/Dockerfile +++ b/docker-plain/files/docker/Dockerfile @@ -1,10 +1,6 @@ -# add /overwrite FROM with your base image, and do whatever you like here :) -FROM nginxinc/nginx-unprivileged:latest +FROM registry.access.redhat.com/ubi9/nginx-122 -USER root +RUN echo -n "Hello World" > index.html -RUN apt-get update -y && \ - apt-get upgrade -y && \ - apt-get clean - -USER 1001 +# Run script uses standard ways to run the application +CMD nginx -g "daemon off;" From be7144819bffa1eb773eeafe704fa21245610045 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Tue, 17 Sep 2024 15:03:13 +0200 Subject: [PATCH 27/38] move image name logic to _image.tpl, make registry optional --- docker-plain/files/chart/templates/_image.tpl | 19 +++++++++++++++++++ .../files/chart/templates/deployment.yaml | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 docker-plain/files/chart/templates/_image.tpl diff --git a/docker-plain/files/chart/templates/_image.tpl b/docker-plain/files/chart/templates/_image.tpl new file mode 100644 index 000000000..035ee646e --- /dev/null +++ b/docker-plain/files/chart/templates/_image.tpl @@ -0,0 +1,19 @@ + +{{/* +Part of the ODS helm tpl library + +Version: 1.0 +*/}} + +{{/* +Create an image name from the registry, image path, name and tag. +.Values.registry, .Values.imageNamespace, .Values.componentId and .Values.imageTag are injected by the ODS pipeline on deployment. +If not set, values from .Values.image.registry, .Values.image.path, .Values.image.name and .Values.image.tag are used. +*/}} +{{- define "image.fullname" -}} +{{- if (or .Values.registry .Values.image.registry) }} +{{- printf "%s/%s/%s:%s" (or .Values.registry .Values.image.registry) (or .Values.imageNamespace .Values.image.path) (or .Values.componentId .Values.image.name) (or .Values.imageTag .Values.image.tag ) -}} +{{- else }} +{{- printf "%s/%s:%s" (or .Values.imageNamespace .Values.image.path) (or .Values.componentId .Values.image.name) (or .Values.imageTag .Values.image.tag ) -}} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/docker-plain/files/chart/templates/deployment.yaml b/docker-plain/files/chart/templates/deployment.yaml index a11ac217d..03ddf70e8 100644 --- a/docker-plain/files/chart/templates/deployment.yaml +++ b/docker-plain/files/chart/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: securityContext: {{- toYaml .Values.securityContext | nindent 12 }} # Priority is on Values from CICD jenkins injected Helm values, if not then use values from values.yaml - image: "{{ or .Values.registry .Values.image.registry }}/{{ or .Values.imageNamespace .Values.image.path }}/{{ or .Values.componentId .Values.image.name }}:{{ or .Values.imageTag .Values.image.tag }}" + image: {{ include "image.fullname" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http From f445e25937aea4f90bfc57114afb92cdec0c525f Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Tue, 17 Sep 2024 15:04:00 +0200 Subject: [PATCH 28/38] Update readme, switch to ImagePullStrategy: IfNotPresent PullPolicy: Always will not work when testing locally --- docker-plain/files/README.md | 41 ++++++++++++++++++++++++++++ docker-plain/files/chart/values.yaml | 12 ++++---- 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/docker-plain/files/README.md b/docker-plain/files/README.md index feb272fe8..0738cd4c5 100644 --- a/docker-plain/files/README.md +++ b/docker-plain/files/README.md @@ -1,5 +1,46 @@ # Plain Docker image (docker-plain) +## Purpose + +This Quickstarter serves as a minimal starting point for building your own components that don't fit any of the other Quickstarters. +For demonstration purposes, a nginx webserver provides a simple 'Hello World' message. + +## Folder structure and important files + +- docker: All files inside this folder are available for use in building the docker container + - [docker/Dockerfile](docker/Dockerfile): Defines the container to be built. +- chart: The Helm chart used for deploying the component. + - [chart/Chart.yaml](chart/Chart.yaml): Metadata for your Helm chart. + - [chart/values.yaml](chart/values.yaml): Default values used when templating the Helm chart. + - [chart/values.dev.yaml](chart/values.dev.yaml): Values used for deployment in the 'dev' environment. Values specified in this file are overriding default values from [chart/values.yaml](chart/values.yaml). + - chart/templates: + - [chart/templates/deployment.yaml](chart/templates/deployment.yaml): Template for the [deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) resource. This is where you add additional configuration like environment variables. + - [chart/templates/service.yaml](chart/templates/service.yaml): Template for the [service](https://kubernetes.io/docs/concepts/services-networking/service/) resource. + - [chart/templates/ingress.yaml](chart/templates/ingress.yaml): Template for the [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) resource. + +## Testing locally + +If you want to run this component locally for testing, this might get you started. +It also mimicks what's happening in the [Jenkinsfile](Jenkinsfile). + +### Building the container + +Using a local container runtime you can build the container and tag it with the current git revision: + +```bash +docker build -t testing/my-component:$(git rev-parse --short=8 HEAD) docker/ +``` + +### Deploying the helm chart using + +Using a local kubernetes cluster you can deploy the component: + +```bash +kubectl create ns docker-plain +kind load docker-image testing/my-component:$(git rev-parse --short=8 HEAD) +helm upgrade --install --wait --atomic --namespace docker-plain --set image.path=testing --set image.name=my-component --set image.tag=$(git rev-parse --short=8 HEAD) docker-plain chart +``` + ## How to create a custom jenkins-agent out of this docker-plain component - Remove `odsComponentStageRolloutOpenShiftDeployment(context)` from your `Jenkinsfile`. We only want to build a docker image, not run it outside the pipeline. - In your `Dockerfile`, replace `FROM alpine:latest` with the ods-jenkins-agent-base image that is available in the OpenDevStack namespace of your cluster, e.g. `FROM docker-registry.default.svc:5000/ods/jenkins-agent-base:latest`. diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 5eef5c249..10962f07a 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -14,12 +14,12 @@ fullnameOverride: "" # NOTE: By default image Values are injected from CICD Jenkins pipeline, values defined here are used when not being on CICD Jenkins pipeline context. # Default values here are provided in case one needs to use the chart without CICD (i.e.: testing the chart). image: - registry: "docker.io" - path: "nginxinc" - name: "nginx-unprivileged" - tag: "latest" - # You might consider using `IfNotPresent` policy, see https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy - pullPolicy: Always + # registry: "docker.io" + # path: "nginxinc" + # name: "nginx-unprivileged" + # tag: "latest" + # see https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + pullPolicy: IfNotPresent ## Prefer using ingress over openshift routes ingress: From 00ceccd84b83d87a1a31075a447f59bf2d1e8cb3 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Tue, 17 Sep 2024 15:18:40 +0200 Subject: [PATCH 29/38] Provide initial values files for environments --- docker-plain/Jenkinsfile.template | 3 ++- docker-plain/files/chart/values.dev.yaml | 1 + docker-plain/files/chart/values.prod.yaml | 3 +++ docker-plain/files/chart/values.test.yaml | 3 +++ 4 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 docker-plain/files/chart/values.dev.yaml create mode 100644 docker-plain/files/chart/values.prod.yaml create mode 100644 docker-plain/files/chart/values.test.yaml diff --git a/docker-plain/Jenkinsfile.template b/docker-plain/Jenkinsfile.template index 9f93839b3..e537a211a 100644 --- a/docker-plain/Jenkinsfile.template +++ b/docker-plain/Jenkinsfile.template @@ -21,7 +21,8 @@ odsComponentPipeline( odsComponentStageBuildOpenShiftImage(context) } odsComponentStageRolloutOpenShiftDeployment(context, [ - 'selector': "app.kubernetes.io/name=${context.componentId}" + 'selector': "app.kubernetes.io/name=${context.componentId}", + 'helmEnvBasedValuesFiles': ["values.env.yaml"], ]) } diff --git a/docker-plain/files/chart/values.dev.yaml b/docker-plain/files/chart/values.dev.yaml new file mode 100644 index 000000000..99520c495 --- /dev/null +++ b/docker-plain/files/chart/values.dev.yaml @@ -0,0 +1 @@ +# This file is used to override the default values in the chart/values.yaml file for deployment in 'dev' environment \ No newline at end of file diff --git a/docker-plain/files/chart/values.prod.yaml b/docker-plain/files/chart/values.prod.yaml new file mode 100644 index 000000000..3fd11896a --- /dev/null +++ b/docker-plain/files/chart/values.prod.yaml @@ -0,0 +1,3 @@ +# This file is used to override the default values in the chart/values.yaml file for deployment in 'prod' environment + +replicaCount: 2 \ No newline at end of file diff --git a/docker-plain/files/chart/values.test.yaml b/docker-plain/files/chart/values.test.yaml new file mode 100644 index 000000000..8c6f855da --- /dev/null +++ b/docker-plain/files/chart/values.test.yaml @@ -0,0 +1,3 @@ +# This file is used to override the default values in the chart/values.yaml file for deployment in 'test' environment + +replicaCount: 2 \ No newline at end of file From 4485450db1af133b10153f688b98eddfeac10ac2 Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Thu, 19 Sep 2024 08:12:32 +0200 Subject: [PATCH 30/38] more strict schema --- docker-plain/files/chart/values.schema.json | 590 +++++++++++++++++--- 1 file changed, 521 insertions(+), 69 deletions(-) diff --git a/docker-plain/files/chart/values.schema.json b/docker-plain/files/chart/values.schema.json index cab65c847..ca458efdb 100644 --- a/docker-plain/files/chart/values.schema.json +++ b/docker-plain/files/chart/values.schema.json @@ -1,100 +1,552 @@ - { - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "replicaCount": { - "description": "Number of replicas to deploy", - "type": "integer", - "minimum": 1, - "default": 1 + "$schema": "http://json-schema.org/schema#", + "type": "object", + "additionalProperties": false, + "properties": { + "replicaCount": { + "description": "Number of replicas to deploy", + "type": "integer", + "minimum": 1, + "default": 1 + }, + "imagePullSecrets": { + "description": "List of image pull secrets", + "type": "array", + "items": { + "type": "string" }, - "image": { - "description": "Container image to deploy", - "type": "object", - "properties": { - "repository": { - "type": "string", - "default": "nginx" - }, - "pullPolicy": { - "type": "string", - "default": "IfNotPresent" - }, - "tag": { - "type": "string", - "default": "latest" + "default": [] + }, + "nameOverride": { + "description": "Override the name of the chart", + "type": "string", + "default": "" + }, + "fullnameOverride": { + "description": "Override the full name of the chart", + "type": "string", + "default": "" + }, + "image": { + "description": "Container image to deploy", + "type": "object", + "additionalProperties": false, + "properties": { + "registry": { + "description": "Image registry", + "type": "string", + "default": "docker.io" + }, + "path": { + "description": "Image path", + "type": "string", + "default": "nginxinc" + }, + "name": { + "description": "Image name", + "type": "string", + "default": "nginx-unprivileged" + }, + "tag": { + "description": "Image tag", + "type": "string", + "default": "latest" + }, + "pullPolicy": { + "description": "Image pull policy", + "type": "string", + "default": "IfNotPresent" + } + } + }, + "ingress": { + "description": "Ingress configuration for the Helm chart", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Enable ingress", + "type": "boolean", + "default": false + }, + "className": { + "description": "Ingress class name", + "type": "string", + "default": "openshift-default" + }, + "annotations": { + "description": "Annotations for the ingress", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "hosts": { + "description": "List of ingress hosts", + "type": "array", + "items": { + "type": "object", + "properties": { + "host": { + "description": "Hostname", + "type": "string" + }, + "paths": { + "description": "Paths for the host", + "type": "array", + "items": { + "type": "object", + "properties": { + "path": { + "description": "Path", + "type": "string" + }, + "pathType": { + "description": "Path type", + "type": "string", + "enum": ["ImplementationSpecific", "Exact", "Prefix"] + } + } + } + } + } + } + }, + "tls": { + "description": "TLS configuration", + "type": "array", + "items": { + "type": "object", + "properties": { + "hosts": { + "description": "List of TLS hosts", + "type": "array", + "items": { + "type": "string" + } + }, + "secretName": { + "description": "Secret name for TLS", + "type": "string" + } + } } } - }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", + } + }, + "service": { + "description": "Service configuration", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Enable service", + "type": "boolean", + "default": true + }, + "port": { + "description": "Service port", + "type": "integer", + "default": 8080 + }, + "type": { + "description": "Service type", + "type": "string", + "enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"], "default": "ClusterIP" - }, - "port": { - "type": "integer", - "default": 80 + } + } + }, + "deploymentStrategy": { + "description": "Deployment strategy configuration", + "type": "object", + "additionalProperties": false, + "properties": { + "type": { + "description": "Deployment strategy type", + "type": "string", + "default": "RollingUpdate" + }, + "rollingUpdate": { + "description": "Rolling update configuration", + "type": "object", + "properties": { + "maxUnavailable": { + "description": "Maximum unavailable pods during update", + "type": "string", + "default": "0%" + }, + "maxSurge": { + "description": "Maximum surge pods during update", + "type": "string", + "default": "50%" + } } } - }, - "ingress": { - "description": "Ingress configuration for the Helm chart", - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "annotations": { - "type": "object" - }, - "hosts": { - "type": "array", - "items": { + } + }, + "probes": { + "description": "Probes configuration", + "type": "object", + "additionalProperties": false, + "properties": { + "livenessProbe": { + "description": "Liveness probe configuration", + "type": "object", + "properties": { + "exec": { + "description": "Exec probe configuration", "type": "object", "properties": { - "host": { - "type": "string", - - "paths": { + "command": { + "description": "Command to execute", "type": "array", "items": { - "type": "object", - "properties": { - "path": "string", - "pathType": "string" - } + "type": "string" } } - } } + }, + "tcpSocket": { + "description": "TCP socket probe configuration", + "type": "object", + "properties": { + "port": { + "description": "Port to probe", + "type": "integer" + } + } + }, + "failureThreshold": { + "description": "Failure threshold", + "type": "integer", + "default": 3 + }, + "httpGet": { + "description": "HTTP GET configuration for liveness probe", + "type": "object", + "properties": { + "path": { + "description": "Path to probe", + "type": "string", + "default": "/" + }, + "port": { + "description": "Port to probe", + "type": "integer", + "default": 8080 + }, + "scheme": { + "description": "Scheme to use", + "type": "string", + "default": "HTTP" + } + } + }, + "initialDelaySeconds": { + "description": "Initial delay in seconds", + "type": "integer", + "default": 5 + }, + "periodSeconds": { + "description": "Period in seconds", + "type": "integer", + "default": 10 + }, + "successThreshold": { + "description": "Success threshold", + "type": "integer", + "default": 1 + }, + "timeoutSeconds": { + "description": "Timeout in seconds", + "type": "integer", + "default": 3 } - }, - "tls": { - "type": "array", - "items": { + } + }, + "readinessProbe": { + "description": "Readiness probe configuration", + "type": "object", + "properties": { + "exec": { + "description": "Exec probe configuration", "type": "object", "properties": { - "hosts": { + "command": { + "description": "Command to execute", "type": "array", "items": { "type": "string" } + } + } + }, + "tcpSocket": { + "description": "TCP socket probe configuration", + "type": "object", + "properties": { + "port": { + "description": "Port to probe", + "type": "integer" + } + } + }, + "failureThreshold": { + "description": "Failure threshold", + "type": "integer", + "default": 3 + }, + "httpGet": { + "description": "HTTP GET configuration for liveness probe", + "type": "object", + "properties": { + "path": { + "description": "Path to probe", + "type": "string", + "default": "/" }, - "secretName": { - "type": "string" + "port": { + "description": "Port to probe", + "type": "integer", + "default": 8080 + }, + "scheme": { + "description": "Scheme to use", + "type": "string", + "default": "HTTP" } } + }, + "initialDelaySeconds": { + "description": "Initial delay in seconds", + "type": "integer", + "default": 5 + }, + "periodSeconds": { + "description": "Period in seconds", + "type": "integer", + "default": 10 + }, + "successThreshold": { + "description": "Success threshold", + "type": "integer", + "default": 1 + }, + "timeoutSeconds": { + "description": "Timeout in seconds", + "type": "integer", + "default": 3 } } } - }, - "resources": { - "description": "Resource requests and limits for the Helm chart", + } + }, + "serviceAccount": { + "description": "Service account configuration", + "type": "object", + "additionalProperties": false, + "properties": { + "create": { + "description": "Create service account", + "type": "boolean", + "default": false + }, + "annotations": { + "description": "Annotations for the service account", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "name": { + "description": "Name of the service account", + "type": "string" + } + } + }, + "podAnnotations": { + "description": "Annotations for the pod", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "podSecurityContext": { + "description": "Pod security context", + "type": "object", + "additionalProperties": false, + "properties": { + "fsGroup": { + "description": "Filesystem group", + "type": "integer" + } + } + }, + "securityContext": { + "description": "Container security context", + "type": "object", + "additionalProperties": false, + "properties": { + "capabilities": { + "description": "Security capabilities", + "type": "object", + "properties": { + "drop": { + "description": "Capabilities to drop", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "readOnlyRootFilesystem": { + "description": "Read-only root filesystem", + "type": "boolean" + }, + "runAsNonRoot": { + "description": "Run as non-root user", + "type": "boolean" + }, + "runAsUser": { + "description": "User ID to run as", + "type": "integer" + } + } + }, + "resources": { + "description": "Resource requests and limits", + "type": "object", + "additionalProperties": false, + "properties": { + "limits": { + "description": "Resource limits", + "type": "object", + "properties": { + "cpu": { + "description": "CPU limit", + "type": "string", + "default": "100m" + }, + "memory": { + "description": "Memory limit", + "type": "string", + "default": "128Mi" + } + } + }, + "requests": { + "description": "Resource requests", + "type": "object", + "properties": { + "cpu": { + "description": "CPU request", + "type": "string", + "default": "50m" + }, + "memory": { + "description": "Memory request", + "type": "string", + "default": "64Mi" + } + } + } + } + }, + "autoscaling": { + "description": "Autoscaling configuration", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Enable autoscaling", + "type": "boolean", + "default": false + }, + "minReplicas": { + "description": "Minimum number of replicas", + "type": "integer", + "default": 1 + }, + "maxReplicas": { + "description": "Maximum number of replicas", + "type": "integer", + "default": 100 + }, + "targetCPUUtilizationPercentage": { + "description": "Target CPU utilization percentage", + "type": "integer", + "default": 80 + }, + "targetMemoryUtilizationPercentage": { + "description": "Target memory utilization percentage", + "type": "integer" + } + } + }, + "nodeSelector": { + "description": "Node selector for pod assignment", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tolerations": { + "description": "Tolerations for pod assignment", + "type": "array", + "items": { "type": "object" } + }, + "affinity": { + "description": "Affinity rules for pod assignment", + "type": "object" + }, + "podAntiAffinity": { + "description": "Pod anti-affinity rules", + "type": ["string", "null"], + "default": "soft", + "enum": ["soft", "hard", null] + }, + "registry": { + "description": "Registry configuration - Injected by ODS pipeline", + "type": "string" + }, + "componentId": { + "description": "Component ID - Injected by ODS pipeline", + "type": "string" + }, + "imageTag": { + "description": "Image tag - Injected by ODS pipeline", + "type": "string" + }, + "imageNamespace": { + "description": "Image namespace", + "type": "string" + }, + "global": { + "description": "Global configuration - Injected by ODS pipeline", + "type": "object", + "additionalProperties": false, + "properties": { + "imageNamespace": { + "description": "Image namespace - Injected by ODS pipeline", + "type": "string" + }, + "registry": { + "description": "Registry configuration - Injected by ODS pipeline", + "type": "string" + }, + "componentId": { + "description": "Component ID - Injected by ODS pipeline", + "type": "string" + }, + "imageTag": { + "description": "Image tag - Injected by ODS pipeline", + "type": "string" + } + } } } +} \ No newline at end of file From 818e13f0b47ac8102a16c7611939991bb6b0863c Mon Sep 17 00:00:00 2001 From: Sebastian Halder Date: Fri, 20 Sep 2024 09:13:50 +0200 Subject: [PATCH 31/38] update image --- docker-plain/files/docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-plain/files/docker/Dockerfile b/docker-plain/files/docker/Dockerfile index 89137ce5d..788cfba71 100644 --- a/docker-plain/files/docker/Dockerfile +++ b/docker-plain/files/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi9/nginx-122 +FROM registry.access.redhat.com/ubi9/nginx-124 RUN echo -n "Hello World" > index.html From 6bf18ede8d52b61c814f40bc0fb68e4582f18946 Mon Sep 17 00:00:00 2001 From: "Gerard Castillo Lasheras (BI X)" Date: Fri, 20 Sep 2024 18:52:50 +0200 Subject: [PATCH 32/38] docker-plain add helm lint and helm template processing howto info in the readme --- docker-plain/files/README.md | 23 ++++++++++++++++--- docker-plain/files/chart/templates/_image.tpl | 2 +- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/docker-plain/files/README.md b/docker-plain/files/README.md index 0738cd4c5..cd124f08c 100644 --- a/docker-plain/files/README.md +++ b/docker-plain/files/README.md @@ -31,9 +31,26 @@ Using a local container runtime you can build the container and tag it with the docker build -t testing/my-component:$(git rev-parse --short=8 HEAD) docker/ ``` -### Deploying the helm chart using +### Helm chart linting -Using a local kubernetes cluster you can deploy the component: +This quickstarter comes with a fine-tunned [values.schema.json](chart/values.schema.json) Helm chart linting file. +Validate your chart template by running, under the `chart` folder, the following command: + +```bash +helm lint +``` + +### Helm chart template processing test + +One can test the chart template processing; run, under the `chart` folder, the following command: + +```bash +helm --debug template . --set image.path=testing --set image.name=my-component --set image.tag=$(git rev-parse --short=8 HEAD) +``` + +### Deploying the helm chart using a local k8s + +Using a local kubernetes cluster (i.e.: [kind](https://kind.sigs.k8s.io/)) you can deploy the component: ```bash kubectl create ns docker-plain @@ -46,4 +63,4 @@ helm upgrade --install --wait --atomic --namespace docker-plain --set image.path - In your `Dockerfile`, replace `FROM alpine:latest` with the ods-jenkins-agent-base image that is available in the OpenDevStack namespace of your cluster, e.g. `FROM docker-registry.default.svc:5000/ods/jenkins-agent-base:latest`. - Add everything you need in the jenkins-agent to your `Dockerfile`, for examples see the existing agents at [github](https://github.com/opendevstack/ods-quickstarters/tree/master/common/jenkins-agents). - Commit and push your code to git, this will trigger the pipeline and result in a docker image of your custom jenkins-agent in your cd-namespace. -- Now you can use your custom jenkins-agent by changing the imageStreamTag to `imageStreamTag: '/:latest'` in the `Jenkinsfile` of the actual application you want to build with your custom new jenkins-agent. \ No newline at end of file +- Now you can use your custom jenkins-agent by changing the imageStreamTag to `imageStreamTag: '/:latest'` in the `Jenkinsfile` of the actual application you want to build with your custom new jenkins-agent. diff --git a/docker-plain/files/chart/templates/_image.tpl b/docker-plain/files/chart/templates/_image.tpl index 035ee646e..1a527617b 100644 --- a/docker-plain/files/chart/templates/_image.tpl +++ b/docker-plain/files/chart/templates/_image.tpl @@ -16,4 +16,4 @@ If not set, values from .Values.image.registry, .Values.image.path, .Values.imag {{- else }} {{- printf "%s/%s:%s" (or .Values.imageNamespace .Values.image.path) (or .Values.componentId .Values.image.name) (or .Values.imageTag .Values.image.tag ) -}} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From 11871d42eadf4f82afd292a4ea7eb70024406307 Mon Sep 17 00:00:00 2001 From: "Vazquez,Brais (IT EDP)" Date: Mon, 23 Sep 2024 13:57:20 +0200 Subject: [PATCH 33/38] Update OS package by default --- docker-plain/files/docker/Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker-plain/files/docker/Dockerfile b/docker-plain/files/docker/Dockerfile index 788cfba71..e6e4c5b1d 100644 --- a/docker-plain/files/docker/Dockerfile +++ b/docker-plain/files/docker/Dockerfile @@ -1,5 +1,12 @@ FROM registry.access.redhat.com/ubi9/nginx-124 +USER root + +RUN yum -y update && \ + yum clean all + +USER 1001 + RUN echo -n "Hello World" > index.html # Run script uses standard ways to run the application From a4c338ab2a275c3bbfabc0f5eb67349e689f8401 Mon Sep 17 00:00:00 2001 From: Karl Li Date: Wed, 27 Nov 2024 22:22:00 +0800 Subject: [PATCH 34/38] docker-plain: add HorizontalPodAutoscaler --- docker-plain/files/chart/templates/hpa.yaml | 23 +++++++++++++++++++++ docker-plain/files/chart/values.yaml | 3 +-- 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 docker-plain/files/chart/templates/hpa.yaml diff --git a/docker-plain/files/chart/templates/hpa.yaml b/docker-plain/files/chart/templates/hpa.yaml new file mode 100644 index 000000000..58170e998 --- /dev/null +++ b/docker-plain/files/chart/templates/hpa.yaml @@ -0,0 +1,23 @@ +{{- if .Values.autoscaling.enabled -}} +{{- $fullName := include "chart.fullname" . -}} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ $fullName }} + labels: + {{- include "chart.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ $fullName }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization +{{- end }} diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 10962f07a..8b1c0405b 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -112,9 +112,8 @@ resources: autoscaling: enabled: false minReplicas: 1 - maxReplicas: 100 + maxReplicas: 3 targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 nodeSelector: {} From e3e65522a466e765a3b1c5c06a7b6a1ee9c0caf5 Mon Sep 17 00:00:00 2001 From: Karl Li Date: Thu, 28 Nov 2024 16:26:02 +0800 Subject: [PATCH 35/38] docker-plain: use nginx/nginx-unprivileged --- docker-plain/files/chart/values.schema.json | 6 +++--- docker-plain/files/chart/values.yaml | 16 +++++++-------- docker-plain/files/docker/Dockerfile | 14 +++---------- docker-plain/files/docker/default.conf | 22 +++++++++++++++++++++ 4 files changed, 36 insertions(+), 22 deletions(-) create mode 100644 docker-plain/files/docker/default.conf diff --git a/docker-plain/files/chart/values.schema.json b/docker-plain/files/chart/values.schema.json index ca458efdb..6b06bc125 100644 --- a/docker-plain/files/chart/values.schema.json +++ b/docker-plain/files/chart/values.schema.json @@ -35,12 +35,12 @@ "registry": { "description": "Image registry", "type": "string", - "default": "docker.io" + "default": "public.ecr.aws" }, "path": { "description": "Image path", "type": "string", - "default": "nginxinc" + "default": "nginx" }, "name": { "description": "Image name", @@ -50,7 +50,7 @@ "tag": { "description": "Image tag", "type": "string", - "default": "latest" + "default": "alpine-slim" }, "pullPolicy": { "description": "Image pull policy", diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 8b1c0405b..01f88a17e 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -14,10 +14,10 @@ fullnameOverride: "" # NOTE: By default image Values are injected from CICD Jenkins pipeline, values defined here are used when not being on CICD Jenkins pipeline context. # Default values here are provided in case one needs to use the chart without CICD (i.e.: testing the chart). image: - # registry: "docker.io" - # path: "nginxinc" + # registry: "public.ecr.aws" + # path: "nginx" # name: "nginx-unprivileged" - # tag: "latest" + # tag: "alpine-slim" # see https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy pullPolicy: IfNotPresent @@ -60,7 +60,7 @@ probes: livenessProbe: failureThreshold: 3 httpGet: - path: "/" + path: "/health" port: 8080 scheme: HTTP initialDelaySeconds: 5 @@ -71,7 +71,7 @@ probes: readinessProbe: failureThreshold: 1 httpGet: - path: "/" + path: "/health" port: 8080 scheme: HTTP initialDelaySeconds: 3 @@ -104,10 +104,10 @@ securityContext: {} resources: limits: cpu: 100m - memory: 128Mi + memory: 32Mi requests: - cpu: 50m - memory: 64Mi + cpu: 10m + memory: 16Mi autoscaling: enabled: false diff --git a/docker-plain/files/docker/Dockerfile b/docker-plain/files/docker/Dockerfile index e6e4c5b1d..51afac909 100644 --- a/docker-plain/files/docker/Dockerfile +++ b/docker-plain/files/docker/Dockerfile @@ -1,13 +1,5 @@ -FROM registry.access.redhat.com/ubi9/nginx-124 +FROM public.ecr.aws/nginx/nginx-unprivileged:alpine-slim -USER root +ENV NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=set -RUN yum -y update && \ - yum clean all - -USER 1001 - -RUN echo -n "Hello World" > index.html - -# Run script uses standard ways to run the application -CMD nginx -g "daemon off;" +COPY default.conf /etc/nginx/conf.d/ diff --git a/docker-plain/files/docker/default.conf b/docker-plain/files/docker/default.conf new file mode 100644 index 000000000..efdede32c --- /dev/null +++ b/docker-plain/files/docker/default.conf @@ -0,0 +1,22 @@ +server { + listen 8080; + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + location = /health { + access_log off; + add_header 'Content-Type' 'application/json'; + return 200 '{"status":"UP"}'; + } +} From 167397b82bfd83749db3f0e57a9ddda46bd8cf38 Mon Sep 17 00:00:00 2001 From: Karl Li Date: Thu, 28 Nov 2024 17:36:46 +0800 Subject: [PATCH 36/38] docker-plain: add simpleHost to chart/values.yaml --- docker-plain/files/chart/templates/NOTES.txt | 4 +++- docker-plain/files/chart/templates/ingress.yaml | 12 ++++++++++++ docker-plain/files/chart/values.schema.json | 4 ++++ docker-plain/files/chart/values.yaml | 4 ++++ 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/docker-plain/files/chart/templates/NOTES.txt b/docker-plain/files/chart/templates/NOTES.txt index 1708ecef9..721ede54c 100644 --- a/docker-plain/files/chart/templates/NOTES.txt +++ b/docker-plain/files/chart/templates/NOTES.txt @@ -1,7 +1,9 @@ Component '{{ include "chart.fullname" . }}' on version '{{ .Values.imageTag }}' released with Helm! {{- if .Values.ingress.enabled }} The component is exposed via the following routes: -{{- $appUrl := .Values.appUrl -}} +{{- if .Values.ingress.simpleHost }} +{{ printf "https://%s" .Values.ingress.simpleHost }} +{{- end }} {{- range .Values.ingress.hosts }} {{ printf "https://%s" .host }} {{- end }} diff --git a/docker-plain/files/chart/templates/ingress.yaml b/docker-plain/files/chart/templates/ingress.yaml index a2c5cb5c4..14489e0f2 100644 --- a/docker-plain/files/chart/templates/ingress.yaml +++ b/docker-plain/files/chart/templates/ingress.yaml @@ -32,6 +32,18 @@ spec: - {} {{- end }} rules: + {{- if .Values.ingress.simpleHost }} + - host: {{ .Values.ingress.simpleHost | quote }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- end }} {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: diff --git a/docker-plain/files/chart/values.schema.json b/docker-plain/files/chart/values.schema.json index 6b06bc125..534aadd1c 100644 --- a/docker-plain/files/chart/values.schema.json +++ b/docker-plain/files/chart/values.schema.json @@ -81,6 +81,10 @@ "type": "string" } }, + "simpleHost": { + "description": "Hostname for simple use cases", + "type": "string" + }, "hosts": { "description": "List of ingress hosts", "type": "array", diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index 01f88a17e..b5c39caac 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -33,6 +33,10 @@ ingress: ## e.g. add cert-manager support by annotating the ingress https://cert-manager.io/docs/usage/ingress/ ## ask in your company for good defaults + # If no more than one URL is needed, simpleHost is probably sufficient. Alternatively, Use hosts for more customization capabilities. + # simpleHost and hosts can coexist. Check out templates/ingress.yaml for more details. + # Usually we want different URLs for dev, test and prod environments. It makes sense to define them in values..yaml rather than in this file. + simpleHost: "" hosts: [] # When defining a host you must define also a path # - host: yourapp.yourdomain.com # paths: From fe5fa7f8d7794e84294d9de23f06f54586bbef9a Mon Sep 17 00:00:00 2001 From: Karl Li Date: Thu, 28 Nov 2024 20:50:13 +0800 Subject: [PATCH 37/38] docker-plain: allow additionalProperties; make use of .Values.service.enabled --- docker-plain/files/chart/templates/service.yaml | 2 ++ docker-plain/files/chart/values.schema.json | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docker-plain/files/chart/templates/service.yaml b/docker-plain/files/chart/templates/service.yaml index dfc5b3a33..4583f232e 100644 --- a/docker-plain/files/chart/templates/service.yaml +++ b/docker-plain/files/chart/templates/service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.service.enabled -}} apiVersion: v1 kind: Service metadata: @@ -13,3 +14,4 @@ spec: name: http selector: {{- include "chart.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/docker-plain/files/chart/values.schema.json b/docker-plain/files/chart/values.schema.json index 534aadd1c..f0cc887bc 100644 --- a/docker-plain/files/chart/values.schema.json +++ b/docker-plain/files/chart/values.schema.json @@ -1,7 +1,7 @@ { "$schema": "http://json-schema.org/schema#", "type": "object", - "additionalProperties": false, + "additionalProperties": true, "properties": { "replicaCount": { "description": "Number of replicas to deploy", @@ -532,7 +532,7 @@ "global": { "description": "Global configuration - Injected by ODS pipeline", "type": "object", - "additionalProperties": false, + "additionalProperties": true, "properties": { "imageNamespace": { "description": "Image namespace - Injected by ODS pipeline", From 6c58ed73ff582554906b4da832f28b41dff1a174 Mon Sep 17 00:00:00 2001 From: Karl Li Date: Sat, 30 Nov 2024 10:25:55 +0800 Subject: [PATCH 38/38] Revert "docker-plain: add simpleHost to chart/values.yaml" This reverts commit 167397b82bfd83749db3f0e57a9ddda46bd8cf38. --- docker-plain/files/chart/templates/NOTES.txt | 4 +--- docker-plain/files/chart/templates/ingress.yaml | 12 ------------ docker-plain/files/chart/values.schema.json | 4 ---- docker-plain/files/chart/values.yaml | 4 ---- 4 files changed, 1 insertion(+), 23 deletions(-) diff --git a/docker-plain/files/chart/templates/NOTES.txt b/docker-plain/files/chart/templates/NOTES.txt index 721ede54c..1708ecef9 100644 --- a/docker-plain/files/chart/templates/NOTES.txt +++ b/docker-plain/files/chart/templates/NOTES.txt @@ -1,9 +1,7 @@ Component '{{ include "chart.fullname" . }}' on version '{{ .Values.imageTag }}' released with Helm! {{- if .Values.ingress.enabled }} The component is exposed via the following routes: -{{- if .Values.ingress.simpleHost }} -{{ printf "https://%s" .Values.ingress.simpleHost }} -{{- end }} +{{- $appUrl := .Values.appUrl -}} {{- range .Values.ingress.hosts }} {{ printf "https://%s" .host }} {{- end }} diff --git a/docker-plain/files/chart/templates/ingress.yaml b/docker-plain/files/chart/templates/ingress.yaml index 14489e0f2..a2c5cb5c4 100644 --- a/docker-plain/files/chart/templates/ingress.yaml +++ b/docker-plain/files/chart/templates/ingress.yaml @@ -32,18 +32,6 @@ spec: - {} {{- end }} rules: - {{- if .Values.ingress.simpleHost }} - - host: {{ .Values.ingress.simpleHost | quote }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- end }} {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: diff --git a/docker-plain/files/chart/values.schema.json b/docker-plain/files/chart/values.schema.json index f0cc887bc..051b56aa1 100644 --- a/docker-plain/files/chart/values.schema.json +++ b/docker-plain/files/chart/values.schema.json @@ -81,10 +81,6 @@ "type": "string" } }, - "simpleHost": { - "description": "Hostname for simple use cases", - "type": "string" - }, "hosts": { "description": "List of ingress hosts", "type": "array", diff --git a/docker-plain/files/chart/values.yaml b/docker-plain/files/chart/values.yaml index b5c39caac..01f88a17e 100644 --- a/docker-plain/files/chart/values.yaml +++ b/docker-plain/files/chart/values.yaml @@ -33,10 +33,6 @@ ingress: ## e.g. add cert-manager support by annotating the ingress https://cert-manager.io/docs/usage/ingress/ ## ask in your company for good defaults - # If no more than one URL is needed, simpleHost is probably sufficient. Alternatively, Use hosts for more customization capabilities. - # simpleHost and hosts can coexist. Check out templates/ingress.yaml for more details. - # Usually we want different URLs for dev, test and prod environments. It makes sense to define them in values..yaml rather than in this file. - simpleHost: "" hosts: [] # When defining a host you must define also a path # - host: yourapp.yourdomain.com # paths: