From 488805fc3a130bb3c107b60837bda40d655c96df Mon Sep 17 00:00:00 2001
From: Marc Burnie <mburnie@amazon.com>
Date: Wed, 20 Jul 2022 14:41:01 -0500
Subject: [PATCH] adding initial service helm chart
---
devops/aws/chart/.helmignore | 23 ++
devops/aws/chart/Chart.yaml | 12 +
devops/aws/chart/README.md | 52 +++
devops/aws/chart/templates/NOTES.txt | 2 +
.../chart/templates/authorizationpolicy.yaml | 10 +
devops/aws/chart/templates/deployment.yaml | 8 +
.../aws/chart/templates/destinationrule.yaml | 9 +
devops/aws/chart/templates/hpa.yaml | 11 +
devops/aws/chart/templates/service.yaml | 8 +
.../aws/chart/templates/serviceaccount.yaml | 8 +
.../templates/tests/test-connection.yaml | 15 +
.../aws/chart/templates/virtualservice.yaml | 8 +
devops/aws/chart/values.schema.json | 351 ++++++++++++++++++
devops/aws/chart/values.yaml | 87 +++++
.../notification-aws/build-aws/buildspec.yaml | 3 +
15 files changed, 607 insertions(+)
create mode 100644 devops/aws/chart/.helmignore
create mode 100644 devops/aws/chart/Chart.yaml
create mode 100644 devops/aws/chart/README.md
create mode 100644 devops/aws/chart/templates/NOTES.txt
create mode 100644 devops/aws/chart/templates/authorizationpolicy.yaml
create mode 100644 devops/aws/chart/templates/deployment.yaml
create mode 100644 devops/aws/chart/templates/destinationrule.yaml
create mode 100644 devops/aws/chart/templates/hpa.yaml
create mode 100644 devops/aws/chart/templates/service.yaml
create mode 100644 devops/aws/chart/templates/serviceaccount.yaml
create mode 100644 devops/aws/chart/templates/tests/test-connection.yaml
create mode 100644 devops/aws/chart/templates/virtualservice.yaml
create mode 100644 devops/aws/chart/values.schema.json
create mode 100644 devops/aws/chart/values.yaml
diff --git a/devops/aws/chart/.helmignore b/devops/aws/chart/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/devops/aws/chart/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/devops/aws/chart/Chart.yaml b/devops/aws/chart/Chart.yaml
new file mode 100644
index 000000000..3360cafe4
--- /dev/null
+++ b/devops/aws/chart/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: "os-notification"
+version: 0.1.0
+kubeVersion: "v1.21.x-x-x"
+description: Notification Helm Chart for Kubernetes
+type: application
+appVersion: __VERSION__
+dependencies:
+ - name: osdu-aws-lib
+ version: 0.1.0
+ repository: __HELM_REPO__/osdu-aws-lib/
+deprecated: false
diff --git a/devops/aws/chart/README.md b/devops/aws/chart/README.md
new file mode 100644
index 000000000..7c2d241d1
--- /dev/null
+++ b/devops/aws/chart/README.md
@@ -0,0 +1,52 @@
+# Helm Chart
+
+## Introduction
+The following document outlines how to deploy and update the service application onto an existing Kubernetes deployment using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+The below software must be installed before continuing:
+* [AWS CLI ^2.7.0](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
+* [kubectl 1.21-1.22](https://kubernetes.io/docs/tasks/tools/)
+* [Helm ^3.7.1](https://helm.sh/docs/intro/install/)
+
+Additionally, an OSDU on AWS environment must be deployed.
+
+## Installation/Updating
+To install or update the service application by executing the following command in the devops/aws/chart folder:
+
+```bash
+helm upgrade [RELEASE_NAME] .
+```
+
+To observe the Kubernetes resources before deploying them using the command:
+```bash
+helm upgrade [RELEASE_NAME] . --dry-run --debug
+```
+
+To observe the history of the current release, use the following command:
+```bash
+helm history [RELEASE]
+```
+
+To revert to a previous release, use the following command:
+```bash
+helm rollback [RELEASE] [REVISION]
+```
+
+### Customizing the Deployment
+It is possible to modify the default values specified in the **values.yaml** file using the --set option. The below variables can be modified by advanced users to customize the deployment configuration:
+
+| Name | Example Value | Description | Type |
+| --- | ------------- | ----------- | ---- |
+| `replicaCount` | `1` | The number of pod replicas to be deployed | int |
+| `autoscaling.enabled` | `true` | Enables the pod autoscaler | Bool |
+| `autoscaling.minReplicas` | `1` | Minimum number of pod replicas | int |
+| `autoscaling.maxReplicas` | `100` | Maximum number of pod replicas | int |
+| `autoscaling.targetCPUUtilizationPercentage` | `80` | CPU utilization target | int |
+
+## Uninstalling the Chart
+To uninstall the helm release:
+
+```bash
+helm uninstall [RELEASE] --keep-history
+```
diff --git a/devops/aws/chart/templates/NOTES.txt b/devops/aws/chart/templates/NOTES.txt
new file mode 100644
index 000000000..4536ef2aa
--- /dev/null
+++ b/devops/aws/chart/templates/NOTES.txt
@@ -0,0 +1,2 @@
+{{ .Chart.Name }} deployed to {{ .Values.namespace }} namespace
+Application URL available at path {{ .Values.service.apiPath }}
\ No newline at end of file
diff --git a/devops/aws/chart/templates/authorizationpolicy.yaml b/devops/aws/chart/templates/authorizationpolicy.yaml
new file mode 100644
index 000000000..850ae31e4
--- /dev/null
+++ b/devops/aws/chart/templates/authorizationpolicy.yaml
@@ -0,0 +1,10 @@
+{{- /*
+AUTHORIZATION POLICY
+REQUIRED VALUES: [allowedPrincipals, namespace]
+*/ -}}
+
+{{- template "common.authzpolicy" (list . "service.authzpolicy") -}}
+{{- define "service.authzpolicy" -}}
+## Define overrides for the service authorization policy resource here
+{{- end -}}
+
diff --git a/devops/aws/chart/templates/deployment.yaml b/devops/aws/chart/templates/deployment.yaml
new file mode 100644
index 000000000..50374f958
--- /dev/null
+++ b/devops/aws/chart/templates/deployment.yaml
@@ -0,0 +1,8 @@
+
+{{- /*
+DEPLOYMENT
+*/ -}}
+{{- template "common.deployment" (list . "service.deployment") -}}
+{{- define "service.deployment" -}}
+## Define overrides for the service deployment resource here
+{{- end -}}
\ No newline at end of file
diff --git a/devops/aws/chart/templates/destinationrule.yaml b/devops/aws/chart/templates/destinationrule.yaml
new file mode 100644
index 000000000..13771f60a
--- /dev/null
+++ b/devops/aws/chart/templates/destinationrule.yaml
@@ -0,0 +1,9 @@
+{{- /*
+DESTINATION RULE
+REQUIRED VALUES: [service.port, namespace]
+*/ -}}
+
+{{- template "common.destinationrule" (list . "service.destinationrule") -}}
+{{- define "service.destinationrule" -}}
+## Define overrides for the service destination rule resource here
+{{- end -}}
\ No newline at end of file
diff --git a/devops/aws/chart/templates/hpa.yaml b/devops/aws/chart/templates/hpa.yaml
new file mode 100644
index 000000000..488881136
--- /dev/null
+++ b/devops/aws/chart/templates/hpa.yaml
@@ -0,0 +1,11 @@
+
+{{- /*
+HPA
+REQUIRED VALUES: [autoscaling, namespace]
+*/ -}}
+{{- define "service.hpa" -}}
+{{- if .Values.autoscaling.enabled }}
+{{- template "common.hpa" (list . "service.hpa") -}}
+## Define overrides for the service HPA resource here
+{{- end }}
+{{- end -}}
diff --git a/devops/aws/chart/templates/service.yaml b/devops/aws/chart/templates/service.yaml
new file mode 100644
index 000000000..514b96187
--- /dev/null
+++ b/devops/aws/chart/templates/service.yaml
@@ -0,0 +1,8 @@
+{{- /*
+SERVICE
+REQUIRED VALUES: [service.port, service.type, namespace]
+*/ -}}
+{{- template "common.service" (list . "service.service") -}}
+{{- define "service.service" -}}
+## Define overrides for the service resource here
+{{- end -}}
\ No newline at end of file
diff --git a/devops/aws/chart/templates/serviceaccount.yaml b/devops/aws/chart/templates/serviceaccount.yaml
new file mode 100644
index 000000000..96cd8ef48
--- /dev/null
+++ b/devops/aws/chart/templates/serviceaccount.yaml
@@ -0,0 +1,8 @@
+{{- /*
+SERVICE ACCOUNT
+REQUIRED VALUES: [namespace]
+*/ -}}
+{{- template "common.serviceaccount" (list . "service.serviceaccount") -}}
+{{- define "service.serviceaccount" -}}
+## Define overrides for the service's service account resource here
+{{- end -}}
\ No newline at end of file
diff --git a/devops/aws/chart/templates/tests/test-connection.yaml b/devops/aws/chart/templates/tests/test-connection.yaml
new file mode 100644
index 000000000..f341212ea
--- /dev/null
+++ b/devops/aws/chart/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "common.fullname" . }}-test-connection"
+ labels:
+ {{- include "common.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
diff --git a/devops/aws/chart/templates/virtualservice.yaml b/devops/aws/chart/templates/virtualservice.yaml
new file mode 100644
index 000000000..40c76d83f
--- /dev/null
+++ b/devops/aws/chart/templates/virtualservice.yaml
@@ -0,0 +1,8 @@
+{{- /*
+VIRTUAL SERVICE
+REQUIRED VALUES: [service.apiPath, service.port, gatewayName, cors, namespace]
+*/ -}}
+{{- template "common.virtualservice" (list . "service.virtualservice") -}}
+{{- define "service.virtualservice" -}}
+## Define overrides for the service's virtual service resource here
+{{- end -}}
\ No newline at end of file
diff --git a/devops/aws/chart/values.schema.json b/devops/aws/chart/values.schema.json
new file mode 100644
index 000000000..d51a1ceda
--- /dev/null
+++ b/devops/aws/chart/values.schema.json
@@ -0,0 +1,351 @@
+{
+ "$schema": "osdu-aws-services-helm",
+ "type": "object",
+ "default": {},
+ "required": [
+ "accountID",
+ "region",
+ "resourcePrefix",
+ "namespace",
+ "gatewayName",
+ "image",
+ "imagePullPolicy",
+ "service",
+ "logLevel",
+ "podAnnotations",
+ "replicaCount",
+ "serviceAccountRole",
+ "securityContext",
+ "allowedPrincipals"
+ ],
+ "properties": {
+ "accountID": {
+ "type": "string",
+ "title": "The accountID of the OSDU on AWS deployment"
+ },
+ "region": {
+ "type": "string",
+ "default": "us-east-1",
+ "title": "The region of the OSDU on AWS deployment",
+ "examples": [
+ "eu-north-1",
+ "ap-south-1",
+ "eu-west-3",
+ "eu-west-2",
+ "eu-west-1",
+ "ap-northeast-3",
+ "ap-northeast-2",
+ "me-south-1",
+ "ap-northeast-1",
+ "sa-east-1",
+ "ca-central-1",
+ "ap-east-1",
+ "ap-southeast-1",
+ "ap-southeast-2",
+ "eu-central-1",
+ "us-east-1",
+ "us-east-2",
+ "us-west-1",
+ "us-west-2"
+ ]
+ },
+ "resourcePrefix": {
+ "type": "string",
+ "title": "The resourcePrefix of the OSDU on AWS deployment"
+ },
+ "namespace": {
+ "type": "string",
+ "default": "osdu-services",
+ "title": "The namespace of the core services"
+ },
+ "gatewayName": {
+ "type": "string",
+ "default": "osdu-gateway",
+ "title": "The name of the OSDU Core services gateway"
+ },
+ "image": {
+ "type": "string",
+ "title": "The service container image URL"
+ },
+ "imagePullPolicy": {
+ "type": "string",
+ "pattern": "^(Always|Never|IfNotPresent)$",
+ "default": "Always"
+ },
+ "service": {
+ "type": "object",
+ "required": [
+ "type",
+ "port",
+ "apiPath"
+ ],
+ "properties": {
+ "type": {
+ "type": "string",
+ "default": "ClusterIP"
+ },
+ "port": {
+ "type": "integer",
+ "default": 8080,
+ "title": "The port the service is hosted on",
+ "examples": [
+ 8080,
+ 443,
+ 80
+ ]
+ },
+ "apiPath": {
+ "type": "string",
+ "title": "The main API path",
+ "examples": [
+ "/api/service/v1/"
+ ]
+ },
+ "readinessProbeHttpPath": {
+ "type": "string",
+ "examples": [
+ "/api/service/v1/actuator/health"
+ ]
+ },
+ "livenessProbeHttpPath": {
+ "type": "string",
+ "examples": [
+ "/api/service/v1/actuator/health"
+ ]
+ },
+ "startupProbeHttpPath": {
+ "type": "string",
+ "examples": [
+ "/api/service/v1/actuator/health"
+ ]
+ }
+ },
+ "examples": [{
+ "type": "ClusterIP",
+ "port": 8080,
+ "apiPath": "/api/service/v1/",
+ "readinessProbeHttpPath": "/api/service/v1/actuator/health",
+ "livenessProbeHttpPath": "/api/service/v1/actuator/health",
+ "startupProbeHttpPath": "/api/service/v1/actuator/health"
+ }]
+ },
+ "serviceParameters": {
+ "type": "array",
+ "title": "The secret parameters consumed by the service",
+ "items": {
+ "type": "object",
+ "required": [
+ "objectName",
+ "objectType",
+ "objectAlias"
+ ],
+ "properties": {
+ "objectName": {
+ "type": "string",
+ "title": "The SSM or secrets parameter name",
+ "examples": [
+ "/osdu/resource-prefix/redis/redisauthtoken",
+ "/osdu/resource-prefix/redis-core/end-point"
+ ]
+ },
+ "objectType": {
+ "type": "string",
+ "title": "The type of parameter",
+ "pattern": "^(secretsmanager|ssmparameter|)$"
+ },
+ "objectAlias": {
+ "type": "string",
+ "title": "The name of the environment variable consumed by the service",
+ "examples": [
+ "CACHE_CLUSTER_KEY",
+ "CACHE_CLUSTER_ENDPOINT"
+ ]
+ }
+ },
+ "examples": [{
+ "objectName": "/osdu/resource-prefix/redis/redisauthtoken",
+ "objectType": "secretsmanager",
+ "objectAlias": "CACHE_CLUSTER_KEY"
+ },
+ {
+ "objectName": "/osdu/resource-prefix/redis-core/end-point",
+ "objectType": "ssmparameter",
+ "objectAlias": "CACHE_CLUSTER_ENDPOINT"
+ }]
+ }
+ },
+ "environmentVariables": {
+ "type": "array",
+ "title": "The environment variables consumed by the service",
+ "items": {
+ "type": "object",
+ "title": "An environment variable definition",
+ "required": [
+ "name",
+ "value"
+ ],
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "The name of the environment variable consumed by the service",
+ "examples": [
+ "APPLICATION_PORT",
+ "AWS_REGION"
+ ]
+ },
+ "value": {
+ "type": "string",
+ "title": "The value of the environment variable"
+ }
+ },
+ "examples": [{
+ "name": "APPLICATION_PORT",
+ "value": "8080"
+ },
+ {
+ "name": "AWS_REGION",
+ "value": "us-east-1"
+ }]
+ }
+ },
+ "logLevel": {
+ "type": "string",
+ "default": "INFO",
+ "pattern": "^(TRACE|DEBUG|INFO|WARN|ERROR|FATAL|OFF)$"
+ },
+ "podAnnotations": {
+ "type": "object",
+ "default": {}
+ },
+ "replicaCount": {
+ "type": "integer",
+ "default": 1,
+ "title": "The number of pod replicas"
+ },
+ "maxConnections": {
+ "type": "integer",
+ "default": 200,
+ "title": "The max number of service connections"
+ },
+ "resources": {
+ "type": "object"
+ },
+ "autoscaling": {
+ "type": "object"
+ },
+ "serviceAccountRole": {
+ "type": "string",
+ "default": "",
+ "title": "The service account IAM role"
+ },
+ "cors": {
+ "type": "object",
+ "default": {},
+ "title": "The cors Schema",
+ "required": [
+ "maxAge",
+ "allowCredentials",
+ "allowMethods",
+ "allowHeaders",
+ "allowOrigins"
+ ],
+ "properties": {
+ "maxAge": {
+ "type": "string",
+ "default": "60m",
+ "title": "The max age of the request"
+ },
+ "allowCredentials": {
+ "type": "boolean",
+ "default": true,
+ "title": "The allowCredentials Schema"
+ },
+ "allowMethods": {
+ "type": "array",
+ "title": "A list of supported API request methods",
+ "items": {
+ "type": "string",
+ "title": "Supported API request methods",
+ "pattern": "^(GET|POST|PUT|PATCH|OPTIONS|DELETE)$"
+ },
+ "examples": [
+ ["POST",
+ "GET",
+ "PATCH",
+ "DELETE"
+ ]
+ ]
+ },
+ "allowHeaders": {
+ "type": "array",
+ "title": "A list of supported headers",
+ "items": {
+ "type": "string"
+ },
+ "examples": [
+ ["Authorization",
+ "Data-Partition-Id",
+ "Correlation-Id",
+ "Content-Type"
+ ]
+ ]
+ },
+ "allowOrigins": {
+ "type": "array",
+ "default": [],
+ "title": "A list of the allowed origins",
+ "items": {
+ "type": "object",
+ "default": {},
+ "title": "Istio string match pattern",
+ "pattern": "^(prefix|exact|regex)$",
+ "examples": [{
+ "prefix": "*"
+ }]
+ },
+ "examples": [
+ [
+ {"prefix": "*"},
+ {"prefix": "www.example.com/"}
+ ]
+ ]
+ }
+ },
+ "examples": [{
+ "maxAge": "60m",
+ "allowCredentials": true,
+ "allowMethods": [
+ "POST",
+ "GET",
+ "PATCH",
+ "DELETE"
+ ],
+ "allowHeaders": [
+ "Authorization",
+ "Data-Partition-Id",
+ "Correlation-Id",
+ "Content-Type"
+ ],
+ "allowOrigins": [{
+ "prefix": "*"
+ }]
+ }]
+ },
+ "securityContext": {
+ "type": "object",
+ "default": {}
+ },
+ "allowedPrincipals": {
+ "type": "array",
+ "title": "A list of allowed service principals",
+ "items": {
+ "type": "string",
+ "title": "Allowed principal",
+ "examples": [
+ "cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account",
+ "cluster.local/ns/osdu-services/sa/compliance-queue"
+ ]
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/devops/aws/chart/values.yaml b/devops/aws/chart/values.yaml
new file mode 100644
index 000000000..8ec24178c
--- /dev/null
+++ b/devops/aws/chart/values.yaml
@@ -0,0 +1,87 @@
+# Environment Config
+accountID:
+region:
+resourcePrefix:
+namespace: osdu-services
+gatewayName: osdu-gateway
+
+# Service Config
+image: __CONTAINER__
+imagePullPolicy: IfNotPresent
+service:
+ type: ClusterIP
+ port: 8080
+ apiPath: /api/notification/v1/
+ readinessProbeHttpPath: /api/notification/v1/actuator/health
+ livenessProbeHttpPath: /api/notification/v1/actuator/health
+logLevel: INFO
+environmentVariables:
+ - name: APPLICATION_PORT
+ value: "{{ .Values.service.port }}"
+ - name: AWS_REGION
+ value: "{{ .Values.region }}"
+ - name: RESOURCE_PREFIX
+ value: "{{ .Values.resourcePrefix }}"
+ - name: JAVA_OPTS
+ value: "-Xms538M -Xmx900M"
+ - name: LOG_LEVEL
+ value: "{{ .Values.logLevel }}"
+ - name: SSM_ENABLED
+ value: "True"
+ - name: SSL_ENABLED
+ value: "false"
+ - name: ENTITLEMENTS_BASE_URL
+ value: "http://os-entitlements:8080"
+ - name: REGISTER_BASE_URL
+ value: http://os-register:8080
+podAnnotations: {}
+
+# Resource Config
+replicaCount: 1
+resources:
+ limits:
+ memory: 900M
+ requests:
+ cpu: 500m
+ memory: 900M
+autoscaling:
+ enabled: true
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+
+# Security Config
+serviceAccountRole: arn:aws:iam::{{ .Values.accountID }}:role/osdu-{{ .Values.resourcePrefix }}-{{ include "common.name" . }}
+cors:
+ maxAge: "60m"
+ allowCredentials: true
+ allowMethods:
+ - POST
+ - GET
+ - PATCH
+ - PUT
+ - DELETE
+ allowHeaders:
+ - Authorization
+ - Data-Partition-Id
+ - Correlation-Id
+ - Content-Type
+ allowOrigins:
+ - prefix: '*'
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+allowedPrincipals:
+ - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
+ - cluster.local/ns/aws-binary-dms/sa/binary-dms
+ - cluster.local/ns/osdu-airflow/sa/airflow-dag-upload
+ - cluster.local/ns/osdu-ingest/sa/os-data-workflow
+ - cluster.local/ns/osdu-ingest/sa/os-ingestion-workflow
+ - cluster.local/ns/osdu-seismic-ddms/sa/os-seismic-store
+ - cluster.local/ns/osdu-well-delivery/sa/os-welldelivery
+ - cluster.local/ns/osdu-wellbore-ddms/sa/os-wellbore-ddms
diff --git a/provider/notification-aws/build-aws/buildspec.yaml b/provider/notification-aws/build-aws/buildspec.yaml
index 6d134addb..9ead110bd 100644
--- a/provider/notification-aws/build-aws/buildspec.yaml
+++ b/provider/notification-aws/build-aws/buildspec.yaml
@@ -68,6 +68,9 @@ phases:
- echo "Building integration testing assemblies and gathering artifacts..."
- ./testing/notification-test-aws/build-aws/prepare-dist.sh
+ - echo "--Copying Helm Charts to ${OUTPUT_DIR:-dist}--"
+ - rsync -r devops/aws/* "${OUTPUT_DIR:-dist}"
+
- echo "Logging into Docker Hub..."
- docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
--
GitLab