Skip to content
Snippets Groups Projects
Commit 9d1d1498 authored by Marc Burnie [AWS]'s avatar Marc Burnie [AWS]
Browse files

adding AWS service helm chart

parent c3605ee9
No related branches found
No related tags found
1 merge request!250Adding AWS Helm Charts
Hide whitespace changes
Inline Side-by-side
Showing
with 496 additions and 0 deletions
devops/aws/chart/.helmignore 0 → 100644
+ 26
0
View file @ 9d1d1498
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# Build files
*.html
build-info.json
\ No newline at end of file
devops/aws/chart/Chart.yaml 0 → 100644
+ 12
0
View file @ 9d1d1498
apiVersion: v2
name: "os-notification"
version: 0.1.0
kubeVersion: "v1.21.x-x-x"
description: Notification Helm Chart for Kubernetes
type: application
appVersion: __VERSION__
dependencies:
- name: osdu-aws-lib
version: 0.1.0
repository: __HELM_REPO__/osdu-aws-lib/
deprecated: false
devops/aws/chart/README.md 0 → 100644
+ 58
0
View file @ 9d1d1498
# Helm Chart
## Introduction
The following document outlines how to deploy and update the service application onto an existing Kubernetes deployment using the [Helm](https://helm.sh) package manager.
## Prerequisites
The below software must be installed before continuing:
* [AWS CLI ^2.7.0](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
* [kubectl 1.21-1.22](https://kubernetes.io/docs/tasks/tools/)
* [Helm ^3.7.1](https://helm.sh/docs/intro/install/)
* [Helm S3 Plugin ^0.12.0](https://github.com/hypnoglow/helm-s3)
Additionally, an OSDU on AWS environment must be deployed.
## Installation/Updating
To install or update the service application by executing the following command in the CHART folder:
```bash
helm upgrade [RELEASE_NAME] . -i -n [NAMESPACE]
```
To observe the Kubernetes resources before deploying them using the command:
```bash
helm upgrade [RELEASE_NAME] . -i -n [NAMESPACE] --dry-run --debug
```
To observe the history of the current release, use the following command:
```bash
helm history [RELEASE_NAME] -n [NAMESPACE]
```
To revert to a previous release, use the following command:
```bash
helm rollback [RELEASE] [REVISION] -n [NAMESPACE]
```
### Customizing the Deployment
It is possible to modify the default values specified in the **values.yaml** file using the --set option. The below parameters can be modified by advanced users to customize the deployment configuration:
| Name | Example Value | Description | Type | Required |
| --- | ------------- | ----------- | ---- | -------- |
| `global.accountID` | `000123456789` | The AWS account ID. | int | yes |
| `global.region` | `us-east-1` | The AWS region containing the OSDU deployment. | str | yes |
| `global.resourcePrefix` | `osdu` | The resource prefix of the OSDU deployment. | str | yes |
| `global.allowOrigins` | `{http://localhost,https://www.osdu.aws}` | A list of domains that are permitted by CORS policy. An empty list permits all origins. | array[str] | no |
| `podAnnotations` | `podAnnotations.version=v1.0.0` | Additional annotations on the service pod | dict | no |
| `imagePullPolicy` | `IfNotPresent` | The service image pull policy | str | no |
| `replicaCount` | `1` | The number of pod replicas to be deployed | int | no |
| `autoscaling.minReplicas` | `1` | Minimum number of pod replicas | int | no |
| `autoscaling.maxReplicas` | `100` | Maximum number of pod replicas | int | no |
| `autoscaling.targetCPUUtilizationPercentage` | `80` | CPU utilization target | int | no |
## Uninstalling the Chart
To uninstall the helm release:
```bash
helm uninstall [RELEASE] -n [NAMESPACE] --keep-history
```
\ No newline at end of file
devops/aws/chart/templates/NOTES.txt 0 → 100644
+ 4
0
View file @ 9d1d1498
{{ .Chart.Name }} deployed to {{ .Release.Namespace }} namespace
{{- if (.Values.service).apiPath }}
Application URL available at path {{ .Values.service.apiPath }}
{{- end }}
\ No newline at end of file
devops/aws/chart/templates/authorizationpolicy.yaml 0 → 100644
+ 5
0
View file @ 9d1d1498
{{- template "common.authzpolicy" (list . "os-notification.authzpolicy") -}}
{{- define "os-notification.authzpolicy" -}}
## Define overrides for the service authorization policy resource here
{{- end -}}
devops/aws/chart/templates/deployment.yaml 0 → 100644
+ 4
0
View file @ 9d1d1498
{{- template "common.deployment" (list . "os-notification.deployment") -}}
{{- define "os-notification.deployment" -}}
## Define overrides for the service deployment resource here
{{- end -}}
\ No newline at end of file
devops/aws/chart/templates/destinationrule.yaml 0 → 100644
+ 4
0
View file @ 9d1d1498
{{- template "common.destinationrule" (list . "os-notification.destinationrule") -}}
{{- define "os-notification.destinationrule" -}}
## Define overrides for the service destination rule resource here
{{- end -}}
\ No newline at end of file
devops/aws/chart/templates/hpa.yaml 0 → 100644
+ 4
0
View file @ 9d1d1498
{{- template "common.hpa" (list . "os-notification.hpa") -}}
{{- define "os-notification.hpa" -}}
## Define overrides for the service HPA resource here
{{- end -}}
devops/aws/chart/templates/service.yaml 0 → 100644
+ 4
0
View file @ 9d1d1498
{{- template "common.service" (list . "os-notification.service") -}}
{{- define "os-notification.service" -}}
## Define overrides for the service resource here
{{- end -}}
\ No newline at end of file
devops/aws/chart/templates/serviceaccount.yaml 0 → 100644
+ 4
0
View file @ 9d1d1498
{{- template "common.serviceaccount" (list . "os-notification.serviceaccount") -}}
{{- define "os-notification.serviceaccount" -}}
## Define overrides for the service's service account resource here
{{- end -}}
\ No newline at end of file
devops/aws/chart/templates/tests/test-connection.yaml 0 → 100644
+ 15
0
View file @ 9d1d1498
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "common.fullname" . }}-test-connection"
labels:
{{- include "common.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
devops/aws/chart/templates/virtualservice.yaml 0 → 100644
+ 4
0
View file @ 9d1d1498
{{- template "common.virtualservice" (list . "os-notification.virtualservice") -}}
{{- define "os-notification.virtualservice" -}}
## Define overrides for the service's virtual service resource here
{{- end -}}
\ No newline at end of file
devops/aws/chart/values.schema.json 0 → 100644
+ 271
0
View file @ 9d1d1498
{
"$schema": "osdu-aws-services-helm",
"type": "object",
"default": {},
"required": [
"image",
"imagePullPolicy",
"service",
"podAnnotations",
"replicaCount",
"serviceAccountRole",
"securityContext"
],
"properties": {
"image": {
"type": "string",
"title": "The service container image URL"
},
"imagePullPolicy": {
"type": "string",
"pattern": "^(Always|Never|IfNotPresent)$",
"default": "Always"
},
"service": {
"type": "object",
"required": [
"type",
"port",
"apiPath"
],
"properties": {
"type": {
"type": "string",
"default": "ClusterIP"
},
"port": {
"type": "integer",
"default": 8080,
"title": "The port the service is hosted on",
"examples": [
8080,
443,
80
]
},
"apiPath": {
"type": "string",
"title": "The main API path",
"examples": [
"/api/service/v1/"
]
},
"readinessProbeHttpPath": {
"type": "string",
"examples": [
"/api/service/v1/actuator/health"
]
},
"livenessProbeHttpPath": {
"type": "string",
"examples": [
"/api/service/v1/actuator/health"
]
},
"startupProbeHttpPath": {
"type": "string",
"examples": [
"/api/service/v1/actuator/health"
]
}
},
"examples": [{
"type": "ClusterIP",
"port": 8080,
"apiPath": "/api/service/v1/",
"readinessProbeHttpPath": "/api/service/v1/actuator/health",
"livenessProbeHttpPath": "/api/service/v1/actuator/health",
"startupProbeHttpPath": "/api/service/v1/actuator/health"
}]
},
"serviceParameters": {
"type": "array",
"title": "The secret parameters consumed by the service",
"items": {
"type": "object",
"required": [
"objectName",
"objectType",
"objectAlias"
],
"properties": {
"objectName": {
"type": "string",
"title": "The SSM or secrets parameter name",
"examples": [
"/osdu/resource-prefix/redis/redisauthtoken",
"/osdu/resource-prefix/redis-core/end-point"
]
},
"objectType": {
"type": "string",
"title": "The type of parameter",
"pattern": "^(secretsmanager|ssmparameter|)$"
},
"objectAlias": {
"type": "string",
"title": "The name of the environment variable consumed by the service",
"examples": [
"CACHE_CLUSTER_KEY",
"CACHE_CLUSTER_ENDPOINT"
]
}
},
"examples": [{
"objectName": "/osdu/resource-prefix/redis/redisauthtoken",
"objectType": "secretsmanager",
"objectAlias": "CACHE_CLUSTER_KEY"
},
{
"objectName": "/osdu/resource-prefix/redis-core/end-point",
"objectType": "ssmparameter",
"objectAlias": "CACHE_CLUSTER_ENDPOINT"
}]
}
},
"environmentVariables": {
"type": "array",
"title": "The environment variables consumed by the service",
"items": {
"type": "object",
"title": "An environment variable definition",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"title": "The name of the environment variable consumed by the service",
"examples": [
"APPLICATION_PORT",
"AWS_REGION"
]
},
"value": {
"type": "string",
"title": "The value of the environment variable"
}
},
"examples": [{
"name": "APPLICATION_PORT",
"value": "8080"
},
{
"name": "AWS_REGION",
"value": "us-east-1"
}]
}
},
"podAnnotations": {
"type": "object",
"default": {}
},
"replicaCount": {
"type": "integer",
"default": 1,
"title": "The number of pod replicas"
},
"maxConnections": {
"type": "integer",
"default": 200,
"title": "The max number of service connections"
},
"resources": {
"type": "object"
},
"autoscaling": {
"type": "object"
},
"serviceAccountRole": {
"type": "string",
"default": "",
"title": "The service account IAM role"
},
"cors": {
"type": "object",
"default": {},
"title": "The cors Schema",
"required": [
"maxAge",
"allowCredentials",
"allowMethods",
"allowHeaders"
],
"properties": {
"maxAge": {
"type": "string",
"default": "60m",
"title": "The max age of the request"
},
"allowCredentials": {
"type": "boolean",
"default": true,
"title": "The allowCredentials Schema"
},
"allowMethods": {
"type": "array",
"title": "A list of supported API request methods",
"items": {
"type": "string",
"title": "Supported API request methods",
"pattern": "^(GET|POST|PUT|PATCH|OPTIONS|DELETE)$"
},
"examples": [
["POST",
"GET",
"PATCH",
"DELETE"
]
]
},
"allowHeaders": {
"type": "array",
"title": "A list of supported headers",
"items": {
"type": "string"
},
"examples": [
["Authorization",
"Data-Partition-Id",
"Correlation-Id",
"Content-Type"
]
]
}
},
"examples": [{
"maxAge": "60m",
"allowCredentials": true,
"allowMethods": [
"POST",
"GET",
"PATCH",
"DELETE"
],
"allowHeaders": [
"Authorization",
"Data-Partition-Id",
"Correlation-Id",
"Content-Type"
]
}]
},
"securityContext": {
"type": "object",
"default": {}
},
"allowedPrincipals": {
"type": "array",
"title": "A list of allowed service principals",
"items": {
"type": "string",
"title": "Allowed principal",
"examples": [
"cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account",
"cluster.local/ns/osdu-services/sa/compliance-queue"
]
}
}
}
}
\ No newline at end of file
devops/aws/chart/values.yaml 0 → 100644
+ 78
0
View file @ 9d1d1498
# Service Config
image: __CONTAINER__
imagePullPolicy: IfNotPresent
service:
type: ClusterIP
port: 8080
apiPath: /api/notification/v1/
readinessProbeHttpPath: /api/notification/v1/actuator/health
livenessProbeHttpPath: /api/notification/v1/actuator/health
environmentVariables:
- name: APPLICATION_PORT
value: "{{ .Values.service.port }}"
- name: AWS_REGION
value: "{{ .Values.global.region }}"
- name: RESOURCE_PREFIX
value: "{{ .Values.global.resourcePrefix }}"
- name: JAVA_OPTS
value: "-Xms538M -Xmx900M"
- name: LOG_LEVEL
value: "{{ default `INFO` .Values.global.logLevel }}"
- name: SSM_ENABLED
value: "True"
- name: SSL_ENABLED
value: "false"
- name: ENTITLEMENTS_BASE_URL
value: "http://os-entitlements:8080"
- name: REGISTER_BASE_URL
value: http://os-register:8080
podAnnotations: {}
# Resource Config
replicaCount: 1
resources:
limits:
memory: 900M
requests:
cpu: 500m
memory: 900M
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Security Config
serviceAccountRole: arn:aws:iam::{{ .Values.global.accountID }}:role/{{ .Values.global.resourcePrefix }}-{{ include "common.name" . }}
cors:
maxAge: "60m"
allowCredentials: true
allowMethods:
- POST
- GET
- PATCH
- PUT
- DELETE
allowHeaders:
- Authorization
- Data-Partition-Id
- Correlation-Id
- Content-Type
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
allowedPrincipals:
- cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
- cluster.local/ns/aws-binary-dms/sa/binary-dms
- cluster.local/ns/osdu-airflow/sa/airflow-dag-upload
- cluster.local/ns/osdu-ingest/sa/os-data-workflow
- cluster.local/ns/osdu-ingest/sa/os-ingestion-workflow
- cluster.local/ns/osdu-seismic-ddms/sa/os-seismic-store
- cluster.local/ns/osdu-well-delivery/sa/os-welldelivery
- cluster.local/ns/osdu-wellbore-ddms/sa/os-wellbore-ddms
provider/notification-aws/build-aws/buildspec.yaml
+ 3
0
View file @ 9d1d1498
......@@ -68,6 +68,9 @@ phases:
- echo "Building integration testing assemblies and gathering artifacts..."
- ./testing/notification-test-aws/build-aws/prepare-dist.sh
- echo "--Copying Helm Charts to ${OUTPUT_DIR:-dist}--"
- rsync -r devops/aws/* "${OUTPUT_DIR:-dist}"
- echo "Logging into Docker Hub..."
- docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment