From e0aaf21a2321511da26a1fdbd53665bcb2e7165a Mon Sep 17 00:00:00 2001
From: Manish Singh <mksing28@in.ibm.com>
Date: Mon, 10 Oct 2022 14:35:24 +0000
Subject: [PATCH] Merge ibm helm
---
.gitignore | 6 +-
.gitlab-ci.yml | 2 +
devops/ibm/ibm-schema-config/.helmignore | 23 +++++
devops/ibm/ibm-schema-config/Chart.yaml | 24 +++++
.../ibm-schema-config/templates/_helpers.tpl | 62 ++++++++++++
.../templates/configmap.yaml | 48 ++++++++++
devops/ibm/ibm-schema-config/values.yaml | 49 ++++++++++
devops/ibm/ibm-schema-deploy/.helmignore | 23 +++++
devops/ibm/ibm-schema-deploy/Chart.yaml | 24 +++++
.../ibm/ibm-schema-deploy/templates/NOTES.txt | 22 +++++
.../ibm-schema-deploy/templates/_helpers.tpl | 62 ++++++++++++
.../templates/deployment.yaml | 94 +++++++++++++++++++
.../ibm/ibm-schema-deploy/templates/hpa.yaml | 28 ++++++
.../ibm-schema-deploy/templates/ingress.yaml | 61 ++++++++++++
.../templates/istio-authzpolicy.yaml | 19 ++++
.../templates/istio-virtualservice.yaml | 40 ++++++++
.../schema-bootstrap-job-clusterrole-sa.yaml | 55 +++++++++++
.../schema-bootstrap-job-configmap.yaml | 37 ++++++++
.../templates/schema-bootstrap-job.yaml | 47 ++++++++++
.../ibm-schema-deploy/templates/service.yaml | 15 +++
.../templates/serviceaccount.yaml | 12 +++
.../templates/tests/test-connection.yaml | 15 +++
devops/ibm/ibm-schema-deploy/values.yaml | 92 ++++++++++++++++++
23 files changed, 859 insertions(+), 1 deletion(-)
create mode 100644 devops/ibm/ibm-schema-config/.helmignore
create mode 100644 devops/ibm/ibm-schema-config/Chart.yaml
create mode 100644 devops/ibm/ibm-schema-config/templates/_helpers.tpl
create mode 100644 devops/ibm/ibm-schema-config/templates/configmap.yaml
create mode 100644 devops/ibm/ibm-schema-config/values.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/.helmignore
create mode 100644 devops/ibm/ibm-schema-deploy/Chart.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/NOTES.txt
create mode 100644 devops/ibm/ibm-schema-deploy/templates/_helpers.tpl
create mode 100644 devops/ibm/ibm-schema-deploy/templates/deployment.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/hpa.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/ingress.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/istio-authzpolicy.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/istio-virtualservice.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job-clusterrole-sa.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job-configmap.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/service.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/serviceaccount.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/templates/tests/test-connection.yaml
create mode 100644 devops/ibm/ibm-schema-deploy/values.yaml
diff --git a/.gitignore b/.gitignore
index 4963c32b2..3e4ab7fd0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -48,4 +48,8 @@ dist/
.envrc
# Python gen files
-*.pyc
\ No newline at end of file
+*.pyc
+
+#ibm helm chart manifest
+devops/ibm/ibm-schema-config/manifests
+devops/ibm/ibm-schema-deploy/manifests
\ No newline at end of file
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1dc4d07c7..758407a02 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,6 +13,8 @@ variables:
IBM_TEST_CMD: verify
IBM_DEPLOYMENTS_SUBDIR: deployments/scripts/ibm
IBM_DEPLOYMENTS_SCRIPTS_SUBDIR: deployments/scripts
+ IBM_HELM_CONFIG_PATH: devops/ibm/ibm-schema-config
+ IBM_HELM_DEPLOY_PATH: devops/ibm/ibm-schema-deploy
AZURE_SERVICE: schema
AZURE_BUILD_SUBDIR: provider/schema-azure
diff --git a/devops/ibm/ibm-schema-config/.helmignore b/devops/ibm/ibm-schema-config/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/devops/ibm/ibm-schema-config/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/devops/ibm/ibm-schema-config/Chart.yaml b/devops/ibm/ibm-schema-config/Chart.yaml
new file mode 100644
index 000000000..61af55375
--- /dev/null
+++ b/devops/ibm/ibm-schema-config/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: ibm-schema-config
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/devops/ibm/ibm-schema-config/templates/_helpers.tpl b/devops/ibm/ibm-schema-config/templates/_helpers.tpl
new file mode 100644
index 000000000..1a898e37b
--- /dev/null
+++ b/devops/ibm/ibm-schema-config/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ibm-schema-config.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ibm-schema-config.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ibm-schema-config.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ibm-schema-config.labels" -}}
+helm.sh/chart: {{ include "ibm-schema-config.chart" . }}
+{{ include "ibm-schema-config.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ibm-schema-config.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ibm-schema-config.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ibm-schema-config.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ibm-schema-config.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/devops/ibm/ibm-schema-config/templates/configmap.yaml b/devops/ibm/ibm-schema-config/templates/configmap.yaml
new file mode 100644
index 000000000..912d3b3a9
--- /dev/null
+++ b/devops/ibm/ibm-schema-config/templates/configmap.yaml
@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: "{{ .Values.conf.configmap }}"
+data:
+#log-and-common
+ LOG_LEVEL: "{{ .Values.data.logLevel }}"
+ LOG_PREFIX: "{{ .Values.data.logPrefix }}"
+ logging.level.org.opengroup.osdu: "{{ .Values.data.loggingLevelOsdu }}"
+ logging.level.org.springframework.web: "{{ .Values.data.loggingLevelSpring }}"
+ JAVA_APP_JAR: "{{ .Values.data.javaAppJar }}"
+ server.servlet.context-path: "{{ .Values.data.contextPath }}"
+ server.port: "{{ .Values.data.serverPort }}"
+ spring.main.allow-bean-definition-overriding: "{{ .Values.data.beanDefOverriding }}"
+
+#db
+ ibm.db.url: "http://{{ .Release.Name }}-couchdb:5984"
+ ibm.db.user: "{{ .Values.data.dbUser }}"
+ ibm.env.prefix: "{{ .Values.data.envPrefix }}"
+ ibm.env.prefix_project: "{{ .Values.data.envPrefixProject }}"
+ ibm.db.password: "{{ .Values.data.dbPassw }}"
+
+#minio
+ ibm.cos.endpoint_url: "http://{{ .Release.Name }}-minio:9000"
+ #accesskey and secretkey of minio - refer deployment yaml
+ ibm.cos.access_key: "{{ .Values.data.accessKey }}"
+ ibm.cos.secret_key: "{{ .Values.data.secretKey }}"
+ IBM_COS_REGION: us-east-1
+
+ cache.expiration: "{{ .Values.data.cacheExpiration }}"
+ cache.maxSize: "{{ .Values.data.cahceMaxSize }}"
+ ibm.health-check-uri: "{{ .Values.data.healthCheckUri }}"
+
+#Authorization
+ AUTHORIZE_API: "http://{{ .Release.Name }}-ibm-entitlement-deploy:8080/api/entitlements/v2"
+ DEPLOYMENT_ENVIRONMENT: "{{ .Values.data.deployEnv }}"
+
+#tenant-validation
+ PARTITION_API: "http://{{ .Release.Name }}-ibm-partition-deploy:8080/api/partition/v1"
+ partition.keycloak.client_id: "{{ .Values.data.pKCClientId }}"
+ partition.keycloak.client_secert: "{{ .Values.data.pKCClientSecret }}"
+ partition.keycloak.grant_type: "{{ .Values.data.grantType }}"
+ partition.keycloak.password: "{{ .Values.data.pKCPassword }}"
+ partition.keycloak.realm: "{{ .Values.data.keycloakRealm }}"
+ partition.keycloak.url: "{{ .Values.data.pKCEndPointHost }}"
+ partition.keycloak.user: "{{ .Values.data.pKCUser }}"
+ partition.keycloak.accept_http: "{{ .Values.data.pKAcceptHttp }}"
+ tenantCache.exp.time.in.second: "{{ .Values.data.tenantCacheExpiryInSec }}"
diff --git a/devops/ibm/ibm-schema-config/values.yaml b/devops/ibm/ibm-schema-config/values.yaml
new file mode 100644
index 000000000..8383b1acc
--- /dev/null
+++ b/devops/ibm/ibm-schema-config/values.yaml
@@ -0,0 +1,49 @@
+data:
+# common
+ javaAppJar: "/deployments/*-spring-boot.jar"
+ serverPort: 8080
+ contextPath: "/api/schema-service/v1"
+
+# log
+ logPrefix: schema
+ loggingLevelOsdu: debug
+ loggingLevelSpring: debug
+
+# ibm
+ beanDefOverriding: true
+ healthCheckUri: "/api/schema-service/v1/info"
+
+#authorization
+ #check cm template
+ authorizeAPI: http://TBD:8080/api/entitlements/v2
+ deployEnv: CLOUD
+
+#db
+ #dbURL-refer-configmap-template
+ dbURL: http://tbd:5984
+ #get-from-existing secret
+ dbUser: admin
+ envPrefix: ibm-iks
+ #get-from-existing secret
+ dbPassw: tbd
+
+#minio
+ accessKey: tbd
+ secretKey: tbd
+
+#tenant-validation
+ pKCEndPointHost: referenv
+ keycloakRealm: OSDU
+ pKCClientId: partition-service
+ pKCClientSecret: referenv
+ grantType: password
+ pKCPassword: changeit
+ pKCUser: partition-service-admin
+ pKAcceptHttp: true
+ tenantCacheExpiryInSec: 10000
+ #refer-cm-template
+ patitionAPI: refer-configmap-template
+
+
+conf:
+ configmap: "schema-config"
diff --git a/devops/ibm/ibm-schema-deploy/.helmignore b/devops/ibm/ibm-schema-deploy/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/devops/ibm/ibm-schema-deploy/Chart.yaml b/devops/ibm/ibm-schema-deploy/Chart.yaml
new file mode 100644
index 000000000..1db6a6d27
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: ibm-schema-deploy
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/devops/ibm/ibm-schema-deploy/templates/NOTES.txt b/devops/ibm/ibm-schema-deploy/templates/NOTES.txt
new file mode 100644
index 000000000..0f9dcf229
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+ {{- range .paths }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+ {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ibm-schema-deploy.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ibm-schema-deploy.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ibm-schema-deploy.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ibm-schema-deploy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/_helpers.tpl b/devops/ibm/ibm-schema-deploy/templates/_helpers.tpl
new file mode 100644
index 000000000..21d6fa6fb
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ibm-schema-deploy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ibm-schema-deploy.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ibm-schema-deploy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ibm-schema-deploy.labels" -}}
+helm.sh/chart: {{ include "ibm-schema-deploy.chart" . }}
+{{ include "ibm-schema-deploy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ibm-schema-deploy.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ibm-schema-deploy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ibm-schema-deploy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ibm-schema-deploy.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/deployment.yaml b/devops/ibm/ibm-schema-deploy/templates/deployment.yaml
new file mode 100644
index 000000000..0839484d2
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/deployment.yaml
@@ -0,0 +1,94 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "ibm-schema-deploy.fullname" . }}
+ labels:
+ {{- include "ibm-schema-deploy.labels" . | nindent 4 }}
+spec:
+ {{- if not .Values.autoscaling.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "ibm-schema-deploy.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "ibm-schema-deploy.selectorLabels" . | nindent 8 }}
+ sidecar.istio.io/inject: "{{ .Values.sidecarIstioInjected }}"
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "ibm-schema-deploy.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ initContainers:
+ - name: {{ .Values.initimage.name }}
+ image: {{ .Values.initimage.initrepository }}:{{ .Values.initimage.tag }}
+ imagePullPolicy: {{ .Values.initimage.pullPolicy }}
+ command: ['sh', '-c', './health_probe.sh $(HEALTH_URI)/info && sleep 5']
+ env:
+ - name: HEALTH_URI
+ valueFrom:
+ configMapKeyRef:
+ name: schema-config
+ key: AUTHORIZE_API
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: ibm.db.password
+ valueFrom:
+ secretKeyRef:
+ key: adminPassword
+ name: {{ .Release.Name }}-couchdb
+ - name: ibm.cos.access_key
+ valueFrom:
+ secretKeyRef:
+ key: root-user
+ name: {{ .Release.Name }}-minio
+ - name: ibm.cos.secret_key
+ valueFrom:
+ secretKeyRef:
+ key: root-password
+ name: {{ .Release.Name }}-minio
+ - name: partition.keycloak.client_secert
+ valueFrom:
+ secretKeyRef:
+ key: partition_service_secret_data
+ name: props-secret-generated-password
+ - name: partition.keycloak.url
+ valueFrom:
+ configMapKeyRef:
+ key: partition.keycloak.url
+ name: partition-config
+ envFrom:
+ - configMapRef:
+ name: "{{ .Values.conf.configmap }}"
+ ports:
+ - name: http
+ containerPort: 8080
+ protocol: TCP
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/hpa.yaml b/devops/ibm/ibm-schema-deploy/templates/hpa.yaml
new file mode 100644
index 000000000..b21170d9c
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/hpa.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "ibm-schema-deploy.fullname" . }}
+ labels:
+ {{- include "ibm-schema-deploy.labels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "ibm-schema-deploy.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+{{- end }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/ingress.yaml b/devops/ibm/ibm-schema-deploy/templates/ingress.yaml
new file mode 100644
index 000000000..51552151b
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "ibm-schema-deploy.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+ {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "ibm-schema-deploy.labels" . | nindent 4 }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.ingress.className }}
+ {{- end }}
+ {{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ .path }}
+ {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+ pathType: {{ .pathType }}
+ {{- end }}
+ backend:
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ $svcPort }}
+ {{- else }}
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/istio-authzpolicy.yaml b/devops/ibm/ibm-schema-deploy/templates/istio-authzpolicy.yaml
new file mode 100644
index 000000000..7044e0461
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/istio-authzpolicy.yaml
@@ -0,0 +1,19 @@
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ .Values.conf.appName }}-authz-policy
+spec:
+ selector:
+ matchLabels:
+ {{- include "ibm-schema-deploy.selectorLabels" . | nindent 6 }}
+ action: DENY
+ rules:
+ - from:
+ - source:
+ notRequestPrincipals:
+ - '*'
+ to:
+ - operation:
+ notPaths:
+ - '*/v2/api-docs'
+ - /api/schema-service/v1/info
\ No newline at end of file
diff --git a/devops/ibm/ibm-schema-deploy/templates/istio-virtualservice.yaml b/devops/ibm/ibm-schema-deploy/templates/istio-virtualservice.yaml
new file mode 100644
index 000000000..4800a0c3b
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/istio-virtualservice.yaml
@@ -0,0 +1,40 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+ name: {{ .Values.conf.appName }}-vs
+spec:
+ gateways:
+ - osdu-gateway
+ hosts:
+ {{- if .Values.conf.domain }}
+ - {{ printf "osdu.%s" .Values.conf.domain | quote }}
+ {{- else if .Values.conf.loadbalancerIP}}
+ - {{ (index (lookup "v1" "Service" "istio-ingress" "istio-ingress").status.loadBalancer.ingress 0).ip }}
+ {{- else if .Values.conf.loadbalancerHN}}
+ - {{ (index (lookup "v1" "Service" "istio-ingress" "istio-ingress").status.loadBalancer.ingress 0).hostname }}
+ {{- else }}
+ - "*"
+ {{- end }}
+ http:
+ - corsPolicy:
+ allowCredentials: true
+ allowHeaders:
+ - Authorization
+ - Data-Partition-Id
+ - Correlation-Id
+ - Content-Type
+ allowMethods:
+ - POST
+ - GET
+ - PUT
+ allowOrigins:
+ - prefix: '*'
+ maxAge: 60m
+ match:
+ - uri:
+ prefix: /api/schema-service/
+ route:
+ - destination:
+ host: {{ .Release.Name }}-ibm-schema-deploy
+ port:
+ number: 8080
diff --git a/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job-clusterrole-sa.yaml b/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job-clusterrole-sa.yaml
new file mode 100644
index 000000000..c934a7f10
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job-clusterrole-sa.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-weight": "-40"
+ name: schema-configmap-update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-weight": "-40"
+ name: configmap-update-job
+rules:
+ - apiGroups:
+ - "config.openshift.io"
+ - ""
+ - "apps"
+ - "batch"
+ resources:
+ - "secrets"
+ - "routes"
+ - "configmaps"
+ - "services"
+ - "jobs"
+ - "pods"
+ - "deployments"
+ verbs:
+ - "list"
+ - "get"
+ - apiGroups:
+ - ""
+ resources:
+ - "secrets"
+ - "configmaps"
+ verbs:
+ - "patch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: schema-configmap-update
+ annotations:
+ "helm.sh/hook": pre-install,pre-upgrade
+ "helm.sh/hook-weight": "-40"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: configmap-update-job
+subjects:
+- kind: ServiceAccount
+ name: schema-configmap-update
+ namespace: {{ .Release.Namespace }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job-configmap.yaml b/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job-configmap.yaml
new file mode 100644
index 000000000..9849d3270
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job-configmap.yaml
@@ -0,0 +1,37 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: schema-job-bootstrap
+data:
+ IBM_AUTH_USER_ACCESS: changeit
+ IBM_AUTH_USER_ACCESS_PASSWORD: changeit
+ IBM_KEYCLOAK_CLIENT_ID: changeit
+ IBM_KEYCLOAK_CLIENT_SECRET: changeit
+ IBM_KEYCLOAK_URL: changeit
+ IBM_KEYCLOAK_VERIFY_VALUE: 'True'
+ IBM_SCHEMA_HOST: 'http://{{ .Release.Name }}-ibm-schema-deploy:8080'
+
+---
+apiVersion: v1
+data:
+ configMap_update_script.sh: |-
+ ### USERNAME=`oc get secrets props-secret -o jsonpath="{.data.ibm\.keycloak\.username4sanity}"|base64 -d`
+ USERNAME=osdu-bvt
+ oc patch cm schema-job-bootstrap -p "{\"data\":{\"IBM_AUTH_USER_ACCESS\":\"$USERNAME\"}}"
+ ### keycloak_admin_password=`oc get secrets props-secret -o jsonpath="{.data.ibm\.keycloak\.password4sanity}"|base64 -d`
+ ### oc patch cm schema-job-bootstrap -p "{\"data\":{\"IBM_AUTH_USER_ACCESS_PASSWORD\":\"$keycloak_admin_password\"}}"
+ client_id=osdu-login
+ ### client_id=`oc get secrets props-secret -o jsonpath="{.data.ibm\.keycloak\.client_id}"|base64 -d`
+ oc patch cm schema-job-bootstrap -p "{\"data\":{\"IBM_KEYCLOAK_CLIENT_ID\":\"$client_id\"}}"
+ client_secret=`oc get secrets props-secret-generated-password -o jsonpath="{.data.osdu_login_secret_data}"|base64 -d`
+ oc patch cm schema-job-bootstrap -p "{\"data\":{\"IBM_KEYCLOAK_CLIENT_SECRET\":\"$client_secret\"}}"
+ while [[ "$(curl -s -L -o /dev/null -w ''%{http_code}'' http://keycloak-discovery:8080/auth/realms/OSDU/protocol/openid-connect/certs)" != "200" ]]; do sleep 5; done
+ ### keycloak_routes=`oc get routes keycloak -o jsonpath="{.spec.host}"`
+ KEYCLOAK_LB_IP=$(oc get svc keycloak-discovery-lb -o jsonpath="{ .status.loadBalancer.ingress[0].ip}")
+ KEYCLOAK_HOSTNAME=$(oc get svc keycloak-discovery-lb -o jsonpath="{ .status.loadBalancer.ingress[0].hostname}")
+ KEYCLOAK_LB_IP=${KEYCLOAK_LB_IP:=$KEYCLOAK_HOSTNAME}
+ oc patch cm schema-job-bootstrap -p "{\"data\":{\"IBM_KEYCLOAK_URL\":\"$KEYCLOAK_LB_IP\"}}"
+ while [[ "$(oc get pod -l app.kubernetes.io/name=ibm-schema-deploy -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}')" != "True" ]]; do sleep 5; done
+kind: ConfigMap
+metadata:
+ name: update-job-bootstrap-configmap
diff --git a/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job.yaml b/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job.yaml
new file mode 100644
index 000000000..f9a0eb6ce
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/schema-bootstrap-job.yaml
@@ -0,0 +1,47 @@
+{{ if .Values.schemabootstrap.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ alpha.image.policy.openshift.io/resolve-names: "*"
+ labels:
+ app: schema-bootstrap
+ name: schema-bootstrap
+spec:
+ backoffLimit: 600
+ template:
+ spec:
+ initContainers:
+ - name: schema-loader-bootstrap
+ image: community.opengroup.org:5555/osdu/platform/system/schema-service/os-schema-bootstrap:release14
+ command:
+ - /bin/bash
+ - /opt/script/configMap_update_script.sh
+ resources: {}
+ volumeMounts:
+ - name: update-job-bootstrap-configmap
+ mountPath: /opt/script/configMap_update_script.sh
+ subPath: configMap_update_script.sh
+ readOnly: false
+ volumes:
+ - name: update-job-bootstrap-configmap
+ configMap:
+ name: update-job-bootstrap-configmap
+ defaultMode: 0755
+ containers:
+ - name: schema-loader-bootstrap1
+ image: community.opengroup.org:5555/osdu/platform/system/schema-service/os-schema-bootstrap:release14
+ command:
+ - /bin/bash
+ - '-c'
+ - >-
+ cd /schema-service; git reset --hard; git pull; git status; sed -i "s|https|http|g" $IBM_DEPLOYMENTS_SUBDIR/Token.py; chmod a+x /schema-service/deployments/scripts/ibm/bootstrap.sh; /schema-service/deployments/scripts/ibm/bootstrap.sh
+ envFrom:
+ - configMapRef:
+ name: schema-job-bootstrap
+ dnsPolicy: ClusterFirst
+ restartPolicy: OnFailure
+ serviceAccount: schema-configmap-update
+ serviceAccountName: schema-configmap-update
+ terminationGracePeriodSeconds: 30
+{{ end }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/service.yaml b/devops/ibm/ibm-schema-deploy/templates/service.yaml
new file mode 100644
index 000000000..55ef81b48
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "ibm-schema-deploy.fullname" . }}
+ labels:
+ {{- include "ibm-schema-deploy.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "ibm-schema-deploy.selectorLabels" . | nindent 4 }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/serviceaccount.yaml b/devops/ibm/ibm-schema-deploy/templates/serviceaccount.yaml
new file mode 100644
index 000000000..b2a95b12b
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "ibm-schema-deploy.serviceAccountName" . }}
+ labels:
+ {{- include "ibm-schema-deploy.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/devops/ibm/ibm-schema-deploy/templates/tests/test-connection.yaml b/devops/ibm/ibm-schema-deploy/templates/tests/test-connection.yaml
new file mode 100644
index 000000000..d63c042ab
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "ibm-schema-deploy.fullname" . }}-test-connection"
+ labels:
+ {{- include "ibm-schema-deploy.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "ibm-schema-deploy.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
diff --git a/devops/ibm/ibm-schema-deploy/values.yaml b/devops/ibm/ibm-schema-deploy/values.yaml
new file mode 100644
index 000000000..175b0815a
--- /dev/null
+++ b/devops/ibm/ibm-schema-deploy/values.yaml
@@ -0,0 +1,92 @@
+# Default values for ibm-schema-deploy.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+sidecarIstioInjected: "true"
+image:
+ repository: community.opengroup.org:5555/osdu/platform/system/schema-service/os-schema-ibm
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: "release-0.14-apr22"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+initimage:
+ name: dependency-check
+ initrepository: community.opengroup.org:5555/osdu/platform/deployment-and-operations/ibm-osdu-provisioning/k8s-healthprobe
+ pullPolicy: IfNotPresent
+ tag: "v2.0"
+
+conf:
+ configmap: "schema-config"
+ appName: "schema"
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+service:
+ type: ClusterIP
+ port: 8080
+
+ingress:
+ enabled: false
+ className: ""
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: chart-example.local
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 3
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--
GitLab