ECER-487: helm charts

src/ECER.Clients.RegistryPortal/ecer.clients.registryportal.client/src/components/Applications.vue

@@ -41,7 +41,7 @@ interface Data {
 }
 
 const api = new OpenAPIClientAxios({
-  definition: "http://localhost:5121/swagger/v1/swagger.json",
+  definition: "swagger/v1/swagger.json",
 });
 
 export default defineComponent({

tools/helm/ecer/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

tools/helm/ecer/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: ECER
+description: A Helm chart for ECER
+type: application
+version: 1.0.0
+appVersion: "1.0.0"

tools/helm/ecer/README.md

@@ -0,0 +1,17 @@
+# ECER Helm Chart
+
+This directory contains a Helm chart to deploy ECER
+
+## Usage
+
+To install a new environment, ensure the values.yaml matches the environment, then run the following command:
+
+```sh
+helm -n [namespace] install [env name] .
+```
+
+To upgrade an existing environment, run the following command:
+
+```sh
+helm -n [namespace] upgrade [env name] .
+```

tools/helm/ecer/templates/NOTES.txt

@@ -0,0 +1,8 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get all {{ .Release.Name }}

tools/helm/ecer/templates/_dc.tpl

@@ -0,0 +1,103 @@
+# deployment config template
+{{- define "dc.tpl" }}
+{{- $values := .values -}}
+{{- $name := .name -}}
+{{- $labels := .labels -}}
+{{- $port := ($values.port | default 8080) -}}
+{{- $protocol := ($values.protocol | default "tcp") -}}
+kind: DeploymentConfig
+apiVersion: apps.openshift.io/v1
+metadata:
+  name: {{ $name }}
+  labels: {{ $labels | nindent 4 }}
+spec:
+  replicas: {{ $values.replicas }}
+  revisionHistoryLimit: 10
+  strategy:
+    type: Rolling
+    rollingParams:
+      maxUnavailable: 50%
+      maxSurge: 50%
+    resources:
+      limits:
+        cpu: 15m
+        memory: 64Mi
+      requests:
+        cpu: 5m
+        memory: 32Mi
+  selector:
+    name: {{ $name }}
+  template:
+    metadata:
+      name: {{ $name }}
+      labels:
+        name: {{ $name }}
+        role: {{ $values.role }}
+    spec:
+      containers:
+        - name: {{ $name }}
+          image: {{ $values.image.name}}:{{ $values.image.tag }}
+          imagePullPolicy: Always
+          resources: {{ $values.resources | toYaml | nindent 12 }}
+          volumeMounts:
+            - mountPath: /ssl
+              name: ssl
+              readOnly: true
+          {{- if $values.env }}
+          env:
+          {{- range $key, $value := $values.env }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+          {{- end }}
+          {{- end }}
+          envFrom:
+            - secretRef:
+                name: {{ $name }}-secret
+          ports:
+            - containerPort: {{ $port }}
+              protocol: {{ $protocol | upper }}
+          livenessProbe:
+            httpGet:
+              path: {{ ($values.livenessProbe).path | default "/health" }}
+              port: {{ ($values.livenessProbe).port | default $port }}
+              scheme: HTTP
+            timeoutSeconds: {{ ($values.livenessProbe).timeoutSeconds | default 10 }}
+            periodSeconds: {{ ($values.livenessProbe).periodSeconds | default 15 }}
+            failureThreshold: {{ ($values.livenessProbe).failureThreshold | default 5 }}
+          readinessProbe:
+            httpGet:
+              path: {{ ($values.readinessProbe).path | default "/health" }}
+              port: {{ ($values.readinessProbe).port | default $port }}
+              scheme: HTTP
+            timeoutSeconds: {{ ($values.readinessProbe).timeoutSeconds | default 10 }}
+            periodSeconds: {{ ($values.readinessProbe).periodSeconds | default 15 }}
+            failureThreshold: {{ ($values.readinessProbe).failureThreshold | default 5 }}
+          startupProbe:
+            httpGet:
+              path: {{ ($values.startupProbe).path | default "/health" }}
+              port: {{ ($values.startupProbe).port | default $port }}
+              scheme: HTTP
+            initialDelaySeconds: {{ ($values.startupProbe).initialDelaySeconds | default 15 }}
+            timeoutSeconds: {{ ($values.startupProbe).timeoutSeconds | default 10 }}
+            periodSeconds: {{ ($values.startupProbe).periodSeconds | default 15 }}
+            failureThreshold: {{ ($values.startupProbe).failureThreshold | default 5 }}
+
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      volumes:
+        - name: ssl
+          secret:
+            secretName: {{ $name }}-ssl
+  triggers:
+    - type: ConfigChange
+    - type: ImageChange
+      imageChangeParams:
+        automatic: true
+        containerNames:
+          - {{ $name }}
+        from:
+          kind: ImageStreamTag
+          name: {{ base $values.image.name }}:{{ $values.image.tag }}
+          namespace: {{ $values.image.triggerNamespace }}
+{{- end }}

tools/helm/ecer/templates/_helpers.tpl

@@ -0,0 +1,5 @@
+{{- define "standard.labels" -}}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+{{- end -}}

tools/helm/ecer/templates/_netpol.tpl

@@ -0,0 +1,28 @@
+# network policy template
+{{- define "netpol.tpl" }}
+{{- $values := .values -}}
+{{- $name := .name -}}
+{{- $labels := .labels -}}
+{{- $port := ($values.port | default 8080) -}}
+{{- $protocol := ($values.protocol | default "tcp") -}}
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ $name }}-netpol
+  labels: {{ $labels | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+      name: {{ $name }}
+  ingress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            network.openshift.io/policy-group: ingress
+      - podSelector:
+          matchLabels:
+            role: api
+      ports:
+        - protocol: {{ $protocol | upper }}
+          port: {{ $port }}
+{{- end -}}

tools/helm/ecer/templates/_route.tpl

@@ -0,0 +1,37 @@
+# route template
+{{- define "route.tpl" }}
+{{- $values := .values -}}
+{{- $name := .name -}}
+{{- $labels := .labels -}}
+{{- $port := ($values.port | default 8080) -}}
+{{- $protocol := ($values.protocol | default "tcp") -}}
+{{- range $host := $values.routes }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ $name }}-{{ $host.host }}-route
+  labels: {{ $labels | nindent 4 }}
+  annotations:
+    haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload
+    haproxy.router.openshift.io/balance: leastconn
+    haproxy.router.openshift.io/timeout: {{ $values.routeTimeout | default  "60s" }}
+spec:
+  host: {{ $host.host }}
+  path: {{ $host.path | default "" | quote }}
+  port:
+    targetPort: {{ printf "%d-%s" $port $protocol }}
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+    {{- if $host.key }}
+    key: | {{ $values.Files.Get $host.key | trim | nindent 6 }}
+    certificate: | {{ $values.Files.Get $host.certificate | trim | nindent 6 }}
+    caCertificate: | {{ $values.Files.Get $host.caCertificate | trim | nindent 6 }}
+    {{- end }}
+  to:
+    kind: Service
+    name: {{ $name }}-svc
+    weight: 100
+---
+{{- end -}}
+{{- end -}}

tools/helm/ecer/templates/_secret.tpl

@@ -0,0 +1,14 @@
+{{- define "secret.tpl" }}
+{{- $values := .values -}}
+{{- $name := .name -}}
+{{- $labels := .labels -}}
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ $name }}-secret
+  labels: {{ $labels | nindent 4 }}
+data:
+  {{- range $key, $value := $values.secrets }}
+  {{ $key }}: {{ $value | toString | b64enc | quote }}
+  {{- end -}}
+{{- end -}}

tools/helm/ecer/templates/_service.tpl

@@ -0,0 +1,25 @@
+# service template
+{{- define "service.tpl" -}}
+{{- $values := .values -}}
+{{- $name := .name -}}
+{{- $labels := .labels -}}
+{{- $port := $values.port | default 8080 -}}
+{{- $targetPort := $values.targetPort | default 8080 -}}
+{{- $protocol := $values.protocol | default "tcp" -}}
+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ $name }}-svc
+  labels: {{ $labels | nindent 4 }}
+  annotations:
+    service.alpha.openshift.io/serving-cert-secret-name: {{ $name }}-ssl
+spec:
+  selector:
+    name: {{ $name }}
+  ports:
+    - name: {{ (printf "%s-%s" ($port | toString) $protocol) }}
+      port: {{ $port }}
+      protocol: {{ $protocol | upper }}
+      targetPort: {{ $targetPort }}
+  type: ClusterIP
+{{- end -}}

tools/helm/ecer/templates/components.yaml

@@ -0,0 +1,16 @@
+{{- $labels := include "standard.labels" . -}}
+# creates each defined component using the templates
+{{- range $key, $values := .Values.components -}}
+    {{- $values := merge $values $.Values.defaults -}}
+    {{- $name := print $.Release.Name "-" $key -}}
+    {{- $context := dict "name" $name "values" $values "labels" $labels -}}
+    {{ include "dc.tpl" $context | nindent 0 }}
+    {{ "---" | nindent 0 }}
+    {{ include "secret.tpl" $context | nindent 0 }}
+    {{ "---" | nindent 0 }}
+    {{ include "netpol.tpl" $context | nindent 0 }}
+    {{ "---" | nindent 0 }}
+    {{ include "service.tpl" $context | nindent 0 }}
+    {{ "---" | nindent 0 }}
+    {{ include "route.tpl" $context | nindent 0 }}
+{{- end -}}

tools/helm/ecer/values.yaml

@@ -0,0 +1,34 @@
+defaults:
+  replicas: 1
+  resources:
+    requests:
+      cpu: 125m
+      memory: 256Mi
+    limits:
+      cpu: 250m
+      memory: 512Mi
+  env: []
+  secrets: []
+  image:
+    triggerNamespace: ~
+    tag: master
+  livenessProbe:
+    path: "/"
+  readinessProbe:
+    path: "/"
+  startupProbe:
+    path: "/"
+
+components:
+  registry-portal:
+    name: registryportal
+    role: app
+    image:
+      name: artifacts.developer.gov.bc.ca/github-docker-remote/bcgov/ecc-ecer/registry-portal
+    routes:
+      - name: dev
+        host: dev-ecer-registry-portal.apps.silver.devops.gov.bc.ca
+    env:
+      ASPNETCORE_ENVIRONMENT: Development
+    secrets:
+      Dataverse__ConnectionString: ~

tools/helm/tools/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

tools/helm/tools/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: ECER Tools
+description: A Helm chart for ECER Tools namespace
+type: application
+version: 1.0.0
+appVersion: "1.0.0"

tools/helm/tools/README.md

@@ -0,0 +1,19 @@
+# ECER Tools Helm Chart
+
+This chart contains tools specific resources to support ECER deployments.
+
+## Usage
+
+To install or upgrade, run the following command :
+
+To install a new environment, ensure the values.yaml matches the environment, then run the following command:
+
+```sh
+helm -n [namespace] install [env name] .
+```
+
+To upgrade an existing environment, run the following command:
+
+```sh
+helm -n [namespace] upgrade [env name] .
+```

tools/helm/tools/templates/NOTES.txt

@@ -0,0 +1,8 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get all {{ .Release.Name }}