diff --git a/.github/labeler.yml b/.github/labeler.yml index 3a670c40..81d0ee3f 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -1,17 +1,17 @@ -Documentation: +documentation: - changed-files: - any-glob-to-any-file: - "docs/*" - "**/*.md" -Software: +software: - changed-files: - any-glob-to-any-file: - "software/**/*" - "stamp/**/*" - "charts/**/*" -Infrastructure: +infrastructure: - changed-files: - any-glob-to-any-file: - "bicep/**/*" diff --git a/charts/README.MD b/charts/README.MD index d59d935d..a5af7af4 100644 --- a/charts/README.MD +++ b/charts/README.MD @@ -1 +1,3 @@ -# Helm Charts \ No newline at end of file +# Helm Charts + +This directory contains custom charts to be used by the solution. \ No newline at end of file diff --git a/charts/env-debug/.gitignore b/charts/env-debug/.gitignore new file mode 100644 index 00000000..87112dd7 --- /dev/null +++ b/charts/env-debug/.gitignore @@ -0,0 +1 @@ +custom_values.yaml diff --git a/charts/env-debug/.helmignore b/charts/env-debug/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/env-debug/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/env-debug/Chart.yaml b/charts/env-debug/Chart.yaml new file mode 100644 index 00000000..3a3dd99b --- /dev/null +++ b/charts/env-debug/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: env-debug +description: A Sample App with Ingress for accessing KV Secrets + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.2 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 0.0.1 diff --git a/charts/env-debug/README.md b/charts/env-debug/README.md new file mode 100644 index 00000000..6ed060e1 --- /dev/null +++ b/charts/env-debug/README.md @@ -0,0 +1,70 @@ +# Helm Chart for Environment Debuging + +__Create a Custom Values__ + +_The following commands can help generate a prepopulated custom_values file._ +```bash +# Setup Variables +RAND="" # ie: bedfb + +GROUP=$(az group list --query "[?contains(name, 'ctl${UNIQUE}')].name" -otsv) +ENV_VAULT=$(az keyvault list --resource-group $GROUP --query [].name -otsv) + +# Translate Values File +cat > custom_values.yaml << EOF +replicaCount: 1 + +nameOverride: "" +fullnameOverride: "" + +service: + type: ClusterIP + port: 80 + targetPort: 8080 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + +################################################################################ +# Specify the azure environment specific values +# +azure: + enabled: true + tenant: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/tenant-id --query value -otsv) + subscription: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/subscription-id --query value -otsv) + resourcegroup: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/base-name-cr --query value -otsv)-rg + identity: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/base-name-cr --query value -otsv)-osdu-identity + identity_id: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/osdu-identity-id --query value -otsv) + keyvault: $ENV_VAULT + appid: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/aad-client-id --query value -otsv) + +env: +- name: MESSAGE + value: Hello World! +- name: AZURE_TENANT_ID + secret: + name: active-directory + key: tenantid +- name: WORKSPACE_ID + secret: + name: central-logging + key: workspace-id + +EOF + + +__Install Helm Chart__ + +Install the helm chart. + +```bash +# Create Namespace +NAMESPACE=dev-sample +kubectl create namespace $NAMESPACE + +# Install Charts +helm install env-tool . -n $NAMESPACE -f custom_values.yaml +``` diff --git a/charts/env-debug/templates/_helpers.tpl b/charts/env-debug/templates/_helpers.tpl new file mode 100644 index 00000000..0d8328f2 --- /dev/null +++ b/charts/env-debug/templates/_helpers.tpl @@ -0,0 +1,53 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "env-debug.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "env-debug.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "env-debug.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "env-debug.labels" -}} +helm.sh/chart: {{ include "env-debug.chart" . }} +{{ include "env-debug.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "env-debug.selectorLabels" -}} +app.kubernetes.io/name: {{ include "env-debug.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +aadpodidbinding: osdu-identity +{{- end }} diff --git a/charts/env-debug/templates/config-map.yaml b/charts/env-debug/templates/config-map.yaml new file mode 100644 index 00000000..eb5c1048 --- /dev/null +++ b/charts/env-debug/templates/config-map.yaml @@ -0,0 +1,8 @@ +{{- $namespace := .Release.Namespace }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "env-debug.fullname" . }}-config + namespace: {{ $namespace }} +data: + MESSAGE: "From config-map.yaml" diff --git a/charts/env-debug/templates/deployment.yaml b/charts/env-debug/templates/deployment.yaml new file mode 100644 index 00000000..dbedf20d --- /dev/null +++ b/charts/env-debug/templates/deployment.yaml @@ -0,0 +1,116 @@ +{{- $namespace := .Release.Namespace }} +{{- $nodePool := .Values.nodePool}} +{{- $toleration := .Values.toleration}} +{{- $affinity := .Values.affinity}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "env-debug.fullname" . }} + labels: + {{- include "env-debug.labels" . | nindent 4 }} +spec: +{{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "env-debug.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "env-debug.selectorLabels" . | nindent 8 }} + spec: + {{- if $nodePool }} + nodeSelector: + nodepool: {{ $nodePool }} + {{- end }} + {{- if $affinity }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- if $affinity.zones }} + - key: topology.kubernetes.io/zone + operator: In + values: + {{- range $affinity.zones }} + - {{ . }} + {{- end }} + {{- end }} + {{- if $affinity.pools }} + - key: agentpool + operator: In + values: + {{- range $affinity.pools }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if $toleration }} + tolerations: + - key: "app" + operator: "Equal" + value: {{ $toleration }} + effect: "NoSchedule" + {{- end }} + {{- if .Values.azure.enabled }} + volumes: + - name: azure-keyvault + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: azure-keyvault + - name: azure-share + persistentVolumeClaim: + claimName: {{ include "env-debug.fullname" . }}-pvc + {{- end }} + containers: + - image: gcr.io/kuar-demo/kuard-amd64:1 + name: kuard + ports: + - containerPort: 8080 + name: http + protocol: TCP + {{- if .Values.azure.enabled }} + volumeMounts: + - name: azure-keyvault + mountPath: "/mnt/azure-keyvault" + readOnly: true + - name: azure-share + mountPath: "/mnt/azure-share" + readOnly: true + {{- end }} + env: + - name: STATIC_ENV_VALUE + value: "From Deployment.yaml" + - name: CONFIG_ENV_VALUE + valueFrom: + configMapKeyRef: + name: {{ include "env-debug.fullname" . }}-config + key: MESSAGE + {{- if .Values.env }} + {{- range .Values.env }} + - name: {{ .name }} + {{- if .value }} + value: {{ .value | quote }} + {{- end }} + {{- if .config }} + valueFrom: + configMapKeyRef: + name: {{ include "env-debug.fullname" . }}-config + key: {{ .config.key | quote }} + {{- end }} + {{- if .secret }} + valueFrom: + secretKeyRef: + name: {{ .secret.name | quote }} + key: {{ .secret.key | quote }} + {{- end }} + {{- end }} + {{- end }} diff --git a/charts/env-debug/templates/hpa.yaml b/charts/env-debug/templates/hpa.yaml new file mode 100644 index 00000000..6c015ab9 --- /dev/null +++ b/charts/env-debug/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "env-debug.fullname" . }} + labels: + {{- include "env-debug.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "env-debug.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/env-debug/templates/identity.yaml b/charts/env-debug/templates/identity.yaml new file mode 100644 index 00000000..a85fd90a --- /dev/null +++ b/charts/env-debug/templates/identity.yaml @@ -0,0 +1,19 @@ +{{- $namespace := .Release.Namespace }} +apiVersion: aadpodidentity.k8s.io/v1 +kind: AzureIdentity +metadata: + name: osdu-identity + namespace: {{ $namespace }} +spec: + type: 0 + resourceID: "/subscriptions/{{ .Values.azure.subscription }}/resourcegroups/{{ .Values.azure.resourcegroup }}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{{ .Values.azure.identity }}" + clientID: "{{ .Values.azure.identity_id }}" +--- +apiVersion: aadpodidentity.k8s.io/v1 +kind: AzureIdentityBinding +metadata: + name: osdu-identity-binding + namespace: {{ $namespace }} +spec: + azureIdentity: osdu-identity + selector: osdu-identity diff --git a/charts/env-debug/templates/service.yaml b/charts/env-debug/templates/service.yaml new file mode 100644 index 00000000..e99d24bf --- /dev/null +++ b/charts/env-debug/templates/service.yaml @@ -0,0 +1,17 @@ +{{- $serviceType := .Values.service.type }} +{{- $servicePort := .Values.service.port }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "env-debug.fullname" . }} + labels: + {{- include "env-debug.labels" . | nindent 4 }} +spec: + type: {{ $serviceType }} + ports: + - port: {{ $servicePort }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "env-debug.selectorLabels" . | nindent 4 }} diff --git a/charts/env-debug/templates_orig/kv-secrets.yaml b/charts/env-debug/templates_orig/kv-secrets.yaml new file mode 100644 index 00000000..97689938 --- /dev/null +++ b/charts/env-debug/templates_orig/kv-secrets.yaml @@ -0,0 +1,113 @@ +# {{- $namespace := .Release.Namespace }} +# apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +# kind: SecretProviderClass +# metadata: +# name: azure-keyvault +# namespace: {{ $namespace }} +# spec: +# provider: azure +# secretObjects: +# - secretName: active-directory +# type: Opaque +# data: +# - objectName: "app-dev-sp-tenant-id" +# key: tenantid +# - objectName: "aad-client-id" +# key: application-appid +# - objectName: "app-dev-sp-username" +# key: principal-clientid +# - objectName: "app-dev-sp-password" +# key: principal-clientpassword +# - secretName: airflow +# type: Opaque +# data: +# - objectName: airflow-storage +# key: storage-account +# - objectName: airflow-storage-key +# key: storage-key +# - objectName: airflow-storage-connection +# key: storage-connection +# - objectName: airflow-remote-log-connection +# key: remote-log-connection +# - objectName: airflow-admin-password +# key: admin-password +# - objectName: airflow-fernet-key +# key: fernet-key +# - objectName: airflow-storage +# key: azurestorageaccountname +# - objectName: airflow-storage-key +# key: azurestorageaccountkey +# - secretName: postgres +# type: Opaque +# data: +# - objectName: "postgres-password" +# key: postgres-password +# - secretName: redis +# type: Opaque +# data: +# - objectName: "redis-password" +# key: redis-password +# - secretName: central-logging +# type: Opaque +# data: +# - objectName: "appinsights-key" +# key: appinsights +# - objectName: "log-workspace-id" +# key: workspace-id +# - objectName: "log-workspace-key" +# key: workspace-key +# parameters: +# usePodIdentity: "true" +# useVMManagedIdentity: "false" +# userAssignedIdentityID: "" +# resourceGroup: "{{ .Values.azure.resourcegroup }}" +# keyvaultName: "{{ .Values.azure.keyvault }}" +# subscriptionId: "{{ .Values.azure.subscription }}" +# tenantId: "{{ .Values.azure.tenant }}" +# objects: | +# array: +# - | +# objectName: airflow-storage +# objectType: secret +# - | +# objectName: airflow-storage-connection +# objectType: secret +# - | +# objectName: airflow-remote-log-connection +# objectType: secret +# - | +# objectName: airflow-storage-key +# objectType: secret +# - | +# objectName: airflow-admin-password +# objectType: secret +# - | +# objectName: airflow-fernet-key +# objectType: secret +# - | +# objectName: postgres-password +# objectType: secret +# - | +# objectName: redis-password +# objectType: secret +# - | +# objectName: appinsights-key +# objectType: secret +# - | +# objectName: log-workspace-id +# objectType: secret +# - | +# objectName: log-workspace-key +# objectType: secret +# - | +# objectName: app-dev-sp-tenant-id +# objectType: secret +# - | +# objectName: aad-client-id +# objectType: secret +# - | +# objectName: app-dev-sp-username +# objectType: secret +# - | +# objectName: app-dev-sp-password +# objectType: secret diff --git a/charts/env-debug/templates_orig/pvc.yaml b/charts/env-debug/templates_orig/pvc.yaml new file mode 100644 index 00000000..68d578c5 --- /dev/null +++ b/charts/env-debug/templates_orig/pvc.yaml @@ -0,0 +1,44 @@ +# {{- $namespace := .Release.Namespace }} +# apiVersion: v1 +# kind: PersistentVolume +# metadata: +# name: {{ include "env-debug.fullname" . }}-pv +# namespace: {{ $namespace }} +# labels: +# usage: airflow-dag +# spec: +# capacity: +# storage: 5Gi +# accessModes: +# - ReadOnlyMany +# azureFile: +# secretName: airflow +# shareName: airflowdags +# volumeMode: Filesystem +# mountOptions: +# - dir_mode=0777 +# - file_mode=0777 +# - uid=1000 +# - gid=1000 +# - mfsymlinks +# - nobrl + +# --- +# apiVersion: v1 +# kind: PersistentVolumeClaim +# metadata: +# name: {{ include "env-debug.fullname" . }}-pvc +# namespace: {{ $namespace }} +# # Set this annotation to NOT let Kubernetes automatically create +# # a persistent volume for this volume claim. +# annotations: +# volume.beta.kubernetes.io/storage-class: "" +# spec: +# accessModes: +# - ReadOnlyMany +# resources: +# requests: +# storage: 5Gi +# selector: +# matchLabels: +# usage: airflow-dag diff --git a/charts/env-debug/values.yaml b/charts/env-debug/values.yaml new file mode 100644 index 00000000..3e5d7a3a --- /dev/null +++ b/charts/env-debug/values.yaml @@ -0,0 +1,42 @@ +# This file contains the essential configs for the osdu on azure helm chart + +replicaCount: 1 + +nameOverride: "" +fullnameOverride: "" + +service: + type: ClusterIP + port: 80 + targetPort: 8080 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + +################################################################################ +# Specify the azure environment specific values +# +# azure: +# enabled: true +# tenant: +# subscription: +# resourcegroup: +# identity: +# identity_id: +# keyvault: +# appid: + +env: +- name: MESSAGE + value: Hello World! +- name: AZURE_TENANT_ID + secret: + name: active-directory + key: tenantid +- name: WORKSPACE_ID + secret: + name: central-logging + key: log-workspace-id