Merge pull request #7 from severalnines/3-main

Run 3 Merge ccxdeps into Main branch

charts/ccxdeps/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/ccxdeps/Chart.yaml

@@ -0,0 +1,49 @@
+apiVersion: v2
+name: ccxdeps
+description: A Helm chart for deploying CCX dependencies
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.4.2
+
+dependencies:
+  - name: postgres-operator
+    repository: https://opensource.zalando.com/postgres-operator/charts/postgres-operator
+    version: 1.11.0
+    condition: installOperators
+  - name: vault
+    repository: https://helm.releases.hashicorp.com
+    version: 0.22.1
+    condition: vault.enabled
+  - name: nginx-ingress-controller
+    repository: https://charts.bitnami.com/bitnami
+    version: 9.3.21
+    condition: ingressController.enabled
+  - name: nats
+    repository: https://nats-io.github.io/k8s/helm/charts/
+    version: 0.19.16
+    condition: nats.enabled
+  - name: external-dns
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+    version: 6.26.3
+    condition: external-dns.enabled
+  - name: mysql-operator
+    version: 2.1.3
+    repository: https://mysql.github.io/mysql-operator/
+    condition: oracle-mysql-operator.enabled
+    alias: oracle-mysql-operator
+  - name: mysql-innodbcluster
+    version: 2.1.3
+    repository: https://mysql.github.io/mysql-operator/
+    condition: mysql-innodbcluster.enabled

charts/ccxdeps/README.md

@@ -0,0 +1,24 @@
+# CCX Dependencies
+
+# Install
+
+## Add CCX helm chart repo
+```helm repo add s9s https://severalnines.github.io/helm-charts/```
+
+## Install dependencies
+
+### Update helm repos
+```helm repo update```
+
+### Install ccx dependencies helm chart
+```helm install ccxdeps s9s/ccxdeps --debug```
+
+
+you can customize your `values.yaml` file and run
+
+```helm install ccxdeps s9s/ccxdeps --debug --values MY_VALUES.yaml```
+
+
+Wait for stuff to be running.
+Monitor with `kubectl get all`.
+

charts/ccxdeps/templates/_helpers.tpl

@@ -0,0 +1,114 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ccx.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ccx.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ccx.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}{{/*
+Common labels
+*/}}
+{{- define "ccx.labels" -}}
+helm.sh/chart: {{ include "ccx.chart" . }}
+{{ include "ccx.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}{{/*
+Selector labels
+*/}}
+{{- define "ccx.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ccx.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ccx.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ccx.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+# retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result
+# set $cmonPassword to existing secret data or generate a random one when not exists
+{{- define "ccx.cmonPassword" -}}
+{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "cmon-credentials") | default dict }}
+{{- $secretData := (get $secretObj "data") | default dict }}
+{{- or (get $secretData "cmon-password" | b64dec) .Values.cmon.password | default "8fcf2304e46f39fa70710583a41455fd39cc5408" }}
+{{- end }}
+
+{{- define "ccx.cmonUser" -}}
+{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "cmon-credentials") | default dict }}
+{{- $secretData := (get $secretObj "data") | default dict }}
+{{- or (get $secretData "cmon-user" | b64dec) .Values.cmon.user | default "cmon-user" }}
+{{- end }}
+
+{{- define "ccx.db.username" -}}
+{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "ccx.acid-ccx.credentials.postgresql.acid.zalan.do") | default dict }}
+{{- $secretData := (get $secretObj "data") | default dict }}
+{{- (get $secretData "username" | b64dec) | required "ccx db credentials secret username is missing" }}
+{{- end }}
+
+{{- define "ccx.db.password" -}}
+{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "ccx.acid-ccx.credentials.postgresql.acid.zalan.do") | default dict }}
+{{- $secretData := (get $secretObj "data") | default dict }}
+{{- (get $secretData "password" | b64dec) | required "ccx db credentials secret password is missing" }}
+{{- end }}
+
+{{- define "ccx.sessionDomain" -}}
+{{- .Values.sessionDomain | required "sessionDomain is required" }}
+{{- end }}
+
+{{- define "ccx.ccxFQDN" -}}
+{{- .Values.ccxFQDN | required "ccxFQDN is required" }}
+{{- end }}
+
+{{- define "ccx.ccFQDN" -}}
+{{- .Values.ccFQDN | default ( printf "cc.%s" ( include "ccx.ccxFQDN" . ) ) }}
+{{- end }}
+
+{{- define "ccx.cmonDbHost" -}}
+{{- .Values.cmon.db.host | default "ccx-cmon-db-mysql-master" }}
+{{- end }}
+
+{{- define "ccx.cmonDbPort" -}}
+{{- .Values.cmon.db.port | default 3306 }}
+{{- end }}
+
+{{- define "ccx.cmonDbName" -}}
+{{- .Values.cmon.db.name | default "cmon" }}
+{{- end }}
+
+{{- define "ccx.cmonDbUser" -}}
+{{- .Values.cmon.db.user | default "cmon" }}
+{{- end }}
+
+{{- define "ccx.cmonDbPassword" -}}
+{{- .Values.cmon.db.password | default "ccxRocks" }}
+{{- end }}
+
+{{- define "ccx.cmonRPCKey" -}}
+{{- include "ccx.cmonPassword" . }}
+{{- end }}

charts/ccxdeps/templates/db/ccx-db.yaml

@@ -0,0 +1,54 @@
+{{ if .Values.createDatabases }}
+kind: "postgresql"
+apiVersion: "acid.zalan.do/v1"
+
+metadata:
+  name: "acid-ccx"
+
+spec:
+  teamId: "acid"
+  postgresql:
+    version: "14"
+  numberOfInstances: {{ .Values.postgresql.replicas | default 1 }}
+  volume:
+    size: {{ .Values.postgresql.volumeSize | default "10Gi" }}
+  users:
+    ccx:
+      - superuser
+      - createdb
+  databases:
+    ccx: ccx
+    ccx_deployer: ccx
+    ccx_backup: ccx
+    userdb: ccx
+    ccx_notification: ccx
+    ccx_projects: ccx
+    ccx_rbac: ccx
+    ccx_vpc: ccx
+    ccx_stores: ccx
+    ccx_cloud: ccx
+
+  patroni:
+    initdb:
+      encoding: "UTF8"
+      locale: "en_US.UTF-8"
+      data-checksums: "true"
+    pg_hba:
+      - local all all trust
+      - local replication all trust
+      - host  all all all md5
+      - host  replication all all md5
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 100Mi
+    limits:
+      cpu: 500m
+      memory: 500Mi
+  {{- with .Values.postgresql.clone }}
+  clone:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  enableLogicalBackup: {{ .Values.postgresql.enableLogicalBackup | default false }}
+{{ end }}

charts/ccxdeps/values.yaml

@@ -0,0 +1,69 @@
+# Default values for ccxdeps.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+createDatabases: true
+installOperators: true
+ingressController:
+  enabled: false
+
+nats:
+  enabled: true
+  nameOverride: "ccx-nats"
+  exporter:
+    enabled: true
+  nats:
+    jetstream:
+      enabled:
+        true
+      fileStorage:
+        enabled: true
+    logging:
+      debug: false
+      trace: false
+
+vault:
+  enabled: true
+  #nameOverride: myVault
+  server:
+    dev:
+      enabled: true ## this is NOT RECOMMENDED FOR PRODUCTION USE
+  injector:
+    enabled: false
+
+postgresql:
+  replicas: 1
+
+external-dns:
+  enabled: false
+  watchReleaseNamespace: true
+  domainFilters:
+  - ccx.example.org
+  interval: 10s
+  policy: sync
+  serviceTypeFilter:
+  # ExternalName type is required
+  - ExternalName
+  sources:
+  # Service source is required
+  - service
+  txtPrefix: txt-
+
+oracle-mysql-operator:
+  enabled: true
+  fullnameOverride: mysql-operator
+
+mysql-innodbcluster:
+  enabled: true
+  credentials:
+    root:
+      user: cmon
+      password: Super$3cr3t
+      host: "%"
+  serverInstances: 1
+  tls:
+    useSelfSigned: true
+  datadirVolumeClaimTemplate:
+    resources:
+      requests:
+        storage: 20Gi