Merge pull request keptn-sandbox#39 from keptn-sandbox/patch/add-helm…

…-exec-plane

adding helm chart for exec plane

helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 0.8.0
+description: Helm Chart for the keptn keptn-service-template-go
+name: keptn-service-template-go
+type: application
+version: 0.8.0

helm/README.md

@@ -0,0 +1,44 @@
+
+keptn-service-template-go
+===========
+
+Helm Chart for the keptn keptn-service-template-go
+
+
+## Configuration
+
+The following table lists the configurable parameters of the keptn-service-template-go chart and their default values.
+
+| Parameter                | Description             | Default        |
+| ------------------------ | ----------------------- | -------------- |
+| `keptnservice.image.repository` | Container image name | `"docker.io/keptnsandbox/keptn-service-template-go"` |
+| `keptnservice.image.pullPolicy` | Kubernetes image pull policy | `"IfNotPresent"` |
+| `keptnservice.image.tag` | Container tag | `""` |
+| `keptnservice.service.enabled` | Creates a kubernetes service for the keptn-service-template-go | `true` |
+| `distributor.stageFilter` | Sets the stage this helm service belongs to | `""` |
+| `distributor.serviceFilter` | Sets the service this helm service belongs to | `""` |
+| `distributor.projectFilter` | Sets the project this helm service belongs to | `""` |
+| `distributor.image.repository` | Container image name | `"docker.io/keptn/distributor"` |
+| `distributor.image.pullPolicy` | Kubernetes image pull policy | `"IfNotPresent"` |
+| `distributor.image.tag` | Container tag | `""` |
+| `remoteControlPlane.enabled` | Enables remote execution plane mode | `false` |
+| `remoteControlPlane.api.protocol` | Used protocol (http, https | `"https"` |
+| `remoteControlPlane.api.hostname` | Hostname of the control plane cluster (and port) | `""` |
+| `remoteControlPlane.api.apiValidateTls` | Defines if the control plane certificate should be validated | `true` |
+| `remoteControlPlane.api.token` | Keptn api token | `""` |
+| `imagePullSecrets` | Secrets to use for container registry credentials | `[]` |
+| `serviceAccount.create` | Enables the service account creation | `true` |
+| `serviceAccount.annotations` | Annotations to add to the service account | `{}` |
+| `serviceAccount.name` | The name of the service account to use. | `""` |
+| `podAnnotations` | Annotations to add to the created pods | `{}` |
+| `podSecurityContext` | Set the pod security context (e.g. fsgroups) | `{}` |
+| `securityContext` | Set the security context (e.g. runasuser) | `{}` |
+| `resources` | Resource limits and requests | `{}` |
+| `nodeSelector` | Node selector configuration | `{}` |
+| `tolerations` | Tolerations for the pods | `[]` |
+| `affinity` | Affinity rules | `{}` |
+
+
+
+
+

helm/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "keptn-service.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "keptn-service.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "keptn-service.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "keptn-service.labels" -}}
+helm.sh/chart: {{ include "keptn-service.chart" . }}
+{{ include "keptn-service.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+
+{{/*
+Selector labels
+*/}}
+{{- define "keptn-service.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "keptn-service.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "keptn-service.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "keptn-service.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

helm/templates/deployment.yaml

@@ -0,0 +1,101 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "keptn-service.fullname" . }}
+  labels:
+    {{- include "keptn-service.labels" . | nindent 4 }}
+
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "keptn-service.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "keptn-service.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "keptn-service.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: keptn-service
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- if .Values.image }}
+          image: {{ .Values.image }} # use image from .Values.image (e.g., when starting via skaffold)
+          {{- else }}
+          image: "{{ .Values.keptnservice.image.repository }}:{{ .Values.keptnservice.image.tag | default .Chart.AppVersion }}"
+          {{- end }}
+          imagePullPolicy: {{ .Values.keptnservice.image.pullPolicy }}
+          ports:
+            - containerPort: 80
+          env:
+          - name: CONFIGURATION_SERVICE
+            value: "http://localhost:8081/configuration-service"
+          - name: env
+            value: 'production'
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 10999
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+        - name: distributor
+          image: "{{ .Values.distributor.image.repository }}:{{ .Values.distributor.image.tag | default .Chart.AppVersion }}"
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 10999
+            initialDelaySeconds: 5
+            periodSeconds: 5
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+          resources:
+            requests:
+              memory: "32Mi"
+              cpu: "50m"
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
+          env:
+            - name: PUBSUB_TOPIC
+              value: 'sh.keptn.event.test.triggered'
+            - name: PUBSUB_RECIPIENT
+              value: '127.0.0.1'
+            - name: STAGE_FILTER
+              value: "{{ .Values.distributor.stageFilter }}"
+            - name: PROJECT_FILTER
+              value: "{{ .Values.distributor.projectFilter }}"
+            - name: SERVICE_FILTER
+              value: "{{ .Values.distributor.serviceFilter }}"
+            {{- if .Values.remoteControlPlane.enabled }}
+            - name: KEPTN_API_ENDPOINT
+              value: "{{ .Values.remoteControlPlane.api.protocol }}://{{ .Values.remoteControlPlane.api.hostname }}/api"
+            - name: KEPTN_API_TOKEN
+              value: "{{ .Values.remoteControlPlane.api.token }}"
+            - name: HTTP_SSL_VERIFY
+              value: "{{ .Values.remoteControlPlane.api.apiValidateTls | default "true" }}"
+            {{- end }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

helm/templates/service.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.keptnservice.service.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "keptn-service.fullname" . }}
+  labels:
+    {{- include "keptn-service.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      protocol: TCP
+  selector:
+    {{- include "keptn-service.selectorLabels" . | nindent 4 }}
+  {{- end }}

helm/templates/serviceaccount.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "keptn-service.serviceAccountName" . }}
+  labels:
+    {{- include "keptn-service.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: keptn-{{ .Release.Namespace }}-keptn-service-cluster-admin
+  labels:
+    {{- include "keptn-service.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "keptn-service.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io

helm/templates/tests/test-api-connection.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.remoteControlPlane.enabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "keptn-service.fullname" . }}-test-api-connection"
+  labels:
+  {{- include "keptn-service.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      args:
+        - wget
+        - '--header=x-token: {{ .Values.remoteControlPlane.api.token }}'
+        - {{ .Values.remoteControlPlane.api.protocol }}://{{ .Values.remoteControlPlane.api.hostname }}/api/v1/metadata
+  restartPolicy: Never
+  {{- end -}}