From b13645834a9fedc22ef2dffe16c1211416afd06a Mon Sep 17 00:00:00 2001 From: Stacey Fletcher Date: Thu, 1 Feb 2018 22:43:23 +0000 Subject: [PATCH] Add artifactory chart Change-Id: I0864a53ce3476372ffbe09bc8e0a18b7361680a4 --- artifactory/Chart.yaml | 22 +++ artifactory/requirements.yaml | 18 +++ artifactory/templates/configmap-bin.yaml | 29 ++++ artifactory/templates/configmap-etc.yaml | 27 ++++ artifactory/templates/etc/_db.properties.tpl | 17 +++ artifactory/templates/job-db-drop.yaml | 73 ++++++++++ artifactory/templates/job-db-init.yaml | 68 +++++++++ artifactory/templates/secret-db-creds.yaml | 28 ++++ artifactory/templates/secret-db.yaml | 30 ++++ artifactory/templates/service.yaml | 56 ++++++++ artifactory/templates/statefulset.yaml | 87 ++++++++++++ artifactory/values.yaml | 140 +++++++++++++++++++ 12 files changed, 595 insertions(+) create mode 100644 artifactory/Chart.yaml create mode 100644 artifactory/requirements.yaml create mode 100644 artifactory/templates/configmap-bin.yaml create mode 100644 artifactory/templates/configmap-etc.yaml create mode 100644 artifactory/templates/etc/_db.properties.tpl create mode 100644 artifactory/templates/job-db-drop.yaml create mode 100644 artifactory/templates/job-db-init.yaml create mode 100644 artifactory/templates/secret-db-creds.yaml create mode 100644 artifactory/templates/secret-db.yaml create mode 100644 artifactory/templates/service.yaml create mode 100644 artifactory/templates/statefulset.yaml create mode 100644 artifactory/values.yaml diff --git a/artifactory/Chart.yaml b/artifactory/Chart.yaml new file mode 100644 index 00000000..d244c87c --- /dev/null +++ b/artifactory/Chart.yaml @@ -0,0 +1,22 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm Artifactory +name: artifactory +version: 0.1.0 +sources: + - https://git.openstack.org/cgit/openstack/openstack-helm-addons +maintainers: + - name: OpenStack-Helm Authors diff --git a/artifactory/requirements.yaml b/artifactory/requirements.yaml new file mode 100644 index 00000000..53782e69 --- /dev/null +++ b/artifactory/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/artifactory/templates/configmap-bin.yaml b/artifactory/templates/configmap-bin.yaml new file mode 100644 index 00000000..104cb554 --- /dev/null +++ b/artifactory/templates/configmap-bin.yaml @@ -0,0 +1,29 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: artifactory-bin +data: + db-init.py: | +{{- include "helm-toolkit.scripts.db_init" . | indent 4 }} + db-drop.py: | +{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }} +{{- end }} diff --git a/artifactory/templates/configmap-etc.yaml b/artifactory/templates/configmap-etc.yaml new file mode 100644 index 00000000..56839b5a --- /dev/null +++ b/artifactory/templates/configmap-etc.yaml @@ -0,0 +1,27 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: artifactory-extra-etc +data: + db.properties: | +{{ tuple "etc/_db.properties.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/artifactory/templates/etc/_db.properties.tpl b/artifactory/templates/etc/_db.properties.tpl new file mode 100644 index 00000000..a66cad35 --- /dev/null +++ b/artifactory/templates/etc/_db.properties.tpl @@ -0,0 +1,17 @@ +# this is minimalist db.properties file for running artifactory via +# helm talking to mysql +# +# it should be made available to the artifactory user and writable as +# it will be updated with an encrypted password + +type=mysql +driver=com.mysql.jdbc.Driver +{{ if .Values.endpoints.oslo_db.namespace }} +# known namespace, using fqdn +url=jdbc:mysql://{{- .Values.endpoints.oslo_db.hosts.default -}}.{{- .Values.endpoints.oslo_db.namespace -}}.svc.cluster.local:{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}{{- .Values.endpoints.oslo_db.path -}}?characterEncoding=UTF-8&elideSetAutoCommits=true +{{ else }} +# namespace not given, do not not use fqdn +url=jdbc:mysql://{{- .Values.endpoints.oslo_db.hosts.default -}}:{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}{{- .Values.endpoints.oslo_db.path -}}?characterEncoding=UTF-8&elideSetAutoCommits=true +{{ end }} +username={{ .Values.endpoints.oslo_db.auth.artifactory.username }} +password={{ .Values.endpoints.oslo_db.auth.artifactory.password }} diff --git a/artifactory/templates/job-db-drop.yaml b/artifactory/templates/job-db-drop.yaml new file mode 100644 index 00000000..a31bc0d5 --- /dev/null +++ b/artifactory/templates/job-db-drop.yaml @@ -0,0 +1,73 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_drop }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_drop }} + +{{- $randStringSuffix := randAlphaNum 5 | lower }} + +{{- $serviceAccountName := print "artifactory-db-drop-" $randStringSuffix }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ print "artifactory-db-drop-" $randStringSuffix }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + labels: +{{ tuple $envAll "artifactory" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: artifactory-db-drop + image: {{ .Values.images.tags.db_drop }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_drop | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.oslo_db.admin }} + key: DB_CONNECTION + - name: DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.oslo_db.artifactory }} + key: DB_CONNECTION + command: + - /tmp/db-drop.py + volumeMounts: + - name: artifactory-bin + mountPath: /tmp/db-drop.py + subPath: db-drop.py + readOnly: true + volumes: + - name: artifactory-bin + configMap: + name: artifactory-bin + defaultMode: 0555 +{{- end }} diff --git a/artifactory/templates/job-db-init.yaml b/artifactory/templates/job-db-init.yaml new file mode 100644 index 00000000..4682322c --- /dev/null +++ b/artifactory/templates/job-db-init.yaml @@ -0,0 +1,68 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_db_init }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.db_init }} + +{{- $serviceAccountName := "artifactory-db-init" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: artifactory-db-init +spec: + template: + metadata: + labels: +{{ tuple $envAll "artifactory" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: artifactory-db-init + image: {{ .Values.images.tags.db_init }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: ROOT_DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.oslo_db.admin }} + key: DB_CONNECTION + - name: DB_CONNECTION + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.oslo_db.artifactory }} + key: DB_CONNECTION + command: + - /tmp/db-init.py + volumeMounts: + - name: artifactory-bin + mountPath: /tmp/db-init.py + subPath: db-init.py + readOnly: true + volumes: + - name: artifactory-bin + configMap: + name: artifactory-bin + defaultMode: 0555 +{{- end }} diff --git a/artifactory/templates/secret-db-creds.yaml b/artifactory/templates/secret-db-creds.yaml new file mode 100644 index 00000000..fd2803e9 --- /dev/null +++ b/artifactory/templates/secret-db-creds.yaml @@ -0,0 +1,28 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db_creds }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: artifactory-db-creds +type: Opaque +data: + DB_USERNAME: {{ .Values.endpoints.oslo_db.auth.artifactory.username | b64enc }} + DB_PASSWORD: {{ .Values.endpoints.oslo_db.auth.artifactory.password | b64enc }} +{{- end }} diff --git a/artifactory/templates/secret-db.yaml b/artifactory/templates/secret-db.yaml new file mode 100644 index 00000000..f32ae57a --- /dev/null +++ b/artifactory/templates/secret-db.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db }} +{{- $envAll := . }} +{{- range $key1, $userClass := tuple "admin" "artifactory" }} +{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} +type: Opaque +data: + DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}} +{{- end }} +{{- end }} diff --git a/artifactory/templates/service.yaml b/artifactory/templates/service.yaml new file mode 100644 index 00000000..f504a415 --- /dev/null +++ b/artifactory/templates/service.yaml @@ -0,0 +1,56 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} + +{{- $envAll := . }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "cicd" "default" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: artifactoryhttp +{{ if and .Values.network.node_ports.enabled .Values.network.http.port }} + nodePort: {{ .Values.network.http.node_port }} +{{ end }} + port: {{ .Values.network.http.port }} + protocol: TCP + targetPort: 8081 + - name: artifactorydocker +{{ if and .Values.network.node_ports.enabled .Values.network.docker.port }} + nodePort: {{ .Values.network.docker.node_port }} +{{ end }} + port: {{ .Values.network.docker.port }} + protocol: TCP + targetPort: 5050 + - name: artifactorysecure +{{ if and .Values.network.node_ports.enabled .Values.network.docker.port }} + nodePort: {{ .Values.network.secure.node_port }} +{{ end }} + port: {{ .Values.network.secure.port }} + protocol: TCP + targetPort: 5052 + selector: +{{ tuple $envAll "artifactory" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + sessionAffinity: None +{{ if .Values.network.node_ports.enabled }} + type: NodePort +{{ else }} + type: ClusterIP +{{ end }} + +{{ end }} diff --git a/artifactory/templates/statefulset.yaml b/artifactory/templates/statefulset.yaml new file mode 100644 index 00000000..b83ae581 --- /dev/null +++ b/artifactory/templates/statefulset.yaml @@ -0,0 +1,87 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset }} +{{- $envAll := . }} +--- +apiVersion: apps/v1beta1 +kind: StatefulSet +metadata: + name: artifactory +spec: + serviceName: artifactory + replicas: 1 + template: + metadata: + labels: +{{ tuple $envAll "artifactory" "dashboard" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + containers: + - name: artifactory + image: {{ .Values.images.tags.artifactory }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.artifactory | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: DB_TYPE + value: mysql + - name: DB_USER + valueFrom: + secretKeyRef: + name: artifactory-db-creds + key: DB_USERNAME + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: artifactory-db-creds + key: DB_PASSWORD + - name: DB_HOST + value: {{ .Values.endpoints.oslo_db.hosts.default }} +{{ if .Values.bootstrap.master_key }} + - name: ARTIFACTORY_MASTER_KEY + value: {{ .Values.bootstrap.master_key }} +{{ end }} + ports: + - containerPort: 8081 + protocol: TCP + volumeMounts: + - name: artifactory-extra-etc + mountPath: /artifactory_extra_conf/db.properties + subPath: db.properties + - name: artifactory-data + mountPath: /var/opt/jfrog/artifactory + volumes: + - name: artifactory-extra-etc + configMap: + name: artifactory-extra-etc + - name: artifactory-bin + configMap: + name: artifactory-bin + defaultMode: 0555 + volumeClaimTemplates: + - metadata: + name: artifactory-data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.volume.size }} + storageClassName: {{ .Values.volume.class_name }} +{{- end }} diff --git a/artifactory/values.yaml b/artifactory/values.yaml new file mode 100644 index 00000000..5fe406ad --- /dev/null +++ b/artifactory/values.yaml @@ -0,0 +1,140 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for artifactory. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +labels: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +release_group: null + +images: + tags: + db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + artifactory: quay.io/attcomdev/artifactory-pro-mysql:5.8.4 + pull_policy: "IfNotPresent" + +network: + node_ports: + enabled: false + http: + port: 8081 + node_port: 31672 + docker: + port: 5050 + node_port: 31777 + secure: + port: 5052 + node_port: 31776 + +dependencies: + db_init: + services: + - service: oslo_db + endpoint: internal + db_drop: + services: + - service: oslo_db + endpoint: internal + artifactory: + jobs: null + services: null + +storage: pvc + +volume: + size: 100Gi + class_name: general + +chown_on_start: true + +pod: + resources: + enabled: false + jobs: + db_init: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + db_drop: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + lifecycle: + upgrades: + deployments: + pod_replacement_strategy: RollingUpdate + revision_history: 1 + rolling_update: + max_surge: 1 + max_unavailable: 1 + +secrets: + oslo_db: + admin: artifactory-db-admin + artifactory: artifactory-db-user + +# typically overriden by environmental values, but should include all +# endpoints required by this chart +endpoints: + cluster_domain_suffix: cluster.local + oslo_db: + namespace: null + auth: + admin: + username: root + password: password + artifactory: + username: artifactory + password: password + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /artifactory + scheme: mysql+pymysql + port: + mysql: + default: 3306 + cicd: + name: artifactory + hosts: + default: artifactory + +manifests: + configmap_bin: true + configmap_etc: true + statefulset: true + job_db_init: true + job_db_drop: false + secret_db: true + secret_db_creds: true + pvc_artifactory: true + service: true + +# bootstrap/seed artifactory configuration +bootstrap: + master_key: null