Add support for Helm v3, chartmuseum, and armada chart

This adds support for Helm v3:
- 'helm init' and 'helm serv' were removed in v3, and helm
  initialization was simplified so that is not required in build.
- chart validation and version checking is enforced with 'helm lint',
  so all Charts require the tag: apiVersion: v1 (or v2).
- 'chartmuseum' is a drop-in replacement for 'helm serv', and is
  currently used for building charts only. It is not part of ISO
  image.
- armada chart is built and installed to /opt/extracharts. This
  provides a Kubernetes pod with armada-api and tiller containers.

This provides a Helm v2 client (i.e., helmv2-cli) that gives access
to containerized armada/tiller managed charts. This can be used as
an interactive shell, or as a wrapper for single helm v2 commands.

Change-Id: Iff2b219ea765cf9278c6e80c6aeb5b98cc9a0626
Depends-On: https://review.opendev.org/732731
Story: 2007000
Task: 38893
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
This commit is contained in:
Jim Gauld 2020-04-07 14:13:34 -04:00
parent 6c2f80e0b1
commit e0bf31f63f
12 changed files with 375 additions and 6 deletions

@ -63,6 +63,9 @@ docker-distribution
# helm
helm
# armada
armada
# rpm
rpm-plugin-systemd-inhibit

@ -58,6 +58,8 @@ kubernetes/kubernetes
kubernetes/docker-distribution
kubernetes/etcd
kubernetes/helm
kubernetes/chartmuseum
kubernetes/armada
grub/grubby
base/dpkg
base/cluster-resource-agents

@ -25,7 +25,6 @@ googletest-fdb850479284e2aae047b87df6beae84236d0135.tar.gz#googletest#https://ap
# gophercloud-gophercloud-aa00757ee3ab58e53520b6cb910ca0543116400a.tar.gz#gophercloud-gophercloud#github.com/gophercloud/gophercloud/archive/aa00757ee3ab58e53520b6cb910ca0543116400a.tar.gz#http##
# gorilla-context-08b5f424b9271eedf6f9f0ce86cb9396ed337a42.tar.gz#gorilla-context#https://github.com/gorilla/context/archive/08b5f424b9271eedf6f9f0ce86cb9396ed337a42.tar.gz#http##
# gorilla-mux-456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz#gorilla-mux#https://github.com/gorilla/mux/archive/456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz#http##
helm-v2.13.1-linux-amd64.tar.gz#linux-amd64#https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz#http##
helm-v3.2.1-linux-amd64.tar.gz#linux-amd64#https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz#http##
isa-l-7e1a337433a340bc0974ed0f04301bdaca374af6.tar.gz#isa-l#https://api.github.com/repos/ceph/isa-l/tarball/7e1a337433a340bc0974ed0f04301bdaca374af6#https##
isa-l_crypto-603529a4e06ac8a1662c13d6b31f122e21830352.tar.gz#isa-l_crypto#https://api.github.com/repos/01org/isa-l_crypto/tarball/603529a4e06ac8a1662c13d6b31f122e21830352#https##

@ -0,0 +1,83 @@
%global git_sha 6cc6346cde888c683fec4df910ebefdf6dccb310
# Build variables
%global helm_folder /usr/lib/helm
%global toolkit_version 0.1.0
%global charts_staging ./charts
Name: armada
Version: 0.2.0
Release: 0%{?_tis_dist}.%{tis_patch_ver}
Summary: An orchestrator for managing a collection of Kubernetes Helm charts
License: Apache-2.0
Group: base
Packager: Wind River <info@windriver.com>
URL: https://airship-armada.readthedocs.io/
Source0: %{name}-%{git_sha}.tar.gz
Patch1: 0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch
BuildArch: noarch
BuildRequires: helm
BuildRequires: openstack-helm-infra
BuildRequires: chartmuseum
%description
%{summary}
%prep
%setup -n armada
%patch1 -p1
%build
# Package the armada chart tarball using methodology derived from:
# git clone https://opendev.org/airship/armada.git && cd armada
# make charts
#
# This provides the equivalent of 'make charts' and builds what is
# minimally sufficient to generate the armada chart tarball.
# - do not need to build helm-toolkit.
# - do not need to build tiller (armada chart contains tiller).
# - This does not download helm v2 or helm-toolkit as done by 'make charts',
# and does not require external network.
# - Everything else provided by the armada Makefile build is ignored.
#
# This is built using helm v3.
# - 'helm init' and 'helm serv' have been removed in helm v3
# - chartmuseum is drop-in replacement for 'helm serv'
# - no initial repository exist
# - charts self-contain helm-toolkit and pass lint; requirements.yaml
# dependencies are safely removed from package so the cluster does
# not have to serve 'local' repo (i.e., with ChartMuseum).
# - helm config of setup directories and repositories is automated
# (we don't need to create them)
# Stage helm-toolkit in the local repo
cp %{helm_folder}/helm-toolkit-%{toolkit_version}.tgz %{charts_staging}
# Host a local server for the charts.
chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="%{charts_staging}" &
sleep 2
helm repo add local http://localhost:8879/charts
cd %{charts_staging}
helm dependency update armada
helm lint armada
rm -v -f ./requirements.lock ./requirements.yaml
helm template --set pod.resources.enabled=true armada
helm package armada
cd -
# Terminate helm server (the last backgrounded task)
kill %1
%install
install -d -m 755 ${RPM_BUILD_ROOT}/opt/extracharts
install -p -D -m 755 %{charts_staging}/armada-*.tgz ${RPM_BUILD_ROOT}/opt/extracharts
%files
%defattr(-,root,root,-)
/opt/extracharts/*

@ -0,0 +1,8 @@
TAR_NAME=armada
VERSION=0.2.0
SHA=6cc6346cde888c683fec4df910ebefdf6dccb310
TAR="$TAR_NAME-$SHA.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $FILES_BASE/*"
TIS_PATCH_VER=0

@ -0,0 +1,92 @@
From 6e464edeadab3b2631775326fb12e6d6e6eb1e2a Mon Sep 17 00:00:00 2001
From: Jim Gauld <james.gauld@windriver.com>
Date: Mon, 1 Jun 2020 11:36:46 -0400
Subject: [PATCH] Add Helm v2 client initialization using tiller postStart exec
This adds helm v2 client initialization using the tiller
container postStart exec to access helm v2 binary.
This will perform 'helm init', removes the default repos
'stable' and 'local', and add valid repos that were provided
as overrides. Note that helm will only add repos that exist.
This expects overrides in this format:
conf:
tiller:
charts_url: 'http://192.168.204.1:8080/helm_charts'
repo_names:
- 'starlingx'
- 'stx-platform'
repos:
stable: https://kubernetes-charts.storage.googleapis.com
This gives the following result:
helmv2-cli -- helm repo list
NAME URL
stable https://kubernetes-charts.storage.googleapis.com
starlingx http://192.168.204.1:8080/helm_charts/starlingx
stx-platform http://192.168.204.1:8080/helm_charts/stx-platform
Signed-off-by: Jim Gauld <james.gauld@windriver.com>
---
charts/armada/templates/deployment-api.yaml | 28 ++++++++++++++++++++++++++++
charts/armada/values.yaml | 4 ++++
2 files changed, 32 insertions(+)
diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml
index a48c8b6..ccbdb4d 100644
--- a/charts/armada/templates/deployment-api.yaml
+++ b/charts/armada/templates/deployment-api.yaml
@@ -179,6 +179,34 @@ spec:
- -trace
{{- end }}
lifecycle:
+ postStart:
+ exec:
+ command:
+ - sh
+ - "-c"
+ - |
+ /bin/sh <<'EOF'
+ # Delay initialization since postStart handler runs asynchronously and there
+ # is no guarantee it is called before the Containers entrypoint.
+ sleep 5
+ # Initialize Helm v2 client.
+ export HELM_HOST=:{{ .Values.conf.tiller.port }}
+ /helm init --client-only --skip-refresh
+ /helm repo rm stable
+ /helm repo rm local
+{{- if .Values.conf.tiller.repos }}
+ {{- range $name, $repo := .Values.conf.tiller.repos }}
+ /helm repo add {{ $name }} {{ $repo }}
+ {{- end }}
+{{- end }}
+{{- if .Values.conf.tiller.repo_names }}
+ {{- range .Values.conf.tiller.repo_names }}
+ /helm repo add {{ . }} {{ $envAll.Values.conf.tiller.charts_url }}/{{ . }}
+ {{- end }}
+{{- end }}
+ ln -s -f /helm /tmp/helm
+ exit 0
+ EOF
preStop:
exec:
command:
diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml
index 4c1e603..fb3e5c2 100644
--- a/charts/armada/values.yaml
+++ b/charts/armada/values.yaml
@@ -217,6 +217,10 @@ conf:
# Note: Defaulting to the (default) kubernetes grace period, as anything
# greater than that will have no effect.
prestop_sleep: 30
+ # Helm v2 initialization
+ charts_url: null
+ repo_names: []
+ repos: {}
monitoring:
prometheus:
--
1.8.3.1

@ -0,0 +1,6 @@
VERSION=0.12.0
TAR_NAME=chartmuseum
TAR="$TAR_NAME-$VERSION.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $STX_BASE/downloads/chartmuseum-v0.12.0-amd64"
TIS_PATCH_VER=1

@ -0,0 +1,67 @@
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (c) 2020 Wind River Systems, Inc.
#
%global with_debug 0
%if 0%{?with_debug}
%global _dwz_low_mem_die_limit 0
%else
%global debug_package %{nil}
%endif
Name: chartmuseum
Version: 0.12.0
Release: %{tis_patch_ver}%{?_tis_dist}
Summary: Helm Chart Repository with support for Amazon S3 and Google Cloud Storage
Group: Kubernetes
License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
Source1: chartmuseum-v0.12.0-amd64
Packager: Wind River <info@windriver.com>
URL: https://github.com/helm/chartmuseum
#URL: https://s3.amazonaws.com/chartmuseum
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(libseccomp)
BuildRequires: pkgconfig(libsystemd-journal)
BuildRequires: golang >= 1.10.0
BuildRequires: rsync
BuildRequires: go-md2man
BuildRequires: go-bindata
BuildRequires: rpm-devel >= 4.14.0
BuildRequires: rpm-libs >= 4.14.0
Requires: /bin/bash
%define CHARTMUSEUM_DIR ${HOME}/src/github.com/helm/%{name}
%description
%{summary}
%prep
%setup -q -c -n %{name}
%build
# NOTE: chartmuseum is only used to build helm charts, and is not
# part of the ISO.
# Gather the licence and readme from the source tarball.
mkdir -v -p %{CHARTMUSEUM_DIR}
mv -v %{name}/* %{CHARTMUSEUM_DIR}/
mv -v %{CHARTMUSEUM_DIR}/{LICENSE,README.md} %{name}/
pushd %{CHARTMUSEUM_DIR}
# Stub out the make to build golang package; we are using a binary.
#make
popd
%install
install -d %{buildroot}%{_bindir}
install -m 755 %{SOURCE1} %{buildroot}%{_bindir}/chartmuseum
%files
%defattr(-,root,root,-)
%doc %{name}/README.md
%license %{name}/LICENSE
%{_bindir}/chartmuseum
%changelog

@ -1,6 +1,6 @@
VERSION=2.13.1
VERSION=3.2.1
TAR_NAME=helm
TAR="$TAR_NAME-v$VERSION-linux-amd64.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $FILES_BASE/*"
TIS_PATCH_VER=2
TIS_PATCH_VER=0

@ -14,8 +14,9 @@
# We want to run as the "www" user and scripts can't be setuid. The
# sudoers permissions are set up to allow sysadmin to run this script
# as the "www" user without a password.
if [ $USER != "www" ]; then
exec sudo -u www $0 $@
WWW_ID=$(id -u www)
if [ ${UID} -ne ${WWW_ID} ]; then
exec sudo -u www -g www "$0" "$@"
fi

@ -0,0 +1,105 @@
#!/bin/bash
# Copyright (c) 2020 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# This script is wrapper to Helm v2 client, providing access to containerized
# armada/tiller managed charts.
# There are two modes of operation:
# - no command specified: this is an interactive BusyBox shell
# - command and options specified: this executes a single helm v2 command
set -euo pipefail
# Define minimal path
PATH=/bin:/usr/bin:/usr/local/bin
# Process input options
SCRIPT=$(basename $0)
OPTS=$(getopt -o dh --long debug,help -n ${SCRIPT} -- "$@")
if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi
eval set -- "$OPTS"
DEBUG=false
HELP=false
while true; do
case "$1" in
-d | --debug ) DEBUG=true; shift ;;
-h | --help ) HELP=true; shift ;;
-- ) shift; break ;;
* ) break ;;
esac
done
# Treat remaining arguments as commands + options
shift $((OPTIND-1))
OTHERARGS="$@"
if [ ${HELP} == 'true' ]; then
echo "Usage: ${SCRIPT} [-d|--debug] [-h|--help] -- [command] [options]"
echo "Options:"
echo " -d | --debug : display initialization information"
echo " -h | --help : this help"
echo
echo "Command option examples:"
echo " helmv2-cli -- helm search"
echo " helmv2-cli -- helm list"
echo " helmv2-cli -- helm list --namespace openstack --pending"
exit 0
fi
# Logger setup
LOG_FACILITY=user
LOG_PRIORITY=info
function LOG {
logger -t "${0##*/}[$$]" -p ${LOG_FACILITY}.${LOG_PRIORITY} "$@"
echo "${0##*/}[$$]" "$@"
}
function ERROR {
MSG="ERROR"
LOG "${MSG} $@"
}
# Determine armada pod
POD=$(kubectl get pods -n armada --selector=application=armada \
--output=jsonpath={.items..metadata.name})
if [ -z "${POD}" ]; then
ERROR "Could not find armada pod."
exit 1
fi
if [ ${DEBUG} == 'true' ]; then
LOG "Found armada pod: ${POD}"
fi
# Determine tiller listen port (configured by armada chart)
# armada-api is container index 0, tiller is container index 1
TILLER_PORT=$(kubectl get pod -n armada ${POD} \
--output=jsonpath={.spec.containers[1].ports[0].containerPort})
if [ -z "${TILLER_PORT}" ]; then
ERROR "Could not find tiller listen port."
exit 1
fi
if [ ${DEBUG} == 'true' ]; then
LOG "Found tiller listen port: ${TILLER_PORT}"
fi
# Launch BusyBox shell with access to local tiller.
# Can execute helm v2 commands as '/helm' or 'helm'.
if [ ${DEBUG} == 'true' ]; then
LOG "Launching Helm-v2 client"
fi
HELM_HOST=":${TILLER_PORT}"
if [ -z "${OTHERARGS}" ]; then
# Interactive BusyBox shell
kubectl exec -it -n armada ${POD} -c tiller -- \
/bin/sh -c "PATH=${PATH}:/tmp PS1='Helm-v2 \h:\w $ ' HELM_HOST=${HELM_HOST} /bin/sh"
else
# Execute single helm v2 command in BusyBox shell
kubectl exec -n armada ${POD} -c tiller -- \
/bin/sh -c "PATH=${PATH}:/tmp HELM_HOST=${HELM_HOST} /bin/sh -c '$OTHERARGS'"
fi
exit 0

@ -1,5 +1,5 @@
Name: helm
Version: 2.13.1
Version: 3.2.1
Release: 0%{?_tis_dist}.%{tis_patch_ver}
Summary: The Kubernetes Package Manager
License: Apache-2.0
@ -9,6 +9,7 @@ URL: https://github.com/kubernetes/helm/releases
Source0: %{name}-v%{version}-linux-amd64.tar.gz
Source1: helm-upload
Source2: helm.sudo
Source3: helmv2-cli
Requires: /bin/bash
@ -23,6 +24,7 @@ install -d %{buildroot}%{_sbindir}
install -m 755 ${RPM_BUILD_DIR}/linux-amd64/helm %{buildroot}%{_sbindir}/helm
install -d %{buildroot}/usr/local/sbin
install -m 755 %{SOURCE1} %{buildroot}/usr/local/sbin/helm-upload
install -m 755 %{SOURCE3} %{buildroot}/usr/local/sbin/helmv2-cli
install -d %{buildroot}%{_sysconfdir}/sudoers.d
install -m 440 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudoers.d/helm
@ -30,4 +32,5 @@ install -m 440 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudoers.d/helm
%defattr(-,root,root,-)
%{_sbindir}/helm
/usr/local/sbin/helm-upload
/usr/local/sbin/helmv2-cli
%{_sysconfdir}/sudoers.d/helm