Initial commit of nginx-ingress-controller app

This commit introduces nginx as a separate armada app as part of
support for cert-manager (to handle incoming cert challenges). In
future, the scope of nginx-ingress-controller is expected to be
broader. Spec for this feature is available here:
https://opendev.org/starlingx/specs/src/branch/master/doc/source/specs/stx-4.0/approved/security-2007360-cert-manager.rst

Story: 2007360
Task: 39221

Change-Id: I42e4dc47d2b65da807edf0ea8b7af93457e027b8
Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>

CONTRIBUTING.rst

@@ -0,0 +1,16 @@
+If you would like to contribute to the development of OpenStack,
+you must follow the steps in this page:
+
+   https://docs.openstack.org/infra/manual/developers.html
+
+Once those steps have been completed, changes to OpenStack
+should be submitted for review via the Gerrit tool, following
+the workflow documented at:
+
+   https://docs.openstack.org/infra/manual/developers.html#development-workflow
+
+Pull requests submitted through GitHub will be ignored.
+
+Bugs should be filed in Launchpad:
+
+   https://bugs.launchpad.net/starlingx

HACKING.rst

@@ -0,0 +1,17 @@
+StarlingX Nginx-Ingress-Controller-Armada-App Style Commandments
+================================================================
+
+- Step 1: Read the OpenStack style commandments
+  https://docs.openstack.org/hacking/latest/
+- Step 2: Read on
+
+Nginx-Ingress-Controller-Armada-App Specific Commandments
+---------------------------------------------------------
+
+None so far
+
+Running tests
+-------------
+The approach to running tests is to simply run the command ``tox``. This will
+create virtual environments, populate them with dependencies and run all of
+the tests that OpenStack CI systems run.

centos_build_layer.cfg

@@ -0,0 +1 @@
+flock

centos_iso_image.inc

@@ -0,0 +1 @@
+stx-nginx-ingress-controller-helm

centos_pkg_dirs

@@ -0,0 +1 @@
+stx-nginx-ingress-controller-helm

centos_pkg_dirs_containers

@@ -0,0 +1 @@
+stx-nginx-ingress-controller-helm

centos_tarball-dl.lst

@@ -0,0 +1 @@
+helm-charts-92b6289ae93816717a8453cfe62bad51cbdb8ad0.tar.gz#helm-charts#https://github.com/helm/charts/archive/92b6289ae93816717a8453cfe62bad51cbdb8ad0.tar.gz#http##

github_sync.trigger

@@ -0,0 +1,2 @@
+# to trigger the upload job to sync to GitHub
+1

stx-nginx-ingress-controller-helm/centos/build_srpm.data

@@ -0,0 +1,10 @@
+SRC_DIR="stx-nginx-ingress-controller-helm"
+
+TAR_NAME=helm-charts
+SHA=92b6289ae93816717a8453cfe62bad51cbdb8ad0
+VERSION=1.0.0
+TAR="$TAR_NAME-$SHA.tar.gz"
+
+COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/$SRC_DIR/files/* $PKG_BASE/$SRC_DIR/manifests/*"
+
+TIS_PATCH_VER=0

stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec

@@ -0,0 +1,107 @@
+# Application tunables (maps to metadata)
+%global app_name nginx-ingress-controller
+%global helm_repo stx-platform
+%global sha 92b6289ae93816717a8453cfe62bad51cbdb8ad0
+
+%global armada_folder  /usr/lib/armada
+
+# Install location
+%global app_folder /usr/local/share/applications/helm
+
+# Build variables
+%global helm_folder /usr/lib/helm
+%global toolkit_version 0.1.0
+
+Summary: StarlingX Nginx Ingress Controller Application Armada Helm Charts
+Name: stx-nginx-ingress-controller-helm
+Version: 1.0
+Release: %{tis_patch_ver}%{?_tis_dist}
+License: Apache-2.0
+Group: base
+Packager: Wind River <info@windriver.com>
+URL: unknown
+
+Source0: helm-charts-%{sha}.tar.gz
+Source1: repositories.yaml
+Source2: index.yaml
+Source3: Makefile
+Source4: metadata.yaml
+Source5: nginx_ingress_controller_manifest.yaml
+
+BuildArch: noarch
+
+Patch01: 0001-Update-for-kubernetes-API-1.16.patch
+
+%description
+StarlingX Nginx Ingress Controller Application Armada Helm Charts
+
+%prep
+%setup -n helm-charts
+
+%patch01 -p1
+
+%build
+# initialize helm and build the toolkit
+# helm init --client-only does not work if there is no networking
+# The following commands do essentially the same as: helm init
+%define helm_home  %{getenv:HOME}/.helm
+mkdir  %{helm_home}
+mkdir  %{helm_home}/repository
+mkdir  %{helm_home}/repository/cache
+mkdir  %{helm_home}/repository/local
+mkdir  %{helm_home}/plugins
+mkdir  %{helm_home}/starters
+mkdir  %{helm_home}/cache
+mkdir  %{helm_home}/cache/archive
+
+# Stage a repository file that only has a local repo
+cp %{SOURCE1} %{helm_home}/repository/repositories.yaml
+
+# Stage a local repo index that can be updated by the build
+cp %{SOURCE2} %{helm_home}/repository/local/index.yaml
+
+# Host a server for the charts
+helm serve --repo-path . &
+helm repo rm local
+helm repo add local http://localhost:8879/charts
+
+# Create the tgz file
+cp %{SOURCE3} stable
+cd stable
+make nginx-ingress
+cd -
+
+# Terminate helm server (the last backgrounded task)
+kill %1
+
+# Create a chart tarball compliant with sysinv kube-app.py
+%define app_staging %{_builddir}/staging
+%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz
+
+# Setup staging
+mkdir -p %{app_staging}
+cp %{SOURCE4} %{app_staging}
+cp %{SOURCE5} %{app_staging}
+mkdir -p %{app_staging}/charts
+cp stable/*.tgz %{app_staging}/charts
+cd %{app_staging}
+
+# Populate metadata
+sed -i 's/@APP_NAME@/%{app_name}/g' %{app_staging}/metadata.yaml
+sed -i 's/@APP_VERSION@/%{version}-%{tis_patch_ver}/g' %{app_staging}/metadata.yaml
+sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml
+
+# package it up
+find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
+tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ .
+
+# Cleanup staging
+rm -fr %{app_staging}
+
+%install
+install -d -m 755 %{buildroot}/%{app_folder}
+install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder}
+
+%files
+%defattr(-,root,root,-)
+%{app_folder}/*

stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/README

@@ -0,0 +1,5 @@
+This directory contains all StarlingX charts that need to be built for this
+application. Some charts are common across applications. These common charts
+reside in the stx-config/kubernetes/helm-charts directory. To include these in
+this application update the build_srpm.data file and use the COPY_LIST_TO_TAR
+mechanism to populate these common charts.

stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-Update-for-kubernetes-API-1.16.patch

@@ -0,0 +1,92 @@
+From 0d79e68c1e8a71c1b5dd37af553d3883098b55dc Mon Sep 17 00:00:00 2001
+From: Sabeel Ansari <Sabeel.Ansari@windriver.com>
+Date: Thu, 2 Apr 2020 13:32:15 -0400
+Subject: [PATCH 1/1] Update for kubernetes API 1.16
+
+---
+ stable/nginx-ingress/templates/controller-daemonset.yaml       | 6 +++++-
+ stable/nginx-ingress/templates/controller-deployment.yaml      | 6 +++++-
+ stable/nginx-ingress/templates/default-backend-deployment.yaml | 6 +++++-
+ stable/nginx-ingress/templates/podsecuritypolicy.yaml          | 2 +-
+ 4 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/stable/nginx-ingress/templates/controller-daemonset.yaml b/stable/nginx-ingress/templates/controller-daemonset.yaml
+index a05062e..c6e8271 100644
+--- a/stable/nginx-ingress/templates/controller-daemonset.yaml
++++ b/stable/nginx-ingress/templates/controller-daemonset.yaml
+@@ -1,5 +1,5 @@
+ {{- if eq .Values.controller.kind "DaemonSet" }}
+-apiVersion: extensions/v1beta1
++apiVersion: apps/v1
+ kind: DaemonSet
+ metadata:
+   labels:
+@@ -10,6 +10,10 @@ metadata:
+     release: {{ .Release.Name }}
+   name: {{ template "nginx-ingress.controller.fullname" . }}
+ spec:
++  selector:
++    matchLabels:
++      app: {{ template "nginx-ingress.name" . }}
++      release: {{ .Release.Name }}
+   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+   updateStrategy:
+ {{ toYaml .Values.controller.updateStrategy | indent 4 }}
+diff --git a/stable/nginx-ingress/templates/controller-deployment.yaml b/stable/nginx-ingress/templates/controller-deployment.yaml
+index 7d78507..f653c8a 100644
+--- a/stable/nginx-ingress/templates/controller-deployment.yaml
++++ b/stable/nginx-ingress/templates/controller-deployment.yaml
+@@ -1,5 +1,5 @@
+ {{- if eq .Values.controller.kind "Deployment" }}
+-apiVersion: extensions/v1beta1
++apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   labels:
+@@ -10,6 +10,10 @@ metadata:
+     release: {{ .Release.Name }}
+   name: {{ template "nginx-ingress.controller.fullname" . }}
+ spec:
++  selector:
++    matchLabels:
++      app: {{ template "nginx-ingress.name" . }}
++      release: {{ .Release.Name }}
+   replicas: {{ .Values.controller.replicaCount }}
+   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+   strategy:
+diff --git a/stable/nginx-ingress/templates/default-backend-deployment.yaml b/stable/nginx-ingress/templates/default-backend-deployment.yaml
+index 93ea613..399b798 100644
+--- a/stable/nginx-ingress/templates/default-backend-deployment.yaml
++++ b/stable/nginx-ingress/templates/default-backend-deployment.yaml
+@@ -1,5 +1,5 @@
+ {{- if .Values.defaultBackend.enabled }}
+-apiVersion: extensions/v1beta1
++apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   labels:
+@@ -10,6 +10,10 @@ metadata:
+     release: {{ .Release.Name }}
+   name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
+ spec:
++  selector:
++     matchLabels:
++       app: {{ template "nginx-ingress.name" . }}
++       release: {{ .Release.Name }}
+   replicas: {{ .Values.defaultBackend.replicaCount }}
+   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+   template:
+diff --git a/stable/nginx-ingress/templates/podsecuritypolicy.yaml b/stable/nginx-ingress/templates/podsecuritypolicy.yaml
+index 9222daf..b99aee8 100644
+--- a/stable/nginx-ingress/templates/podsecuritypolicy.yaml
++++ b/stable/nginx-ingress/templates/podsecuritypolicy.yaml
+@@ -1,5 +1,5 @@
+ {{- if .Values.podSecurityPolicy.enabled}}
+-apiVersion: extensions/v1beta1
++apiVersion: policy/v1beta1
+ kind: PodSecurityPolicy
+ metadata:
+   name: {{ template "nginx-ingress.fullname" . }} 
+-- 
+1.8.3.1
+

stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/Makefile

@@ -0,0 +1,43 @@
+#
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# It's necessary to set this because some environments don't link sh -> bash.
+SHELL := /bin/bash
+TASK  := build
+
+EXCLUDES := helm-toolkit doc tests tools logs tmp
+CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+
+.PHONY: $(EXCLUDES) $(CHARTS)
+
+all: $(CHARTS)
+
+$(CHARTS):
+	@if [ -d $@ ]; then \
+		echo; \
+		echo "===== Processing [$@] chart ====="; \
+		make $(TASK)-$@; \
+	fi
+
+init-%:
+	if [ -f $*/Makefile ]; then make -C $*; fi
+	if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: init-%
+	if [ -d $* ]; then helm lint $*; fi
+
+build-%: lint-%
+	if [ -d $* ]; then helm package $*; fi
+
+clean:
+	@echo "Clean all build artifacts"
+	rm -f */templates/_partials.tpl */templates/_globals.tpl
+	rm -f *tgz */charts/*tgz */requirements.lock
+	rm -rf */charts */tmpcharts
+
+%:
+	@:

stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/index.yaml

@@ -0,0 +1,3 @@
+apiVersion: v1
+entries: {}
+generated: 2019-01-07T12:33:46.098166523-06:00

stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/metadata.yaml

@@ -0,0 +1,6 @@
+maintain_user_overrides: true
+
+app_name: @APP_NAME@
+app_version: @APP_VERSION@
+helm_repo: @HELM_REPO@
+

stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/repositories.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+generated: 2019-01-02T15:19:36.215111369-06:00
+repositories:
+- caFile: ""
+  cache: /builddir/.helm/repository/cache/local-index.yaml
+  certFile: ""
+  keyFile: ""
+  name: local
+  password: ""
+  url: http://127.0.0.1:8879/charts
+  username: ""
+

stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml

@@ -0,0 +1,82 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nginx-ingress
+data:
+  chart_name: nginx-ingress
+  release: nginx-ingress
+  namespace: kube-system
+  wait:
+    timeout: 600
+    labels:
+      app: nginx-ingress
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete:
+        - type: job
+          labels:
+            app: nginx-ingress
+  values:
+    imagePullSecrets: [{"name": "default-registry-key"}]
+    controller:
+      kind: DaemonSet
+      daemonset:
+        useHostPort: false
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      config:
+        # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
+        nginx-status-ipv4-whitelist: 0.0.0.0/0
+        # See https://bugs.launchpad.net/starlingx/+bug/1823803
+        # Note quotes are necessary.
+        worker-processes: '1'
+      scope:
+        enabled: false
+      service:
+        type: ""
+        hostNetwork: true
+      livenessProbe:
+        initialDelaySeconds: 30
+      readinessProbe:
+        initialDelaySeconds: 30
+    defaultBackend:
+      image:
+        repository: k8s.gcr.io/defaultbackend
+        tag: "1.4"
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      service:
+        type: ""
+      livenessProbe:
+        initialDelaySeconds: 30
+      readinessProbe:
+        initialDelaySeconds: 30
+  source:
+    type: tar
+    location: http://172.17.0.1/helm_charts/stx-platform/nginx-ingress-1.4.0.tgz
+    subpath: nginx-ingress
+    reference: master
+  dependencies: []
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nginx-ingress
+data:
+  description: "Deploy Nginx Ingress Controller"
+  sequenced: false
+  chart_group:
+    - nginx-ingress
+---
+schema: armada/Manifest/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nginx-ingress-controller-manifest
+data:
+  release_prefix: ic
+  chart_groups:
+    - nginx-ingress