Merge pull request #3 from paul-gilber/helm-checks

Update charts to support deployment to OpenShift. Add validate workflows for installing chart to k3s cluster
paul-gilber · Nov 9, 2023 · 0a7d636 · 0a7d636
2 parents 89009a2 + e4e3008
commit 0a7d636
Show file tree

Hide file tree

Showing 19 changed files with 396 additions and 20 deletions.
diff --git a/.devcontainer/compose.yaml b/.devcontainer/compose.yaml
@@ -0,0 +1,12 @@
+---
+# Using Docker Compose for Dev Containers: https://containers.dev/guide/dockerfile#docker-compose-dockerfile
+# Service top-level element reference: https://docs.docker.com/compose/compose-file/05-services/
+services:
+  devcontainer:
+    image: mcr.microsoft.com/devcontainers/base:bullseye
+    # network_mode: host
+    volumes:
+      - ../..:/workspaces:cached    # mounts the workspace folder from the local source tree into the Dev Container.
+    command: sleep infinity
+    extra_hosts:
+      - "api.crc.testing:host-gateway"
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -3,8 +3,14 @@
 {
 	"name": "Kubernetes - Local Configuration",
 	// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
-	"image": "mcr.microsoft.com/devcontainers/base:bullseye",
+	// "image": "mcr.microsoft.com/devcontainers/base:bullseye",
 
+	// Use Docker Compose File
+	"dockerComposeFile": "compose.yaml",
+	"service": "devcontainer",
+	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
+
+	// Available features: https://containers.dev/features
 	"features": {
 		"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
 		"ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {
@@ -20,7 +26,9 @@
 		"ghcr.io/devcontainers-contrib/features/yamllint:2": {},
 		"ghcr.io/stuartleeks/dev-container-features/shell-history:0": {},
 		"ghcr.io/joshuanianji/devcontainer-features/github-cli-persistence:0": {},
-		"ghcr.io/mpriscella/features/kind:1": {}
+		"ghcr.io/mpriscella/features/kind:1": {},
+		"ghcr.io/paul-gilber/devcontainer-features/openshift-cli-homebrew:1": {},
+		"ghcr.io/paul-gilber/devcontainer-features/yamllint-homebrew:1": {}
 	},
 
 	"remoteEnv": {

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -4,6 +4,8 @@ name: Validate Helm Charts
 # Events that trigger workflows: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
 on:
   push:    # By default, a workflow only runs when a pull_request event's activity type is opened, synchronize, or reopened
+    paths:
+      - charts/**
 
 # Set Workflow-level permissions: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
 permissions:
@@ -18,7 +20,7 @@ jobs:
     strategy:
       matrix:
         chart: [demoapp-backend, demoapp-frontend]
-        value: [values.yaml]
+        value: [values.yaml, values-openshift-local.yaml]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -47,7 +49,7 @@ jobs:
         value: [values.yaml]
         # k3s releases: https://github.com/k3s-io/k3s/releases
         # '' = stable version
-        k3s_version: ['']    # , v1.28.2+k3s1, v1.27.7+k3s1, v1.26.10+k3s1]
+        k3s_version: ['', v1.28.2+k3s1]
     runs-on: ubuntu-latest
     env:
       # Set KUBECONFIG path to default k3s location
@@ -82,8 +84,9 @@ jobs:
       - name: Helm Install
         run: |
           cd "${{ env.CHART_PATH }}"
-          helm install ${{ matrix.chart }} . --wait --timeout 30s
+          helm install ${{ matrix.chart }} . --wait --timeout 5m0s
 
+  # Requires OpenShift Cluster to install charts
   # helm-dry-run-openshift:
   #   runs-on: ubuntu-latest
   #   steps:

diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+# Charts
+charts/**/Chart.lock
+charts/**/*.tgz
diff --git a/README.md b/README.md
@@ -1,2 +1,30 @@
 # demoapp-helm-charts
 Helm Charts for deploying demoapp to Kubernetes and OpenShift
+
+## Deployment to OpenShift Local
+Prerequisites:
+1. [Red Hat OpenShift Local](https://developers.redhat.com/products/openshift-local/overview)
+
+Steps:
+1. Create `demo` project
+```sh
+# Login to OpenShift Local
+oc login -u kubeadmin https://api.crc.testing:6443
+
+# Create project
+oc new-project demo
+```
+2. Deploy `demoapp-backend`
+```sh
+cd charts/demoapp-backend
+helm dependency update .
+helm upgrade -i demoapp-backend . \
+  --values values-openshift-local.yaml
+```
+3. Deploy `demoapp-frontend`
+```sh
+cd charts/demoapp-frontend
+helm dependency update .
+helm upgrade -i demoapp-frontend . \
+  --values values-openshift-local.yaml
+```
diff --git a/charts/demoapp-backend/Chart.yaml b/charts/demoapp-backend/Chart.yaml
@@ -3,6 +3,13 @@ apiVersion: v2
 name: demoapp-backend
 description: A Helm chart for Kubernetes
 
+dependencies:
+  # https://artifacthub.io/packages/helm/bitnami/mysql
+  - name: mysql
+    version: "9.14.3"
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: mysql.enabled
+
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -22,4 +29,5 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+# demoapp-backend releases: https://github.com/paul-gilber/demoapp-backend/releases
+appVersion: "v1.0.4"
diff --git a/charts/demoapp-backend/templates/NOTES.txt b/charts/demoapp-backend/templates/NOTES.txt
@@ -5,6 +5,9 @@
   http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
   {{- end }}
 {{- end }}
+{{- else if .Values.openshift.route.enabled }}
+  export HOST=$(oc get route {{ include "demoapp-backend.fullname" . }} --namespace {{ .Release.Namespace }} -o jsonpath='{.spec.host}')
+  echo http{{ if .Values.openshift.route.tls }}s{{ end }}://$HOST{{ .Values.openshift.route.path }}
 {{- else if contains "NodePort" .Values.service.type }}
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "demoapp-backend.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")

diff --git a/charts/demoapp-backend/templates/deployment.yaml b/charts/demoapp-backend/templates/deployment.yaml
@@ -30,24 +30,60 @@ spec:
       serviceAccountName: {{ include "demoapp-backend.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: wait-mysql
+          image: busybox:1.31
+          command: ['sh', '-c', 'echo -e "Waiting for MySQL at mysql:3306"; while ! nc -z mysql 3306; do sleep 1; printf "-"; done; echo -e "  >> MySQL has started";']
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          env:
+          {{- if .Values.mysql.enabled }}
+            {{- if not .Values.mysql.auth.existingSecret }}
+            - name: SPRING_DATASOURCE_USERNAME
+              value: root
+            - name: SPRING_DATASOURCE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: mysql-root-password
+                  name: {{ .Values.mysql.fullnameOverride }}
+            {{- end }}
+          {{- end }}
+          {{- with .Values.env }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          envFrom:
+          {{- with .Values.envFrom }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
-          livenessProbe:
+          startupProbe:
             httpGet:
-              path: /
+              path: /actuator/health
               port: http
+          {{- with .Values.startupProbe }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           readinessProbe:
             httpGet:
-              path: /
+              path: /actuator/health
               port: http
+          {{- with .Values.readinessProbe }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: http
+          {{- with .Values.livenessProbe }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           {{- with .Values.volumeMounts }}

diff --git a/charts/demoapp-backend/templates/openshift-route.yaml b/charts/demoapp-backend/templates/openshift-route.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.openshift.route.enabled }}
+# Expose application via OpenShift route
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ include "demoapp-backend.fullname" . }}
+  {{- with .Values.openshift.route.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "demoapp-backend.labels" . | nindent 4 }}
+spec:
+  {{- if .Values.openshift.route.host }}
+  host: {{ .Values.openshift.route.host }}
+  {{- end }}
+  path: {{ .Values.openshift.route.path }}
+  port:
+    targetPort: http
+  to:
+    kind: Service
+    name: {{ include "demoapp-backend.fullname" . }}
+    weight: 100
+  {{- with .Values.openshift.route.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  wildcardPolicy: None
+{{- end }}
diff --git a/charts/demoapp-backend/templates/openshift-scc-mysql.yaml b/charts/demoapp-backend/templates/openshift-scc-mysql.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.openshift.enabled .Values.mysql.enabled }}
+# Binds `{{ .Values.openshift.scc.mysql }}` securitycontextconstraints to service account
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: scc-{{ .Values.openshift.scc.mysql }}-{{ .Release.Namespace }}-{{ .Values.mysql.fullnameOverride }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:{{ .Values.openshift.scc.mysql }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.mysql.fullnameOverride }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/demoapp-backend/values-openshift-local.yaml b/charts/demoapp-backend/values-openshift-local.yaml
@@ -0,0 +1,35 @@
+---
+# Values for deploying demoapp-frontend to OpenShift Local
+
+openshift:
+  enabled: true    # Is this deployment for OpenShift?
+  # OpenShift route
+  route:
+    enabled: true    # Create OpenShift route?
+    annotations:
+      # Forward route /api to to container /
+      haproxy.router.openshift.io/rewrite-target: /
+    host: demoapp.apps-crc.testing    # Route host, autogenerated by cluster when unspecified
+    path: /api
+    tls:
+      termination: edge
+  # OpenShift SCC
+  scc:
+    mysql: privileged
+
+# Values for mysql: https://artifacthub.io/packages/helm/bitnami/mysql
+mysql:
+  enabled: true
+  # global
+  global:
+    storageClass: ""
+  image:
+    registry: docker.io
+    repository: mysql
+    ta: "8.0"
+  auth:
+    rootPassword: openshift-local
+  # primary database
+  primary:
+    persistence:
+      enabled: true