update demoapp-backend and demoapp-frontend charts to support openshift

.gitignore

@@ -0,0 +1,3 @@
+# Charts
+charts/**/Chart.lock
+charts/**/*.tgz

README.md

@@ -1,2 +1,30 @@
 # demoapp-helm-charts
 Helm Charts for deploying demoapp to Kubernetes and OpenShift
+
+## Deployment to OpenShift Local
+Prerequisites:
+1. [Red Hat OpenShift Local](https://developers.redhat.com/products/openshift-local/overview)
+
+Steps:
+1. Create `demo` project
+```sh
+# Login to OpenShift Local
+oc login -u kubeadmin https://api.crc.testing:6443
+
+# Create project
+oc new-project demo
+```
+2. Deploy `demoapp-backend`
+```sh
+cd charts/demoapp-backend
+helm dependency update .
+helm upgrade -i demoapp-backend . \
+  --values values-openshift-local.yaml
+```
+3. Deploy `demoapp-frontend`
+```sh
+cd charts/demoapp-frontend
+helm dependency update .
+helm upgrade -i demoapp-frontend . \
+  --values values-openshift-local.yaml
+```

charts/demoapp-backend/Chart.yaml

@@ -3,6 +3,13 @@ apiVersion: v2
 name: demoapp-backend
 description: A Helm chart for Kubernetes
 
+dependencies:
+  # https://artifacthub.io/packages/helm/bitnami/mysql
+  - name: mysql
+    version: "9.14.3"
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: mysql.enabled
+
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -22,4 +29,5 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.16.0"
+# demoapp-backend releases: https://github.com/paul-gilber/demoapp-backend/releases
+appVersion: "v1.0.4"

charts/demoapp-backend/templates/NOTES.txt

@@ -5,6 +5,9 @@
   http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
   {{- end }}
 {{- end }}
+{{- else if .Values.openshift.route.enabled }}
+  export HOST=$(oc get route {{ include "demoapp-backend.fullname" . }} --namespace {{ .Release.Namespace }} -o jsonpath='{.spec.host}')
+  echo http{{ if .Values.openshift.route.tls }}s{{ end }}://$HOST{{ .Values.openshift.route.path }}
 {{- else if contains "NodePort" .Values.service.type }}
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "demoapp-backend.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")

charts/demoapp-backend/templates/deployment.yaml

@@ -30,24 +30,60 @@ spec:
       serviceAccountName: {{ include "demoapp-backend.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: wait-mysql
+          image: busybox:1.31
+          command: ['sh', '-c', 'echo -e "Waiting for MySQL at mysql:3306"; while ! nc -z mysql 3306; do sleep 1; printf "-"; done; echo -e "  >> MySQL has started";']
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          env:
+          {{- if .Values.mysql.enabled }}
+            {{- if not .Values.mysql.auth.existingSecret }}
+            - name: SPRING_DATASOURCE_USERNAME
+              value: root
+            - name: SPRING_DATASOURCE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: mysql-root-password
+                  name: {{ .Values.mysql.fullnameOverride }}
+            {{- end }}
+          {{- end }}
+          {{- with .Values.env }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          envFrom:
+          {{- with .Values.envFrom }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
               containerPort: {{ .Values.service.port }}
               protocol: TCP
-          livenessProbe:
+          startupProbe:
             httpGet:
-              path: /
+              path: /actuator/health
               port: http
+          {{- with .Values.startupProbe }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           readinessProbe:
             httpGet:
-              path: /
+              path: /actuator/health
               port: http
+          {{- with .Values.readinessProbe }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /actuator/health
+              port: http
+          {{- with .Values.livenessProbe }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           {{- with .Values.volumeMounts }}

charts/demoapp-backend/templates/openshift-route.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.openshift.route.enabled }}
+# Expose application via OpenShift route
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ include "demoapp-backend.fullname" . }}
+  {{- with .Values.openshift.route.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "demoapp-backend.labels" . | nindent 4 }}
+spec:
+  {{- if .Values.openshift.route.host }}
+  host: {{ .Values.openshift.route.host }}
+  {{- end }}
+  path: {{ .Values.openshift.route.path }}
+  port:
+    targetPort: http
+  to:
+    kind: Service
+    name: {{ include "demoapp-backend.fullname" . }}
+    weight: 100
+  {{- with .Values.openshift.route.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  wildcardPolicy: None
+{{- end }}

charts/demoapp-backend/templates/openshift-scc-mysql.yaml

@@ -0,0 +1,15 @@
+{{- if and .Values.openshift.enabled .Values.mysql.enabled }}
+# Binds `{{ .Values.openshift.scc.mysql }}` securitycontextconstraints to service account
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: scc-{{ .Values.openshift.scc.mysql }}-{{ .Release.Namespace }}-{{ .Values.mysql.fullnameOverride }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:{{ .Values.openshift.scc.mysql }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.mysql.fullnameOverride }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}

charts/demoapp-backend/values-openshift-local.yaml

@@ -0,0 +1,35 @@
+---
+# Values for deploying demoapp-frontend to OpenShift Local
+
+openshift:
+  enabled: true    # Is this deployment for OpenShift?
+  # OpenShift route
+  route:
+    enabled: true    # Create OpenShift route?
+    annotations:
+      # Forward route /api to to container /
+      haproxy.router.openshift.io/rewrite-target: /
+    host: demoapp.apps-crc.testing    # Route host, autogenerated by cluster when unspecified
+    path: /api
+    tls:
+      termination: edge
+  # OpenShift SCC
+  scc:
+    mysql: privileged
+
+# Values for mysql: https://artifacthub.io/packages/helm/bitnami/mysql
+mysql:
+  enabled: true
+  # global
+  global:
+    storageClass: ""
+  image:
+    registry: docker.io
+    repository: mysql
+    ta: "8.0"
+  auth:
+    rootPassword: openshift-local
+  # primary database
+  primary:
+    persistence:
+      enabled: true

charts/demoapp-backend/values.yaml

@@ -2,11 +2,10 @@
 # Default values for demoapp-backend.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-
 replicaCount: 1
 
 image:
-  repository: nginx
+  repository: ghcr.io/paul-gilber/demoapp-backend
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
@@ -15,6 +14,35 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+# Deployment container environment variables
+# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
+env: {}
+
+# Deployment container environment variables
+# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
+envFrom: {}
+
+# Health probes
+# Startup Probe protects (blocks readiness and liveness) the application during start-up
+startupProbe:
+  # Allows up to 5 minutes start-up time (periodSeconds X failureThreshold)
+  failureThreshold: 20
+  periodSeconds: 15
+  successThreshold: 1
+  timeoutSeconds: 3
+
+readinessProbe:
+  failureThreshold: 3
+  periodSeconds: 15
+  successThreshold: 1
+  timeoutSeconds: 3
+
+livenessProbe:
+  failureThreshold: 3
+  periodSeconds: 15
+  successThreshold: 1
+  timeoutSeconds: 3
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
@@ -42,14 +70,17 @@ securityContext: {}
 
 service:
   type: ClusterIP
-  port: 80
+  port: 8080
 
 ingress:
   enabled: false
   className: ""
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
+    # Creating a route through an Ingress object
+    # https://docs.openshift.com/container-platform/4.11/networking/routes/route-configuration.html#nw-ingress-creating-a-route-via-an-ingress_route-configuration
+    # route.openshift.io/termination: edge
   hosts:
     - host: chart-example.local
       paths:
@@ -60,6 +91,20 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
+openshift:
+  enabled: false    # Is this deployment for OpenShift?
+  # OpenShift route
+  route:
+    enabled: false    # Create OpenShift route?
+    annotations: {}
+    host: ''    # Route host, autogenerated by cluster when unspecified
+    path: /
+    # tls:
+    #   termination: edge
+  # OpenShift SCC
+  scc:
+    mysql: anyuid
+
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
@@ -97,3 +142,18 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+# Values for mysql: https://artifacthub.io/packages/helm/bitnami/mysql
+mysql:
+  enabled: false
+  fullnameOverride: mysql
+  image:
+    registry: docker.io
+    repository: mysql
+    tag: "8.0"
+  auth:
+    createDatabase: true
+    database: demoapp
+    username: ""
+    password: ""
+    existingSecret: ""

charts/demoapp-frontend/Chart.yaml

@@ -22,4 +22,5 @@ version: 1.0.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
+# demoapp-frontend releases: https://github.com/paul-gilber/demoapp-frontend/releases
 appVersion: "v1.0.0"

charts/demoapp-frontend/values-openshift-local.yaml

@@ -1,12 +1,19 @@
 ---
 # Values for deploying demoapp-frontend to OpenShift Local
+
+# Deployment container environment variables
+# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#environment-variables
+env:
+  - name: REACT_APP_DEMOAPP_BACKEND_URL
+    value: https://demoapp.apps-crc.testing/api    # URL should be accessible from the web browser
+
 openshift:
   enabled: true    # Is this deployment for OpenShift?
   # OpenShift route
   route:
     enabled: true    # Create OpenShift route?
     annotations: {}
-    host: ''    # Route host, autogenerated by cluster when unspecified
+    host: demoapp.apps-crc.testing    # Route host, autogenerated by cluster when unspecified
     path: /
     tls:
       termination: edge

charts/demoapp-frontend/values.yaml

@@ -77,7 +77,7 @@ openshift:
   enabled: false    # Is this deployment for OpenShift?
   # OpenShift route
   route:
-    enabled: true    # Create OpenShift route?
+    enabled: false    # Create OpenShift route?
     annotations: {}
     host: ''    # Route host, autogenerated by cluster when unspecified
     path: /