feat(chart): simple support for microservices

OADA · Mar 31, 2023 · d10fe5e · d10fe5e
1 parent 82f6d3b
commit d10fe5e
Show file tree

Hide file tree

Showing 12 changed files with 196 additions and 39 deletions.
diff --git a/charts/oada/Chart.yaml b/charts/oada/Chart.yaml
@@ -8,11 +8,12 @@ maintainers:
   - name: awlayton
     email: alex@layton.in
 type: application
-version: 3.1.0
-appVersion: '3.7.0'
+version: 3.2.0
+appVersion: '3.8.0'
 annotations:
   artifacthub.io/recommendations: |
     - url: https://artifacthub.io/packages/helm/cert-manager/cert-manager
-    - url: https://docs.redpanda.com/docs/quickstart/kubernetes-qs-cloud/#step-4-use-helm-to-install-the-redpanda-operator
-    - url: https://github.com/arangodb/kube-arangodb#installation-of-latest-release-using-helm
+    - url: https://artifacthub.io/packages/helm/redpanda/redpanda-operator
+    - url: https://artifacthub.io/packages/helm/source-field/kube-arangodb
+    - url: https://artifacthub.io/packages/helm/source-field/kube-arangodb-crd
     - url: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
diff --git a/charts/oada/README.md b/charts/oada/README.md
@@ -23,29 +23,23 @@ Supports multiple release installs and non-default namespace.
 
 ## Prerequisites
 
-- Redpanda operator and CRD
-- ArangoDB operator and CRD
-- Cert manager
-- At least one ingress controller
-
-Attempt to apply all prerequisites:
-
-[`kubectl apply -k https://www.github.com/OADA/server/k8s/support`][support]
-
-The above command might error on the first run.
-After 2-3 times, it _should_ run without error.
-
-**If the above does not work for you,
-google how to set up the listed prerequisites for your specific k8s cluster.**
+- [Cert manager][]
+- [Redpanda operator][]
+- [ArangoDB operator][] and [CRDs][arangodb crd]
+- At least one ingress controller (e.g., [ingress-nginx][])
 
 ## Installation
 
-Add the helm chart repo
+Add our helm chart repo
 `helm repo add oada https://charts.openag.io/`
 
 Install the Helm chart:
 `helm install my-oada oada/oada`
 
-See the [values.yaml](values.yaml) for various configuration options.
+See the [default values](values.yaml) for various configuration options.
 
-[support]: ../../k8s/support/kustomization.yaml
+[cert manager]: https://artifacthub.io/packages/helm/cert-manager/cert-manager
+[redpanda operator]: https://artifacthub.io/packages/helm/redpanda/redpanda-operator
+[arangodb operator]: https://artifacthub.io/packages/helm/source-field/kube-arangodb
+[arangodb crd]: https://artifacthub.io/packages/helm/source-field/kube-arangodb-crd
+[ingress-nginx]: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
diff --git a/charts/oada/templates/arangodb.yaml b/charts/oada/templates/arangodb.yaml
@@ -12,10 +12,7 @@ spec:
   mode: Single
   single:
     resources:
-      limits:
-        cpu: 100m
-        memory: 1Gi
-        ephemeral-storage: 1Gi
+      {{- toYaml .Values.oada.resources | nindent 6 }}
   environment: {{ .Values.global.development | ternary "Development" "Production" }}
   metrics:
     enabled: {{ include "oada.prometheus" . }}

diff --git a/charts/oada/templates/auth.yaml b/charts/oada/templates/auth.yaml
@@ -40,7 +40,7 @@ metadata:
     {{ include "oada.chart.labels" . | nindent 4 }}
   annotations:
     #nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt-{{ .Release.Name }}
+    cert-manager.io/issuer: issuer-oada-{{ .Release.Name }}
 spec:
   {{ if .Values.ingress.className -}}
   ingressClassName: {{ .Values.ingress.className }}

diff --git a/charts/oada/templates/configmap.yaml b/charts/oada/templates/configmap.yaml
@@ -41,7 +41,7 @@ data:
   WELLKNOWN_SUBSERVICES: http://auth-{{ .Release.Name }}
   {{ if .Values.global.development -}}
   NODE_ENV: development
-  NODE_TLS_REJECT_UNAUTHORIZED: '0'
+  #NODE_TLS_REJECT_UNAUTHORIZED: '0'
   arangodb__ensureDefaults: 'true'
   INSPECT: '--inspect=0.0.0.0:9229'
   {{ else -}}

diff --git a/charts/oada/templates/deployment.yaml b/charts/oada/templates/deployment.yaml
@@ -69,7 +69,7 @@ spec:
                   key: password
                   optional: {{ $.Values.global.development }}
           image: {{ print "oada/" $k ":" $tag }}
-          #imagePullPolicy: {{ $.Values.global.development | ternary "Always" "IfNotPresent" }}
+          imagePullPolicy: IfNotPresent
           command: ["/usr/bin/dumb-init", "--rewrite", "15:2", "--", "/bin/sh"]
           args: ["-c", "yarn workspace @oada/{{ $k }} run start"]
           # TODO: Better liveness checks
@@ -112,7 +112,8 @@ spec:
         {{ end -}}
         - name: tmp
           emptyDir:
-            medium: Memory
+            sizeLimit: 1Gi
+            #medium: Memory
       restartPolicy: Always
 {{- if $.Values.autoscaling.enabled }}
 ---

diff --git a/charts/oada/templates/http.yaml b/charts/oada/templates/http.yaml
@@ -43,7 +43,7 @@ metadata:
     {{ include "oada.chart.labels" . | nindent 4 }}
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt-{{ .Release.Name }}
+    cert-manager.io/issuer: issuer-oada-{{ .Release.Name }}
 spec:
   {{ if .Values.ingress.className -}}
   ingressClassName: {{ .Values.ingress.className }}
@@ -85,7 +85,7 @@ metadata:
     app.kubernetes.io/component: http-handler
     {{ include "oada.chart.labels" . | nindent 4 }}
   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-{{ .Release.Name }}
+    cert-manager.io/issuer: issuer-oada-{{ .Release.Name }}
 spec:
   {{ if .Values.ingress.className -}}
   ingressClassName: {{ .Values.ingress.className }}

diff --git a/charts/oada/templates/init.yaml b/charts/oada/templates/init.yaml
@@ -14,7 +14,7 @@
    * limitations under the License.
    */}}
 {{- $initName := print "init-" .Release.Name -}}
-{{- if empty (lookup "v1" "Secret" .Release.Namespace $initName) -}}
+{{- if empty (lookup "batch/v1" "Job" .Release.Namespace $initName) -}}
 {{- $tag := default .Chart.AppVersion .Values.oada.tag -}}
 apiVersion: batch/v1
 kind: Job

diff --git a/charts/oada/templates/letsencrypt.yaml → charts/oada/templates/issuer.yaml b/charts/oada/templates/letsencrypt.yaml → charts/oada/templates/issuer.yaml
@@ -15,7 +15,7 @@
    */}}
 {{- if .Values.ingress.enabled }}
 apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
+kind: Issuer
 metadata:
   namespace: {{ .Release.Namespace }}
   name: letsencrypt-{{ .Release.Name }}
@@ -32,7 +32,7 @@ spec:
       https://acme{{ .Values.global.development | ternary "-staging-" "-" }}v02.api.letsencrypt.org/directory
     email: info@{{ include "oada.domain" . }}
     privateKeySecretRef:
-      name: letsencrypt-{{ .Release.Name }}
+      name: issuer-oada-{{ .Release.Name }}
     solvers:
       - http01:
           ingress:

diff --git a/charts/oada/templates/uservice.yaml b/charts/oada/templates/uservice.yaml
@@ -0,0 +1,150 @@
+{{/*
+   * Copyright 2023 Open Ag Data Alliance
+   *
+   * Licensed under the Apache License, Version 2.0 (the "License");
+   * you may not use this file except in compliance with the License.
+   * You may obtain a copy of the License at
+   *
+   *     http://www.apache.org/licenses/LICENSE-2.0
+   *
+   * Unless required by applicable law or agreed to in writing, software
+   * distributed under the License is distributed on an "AS IS" BASIS,
+   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   * See the License for the specific language governing permissions and
+   * limitations under the License.
+   */}}
+{{- range $k, $v := .Values.oada.externalServices -}}
+{{/* Deploy external OADA services `$k` */}}
+{{- $name := print $k "-" $.Release.Name -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ $.Release.Namespace }}
+  name: {{ $name }}
+  labels:
+    app.kubernetes.io/component: {{ $k }}
+    {{- include "oada.chart.labels" $ | nindent 4 }}
+spec:
+  {{- if not $.Values.autoscaling.enabled }}
+  replicas: {{ $.Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: {{ $k }}
+      {{- include "oada.chart.selectorLabels" $ | nindent 6 }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: {{ $k }}
+        {{- include "oada.chart.selectorLabels" $ | nindent 8 }}
+    spec:
+      serviceAccountName: service-account-{{ $.Release.Name }}
+      initContainers:
+        - name: wait-for-api
+          image: {{ $.Values.k8sWaitFor.image }}:{{ $.Values.k8sWaitFor.tag }}
+          args:
+            - service
+            - http-handler-{{ $.Release.Name }}
+          resources:
+            limits: {{- toYaml $.Values.k8sWaitFor.resources.limits | nindent 14 }}
+            requests: {{- toYaml $.Values.k8sWaitFor.resources.limits | nindent 14 }}
+      containers:
+        - envFrom:
+            - configMapRef:
+                name: {{ $.Chart.Name }}-configmap-{{ $.Release.Name }}
+            {{- if $v.envFrom }}
+              {{- toYaml $v.envFrom | nindent 12 -}}
+            {{- end }}
+          env:
+            - name: DOMAIN
+              value: http://http-handler-{{ $.Release.Name }}:80
+            {{- if $v.env }}
+              {{- toYaml $v.env | nindent 12 -}}
+            {{- end }}
+          image: {{ print $v.image ":" $v.tag }}
+          imagePullPolicy: IfNotPresent
+          # TODO: Better liveness checks
+          livenessProbe:
+            httpGet:
+              port: prometheus
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1000 # run as user node (uid 1000)
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+          name: {{ $name }}
+          resources:
+            {{- toYaml $.Values.oada.resources | nindent 12 }}
+          ports:
+            {{ if $.Values.global.development -}}
+            - name: inspect
+              containerPort: 9229
+            {{- end }}
+            - name: prometheus
+              containerPort: 3000
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp
+      volumes:
+        - name: tmp
+          emptyDir:
+            sizeLimit: 1Gi
+            #medium: Memory
+      restartPolicy: Always
+{{- if $.Values.autoscaling.enabled }}
+---
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  namespace: {{ $.Release.Namespace }}
+  name: {{ $name }}
+  labels:
+    app.kubernetes.io/component: {{ $k }}
+    {{- include "oada.chart.labels" $ | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ $name }}
+  minReplicas: {{ $.Values.autoscaling.minReplicas }}
+  maxReplicas: {{ $.Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if $.Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ $.Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if $.Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ $.Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
+{{- if eq (include "oada.prometheus" $) "true" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  namespace: {{ $.Release.Namespace }}
+  name: {{ $name }}
+  labels:
+    app.kubernetes.io/component: {{ $k }}
+    {{- include "oada.chart.labels" $ | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: {{ $k }}
+      {{- include "oada.chart.selectorLabels" $ | nindent 6 }}
+  podMetricsEndpoints:
+  - port: prometheus
+  namespaceSelector:
+    any: false
+{{- end }}
+---
+{{ end -}}
diff --git a/charts/oada/templates/well-known.yaml b/charts/oada/templates/well-known.yaml
@@ -40,7 +40,7 @@ metadata:
     {{ include "oada.chart.labels" . | nindent 4 }}
   annotations:
     #nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt-{{ .Release.Name }}
+    cert-manager.io/issuer: issuer-oada-{{ .Release.Name }}
 spec:
   {{ if .Values.ingress.className -}}
   ingressClassName: {{ .Values.ingress.className }}

diff --git a/charts/oada/values.yaml b/charts/oada/values.yaml
@@ -1,15 +1,17 @@
 replicaCount: 1
 
 ingress:
+  # ingress.enabled is whether to create ingresses for this OADA instance
   enabled: true
+  # ingress.className is the ingress class to use for created ingresses
   className: ~
 
 oada:
   # oada.domains is the domain(s) for this OADA instance
   domains: []
   # oada.tag is the Docker tag for the OADA images
   tag: ~
-  # oada.services is the list of oada services to deploy
+  # oada.services is a map of oada services to deploy
   services:
     http-handler:
       http: true
@@ -23,16 +25,22 @@ oada:
     users: {}
     webhooks: {}
     write-handler: {}
+  # oada.externalServices is a map of oada-compatible services to deploy with this OADA instance
+  externalServices:
+    #unfisk:
+    #  image: qlever/unfisk
+    #  tag: build
   # oada.users is a list of users to be created
   users:
     - name: admin
       admin: true
       scope:
         - all:all
         - oada.admin.user:all
+  # oada.resources are the resource requests/limits for the OADA services
   resources:
     limits:
-      ephemeral-storage: 500Mi
+      ephemeral-storage: 512Mi
     requests:
       cpu: 20m
       memory: 128Mi
@@ -64,7 +72,13 @@ arangodb:
   # arangodb.image is the Docker image to use for arangodb
   image: arangodb/arangodb
   # arangodb.tag is the Docker tag for the ArangoDB images
-  tag: 3.9.3
+  tag: 3.10.5
+  # arangodb.resources are the resource requests/limits for the ArangoDB service
+  resources:
+    limits:
+      cpu: 100m
+      memory: 1Gi
+      ephemeral-storage: 1Gi
 
 kafka:
   # kafka.brokers is an array of an external Kafka brokers.
@@ -74,7 +88,7 @@ kafka:
   # kafka.image is the Docker image to use for Kafka
   image: docker.redpanda.com/vectorized/redpanda
   # kafka.tag is the Docker tag for the Kafka/Redpanda images
-  tag: v22.2.5
+  tag: v23.1.2
 
 k8sWaitFor:
   image: groundnuty/k8s-wait-for