Merge pull request #47 from G-Research/helm

Completing helm charts + Basic Auth for server
armadaproject · Aug 13, 2019 · 62657c7 · 62657c7
2 parents b90c3d9 + d243431
commit 62657c7
Show file tree

Hide file tree

Showing 35 changed files with 473 additions and 52 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -62,13 +62,13 @@ jobs:
 
             if [ ${CIRCLE_BRANCH} != master ]
               then
-                TAG=branch-${CIRCLE_BRANCH}
+                TAG=branch-${CIRCLE_BRANCH}-${CIRCLE_SHA1}
             fi
 
             source scripts/assume-role.sh
             $(aws ecr get-login --region eu-west-1 --no-include-email)
 
-            docker tag armada-executor ${ECR_REPOSITORY}/armada:${TAG}
+            docker tag armada ${ECR_REPOSITORY}/armada:${TAG}
             docker push ${ECR_REPOSITORY}/armada:${TAG}
 
             docker tag armada-executor ${ECR_REPOSITORY}/armada-executor:${TAG}

diff --git a/build/executor/Dockerfile b/build/executor/Dockerfile
@@ -3,6 +3,8 @@ FROM alpine:3.10
 COPY ./executor /app/
 COPY /config/executor/ /app/config/executor
 
+RUN apk update && apk add --no-cache ca-certificates
+
 WORKDIR /app
 
 ENTRYPOINT ["./executor"]
diff --git a/cmd/armada/main.go b/cmd/armada/main.go
@@ -13,9 +13,11 @@ import (
 )
 
 const CustomConfigLocation string = "config"
+const ValidUsersLocation string = "usersPath"
 
 func init() {
 	pflag.String(CustomConfigLocation, "", "Fully qualified path to application configuration file")
+	pflag.String(ValidUsersLocation, "", "Fully qualified path to user credentials file")
 	pflag.Parse()
 }
 
@@ -26,6 +28,7 @@ func main() {
 	var config configuration.ArmadaConfig
 	userSpecifiedConfig := viper.GetString(CustomConfigLocation)
 	common.LoadConfig(&config, "./config/armada", userSpecifiedConfig)
+	loadUsersCredentialFile(&config)
 
 	log.Info("Starting...")
 
@@ -39,3 +42,24 @@ func main() {
 	}()
 	wg.Wait()
 }
+
+func loadUsersCredentialFile(config *configuration.ArmadaConfig) {
+	credentialsPath := viper.GetString(ValidUsersLocation)
+
+	if credentialsPath != "" {
+		log.Info("Loading credentials from " + credentialsPath)
+		viper.SetConfigFile(credentialsPath)
+
+		err := viper.ReadInConfig()
+		if err != nil {
+			log.Error(err)
+			os.Exit(-1)
+		}
+		users := viper.GetStringMapString("users")
+
+		config.Authentication = configuration.AuthenticationConfig{
+			EnableAuthentication: true,
+			Users:                users,
+		}
+	}
+}
diff --git a/cmd/armadactl/cmd/createQueue.go b/cmd/armadactl/cmd/createQueue.go
@@ -24,7 +24,7 @@ Job priority is evaluated inside queue, queue has its own priority.`,
 
 		queue := args[0]
 
-		withConnection(cmd, func(conn *grpc.ClientConn) {
+		withConnection(func(conn *grpc.ClientConn) {
 
 			client := api.NewSubmitClient(conn)
 			_, e := client.CreateQueue(timeout(), &api.Queue{Name: queue, Priority: 1})

diff --git a/cmd/armadactl/cmd/root.go b/cmd/armadactl/cmd/root.go
@@ -2,18 +2,25 @@ package cmd
 
 import (
 	"fmt"
+	"github.com/G-Research/k8s-batch/internal/common"
+	"github.com/mitchellh/go-homedir"
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 	"os"
-
-	homedir "github.com/mitchellh/go-homedir"
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/viper"
 )
 
 func init() {
 	cobra.OnInitialize(initConfig)
-	rootCmd.PersistentFlags().StringVar(&cfgFile, "armadaUrl", "localhost:50051", "specify armada server url")
+	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.armadactl.yaml)")
+	rootCmd.PersistentFlags().String("armadaUrl", "localhost:50051", "specify armada server url")
+	rootCmd.PersistentFlags().String("username", "", "username to connect to armada server")
+	rootCmd.PersistentFlags().String("password", "", "password to connect to armada server")
+	viper.BindPFlag("armadaUrl", rootCmd.PersistentFlags().Lookup("armadaUrl"))
+	viper.BindPFlag("username", rootCmd.PersistentFlags().Lookup("username"))
+	viper.BindPFlag("password", rootCmd.PersistentFlags().Lookup("password"))
 }
 
 var rootCmd = &cobra.Command{
@@ -31,9 +38,13 @@ func Execute() {
 	}
 }
 
-func withConnection(cmd *cobra.Command, action func(*grpc.ClientConn)) {
-	url := cmd.Flag("armadaUrl").Value.String()
-	conn, err := grpc.Dial(url, grpc.WithInsecure())
+func withConnection(action func(*grpc.ClientConn)) {
+	url := viper.GetString("armadaUrl")
+	username := viper.GetString("username")
+	password := viper.GetString("password")
+
+	conn, err := createConnection(url, username, password)
+
 	if err != nil {
 		log.Fatalf("did not connect: %v", err)
 	}
@@ -42,7 +53,19 @@ func withConnection(cmd *cobra.Command, action func(*grpc.ClientConn)) {
 	action(conn)
 }
 
-// TODO
+func createConnection(url string, username string, password string) (*grpc.ClientConn, error) {
+	if username == "" || password == "" {
+		return grpc.Dial(url, grpc.WithInsecure())
+	} else {
+		return grpc.Dial(
+			url,
+			grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")),
+			grpc.WithPerRPCCredentials(&common.LoginCredentials{
+				Username: username,
+				Password: password,
+			}))
+	}
+}
 
 var cfgFile string
 
@@ -59,15 +82,19 @@ func initConfig() {
 			os.Exit(1)
 		}
 
-		// Search config in home directory with name ".cmd" (without extension).
 		viper.AddConfigPath(home)
-		viper.SetConfigName(".cmd")
+		viper.SetConfigName(".armadactl")
 	}
 
 	viper.AutomaticEnv() // read in environment variables that match
 
 	// If a config file is found, read it in.
-	if err := viper.ReadInConfig(); err == nil {
+	err := viper.ReadInConfig()
+
+	if err == nil {
 		fmt.Println("Using config file:", viper.ConfigFileUsed())
+	} else {
+		fmt.Println("Can't read config:", err)
+		os.Exit(1)
 	}
 }
diff --git a/cmd/armadactl/cmd/submit.go b/cmd/armadactl/cmd/submit.go
@@ -37,7 +37,7 @@ var submitCmd = &cobra.Command{
 		submitFile := &JobSubmitFile{}
 		bindYaml(filePath, submitFile)
 
-		withConnection(cmd, func(conn *grpc.ClientConn) {
+		withConnection(func(conn *grpc.ClientConn) {
 			client := api.NewSubmitClient(conn)
 
 			for _, job := range submitFile.Jobs {

diff --git a/cmd/armadactl/cmd/watch.go b/cmd/armadactl/cmd/watch.go
@@ -24,7 +24,7 @@ var watchCmd = &cobra.Command{
 
 		log.Infof("Watching job set %s", jobSetId)
 
-		withConnection(cmd, func(conn *grpc.ClientConn) {
+		withConnection(func(conn *grpc.ClientConn) {
 			eventsClient := api.NewEventClient(conn)
 			client.WatchJobSet(eventsClient, jobSetId)
 		})

diff --git a/cmd/executor/main.go b/cmd/executor/main.go
@@ -4,6 +4,7 @@ import (
 	"github.com/G-Research/k8s-batch/internal/common"
 	"github.com/G-Research/k8s-batch/internal/executor"
 	"github.com/G-Research/k8s-batch/internal/executor/configuration"
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 	"os"
@@ -12,11 +13,13 @@ import (
 )
 
 const CustomConfigLocation string = "config"
+const ApiCredentialsLocation string = "apiCredentialsPath"
 const InCluster string = "inCluster"
 const KubeConfig string = "kubeConfigPath"
 
 func init() {
 	pflag.String(CustomConfigLocation, "", "Fully qualified path to application configuration file")
+	pflag.String(ApiCredentialsLocation, "", "Fully qualified path to api credentials file")
 	pflag.Bool(InCluster, false, "When set executor will run using in cluster client connection details")
 	pflag.String(KubeConfig, "", "Fully qualified path to custom kube config file")
 	pflag.Parse()
@@ -42,6 +45,7 @@ func loadConfig() configuration.ExecutorConfiguration {
 	var config configuration.ExecutorConfiguration
 	userSpecifiedConfig := viper.GetString(CustomConfigLocation)
 	common.LoadConfig(&config, "./config/executor", userSpecifiedConfig)
+	loadCredentials(&config)
 
 	inClusterDeployment := viper.GetBool(InCluster)
 	customKubeConfigLocation := viper.GetString(KubeConfig)
@@ -52,3 +56,24 @@ func loadConfig() configuration.ExecutorConfiguration {
 	}
 	return config
 }
+
+func loadCredentials(config *configuration.ExecutorConfiguration) {
+	credentialsPath := viper.GetString(ApiCredentialsLocation)
+	if credentialsPath != "" {
+		viper.SetConfigFile(credentialsPath)
+
+		err := viper.ReadInConfig()
+		if err != nil {
+			log.Error(err)
+			os.Exit(-1)
+		}
+		username := viper.GetString(common.UsernameField)
+		password := viper.GetString(common.PasswordField)
+
+		config.Authentication = configuration.AuthenticationConfiguration{
+			EnableAuthentication: true,
+			Username:             username,
+			Password:             password,
+		}
+	}
+}
diff --git a/config/armada/config.yaml b/config/armada/config.yaml
@@ -8,3 +8,5 @@ eventsRedis:
   addr: "localhost:6379"
   password: ""
   db: 0
+authentication:
+  enableAuthentication: false
diff --git a/config/executor/config.yaml b/config/executor/config.yaml
@@ -9,3 +9,5 @@ armada:
   url : "localhost:50051"
 events:
   url : "localhost:50051"
+authentication:
+  enableAuthentication: false
diff --git a/deployment/armada/Chart.yaml b/deployment/armada/Chart.yaml
@@ -0,0 +1,4 @@
+appVersion : v1
+description: A helm chart for armada API component
+name: armada
+version: 0.0.1
diff --git a/deployment/armada/templates/_helpers.tpl b/deployment/armada/templates/_helpers.tpl
@@ -0,0 +1,40 @@
+
+{{- define "armada.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "armada.config.name" -}}
+{{- printf "%s-%s" ( include "armada.name" .) "config" -}}
+{{- end }}
+
+{{- define "armada.config.filename" -}}
+{{- printf "%s%s" ( include "armada.config.name" .) ".yaml" -}}
+{{- end }}
+
+{{- define "armada.users.name" -}}
+{{- printf "%s-%s" ( include "armada.name" .) "users" -}}
+{{- end }}
+
+{{- define "armada.users.filename" -}}
+{{- printf "%s%s" ( include "armada.users.name" .) ".yaml" -}}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "armada.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "armada.labels.identity" -}}
+app: {{ include "armada.name" . }}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "armada.labels.all" -}}
+{{ include "armada.labels.identity" . }}
+chart: {{ include "armada.chart" . }}
+release: {{ .Release.Name }}
+{{- end -}}
diff --git a/deployment/armada/templates/configmap.yaml b/deployment/armada/templates/configmap.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "armada.config.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "armada.labels.all" . | indent 4 }}
+data:
+  {{ include "armada.config.filename" . }}: |
+{{- if .Values.applicationConfig }}
+{{ toYaml .Values.applicationConfig | indent 4 }}
+{{- end }}
diff --git a/deployment/armada/templates/deployment.yaml b/deployment/armada/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "armada.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "armada.labels.all" . | indent 4 }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+{{ include "armada.labels.identity" . | indent 6 }}
+  template:
+    metadata:
+      name: {{ include "armada.name" . }}
+      labels:
+{{ include "armada.labels.all" . | indent 8 }}
+    spec:
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ include "armada.name" . }}
+      containers:
+        - name: armada
+          imagePullPolicy: IfNotPresent
+          image: {{ .Values.image.repository }}:{{ required "A value is required for .Values.image.tag" .Values.image.tag }}
+          args:
+            - --config
+            - /config/application_config.yaml
+            - --usersPath
+            - /config/users.yaml
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+          ports:
+            - containerPort:  {{ .Values.applicationConfig.grpcPort }}
+              protocol: TCP
+              name: grpc
+          volumeMounts:
+            - name: user-config
+              mountPath: /config/application_config.yaml
+              subPath: {{ include "armada.config.filename" . }}
+            - name: users
+              mountPath: /config/users.yaml
+              subPath: {{ include "armada.users.filename" . }}
+              readOnly: true
+      volumes:
+        - name: user-config
+          configMap:
+            name: {{ include "armada.config.name" . }}
+        - name: users
+          secret:
+            secretName: {{ include "armada.users.name" . }}
diff --git a/deployment/armada/templates/ingress.yaml b/deployment/armada/templates/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ include "armada.name" . }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    kubernetes.io/ingress.class: {{ required "A value is required for .Values.ingressClass" .Values.ingressClass }}
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+    certmanager.k8s.io/cluster-issuer: {{ required "A value is required for .Values.clusterIssuer" .Values.clusterIssuer }}
+  labels:
+{{ include "armada.labels.all" . | indent 4 }}
+spec:
+  rules:
+  - host: {{ required "A value is required for .Values.hostname" .Values.hostname }}
+    http:
+      paths:
+        - path: /
+          backend:
+            serviceName: {{ include "armada.name" . }}
+            servicePort: {{ .Values.applicationConfig.grpcPort }}
+  tls:
+    - hosts:
+        - {{ required "A value is required for .Values.hostname" .Values.hostname }}
+      secretName: armada-service-tls
diff --git a/deployment/armada/templates/namespace.yaml b/deployment/armada/templates/namespace.yaml
@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: {{ .Release.Namespace }}