Image: adds cassandra

README.md

@@ -17,6 +17,7 @@
 | [buck2](./images/buck2) | `cgr.dev/chainguard/buck2` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/buck2.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/buck2:latest) |
 | [busybox](./images/busybox) | `cgr.dev/chainguard/busybox` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/busybox.build.status.latest.alpine.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/busybox:latest.alpine) |
 | [calico](./images/calico) | `cgr.dev/chainguard/calico` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/calico.build.status.latest.node.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/calico:latest.node) |
+| [cassandra](./images/cassandra) | `cgr.dev/chainguard/cassandra` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cassandra.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cassandra:latest) |
 | [cc-dynamic](./images/cc-dynamic) | `cgr.dev/chainguard/cc-dynamic` | deprecated | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cc-dynamic.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cc-dynamic:latest) |
 | [cedar](./images/cedar) | `cgr.dev/chainguard/cedar` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cedar.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cedar:latest) |
 | [cert-manager](./images/cert-manager) | `cgr.dev/chainguard/cert-manager` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cert-manager.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cert-manager:latest) |

images/cassandra/README.md

@@ -0,0 +1,14 @@
+<!--monopod:start-->
+# cassandra
+| | |
+| - | - |
+| **Status** | stable |
+| **OCI Reference** | `cgr.dev/chainguard/cassandra` |
+
+
+* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/cassandra/overview/)
+* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags.
+*[Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.*
+
+---
+<!--monopod:end-->

images/cassandra/configs/latest.apko.yaml

@@ -0,0 +1,50 @@
+contents:
+ packages:
+ - cassandra
+ - python3
+ - busybox
+ - cassandra-compat
+ - bash
+accounts:
+ groups:
+ - groupname: cassandra
+ gid: 999
+ users:
+ - username: cassandra
+ uid: 999
+ run-as: 999
+
+work-dir: /
+
+entrypoint:
+ command: cassandra -f
+environment: 
+ LANG: en_US.UTF-8
+ CASSANDRA_HOME: /opt/cassandra
+ PATH: /usr/sbin:/sbin:/usr/bin:/bin:/opt/cassandra/bin/
+
+paths:
+ - path: /var/lib/cassandra
+ type: directory
+ permissions: 0o777
+ uid: 999
+ gid: 999
+ recursive: true
+ - path: /opt/cassandra
+ type: directory
+ permissions: 0o777
+ uid: 999
+ gid: 999
+ recursive: true
+ - path: /var/lib/cassandra
+ type: directory
+ permissions: 0o777
+ uid: 999
+ gid: 999
+ - path: /var/log/cassandra
+ type: directory
+ permissions: 0o777
+ uid: 999
+ gid: 999
+ recursive: true
+

images/cassandra/image.yaml

@@ -0,0 +1,3 @@
+versions:
+ - apko:
+ config: configs/latest.apko.yaml

images/cassandra/main.tf

@@ -0,0 +1,54 @@
+terraform {
+ required_providers {
+ apko = { source = "chainguard-dev/apko" }
+ }
+}
+
+variable "target_repository" {
+ description = "The docker repo into which the image and attestations should be published."
+}
+
+module "latest" {
+ source = "../../tflib/publisher"
+
+ name = basename(path.module)
+
+ target_repository = var.target_repository
+ config = file("${path.module}/configs/latest.apko.yaml")
+}
+
+module "dev" { source = "../../tflib/dev-subvariant" }
+
+module "latest-dev" {
+ source = "../../tflib/publisher"
+
+ name = basename(path.module)
+
+ target_repository = var.target_repository
+ # Make the dev variant an explicit extension of the
+ # locked original.
+ config = jsonencode(module.latest.config)
+ extra_packages = module.dev.extra_packages
+}
+
+module "version-tags" {
+ source = "../../tflib/version-tags"
+ package = "cassandra"
+ config = module.latest.config
+}
+
+module "test-latest" {
+ source = "./tests"
+ digest = module.latest.image_ref
+}
+
+module "tagger" {
+ source = "../../tflib/tagger"
+
+ depends_on = [module.test-latest]
+
+ tags = merge(
+ { for t in toset(concat(["latest"], module.version-tags.tag_list)) : t => module.latest.image_ref },
+ { for t in toset(concat(["latest"], module.version-tags.tag_list)) : "${t}-dev" => module.latest-dev.image_ref },
+ )
+}

images/cassandra/tests/01-start-up.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -o errexit -o nounset -o errtrace -o pipefail -x
+
+container_name="cassandra-${RANDOM}"
+docker run --rm -d --name="${container_name}" "${IMAGE_NAME}"
+trap "docker rm -f ${container_name}" EXIT
+
+# Poll the logs for the startup string
+for i in {1..10}; do
+ if docker logs "${container_name}" | grep "Startup complete"; then
+ exit 0
+ fi
+ sleep 20
+done
+
+# Fail if the startup string was not found
+exit 1

images/cassandra/tests/main.tf

@@ -0,0 +1,42 @@
+terraform {
+ required_providers {
+ oci = { source = "chainguard-dev/oci" }
+ kubectl = { source = "gavinbunney/kubectl" }
+ kubernetes = {
+ source = "hashicorp/kubernetes"
+ version = "~> 2.11.0"
+ }
+ }
+}
+
+provider "kubernetes" {
+ config_path = "~/.kube/config"
+ config_context = "kind-kind"
+}
+
+variable "digest" {
+ description = "The image digest to run tests over."
+}
+
+data "oci_string" "ref" { input = var.digest }
+
+data "oci_exec_test" "test" {
+ for_each = toset(fileset(path.module, "*.sh"))
+
+ digest = var.digest
+ script = "${path.module}/${each.value}"
+}
+
+resource "kubernetes_manifest" "prerequisites" {
+ for_each = fileset(path.module, "manifests/*.yaml")
+ manifest = yamldecode(file("${path.module}/${each.value}"))
+}
+
+resource "kubectl_manifest" "stateful_set" {
+ depends_on = [kubernetes_manifest.prerequisites]
+ yaml_body = templatefile("${path.module}/manifests/cassandra-stateful-set.yaml.tpl",
+ {
+ cassandra_tag = data.oci_string.ref.pseudo_tag
+ cassandra_repo = data.oci_string.ref.registry_repo
+ })
+}

images/cassandra/tests/manifests/cassandra-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: cassandra
+ name: cassandra
+ namespace: cassandra
+spec:
+ clusterIP: None
+ ports:
+ - port: 9042
+ selector:
+ app: cassandra

images/cassandra/tests/manifests/cassandra-stateful-set.yaml.tpl

@@ -0,0 +1,75 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: cassandra
+ namespace: cassandra
+ labels:
+ app: cassandra
+spec:
+ serviceName: cassandra
+ replicas: 3
+ selector:
+ matchLabels:
+ app: cassandra
+ template:
+ metadata:
+ labels:
+ app: cassandra
+ spec:
+ terminationGracePeriodSeconds: 1800
+ containers:
+ - name: cassandra
+ image: ${cassandra_repo}/${cassandra_tag}
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 7000
+ name: intra-node
+ - containerPort: 7001
+ name: tls-intra-node
+ - containerPort: 7199
+ name: jmx
+ - containerPort: 9042
+ name: cql
+ resources:
+ limits:
+ cpu: "500m"
+ memory: 1Gi
+ requests:
+ cpu: "500m"
+ memory: 1Gi
+ securityContext:
+ capabilities:
+ add:
+ - IPC_LOCK
+ lifecycle:
+ preStop:
+ exec:
+ command: 
+ - /bin/sh
+ - -c
+ - nodetool drain
+ env:
+ - name: MAX_HEAP_SIZE
+ value: 512M
+ - name: HEAP_NEWSIZE
+ value: 100M
+ - name: CASSANDRA_SEEDS
+ value: "cassandra-0.cassandra.default.svc.cluster.local"
+ - name: CASSANDRA_CLUSTER_NAME
+ value: "K8Demo"
+ - name: CASSANDRA_DC
+ value: "DC1-K8Demo"
+ - name: CASSANDRA_RACK
+ value: "Rack1-K8Demo"
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ readinessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - /ready-probe.sh
+ initialDelaySeconds: 15
+ timeoutSeconds: 5

images/cassandra/tests/manifests/create-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: cassandra

main.tf

@@ -124,6 +124,11 @@ module "calico" {
  target_repository = "${var.target_repository}/calico"
 }
 
+module "cassandra" {
+ source = "./images/cassandra"
+ target_repository = "${var.target_repository}/cassandra"
+}
+
 module "cc-dynamic" {
  source = "./images/cc-dynamic"
  target_repository = "${var.target_repository}/cc-dynamic"