From 544863d73ef1137faaf031513ac6868ebf101953 Mon Sep 17 00:00:00 2001 From: krishnaa96 Date: Tue, 11 May 2021 18:29:49 +0530 Subject: [PATCH] [COMMON][ETCD-INIT] Add etcd-init chart - etcd-init chart will provision the users and roles in a running etcd instance - Change etcd container name for readiness init container to work Issue-ID: OOM-2746 Signed-off-by: krishnaa96 Change-Id: I0cb6d3830b0048c4d70f381815bd3f858ec31ae7 --- kubernetes/common/etcd-init/.helmignore | 21 +++++ kubernetes/common/etcd-init/Chart.yaml | 18 ++++ kubernetes/common/etcd-init/requirements.yaml | 21 +++++ kubernetes/common/etcd-init/templates/job.yaml | 104 ++++++++++++++++++++++ kubernetes/common/etcd-init/templates/secret.yaml | 17 ++++ kubernetes/common/etcd-init/values.yaml | 74 +++++++++++++++ kubernetes/common/etcd/templates/statefulset.yaml | 2 +- 7 files changed, 256 insertions(+), 1 deletion(-) create mode 100644 kubernetes/common/etcd-init/.helmignore create mode 100644 kubernetes/common/etcd-init/Chart.yaml create mode 100644 kubernetes/common/etcd-init/requirements.yaml create mode 100644 kubernetes/common/etcd-init/templates/job.yaml create mode 100644 kubernetes/common/etcd-init/templates/secret.yaml create mode 100644 kubernetes/common/etcd-init/values.yaml diff --git a/kubernetes/common/etcd-init/.helmignore b/kubernetes/common/etcd-init/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/common/etcd-init/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/common/etcd-init/Chart.yaml b/kubernetes/common/etcd-init/Chart.yaml new file mode 100644 index 0000000000..20f5ac40cc --- /dev/null +++ b/kubernetes/common/etcd-init/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Chart for etcd init job +name: etcd-init +version: 8.0.0 diff --git a/kubernetes/common/etcd-init/requirements.yaml b/kubernetes/common/etcd-init/requirements.yaml new file mode 100644 index 0000000000..008789b822 --- /dev/null +++ b/kubernetes/common/etcd-init/requirements.yaml @@ -0,0 +1,21 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~8.x-0 + repository: 'file://../common' + - name: repositoryGenerator + version: ~8.x-0 + repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml new file mode 100644 index 0000000000..69bcfaaf99 --- /dev/null +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -0,0 +1,104 @@ +{{/* +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: {{ .Values.backoffLimit }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - {{ .Values.etcd.containerName }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -ec + - | + # Create users + export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT} + export ETCDCTL_API=3 + echo "${ROOT_PASSWORD}" | etcdctl user add root --interactive=false + echo "${APP_PASSWORD}" | etcdctl user add ${APP_USER} --interactive=false + + # Create roles + etcdctl role add ${APP_ROLE} + etcdctl role grant-permission ${APP_ROLE} --prefix=true readwrite ${KEY_PREFIX} + + etcdctl user grant-role ${APP_USER} ${APP_ROLE} + etcdctl auth enable + env: + - name: ALLOW_NONE_AUTHENTICATION + value: "yes" + - name: ETCD_HOST + value: "{{ .Values.etcd.serviceName }}.{{ include "common.namespace" . }}" + - name: ETCD_PORT + value: "{{ .Values.etcd.port }}" + - name: ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" "password" ) | indent 10 }} + - name: APP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "login") | indent 10 }} + - name: APP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "password") | indent 10 }} + - name: APP_ROLE + value: "{{ .Values.config.appRole }}" + - name: KEY_PREFIX + value: "{{ .Values.config.keyPrefix }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/etcd-init/templates/secret.yaml b/kubernetes/common/etcd-init/templates/secret.yaml new file mode 100644 index 0000000000..e874185693 --- /dev/null +++ b/kubernetes/common/etcd-init/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml new file mode 100644 index 0000000000..c99c9f1e5b --- /dev/null +++ b/kubernetes/common/etcd-init/values.yaml @@ -0,0 +1,74 @@ +# Copyright (C) 2021 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: {} + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: root-password + type: password + externalSecret: '{{ tpl (default "" .Values.config.userRootSecret) . }}' + password: '{{ .Values.config.userRootPassword }}' + - uid: app-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.appUser }}' + password: '{{ .Values.config.appPassword }}' + +################################################################# +# Application configuration defaults. +################################################################# + +image: bitnami/etcd:3.3.15 +pullPolicy: Always +backoffLimit: 20 + +nodeSelector: {} + +affinity: {} + +etcd: + serviceName: k8s-etcd + port : 2379 + containerName: k8s-etcd + +config: + userRootSecret: root +# userCredentialsExternalSecret: + appUser: user + appRole: role + keyPrefix: key + +flavor: small +resources: + small: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi + large: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 20m + memory: 20Mi + unlimited: {} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index a343d4fce5..48c8b6d0cc 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -49,7 +49,7 @@ spec: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} containers: - - name: {{ include "common.fullname" . }} + - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }} imagePullPolicy: "{{ .Values.pullPolicy }}" ports: -- 2.16.6