diff --git a/.yamllint.yaml b/.yamllint.yaml index 01b8b1918..e29c4fbcb 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -5,6 +5,7 @@ ignore: - charts/argocd-understack/templates/ - charts/nautobot-api-tokens/templates/ - charts/site-workflows/templates/ + - charts/undersync/templates/ rules: comments: diff --git a/apps/site/undersync.yaml b/apps/site/undersync.yaml index 844aedf54..f7fe5997f 100644 --- a/apps/site/undersync.yaml +++ b/apps/site/undersync.yaml @@ -2,6 +2,11 @@ component: undersync sources: - ref: understack - path: 'components/undersync' + path: 'charts/undersync' + helm: + releaseName: undersync + valueFiles: + - $understack/components/undersync/values.yaml + - $deploy/{{.name}}/undersync/values.yaml + ignoreMissingValueFiles: true - ref: deploy - path: '{{.name}}/manifests/undersync' diff --git a/charts/undersync/Chart.yaml b/charts/undersync/Chart.yaml new file mode 100644 index 000000000..e42e6af75 --- /dev/null +++ b/charts/undersync/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: 1.0.0 +description: A lightweight standalone system to "sync" Openstack data to network switch. +name: undersync +type: application +version: 0.0.1 +maintainers: + - name: rackerlabs diff --git a/charts/undersync/templates/_helpers.tpl b/charts/undersync/templates/_helpers.tpl new file mode 100644 index 000000000..d7d21c682 --- /dev/null +++ b/charts/undersync/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "undersync.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "undersync.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "undersync.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "undersync.labels" -}} +helm.sh/chart: {{ include "undersync.chart" . }} +{{ include "undersync.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "undersync.selectorLabels" -}} +app.kubernetes.io/name: {{ include "undersync.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "undersync.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "undersync.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/undersync/templates/deployment.yaml b/charts/undersync/templates/deployment.yaml new file mode 100644 index 000000000..e1a79949c --- /dev/null +++ b/charts/undersync/templates/deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "undersync.fullname" . }} + labels: + {{- include "undersync.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "undersync.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "undersync.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + env: + - name: asn + value: '{{ required "values.asn is required" .Values.asn }}' + - name: RACK_ENV + value: '{{ required "values.environment is required" .Values.environment }}' + - name: SETTINGS_FILE + value: '{{ .Values.settings_file_path | default "/run/secrets/undersync-settings/settings-file.yaml" }}' + - name: CLOUDS_FILE + value: '{{ .Values.clouds_file_path | default "/run/secrets/undersync-settings/clouds.yaml" }}' + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/undersync/templates/service.yaml b/charts/undersync/templates/service.yaml new file mode 100644 index 000000000..cd09b2107 --- /dev/null +++ b/charts/undersync/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "undersync.fullname" . }} + labels: + {{- include "undersync.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "undersync.selectorLabels" . | nindent 4 }} diff --git a/charts/undersync/values.schema.json b/charts/undersync/values.schema.json new file mode 100644 index 000000000..ec713908b --- /dev/null +++ b/charts/undersync/values.schema.json @@ -0,0 +1,175 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "additionalProperties": true, + "properties": { + "asn": { + "type": "integer", + "minimum": 1, + "maximum": 4294967294, + "description": "BGP Autonomous System Number (valid usable range: 1-4294967294).", + "default": 4294967294 + }, + "environment": { + "type": "string", + "minLength": 1, + "description": "Deployment environment name (for example: production, staging).", + "default": "production" + }, + "nameOverride": { + "type": "string", + "description": "Override the chart name used for app labels and generated names." + }, + "fullnameOverride": { + "type": "string", + "description": "Fully override the generated Kubernetes resource name." + }, + "replicaCount": { + "type": "integer", + "minimum": 0, + "description": "Number of pod replicas to run.", + "default": 1 + }, + "service": { + "type": "object", + "additionalProperties": false, + "required": [ + "type", + "port" + ], + "properties": { + "type": { + "type": "string", + "enum": [ + "ClusterIP", + "NodePort", + "LoadBalancer", + "ExternalName" + ], + "description": "Kubernetes Service type.", + "default": "ClusterIP" + }, + "port": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "description": "Service port exposed for HTTP traffic.", + "default": 80 + } + } + }, + "image": { + "type": "object", + "additionalProperties": false, + "required": [ + "repository", + "pullPolicy" + ], + "properties": { + "repository": { + "type": "string", + "minLength": 1, + "description": "Container image repository." + }, + "tag": { + "type": "string", + "description": "Container image tag. Defaults to chart appVersion when empty." + }, + "pullPolicy": { + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "description": "Kubernetes image pull policy.", + "default": "IfNotPresent" + } + } + }, + "imagePullSecrets": { + "type": "array", + "description": "Optional image pull secrets for private registries.", + "items": { + "type": "object", + "additionalProperties": false, + "required": [ + "name" + ], + "properties": { + "name": { + "type": "string", + "minLength": 1 + } + } + } + }, + "podAnnotations": { + "type": "object", + "description": "Annotations applied to pod templates.", + "additionalProperties": { + "type": "string" + }, + "default": {} + }, + "podSecurityContext": { + "type": "object", + "description": "Pod-level securityContext configuration.", + "additionalProperties": true, + "default": {} + }, + "securityContext": { + "type": "object", + "description": "Container-level securityContext configuration.", + "additionalProperties": true + }, + "settings_file_path": { + "type": "string", + "minLength": 1, + "description": "Path to undersync settings file mounted in the container.", + "default": "/run/secrets/undersync-settings/settings-file.yaml" + }, + "clouds_file_path": { + "type": "string", + "minLength": 1, + "description": "Path to OpenStack clouds.yaml mounted in the container.", + "default": "/run/secrets/undersync-settings/clouds.yaml" + }, + "resources": { + "type": "object", + "description": "Container resource requests and limits.", + "additionalProperties": true, + "default": {} + }, + "nodeSelector": { + "type": "object", + "description": "Node selector labels for pod scheduling.", + "additionalProperties": { + "type": "string" + }, + "default": {} + }, + "tolerations": { + "type": "array", + "description": "Node taint tolerations for pod scheduling.", + "items": { + "type": "object", + "additionalProperties": true + }, + "default": [] + }, + "affinity": { + "type": "object", + "description": "Affinity and anti-affinity rules for pod scheduling.", + "additionalProperties": true, + "default": {} + } + }, + "required": [ + "asn", + "environment", + "replicaCount", + "service", + "image" + ] +} diff --git a/charts/undersync/values.yaml b/charts/undersync/values.yaml new file mode 100644 index 000000000..821b3cde7 --- /dev/null +++ b/charts/undersync/values.yaml @@ -0,0 +1,39 @@ +asn: 4294967294 +environment: production +service: + type: ClusterIP + port: 80 +replicaCount: 1 +image: + repository: ghcr.io/rss-engineering/undersync/undersync + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + # tag: "" +imagePullSecrets: + - name: dockerconfigjson-github-com +podAnnotations: {} +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/components/undersync/deployment.yaml b/components/undersync/deployment.yaml deleted file mode 100644 index 127618d1d..000000000 --- a/components/undersync/deployment.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: undersync-deployment - labels: - app: undersync -spec: - replicas: 1 - selector: - matchLabels: - app: undersync - template: - metadata: - labels: - app: undersync - spec: - containers: - - name: undersync - image: ghcr.io/rss-engineering/undersync/undersync:latest - ports: - - containerPort: 8080 - env: - - name: RACK_ENV - value: "production" - envFrom: - - secretRef: - name: settings - imagePullSecrets: - - name: dockerconfigjson-github-com diff --git a/components/undersync/service.yaml b/components/undersync/service.yaml deleted file mode 100644 index 0220af178..000000000 --- a/components/undersync/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: undersync-service - labels: - app: undersync -spec: - type: ClusterIP - ports: - - port: 8080 - targetPort: 8080 - protocol: TCP - name: http - selector: - app: undersync