switch to helm charts

deploy/asapo_helm_chart/asapo/.helmignore

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/asapo_helm_chart/asapo/Chart.yaml

+apiVersion: v2
+name: asapo
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 1.16.0

deploy/asapo_helm_chart/asapo/configs/authorizer.json

+{
+  "Port": 5007,
+  "LogLevel":"debug",
+  "AlwaysAllowedBeamtimes":[{"beamtimeId":"asapo_test","beamline":"test","core-path":"{{ .Values.common.offlineDir }}/test_facility/gpfs/test/2019/data/asapo_test"},
+  {"beamtimeId":"asapo_test1","beamline":"test1","core-path":"{{ .Values.common.offlineDir }}/test_facility/gpfs/test1/2019/data/asapo_test1"},
+  {"beamtimeId":"asapo_test2","beamline":"test2","core-path":"{{ .Values.common.offlineDir }}/test_facility/gpfs/test2/2019/data/asapo_test2"}],
+  "RootBeamtimesFolder":"{{ .Values.common.offlineDir }}",
+  "CurrentBeamlinesFolder":"{{ .Values.common.onlineDir }}",
+  "SecretFile":"/etc/authorizer/auth_secret.key",
+  "TokenDurationMin":600
+}
+

deploy/asapo_helm_chart/asapo/templates/NOTES.txt

+

deploy/asapo_helm_chart/asapo/templates/auth-secret.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  name: auth-secret
+type: Opaque
+data:
+  auth_secret.key: {{ .Values.common.authSecret | b64enc | quote }}

deploy/asapo_helm_chart/asapo/templates/authorizer-config.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: authorizer-config
+data:
+  authorizer.json:  {{ tpl (.Files.Get "configs/authorizer.json") . | quote }}

deploy/asapo_services_kubernetes/deployments/authorizer.yaml → deploy/asapo_helm_chart/asapo/templates/authorizer-deployment.yaml

-apiVersion: v1
-kind: Service
-metadata:
-  name: authorizer
-spec:
-  type: NodePort
-  ports:
-    - protocol: TCP
-      port: 5007
-  selector:
-    app: authorizer
-
----
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: ingress-authorizer
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-    nginx.ingress.kubernetes.io/whitelist-source-range: 131.169.0.0/16
-spec:
-  rules:
-    - host: "*.desy.de"
-      http:
-        paths:
-          - path: /authorizer(/|$)(.*)
-            backend:
-              serviceName: authorizer
-              servicePort: 5007
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -36,7 +5,7 @@ metadata:
   labels:
     app: authorizer
 spec:
-  replicas: 1
+  replicas: {{ .Values.authorizer.replicaCount }}
   selector:
     matchLabels:
       app: authorizer
@@ -44,6 +13,9 @@ spec:
     metadata:
       labels:
         app: authorizer
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/authorizer-config.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum }}
     spec:
       volumes:
         - name: all-in-one

deploy/asapo_helm_chart/asapo/templates/authorizer-ingress.yaml

+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: ingress-authorizer
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/whitelist-source-range: 131.169.0.0/16
+spec:
+  rules:
+    - host: "*.desy.de"
+      http:
+        paths:
+          - path: /authorizer(/|$)(.*)
+            backend:
+              serviceName: authorizer
+              servicePort: 5007

deploy/asapo_helm_chart/asapo/templates/authorizer-service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: authorizer
+spec:
+  type: ClusterIP
+  ports:
+    - protocol: TCP
+      port: 5007
+  selector:
+    app: authorizer

deploy/asapo_helm_chart/asapo/values.yaml

+authorizer:
+  replicaCount: 1
+
+common:
+  authSecret: "blabla"
+  offlineDir: "/test_offline1"
+  onlineDir: "/test_online"

deploy/asapo_services_kubernetes/deployments/auth_secret.key

-sadhfi334yxan123
\ No newline at end of file

deploy/asapo_services_kubernetes/deployments/authorizer.json

-{
-  "Port": 5007,
-  "LogLevel":"debug",
-  "AlwaysAllowedBeamtimes":[{"beamtimeId":"asapo_test","beamline":"test","core-path":"/offline_dir/test_facility/gpfs/test/2019/data/asapo_test"},
-  {"beamtimeId":"asapo_test1","beamline":"test1","core-path":"/offline_dir/test_facility/gpfs/test1/2019/data/asapo_test1"},
-  {"beamtimeId":"asapo_test2","beamline":"test2","core-path":"/offline_dir/test_facility/gpfs/test2/2019/data/asapo_test2"}],
-  "RootBeamtimesFolder":"/offline_dir",
-  "CurrentBeamlinesFolder":"/online_dir",
-  "SecretFile":"/etc/authorizer/auth_secret.key",
-  "TokenDurationMin":600
-}

deploy/asapo_services_kubernetes/deployments/kustomization.yaml

-configMapGenerator:
-  - name: authorizer-config
-    files:
-      - authorizer.json
-
-secretGenerator:
-  - name: auth-secret
-    files:
-      - auth_secret.key
-
-resources:
-  - authorizer.yaml