From a67e54d0dc95c51649889cdad25a3db001802a56 Mon Sep 17 00:00:00 2001
From: Sergey Yakubov <sergey.yakubov@desy.de>
Date: Thu, 26 Mar 2020 13:43:26 +0100
Subject: [PATCH] switch to helm charts

---
 deploy/asapo_helm_chart/asapo/.helmignore     | 23 ++++++++++++
 deploy/asapo_helm_chart/asapo/Chart.yaml      | 21 +++++++++++
 .../asapo/configs/authorizer.json             | 12 +++++++
 .../asapo/templates/NOTES.txt                 |  1 +
 .../asapo/templates/_helpers.tpl              |  0
 .../asapo/templates/auth-secret.yaml          |  7 ++++
 .../asapo/templates/authorizer-config.yaml    |  6 ++++
 .../templates/authorizer-deployment.yaml}     | 36 +++----------------
 .../asapo/templates/authorizer-ingress.yaml   | 17 +++++++++
 .../asapo/templates/authorizer-service.yaml   | 11 ++++++
 deploy/asapo_helm_chart/asapo/values.yaml     |  7 ++++
 .../deployments/auth_secret.key               |  1 -
 .../deployments/authorizer.json               | 11 ------
 .../deployments/kustomization.yaml            | 12 -------
 14 files changed, 109 insertions(+), 56 deletions(-)
 create mode 100644 deploy/asapo_helm_chart/asapo/.helmignore
 create mode 100644 deploy/asapo_helm_chart/asapo/Chart.yaml
 create mode 100644 deploy/asapo_helm_chart/asapo/configs/authorizer.json
 create mode 100644 deploy/asapo_helm_chart/asapo/templates/NOTES.txt
 create mode 100644 deploy/asapo_helm_chart/asapo/templates/_helpers.tpl
 create mode 100644 deploy/asapo_helm_chart/asapo/templates/auth-secret.yaml
 create mode 100644 deploy/asapo_helm_chart/asapo/templates/authorizer-config.yaml
 rename deploy/{asapo_services_kubernetes/deployments/authorizer.yaml => asapo_helm_chart/asapo/templates/authorizer-deployment.yaml} (56%)
 create mode 100644 deploy/asapo_helm_chart/asapo/templates/authorizer-ingress.yaml
 create mode 100644 deploy/asapo_helm_chart/asapo/templates/authorizer-service.yaml
 create mode 100644 deploy/asapo_helm_chart/asapo/values.yaml
 delete mode 100644 deploy/asapo_services_kubernetes/deployments/auth_secret.key
 delete mode 100644 deploy/asapo_services_kubernetes/deployments/authorizer.json
 delete mode 100644 deploy/asapo_services_kubernetes/deployments/kustomization.yaml

diff --git a/deploy/asapo_helm_chart/asapo/.helmignore b/deploy/asapo_helm_chart/asapo/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/deploy/asapo_helm_chart/asapo/Chart.yaml b/deploy/asapo_helm_chart/asapo/Chart.yaml
new file mode 100644
index 000000000..b73e5145f
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: asapo
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 1.16.0
diff --git a/deploy/asapo_helm_chart/asapo/configs/authorizer.json b/deploy/asapo_helm_chart/asapo/configs/authorizer.json
new file mode 100644
index 000000000..3a6784d5b
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/configs/authorizer.json
@@ -0,0 +1,12 @@
+{
+  "Port": 5007,
+  "LogLevel":"debug",
+  "AlwaysAllowedBeamtimes":[{"beamtimeId":"asapo_test","beamline":"test","core-path":"{{ .Values.common.offlineDir }}/test_facility/gpfs/test/2019/data/asapo_test"},
+  {"beamtimeId":"asapo_test1","beamline":"test1","core-path":"{{ .Values.common.offlineDir }}/test_facility/gpfs/test1/2019/data/asapo_test1"},
+  {"beamtimeId":"asapo_test2","beamline":"test2","core-path":"{{ .Values.common.offlineDir }}/test_facility/gpfs/test2/2019/data/asapo_test2"}],
+  "RootBeamtimesFolder":"{{ .Values.common.offlineDir }}",
+  "CurrentBeamlinesFolder":"{{ .Values.common.onlineDir }}",
+  "SecretFile":"/etc/authorizer/auth_secret.key",
+  "TokenDurationMin":600
+}
+
diff --git a/deploy/asapo_helm_chart/asapo/templates/NOTES.txt b/deploy/asapo_helm_chart/asapo/templates/NOTES.txt
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/templates/NOTES.txt
@@ -0,0 +1 @@
+
diff --git a/deploy/asapo_helm_chart/asapo/templates/_helpers.tpl b/deploy/asapo_helm_chart/asapo/templates/_helpers.tpl
new file mode 100644
index 000000000..e69de29bb
diff --git a/deploy/asapo_helm_chart/asapo/templates/auth-secret.yaml b/deploy/asapo_helm_chart/asapo/templates/auth-secret.yaml
new file mode 100644
index 000000000..b90f8bf21
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/templates/auth-secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: auth-secret
+type: Opaque
+data:
+  auth_secret.key: {{ .Values.common.authSecret | b64enc | quote }}
diff --git a/deploy/asapo_helm_chart/asapo/templates/authorizer-config.yaml b/deploy/asapo_helm_chart/asapo/templates/authorizer-config.yaml
new file mode 100644
index 000000000..a20024084
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/templates/authorizer-config.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: authorizer-config
+data:
+  authorizer.json:  {{ tpl (.Files.Get "configs/authorizer.json") . | quote }}
diff --git a/deploy/asapo_services_kubernetes/deployments/authorizer.yaml b/deploy/asapo_helm_chart/asapo/templates/authorizer-deployment.yaml
similarity index 56%
rename from deploy/asapo_services_kubernetes/deployments/authorizer.yaml
rename to deploy/asapo_helm_chart/asapo/templates/authorizer-deployment.yaml
index d9e66c0cf..5d10a256e 100644
--- a/deploy/asapo_services_kubernetes/deployments/authorizer.yaml
+++ b/deploy/asapo_helm_chart/asapo/templates/authorizer-deployment.yaml
@@ -1,34 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: authorizer
-spec:
-  type: NodePort
-  ports:
-    - protocol: TCP
-      port: 5007
-  selector:
-    app: authorizer
-
----
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: ingress-authorizer
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-    nginx.ingress.kubernetes.io/whitelist-source-range: 131.169.0.0/16
-spec:
-  rules:
-    - host: "*.desy.de"
-      http:
-        paths:
-          - path: /authorizer(/|$)(.*)
-            backend:
-              serviceName: authorizer
-              servicePort: 5007
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -36,7 +5,7 @@ metadata:
   labels:
     app: authorizer
 spec:
-  replicas: 1
+  replicas: {{ .Values.authorizer.replicaCount }}
   selector:
     matchLabels:
       app: authorizer
@@ -44,6 +13,9 @@ spec:
     metadata:
       labels:
         app: authorizer
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/authorizer-config.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum }}
     spec:
       volumes:
         - name: all-in-one
diff --git a/deploy/asapo_helm_chart/asapo/templates/authorizer-ingress.yaml b/deploy/asapo_helm_chart/asapo/templates/authorizer-ingress.yaml
new file mode 100644
index 000000000..05ab95cee
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/templates/authorizer-ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: ingress-authorizer
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/whitelist-source-range: 131.169.0.0/16
+spec:
+  rules:
+    - host: "*.desy.de"
+      http:
+        paths:
+          - path: /authorizer(/|$)(.*)
+            backend:
+              serviceName: authorizer
+              servicePort: 5007
diff --git a/deploy/asapo_helm_chart/asapo/templates/authorizer-service.yaml b/deploy/asapo_helm_chart/asapo/templates/authorizer-service.yaml
new file mode 100644
index 000000000..a67faa7a1
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/templates/authorizer-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: authorizer
+spec:
+  type: ClusterIP
+  ports:
+    - protocol: TCP
+      port: 5007
+  selector:
+    app: authorizer
diff --git a/deploy/asapo_helm_chart/asapo/values.yaml b/deploy/asapo_helm_chart/asapo/values.yaml
new file mode 100644
index 000000000..93881838d
--- /dev/null
+++ b/deploy/asapo_helm_chart/asapo/values.yaml
@@ -0,0 +1,7 @@
+authorizer:
+  replicaCount: 1
+
+common:
+  authSecret: "blabla"
+  offlineDir: "/test_offline1"
+  onlineDir: "/test_online"
diff --git a/deploy/asapo_services_kubernetes/deployments/auth_secret.key b/deploy/asapo_services_kubernetes/deployments/auth_secret.key
deleted file mode 100644
index 5055920be..000000000
--- a/deploy/asapo_services_kubernetes/deployments/auth_secret.key
+++ /dev/null
@@ -1 +0,0 @@
-sadhfi334yxan123
\ No newline at end of file
diff --git a/deploy/asapo_services_kubernetes/deployments/authorizer.json b/deploy/asapo_services_kubernetes/deployments/authorizer.json
deleted file mode 100644
index cd622cf1d..000000000
--- a/deploy/asapo_services_kubernetes/deployments/authorizer.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-  "Port": 5007,
-  "LogLevel":"debug",
-  "AlwaysAllowedBeamtimes":[{"beamtimeId":"asapo_test","beamline":"test","core-path":"/offline_dir/test_facility/gpfs/test/2019/data/asapo_test"},
-  {"beamtimeId":"asapo_test1","beamline":"test1","core-path":"/offline_dir/test_facility/gpfs/test1/2019/data/asapo_test1"},
-  {"beamtimeId":"asapo_test2","beamline":"test2","core-path":"/offline_dir/test_facility/gpfs/test2/2019/data/asapo_test2"}],
-  "RootBeamtimesFolder":"/offline_dir",
-  "CurrentBeamlinesFolder":"/online_dir",
-  "SecretFile":"/etc/authorizer/auth_secret.key",
-  "TokenDurationMin":600
-}
diff --git a/deploy/asapo_services_kubernetes/deployments/kustomization.yaml b/deploy/asapo_services_kubernetes/deployments/kustomization.yaml
deleted file mode 100644
index a1d03be1d..000000000
--- a/deploy/asapo_services_kubernetes/deployments/kustomization.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-configMapGenerator:
-  - name: authorizer-config
-    files:
-      - authorizer.json
-
-secretGenerator:
-  - name: auth-secret
-    files:
-      - auth_secret.key
-
-resources:
-  - authorizer.yaml
-- 
GitLab