Added Helm charts, staging instance has been deployed via Helm

EclipseFdn · Aug 7, 2024 · accbf6e · accbf6e
1 parent 06c8bea
commit accbf6e
Show file tree

Hide file tree

Showing 10 changed files with 391 additions and 5 deletions.
diff --git a/charts/openvsx/.helmignore b/charts/openvsx/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/openvsx/Chart.yaml b/charts/openvsx/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: openvsx
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "1.16.0"
diff --git a/charts/openvsx/templates/deployment.yaml b/charts/openvsx/templates/deployment.yaml
@@ -0,0 +1,143 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ .Values.name }}
+    environment: {{ .Values.environment }}
+  name: {{ .Values.name }}-{{ .Values.environment }}
+  namespace: {{ .Values.namespace }}
+spec:
+  progressDeadlineSeconds: 3600
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Values.name }}
+      environment: {{ .Values.environment }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.name }}
+        environment: {{ .Values.environment }}
+    spec:
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - preference:
+              matchExpressions:
+              - key: speed
+                operator: NotIn
+                values:
+                - fast
+            weight: 1
+      containers:
+      - name: {{ .Values.name }}
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        ports:
+        - name: http
+          containerPort: 8080
+          protocol: TCP
+        - name: http-management
+          containerPort: 8081
+          protocol: TCP
+        env:
+        - name: DEPLOYMENT_CONFIG
+          value: /run/secrets/open-vsx.org/deployment/configuration.yml
+        - name: ENVNAME
+          value: {{ .Values.environment }}
+        - name: JVM_ARGS
+          value: -Dspring.datasource.hikari.maximum-pool-size=5 -Xms512M -Xmx1536M -XX:+AlwaysPreTouch -XX:+HeapDumpOnOutOfMemoryError -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+DisableExplicitGC -XX:+UnlockExperimentalVMOptions -XX:+UnlockDiagnosticVMOptions -Dlog4j2.formatMsgNoLookups=true -Dlog4j.formatMsgNoLookups=true
+        volumeMounts:
+        - name: deployment-configuration
+          mountPath: /run/secrets/open-vsx.org/deployment
+        - name: truststore-with-elasticsearch-certs
+          mountPath: /run/secrets/open-vsx.org/truststore
+        envFrom:
+        - secretRef:
+            name: grafana-cloud-secret-staging
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /actuator/health/liveness
+            port: http-management
+          periodSeconds: 10
+        readinessProbe:
+          failureThreshold: 2
+          httpGet:
+            path: /actuator/health/readiness
+            port: http-management
+          periodSeconds: 10
+        startupProbe:
+          failureThreshold: 360
+          httpGet:
+            path: /actuator/health/readiness
+            port: http-management
+          periodSeconds: 10
+      - name: grafana-agent
+        image: docker.io/grafana/agent:v0.39.1
+        command:
+          - /bin/grafana-agent
+        args:
+          - --config.file=$(CONFIG_FILE_PATH)
+          - --metrics.wal-directory=$(DATA_FILE_PATH)
+          - --config.expand-env=true
+        env:
+        - name: CONFIG_FILE_PATH
+          value: /etc/grafana-agent/agent.yml
+        - name: DATA_FILE_PATH
+          value: /etc/grafana-agent/data
+        - name: ENVNAME
+          value: staging
+        envFrom:
+        - secretRef:
+            name: grafana-cloud-secret-staging
+        volumeMounts:
+        - name: grafana-agent-config-volume
+          mountPath: /etc/grafana-agent
+        - name: grafana-agent-data-volume
+          mountPath: /etc/grafana-agent/data
+      initContainers:
+      - command:
+        - sh
+        - -c
+        - keytool -import -noprompt -alias es-http-certs-internal -file /run/secrets/elasticsearch/http-certs/ca.crt -storetype jks -storepass 'changeit' -keystore /run/secrets/open-vsx.org/truststore/elasticsearch-http-certs.keystore
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+        name: init-keystore
+        volumeMounts:
+        - mountPath: /run/secrets/elasticsearch/http-certs
+          name: elastic-internal-http-certificates
+        - mountPath: /run/secrets/open-vsx.org/truststore
+          name: truststore-with-elasticsearch-certs
+      topologySpreadConstraints:
+      - labelSelector:
+          matchLabels:
+            app: open-vsx-org
+            environment: staging
+        maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: DoNotSchedule
+      volumes:
+      - name: deployment-configuration
+        secret:
+          defaultMode: 420
+          optional: false
+          secretName: deployment-configuration-staging
+      - name: elastic-internal-http-certificates
+        secret:
+          defaultMode: 420
+          optional: false
+          secretName: elasticsearch-staging-es-http-certs-internal
+      - name: grafana-agent-config-volume
+        configMap:
+          name: grafana-agent-configmap
+          items:
+          - key: agent.yml
+            path: agent.yml
+      - name: grafana-agent-data-volume
+        emptyDir:
+          medium: Memory
+      - name: truststore-with-elasticsearch-certs
+        emptyDir:
+          medium: Memory
diff --git a/charts/openvsx/templates/elasticsearch.yaml b/charts/openvsx/templates/elasticsearch.yaml
@@ -0,0 +1,64 @@
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  labels:
+    app: {{ .Values.name }}
+    environment: {{ .Values.environment }}
+  name: elasticsearch-{{ .Values.environment }}
+  namespace: {{ .Values.namespace }}
+spec:
+  nodeSets:
+  - name: default
+    count: {{ .Values.esReplicaCount }}
+    volumeClaimTemplates:
+    - metadata:
+        name: elasticsearch-data
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+        storageClassName: cephfs-2repl
+    config:
+      node.roles:
+      - master
+      - data
+      node.store.allow_mmap: false
+    podTemplate:
+      metadata:
+        labels:
+          app: {{ .Values.name }}
+          environment: {{ .Values.environment }}
+      spec:
+        affinity:
+          nodeAffinity:
+            preferredDuringSchedulingIgnoredDuringExecution:
+            - preference:
+                matchExpressions:
+                - key: speed
+                  operator: NotIn
+                  values:
+                  - fast
+              weight: 1
+          podAntiAffinity:
+            preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    elasticsearch.k8s.elastic.co/cluster-name: elasticsearch-{{ .Values.environment }}
+                topologyKey: kubernetes.io/hostname
+              weight: 100
+        containers:
+        - env:
+          - name: ES_JAVA_OPTS
+            value: -Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true
+          name: elasticsearch
+          resources:
+            limits:
+              cpu: 1
+              memory: 2Gi
+            requests:
+              cpu: 1
+              memory: 2Gi
+  version: 8.7.1
diff --git a/charts/openvsx/templates/route.yaml b/charts/openvsx/templates/route.yaml
@@ -0,0 +1,23 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  annotations:
+    haproxy.router.openshift.io/disable_cookies: 'true'
+    haproxy.router.openshift.io/timeout: 30s
+  labels:
+    app: {{ .Values.name }}
+    environment: {{ .Values.environment }}
+  name: {{ .Values.name }}-{{ .Values.environment }}
+  namespace: {{ .Values.namespace }}
+spec:
+  host: {{ .Values.host }}
+  path: /
+  port:
+    targetPort: {{ .Values.service.targetPort }}
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: {{ .Values.name }}-{{ .Values.environment }}
+    weight: 100
diff --git a/charts/openvsx/templates/service.yaml b/charts/openvsx/templates/service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: {{ .Values.name }}
+    environment: {{ .Values.environment }}
+  name: {{ .Values.name }}-{{ .Values.environment }}
+  namespace: {{ .Values.namespace }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+  - name: http
+    port: {{ .Values.service.port }}
+    protocol: TCP
+    targetPort: {{ .Values.service.targetPort }}
+  selector:
+    app: {{ .Values.name }}
+    environment: {{ .Values.environment }}
diff --git a/charts/openvsx/values-staging.yaml b/charts/openvsx/values-staging.yaml
@@ -0,0 +1,28 @@
+# Default values for openvsx staging.
+
+name: open-vsx-org
+environment: staging
+namespace: open-vsx-org
+host: staging.open-vsx.org
+
+replicaCount: 1
+esReplicaCount: 1
+
+image:
+  repository: ghcr.io/eclipsefdn/openvsx-website
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: 06c8bea-430
+
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 8080
+
+resources:
+  limits:
+    cpu: 1000m
+    memory: 2Gi
+  requests:
+    cpu: 250m
+    memory: 2Gi
diff --git a/charts/openvsx/values.yaml b/charts/openvsx/values.yaml
@@ -0,0 +1,28 @@
+# Default values for openvsx.
+
+name: open-vsx-org
+environment: production
+namespace: open-vsx-org
+host: open-vsx.org
+
+replicaCount: 2
+esReplicaCount: 3
+
+image:
+  repository: ghcr.io/eclipsefdn/openvsx-website
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: 97e1417-99
+
+service:
+  type: ClusterIP
+  port: 80
+  targetPort: 8080
+
+resources:
+  limits:
+    cpu: 1000m
+    memory: 2Gi
+  requests:
+    cpu: 250m
+    memory: 2Gi
diff --git a/kubernetes/README.md b/kubernetes/README.md
@@ -1,19 +1,19 @@
 ## How to deploy staging instance for a given image?
 
 ```bash
-./gen-deployment.sh staging <image> | kubectl apply -f -
+./helm-deploy.sh staging <docker_image_tag>
 ```
 
-Where `<image>` can be ghcr.io/eclipsefdn/openvsx-website:de4f2c
+Where `<docker_image_tag>` can be de4f2c
 ## How to deploy production instance for a given image?
 
 ```bash
-./gen-deployment.sh production <image> | kubectl apply -f -
+./helm-deploy.sh production <docker_image_tag>
 ```
 
-Where `<image>` can be ghcr.io/eclipsefdn/openvsx-website:de4f2c
+Where `<docker_image_tag>` can be de4f2c
 
 ## Dependencies
 
 * bash 4
-* [jsonnet](https://jsonnet.org)
+* [Helm](https://https://helm.sh/)