Releasing adm-agent helm chart (#164)

Signed-off-by: Subash Dangol <subash.dangol@citrix.com>

adm-agent/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+appVersion: 141.10.28
+description: A Helm chart for NetScaler ADM Agent
+home: https://adm.cloud.com
+kubeVersion: '>=v1.16.0-0'
+maintainers:
+- email: pavan.belani@cloud.com
+  name: pavan
+- email: swapnil.khanderaokakade@cloud.com
+  name: swapnil
+name: adm-agent
+type: application
+version: 141.10.28

adm-agent/README.md

@@ -0,0 +1,129 @@
+# Deploy ADM agent
+
+Deploy container-based ADM agent to connect NetScaler CPX with ADM Service for management and monitoring.
+
+# Table of Contents
+1. [TL; DR;](#tldr)
+2. [Introduction](#introduction)
+3. [Generate authentication and authorization token from Access ID and Secret to access ADM](#generatetoken)
+4. [Deploy ADM agent onboarding using Helm chart](#deploy-adm-agent-using-helm-chart)
+6. [Manual creating login secret for NetScaler ADM Agent](#manual-secret)
+7. [Automatic login secret for NetScaler ADM Agent](#automatic-secret)
+8. [Clean Up](#clean-up)
+9. [Configuration Parameters](#configuration-parameters)
+
+
+# <a name="tldr">TL; DR;</a>
+**A) Deploy adm-agent**
+
+**A.1) Get Access ID and Secret to access ADM** 
+
+For Access ID and secret see [this](#generatetoken).
+
+**A.2) To create ADM agent login Secret, use the following command:**
+
+	kubectl create secret generic admlogin --from-literal=username=nsroot --from-literal=password=<adm-agent-password> -n <namespace>
+
+	helm repo add netscaler https://citrix.github.io/citrix-helm-charts
+	helm install agent netscaler/adm-agent --namespace <namespace>
+
+**Note:** If you are deploying Netscaler CPX and ADM agent in different namespaces, please label namespace with `citrix-cpx=enabled` in which Netscaler CPX has been deployed and agent will take care of creating admlogin secret in other namespaces. For more information, see [Create Secret automatically](#automatic-secret). 
+
+
+# <a name="introduction">Introduction</a>
+
+NetScaler provides a container based ADM agent to connect NetScaler CPX with ADM service for management and monitoring of NetScaler CPX.
+
+# Prerequisites
+
+- Ensure that you have a NetScaler ADM account. To use ADM, you must create a [Cloud account](https://docs.citrix.com/en-us/citrix-cloud/overview/signing-up-for-citrix-cloud/signing-up-for-citrix-cloud). To manage ADM with an Express account, see [Getting Started](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/getting-started.html#install-an-agent-as-a-microservice).
+
+- Ensure that you installed Kubernetes version 1.16 or later. For more information about Kubernetes installation, see [Kubernetes](https://kubernetes.io/).
+
+- Ensure that you have installed Helm version 3.x. For information about Helm chart installation, see [Helm](https://github.com/citrix/citrix-helm-charts/blob/master/Helm_Installation_version_3.md).
+
+- Ensure that the ports described in the [Ports](https://docs.citrix.com/en-us/citrix-application-delivery-management-service/system-requirements.html#ports) document are open.
+
+- Ensure that serviceaccount adm-agent-serviceaccount is given privilege access. For more infomration, please see [this](#serviceaccount)
+## <a name="generatetoken">**Get Access ID and Secret**</a> 
+
+Perform the following steps to get access ID and secret for accessing ADM:
+
+1. Log in to NetScaler ADM Service account. 
+
+2. On the left Menu panel, select **Identity and Access Management**.
+
+   ![](images/menu.png)
+
+3. Go to **API Access**.
+
+    ![](images/apiaccess.png)
+
+4. Specify the client name and click **Create Client**.
+
+    ![](images/client-detail.png)
+
+5. Download and save the `access-id` and `access-secret` generated.
+
+    ![](images/downloads-secret.png)
+
+# <a name="deploy-adm-agent-using-helm-chart">Deploy ADM agent using the Helm chart</a>
+
+Before deploying the ADM agent, you must create a Kubernetes Secret containing the access ID and Secret to access ADM. For information about getting the access ID and secret for accessing  ADM, see [Access ID and Secret to access ADM](#generatetoken). After the Secret has been created, use the following commands to deploy ADM Agent:
+
+	helm repo add netscaler https://citrix.github.io/citrix-helm-charts
+
+	helm install agent netscaler/adm-agent --namespace <namespace>  
+
+It deploys ADM Agent and registers with ADM service. It also deploys a sidecar along with ADM Agent which can create a Kubernetes Secret containing login credentials of ADM Agent automatically when namespace is labelled with `citrix-cpx=enabled`, more detail [here](#automatic-secret).
+
+#  <a name="manual-secret">Create login secret manually for NetScaler ADM agent</a>
+
+ADM agent login credentials are required by NetScaler CPX while registering itself to ADM Service. You can create it manually on all the namespaces in which Netscaler CPX will be deployed and also on the namespace in which the ADM agent will be created.
+
+	kubectl create secret generic admlogin --from-literal=username=nsroot --from-literal=password=<adm-agent-password> -n <namespace> 
+
+After the Secret has been created, you can deploy the ADM agent using the following command:
+
+	helm install agent netscaler/adm-agent --namespace <namespace>
+
+# <a name="automatic-secret"> Automatic login secret for NetScaler ADM agent</a>
+
+ADM agent can create the secret for ADM agent and deploys a sidecar along with the ADM agent that creates the secret automatically whenever a namespace is labelled with `citrix-cpx=enabled`.
+
+To label a namespace, use the following command:
+
+	kubectl label namespace <namespace> citrix-cpx=enabled
+
+# <a name="clean-up">Clean up</a>
+
+To delete the resources created during the deployment of ADM agent `adm-agent` with the release name `agent`, use the following command:
+
+	helm uninstall agent -n <namespace>
+
+**NOTE** While removing Agent, it removes CPX & cluster registered with Agent from ADM Service. You need remove the Cluster and Agent from NetScaler ADM UI manually in case any error happen.
+
+# <a name="serviceaccount">ServiceAccount</a>
+
+To provide privileged permissions to the service account used by ADM Agent, please use following command
+
+	oc adm policy add-scc-to-user privileged system:serviceaccount:<namespace>:adm-agent-serviceaccount
+
+# <a name="configuration-parameters">Configuration parameters</a>
+
+The following table provides the configurable parameters and their default values in the Helm chart.
+
+| Parameter                      | Description                   | Default                   |
+|--------------------------------|-------------------------------|---------------------------|
+| `imageRegistry`			   | Image registry of the ADM agent onboarding container               | `quay.io`               |
+| `imageRepository`			   | Image repository of the ADM agent onboarding container               | `citrix/adm-agent`               |
+| `imageTag`			   | Image tag  of the ADM agent container               | `141.10.28`               |
+| `pullPolicy`   | Specifies the image pull policy for ADM agent. | IfNotPresent        |
+| `accessSecret`| Specifies the ID and Secret to access ADM Service.| Nil|
+| `loginSecret`| Specifies the login Secret of NetScaler ADM agent.| Nil|
+| `helper.helperImageRegistry`			   | Image registry of NetScaler ADM agent helper               | `quay.io`               |
+| `helper.helperImageRepository`			   | Image repository of NetScaler ADM agent helper               | `citrix/adm-agent-helper`               |
+| `helper.helperImageTag`			   | Image tag of NetScaler ADM agent helper               | `1.0.0`               |
+| `helper.pullPolicy`   | Specifies the image pull policy for ADM agent Helper. | IfNotPresent        |
+
+**Note:** You can use the `values.yaml` file packaged in the chart. This file contains the default configuration values for the chart.

adm-agent/templates/NOTES.txt

@@ -0,0 +1 @@
+ADM Agent Installed Successfully.

adm-agent/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "adm-agent.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "adm-agent.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 53 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 53 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 53 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "adm-agent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "adm-agent.labels" -}}
+helm.sh/chart: {{ include "adm-agent.chart" . }}
+{{ include "adm-agent.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "adm-agent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "adm-agent.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "adm-agent.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "adm-agent.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

adm-agent/templates/agent-postinstall.yaml

@@ -0,0 +1,59 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: agent-postinstall
+  labels:
+    job-name: agent-postinstall
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": "hook-succeeded,hook-failed"
+spec:
+  backoffLimit: 4
+  template:
+    metadata:
+      labels:
+        job-name: agent-postinstall
+    spec:
+      restartPolicy: Never
+      serviceAccountName: adm-agent-serviceaccount
+      containers:
+      - name: agent-postinstall
+        image: "{{ tpl .Values.image . }}"
+        imagePullPolicy: {{ .Values.pullPolicy }}
+        securityContext:
+          privileged: true
+        env:
+        - name: DEPL
+          value: "service"
+        - name: ORCH
+          value: "Kubernetes"
+        - name: CONTROLLER
+          value: "operator"
+        - name: CONTAINER_AGENT_MODE
+          value: "adm-agent-postinstall"
+        - name: INSTALL_JOB
+          value: "yes"
+        - name: IP
+          value: {{ include "adm-agent.fullname" . }}
+        - name: APP_ID
+          value: {{ include "adm-agent.fullname" . }}
+        - name: API_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ required "Valid accessSecret is required!" .Values.accessSecret }}
+              key: accessid
+
+        - name: API_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ required "Valid accessSecret is required!" .Values.accessSecret }}
+              key: accesssecret
+
+        - name: "ADM_AGENT_PASSWORD"
+          valueFrom:
+            secretKeyRef:
+              name: "{{ required "Valid loginSecret is required!" .Values.loginSecret }}"
+              key: password
+
+        - name: ADM_URL
+          value: "{{ .Values.admURL }}"

adm-agent/templates/agent-tearoff.yaml

@@ -0,0 +1,59 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: agent-tearoff
+  labels:
+    job-name: agent-tearoff
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded,hook-failed"
+spec:
+  backoffLimit: 4
+  template:
+    metadata:
+      labels:
+        job-name: agent-tearoff
+    spec:
+      restartPolicy: Never
+      serviceAccountName: adm-agent-serviceaccount
+      containers:
+      - name: agent-tearoff
+        image: "{{ tpl .Values.image . }}"
+        imagePullPolicy: {{ .Values.pullPolicy }}
+        securityContext:
+          privileged: true
+        env:
+        - name: DEPL
+          value: "service"
+        - name: ORCH
+          value: "Kubernetes"
+        - name: CONTROLLER
+          value: "operator"
+        - name: CONTAINER_AGENT_MODE
+          value: "adm-agent-tearoff"
+        - name: UNINSTALL_JOB
+          value: "yes"
+        - name: IP
+          value: {{ include "adm-agent.fullname" . }}
+        - name: APP_ID
+          value: {{ include "adm-agent.fullname" . }}
+        - name: API_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ required "Valid accessSecret is required!" .Values.accessSecret }}
+              key: accessid
+
+        - name: API_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ required "Valid accessSecret is required!" .Values.accessSecret }}
+              key: accesssecret
+
+        - name: ADM_URL
+          value: "{{ .Values.admURL }}"
+
+        - name: AGENT_CONFIG_MAP
+          value: {{ include "adm-agent.fullname" . }}-configmap
+
+        - name: AGENT_SECRET
+          value: {{ include "adm-agent.fullname" . }}-secret