[COMMON][ETCD-INIT] Add etcd-init chart

- etcd-init chart will provision the users and roles in a running etcd instance - Change etcd container name for readiness init container to work Issue-ID: OOM-2746 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I0cb6d3830b0048c4d70f381815bd3f858ec31ae7
author: krishnaa96 <krishna.moorthy6@wipro.com> 2021-05-11 18:29:49 +0530
committer: Sylvain Desbureaux <sylvain.desbureaux@orange.com> 2021-05-28 14:22:58 +0000
commit: 544863d73ef1137faaf031513ac6868ebf101953 (patch)
tree: fd435ff91a08c5004abd7e5b660416a1979db05c
parent: 77b740f2c94facef63eafcde23666c2133d2e5da (diff)
7 files changed, 256 insertions, 1 deletions
diff --git a/kubernetes/common/etcd-init/.helmignore b/kubernetes/common/etcd-init/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/kubernetes/common/etcd-init/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/common/etcd-init/Chart.yaml b/kubernetes/common/etcd-init/Chart.yaml
new file mode 100644
index 0000000000..20f5ac40cc
--- /dev/null
+++ b/kubernetes/common/etcd-init/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Chart for etcd init job
+name: etcd-init
+version: 8.0.0
diff --git a/kubernetes/common/etcd-init/requirements.yaml b/kubernetes/common/etcd-init/requirements.yaml
new file mode 100644
index 0000000000..008789b822
--- /dev/null
+++ b/kubernetes/common/etcd-init/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+  - name: common
+    version: ~8.x-0
+    repository: 'file://../common'
+  - name: repositoryGenerator
+    version: ~8.x-0
+    repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml
new file mode 100644
index 0000000000..69bcfaaf99
--- /dev/null
+++ b/kubernetes/common/etcd-init/templates/job.yaml
@@ -0,0 +1,104 @@
+{{/*
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.fullname" . }}-job
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  backoffLimit: {{ .Values.backoffLimit }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.name" . }}
+        release: {{ include "common.release" . }}
+      name: {{ include "common.name" . }}
+    spec:
+      initContainers:
+      - name: {{ include "common.name" . }}-readiness
+        command:
+        - /app/ready.py
+        args:
+        - --container-name
+        - {{ .Values.etcd.containerName }}
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        image: {{ include "repositoryGenerator.image.readiness" . }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+      containers:
+      - name: {{ include "common.name" . }}
+        image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - /bin/sh
+          - -ec
+          - |
+            # Create users
+            export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT}
+            export ETCDCTL_API=3
+            echo "${ROOT_PASSWORD}" | etcdctl user add root --interactive=false
+            echo "${APP_PASSWORD}" | etcdctl user add ${APP_USER} --interactive=false
+
+            # Create roles
+            etcdctl role add ${APP_ROLE}
+            etcdctl role grant-permission ${APP_ROLE} --prefix=true readwrite ${KEY_PREFIX}
+
+            etcdctl user grant-role ${APP_USER} ${APP_ROLE}
+            etcdctl auth enable
+        env:
+        - name: ALLOW_NONE_AUTHENTICATION
+          value: "yes"
+        - name: ETCD_HOST
+          value: "{{ .Values.etcd.serviceName }}.{{ include "common.namespace" . }}"
+        - name: ETCD_PORT
+          value: "{{ .Values.etcd.port }}"
+        - name: ROOT_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" "password" ) | indent 10 }}
+        - name: APP_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "login") | indent 10 }}
+        - name: APP_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "password") | indent 10 }}
+        - name: APP_ROLE
+          value: "{{ .Values.config.appRole }}"
+        - name: KEY_PREFIX
+          value: "{{ .Values.config.keyPrefix }}"
+        volumeMounts:
+        - mountPath: /etc/localtime
+          name: localtime
+          readOnly: true
+        resources: {{ include "common.resources" . | nindent 12 }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+      {{- end -}}
+      {{- if .Values.affinity }}
+      affinity: {{ toYaml .Values.affinity | nindent 10 }}
+      {{- end }}
+      volumes:
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+      restartPolicy: Never
+      imagePullSecrets:
+      - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/etcd-init/templates/secret.yaml b/kubernetes/common/etcd-init/templates/secret.yaml
new file mode 100644
index 0000000000..e874185693
--- /dev/null
+++ b/kubernetes/common/etcd-init/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml
new file mode 100644
index 0000000000..c99c9f1e5b
--- /dev/null
+++ b/kubernetes/common/etcd-init/values.yaml
@@ -0,0 +1,74 @@
+# Copyright (C) 2021 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: root-password
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.userRootSecret) . }}'
+    password: '{{  .Values.config.userRootPassword }}'
+  - uid: app-creds
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.appUser }}'
+    password: '{{ .Values.config.appPassword }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+image: bitnami/etcd:3.3.15
+pullPolicy: Always
+backoffLimit: 20
+
+nodeSelector: {}
+
+affinity: {}
+
+etcd:
+  serviceName: k8s-etcd
+  port : 2379
+  containerName: k8s-etcd
+
+config:
+  userRootSecret: root
+#  userCredentialsExternalSecret:
+  appUser: user
+  appRole: role
+  keyPrefix: key
+
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 100m
+      memory: 500Mi
+    requests:
+      cpu: 10m
+      memory: 10Mi
+  large:
+    limits:
+      cpu: 200m
+      memory: 500Mi
+    requests:
+      cpu: 20m
+      memory: 20Mi
+  unlimited: {}
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index a343d4fce5..48c8b6d0cc 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -49,7 +49,7 @@ spec:
 {{ toYaml .Values.tolerations | indent 8 }}
 {{- end }}
       containers:
-      - name: {{ include "common.fullname" .  }}
+      - name: {{ include "common.name" .  }}
         image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
         imagePullPolicy: "{{ .Values.pullPolicy }}"
         ports:
author	krishnaa96 <krishna.moorthy6@wipro.com>	2021-05-11 18:29:49 +0530
committer	Sylvain Desbureaux <sylvain.desbureaux@orange.com>	2021-05-28 14:22:58 +0000
commit	544863d73ef1137faaf031513ac6868ebf101953 (patch)
tree	fd435ff91a08c5004abd7e5b660416a1979db05c
parent	77b740f2c94facef63eafcde23666c2133d2e5da (diff)