Merge pull request #62 from bcgov/feat/helmchart

junminahn · web-flow · commit dbec22b7bf53 · 2021-12-15T12:01:40.000-08:00
feat: publish helm charts
diff --git a/.tool-versions b/.tool-versions
@@ -1,6 +1,7 @@
 nodejs 14.14.0
 python 3.8.6
 kubectl 1.18.0
+oc 4.7.5
 helm 3.2.4
 yarn 1.22.4
 k6 0.34.1
diff --git a/helm/keycloak/Chart.yaml b/helm/keycloak/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
 name: sso-keycloak
-version: 0.1.6
+version: 0.1.7
 appVersion: 0.1.0
 description: Open Source Identity and Access Management For Modern Applications and Services
diff --git a/helm/keycloak/README.md b/helm/keycloak/README.md
@@ -1,70 +1,74 @@
-# Keycloak Helm Chart
+# SSO Keycloak Helm Chart
 
-The helm chart installs `Secret` k8s objects with the release name `sso-keycloak`.
+The `SSO Keycloak Helm Chart` provides a easy way to deploy (RedHat SSO)[https://access.redhat.com/products/red-hat-single-sign-on], which is specifically designed for BCGov SSO services, on Openshift.
 
-## Installing the Chart
+## Usages
 
-To install the chart on a specific namespace.
+### Add this chart repository
 
-```bash
-$ make install NAMESPACE=<namespace>
+```console
+$ helm repo add sso-keycloak https://bcgov.github.io/sso-keycloak
 ```
 
-To upgrade the chart on a specific namespace.
+### Install this chart repository
 
-```bash
-$ make upgrade NAMESPACE=<namespace>
+```console
+$ helm install <release-name> sso-keycloak/sso-keycloak [--namespace <my-namespace>] [--version <x.y.z>] [--values ./custom-values.yaml]
 ```
 
-To uninstall the chart on a specific namespace.
+### Upgrade this chart repository
 
-```bash
-$ make uninstall NAMESPACE=<namespace>
+```console
+$ helm upgrade <release-name> sso-keycloak/sso-keycloak [--namespace <my-namespace>] [--version <x.y.z>] [--values ./custom-values.yaml]
 ```
 
-To lint the chart on a specific namespace.
+### Uninstall this chart repository
 
-```bash
-$ make lint NAMESPACE=<namespace>
+```console
+$ helm uninstall <release-name> [--namespace <my-namespace>]
 ```
 
 ## Configuration
 
 The following table lists the configurable parameters of the Keycloak chart and their default values.
 
-Parameter | Description | Default
---- | --- | ---
-`replicaCount` | Number of pods to create | `1`
-`image.repository` | container image repository | `ghcr.io/bcgov/sso`
-`image.tag` | container image tag | `dev`
-`image.pullPolicy` | container image pull policy | `Always`
-`nameOverride` | override for the chart name | `sso-keycloak`
-`fullNameOverride` | override for the full chart name | `sso-keycloak`
-`service.type` | type of service to create | `ClusterIP`
-`service.port` | port of service | `8080`
-`pingService.enabled` | enable DNS ping | `true`
-`pingService.port` | exposed port of ping service | `8888`
-`postgres.host` | host of postgres service | `sso-pgsql-master`
-`postgres.dbName` | name of database | `rhsso`
-`postgres.port` | exposed port of database | `5432`
-`postgres.credentials.secret` | name of secret containing database credentials | `sso-pgsql`
-`postgres.credentials.adminUsername` | name of admin database user | `postgres`
-`postgres.credentials.passwordKey` | Secret key of admin password | `password-superuser`
-`postgres.poolSize.min` | Minimum pool size | `5`
-`postgres.poolSize.max` | Maximum pool size | `20`
-`jgroupsCluster.secret` | Name of secret | `2`
-`jgroupsCluster.passwordKey` | Secret key for password | `password`
-`additionalServerOptions` | Additional command line options for server | `-Dkeycloak.profile.feature.authorization=enabled -Djboss.persistent.log.dir=/var/log/eap`
-`tls.enabled` | Enable tls | `false`
-`tls.httpsSecret` | Name of secret for tls cert | `sso-x509-https-secret`
-`tls.jgroupsSecret` | Name of secret for jgroups | `sso-x509-jgroups-secret`
-`persistentLog.enabled` | Enable persistent logs | `true`
-`persistentLog.storageClassName` | Storage class name of volume | `netapp-file-standard`
-`persistentLog.path` | Path to save logs | `/var/log/eap`
-`resources.limits.memory` | memory limit for pods | `2Gi`
-`resources.limits.cpu` | CPU limit for pods | `2`
-`resources.requests.cpu` | cpu request for pods | `1250m`
-`resources.requests.memory` | memory request for pods | `1Gi`
-`nodeSelector` | node labels for pod assignment | `{}`
-`tolerations` | toleration settings | `[]`
-`affinity` | affinity settings | `{}`
+| Parameter                            | Description                                    | Default                                                                                    |
+| ------------------------------------ | ---------------------------------------------- | ------------------------------------------------------------------------------------------ |
+| `replicaCount`                       | Number of pods to create                       | `1`                                                                                        |
+| `image.repository`                   | container image repository                     | `ghcr.io/bcgov/sso`                                                                        |
+| `image.tag`                          | container image tag                            | `dev`                                                                                      |
+| `image.pullPolicy`                   | container image pull policy                    | `Always`                                                                                   |
+| `nameOverride`                       | override for the chart name                    | `sso-keycloak`                                                                             |
+| `fullNameOverride`                   | override for the full chart name               | `sso-keycloak`                                                                             |
+| `service.type`                       | type of service to create                      | `ClusterIP`                                                                                |
+| `service.port`                       | port of service                                | `8080`                                                                                     |
+| `pingService.enabled`                | enable DNS ping                                | `true`                                                                                     |
+| `pingService.port`                   | exposed port of ping service                   | `8888`                                                                                     |
+| `postgres.host`                      | host of postgres service                       | `sso-pgsql-master`                                                                         |
+| `postgres.dbName`                    | name of database                               | `rhsso`                                                                                    |
+| `postgres.port`                      | exposed port of database                       | `5432`                                                                                     |
+| `postgres.credentials.secret`        | name of secret containing database credentials | `sso-pgsql`                                                                                |
+| `postgres.credentials.adminUsername` | name of admin database user                    | `postgres`                                                                                 |
+| `postgres.credentials.passwordKey`   | Secret key of admin password                   | `password-superuser`                                                                       |
+| `postgres.poolSize.min`              | Minimum pool size                              | `5`                                                                                        |
+| `postgres.poolSize.max`              | Maximum pool size                              | `20`                                                                                       |
+| `additionalServerOptions`            | Additional command line options for server     | `-Dkeycloak.profile.feature.authorization=enabled -Djboss.persistent.log.dir=/var/log/eap` |
+| `tls.enabled`                        | Enable tls                                     | `false`                                                                                    |
+| `tls.httpsSecret`                    | Name of secret for tls cert                    | `sso-x509-https-secret`                                                                    |
+| `tls.jgroupsSecret`                  | Name of secret for jgroups                     | `sso-x509-jgroups-secret`                                                                  |
+| `persistentLog.enabled`              | Enable persistent logs                         | `true`                                                                                     |
+| `persistentLog.storageClassName`     | Storage class name of volume                   | `netapp-file-standard`                                                                     |
+| `persistentLog.path`                 | Path to save logs                              | `/var/log/eap`                                                                             |
+| `resources.limits.memory`            | memory limit for pods                          | `2Gi`                                                                                      |
+| `resources.limits.cpu`               | CPU limit for pods                             | `2`                                                                                        |
+| `resources.requests.cpu`             | cpu request for pods                           | `1250m`                                                                                    |
+| `resources.requests.memory`          | memory request for pods                        | `1Gi`                                                                                      |
+| `nodeSelector`                       | node labels for pod assignment                 | `{}`                                                                                       |
+| `tolerations`                        | toleration settings                            | `[]`                                                                                       |
+| `affinity`                           | affinity settings                              | `{}`                                                                                       |
+
+### Notes
+
+- The helm chart installs two `Secret` k8s objects:
+  1. `<release-name>-admin-secret`: it stores the Keycloak admin password.
+  1. `<release-name>-jgroups`: it stores the Keycloak cluster jgroups password.
diff --git a/helm/keycloak/templates/deployment.yaml b/helm/keycloak/templates/deployment.yaml
@@ -112,8 +112,8 @@ spec:
             - name: JGROUPS_CLUSTER_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.jgroupCluster.secret }}
-                  key: {{ .Values.jgroupCluster.passwordKey }}
+                  name: {{ include "..fullname" . }}-jgroups
+                  key: cluster-password
             # Additional server startup options (extension of JAVA_OPTS)
             - name: JAVA_OPTS_APPEND
               value: {{ .Values.additionalServerOptions }}
diff --git a/helm/keycloak/templates/pvc-logs.yaml b/helm/keycloak/templates/pvc-logs.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.pingService.enabled }}
+{{- if .Values.persistentLog.enabled }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
diff --git a/helm/keycloak/templates/secret.yaml b/helm/keycloak/templates/secret.yaml
@@ -13,3 +13,19 @@ metadata:
 type: Opaque
 data:
   password-admin: {{ randAlphaNum 32 | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "..fullname" . }}-jgroups
+  labels:
+    app: {{ include "..fullname" . }}
+    chart: {{ include "..chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": "pre-install"
+    "helm.sh/hook-delete-policy": "before-hook-creation"
+type: Opaque
+data:
+  cluster-password: {{ randAlphaNum 32 | b64enc | quote }}
diff --git a/helm/keycloak/values-3d5c3f-dev.yaml b/helm/keycloak/values-3d5c3f-dev.yaml
@@ -14,9 +14,6 @@ postgres:
   admin:
     secret: sso-admin-dev
 
-jgroupCluster:
-  secret: sso-jgroups-dev
-
 tls:
   enabled: true
 
diff --git a/helm/keycloak/values-3d5c3f-prod.yaml b/helm/keycloak/values-3d5c3f-prod.yaml
@@ -14,9 +14,6 @@ postgres:
   admin:
     secret: sso-admin-prod
 
-jgroupCluster:
-  secret: sso-jgroups-prod
-
 tls:
   enabled: true
 
diff --git a/helm/keycloak/values-3d5c3f-test.yaml b/helm/keycloak/values-3d5c3f-test.yaml
@@ -18,9 +18,6 @@ postgres:
     adminUsername: postgres
     passwordKey: password-superuser
 
-jgroupCluster:
-  secret: sso-jgroups-test
-
 tls:
   enabled: true
 
diff --git a/helm/keycloak/values-6d70e7-dev.yaml b/helm/keycloak/values-6d70e7-dev.yaml
@@ -14,9 +14,6 @@ postgres:
   admin:
     secret: sso-admin-dev
 
-jgroupCluster:
-  secret: sso-jgroups-dev
-
 tls:
   enabled: true
 
diff --git a/helm/keycloak/values-6d70e7-prod.yaml b/helm/keycloak/values-6d70e7-prod.yaml
@@ -14,9 +14,6 @@ postgres:
   admin:
     secret: sso-admin-prod
 
-jgroupCluster:
-  secret: sso-jgroups-prod
-
 tls:
   enabled: true
 
diff --git a/helm/keycloak/values-6d70e7-test.yaml b/helm/keycloak/values-6d70e7-test.yaml
@@ -14,9 +14,6 @@ postgres:
   admin:
     secret: sso-admin-test
 
-jgroupCluster:
-  secret: sso-jgroups-test
-
 tls:
   enabled: true
 
diff --git a/helm/keycloak/values-b861c7-test.yaml b/helm/keycloak/values-b861c7-test.yaml
@@ -0,0 +1,24 @@
+replicaCount: 2
+
+image:
+  tag: 7.4-37-rc.2
+
+service:
+  type: ClusterIP
+  port: 8443
+
+postgres:
+  host: sso-patroni
+  credentials:
+    secret: sso-patroni
+
+tls:
+  enabled: true
+
+resources:
+  limits:
+    cpu: 2
+    memory: 2Gi
+  requests:
+    cpu: 1250m
+    memory: 2Gi
diff --git a/helm/keycloak/values.yaml b/helm/keycloak/values.yaml
@@ -32,10 +32,6 @@ postgres:
     min: 5
     max: 20
 
-jgroupCluster:
-  secret: sso-jgroups
-  passwordKey: password
-
 # see https://github.com/keycloak/keycloak-containers/blob/master/server/README.md#start-a-keycloak-instance-with-custom-command-line-options
 additionalServerOptions: "-Dkeycloak.profile.feature.authorization=enabled -Djboss.persistent.log.dir=/var/log/eap"
 
diff --git a/helm/patroni/Chart.yaml b/helm/patroni/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: patroni
 description: "Highly available elephant herd: HA PostgreSQL cluster."
-version: 0.16.7
+version: 0.16.8
 appVersion: 1.5-p5
 home: https://github.com/zalando/patroni
 sources:
diff --git a/helm/patroni/README.md b/helm/patroni/README.md
@@ -13,25 +13,35 @@ This chart will do the following:
 
 - Implement a HA scalable PostgreSQL 10 cluster using a Kubernetes StatefulSet.
 
-## Installing the Chart
+## Usages
 
-To add dependencies:
+### Add this chart repository
 
 ```console
-helm dependency build
+$ helm repo add sso-keycloak https://bcgov.github.io/sso-keycloak
+$ helm dependency update
 ```
 
-To install the chart with the release name `patroni`:
+### Install this chart repository
 
 ```console
-$ helm install patroni . -n <namespace>
+$ helm install <release-name> sso-keycloak/patroni [--namespace <my-namespace>] [--version <x.y.z>] [--values ./custom-values.yaml]
+
+# To install the chart with randomly generated passwords:
+$ helm install patroni . \
+  --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)"
 ```
 
-To install the chart with randomly generated passwords:
+### Upgrade this chart repository
 
 ```console
-$ helm install patroni . \
-  --set credentials.superuser="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.admin="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)",credentials.standby="$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c32)"
+$ helm upgrade <release-name> sso-keycloak/patroni [--namespace <my-namespace>] [--version <x.y.z>] [--values ./custom-values.yaml]
+```
+
+### Uninstall this chart repository
+
+```console
+$ helm uninstall <release-name> [--namespace <my-namespace>]
 ```
 
 ## Configuration
@@ -46,6 +56,7 @@ The following table lists the configurable parameters of the patroni chart and t
 | `image.repository`               | The image to pull                                                                                                              | `registry.opensource.zalan.do/acid/spilo-10`        |
 | `image.tag`                      | The version of the image to pull                                                                                               | `1.5-p5`                                            |
 | `image.pullPolicy`               | The pull policy                                                                                                                | `IfNotPresent`                                      |
+| `credentials.random`             | Using passwords created randomly                                                                                               | `true`                                              |
 | `credentials.superuser`          | Password of the superuser                                                                                                      | `tea`                                               |
 | `credentials.admin`              | Password of the admin                                                                                                          | `cola`                                              |
 | `credentials.standby`            | Password of the replication user                                                                                               | `pinacolada`                                        |
@@ -88,17 +99,9 @@ The following table lists the configurable parameters of the patroni chart and t
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 
-Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install --name my-release -f values.yaml incubator/patroni
-```
-
-> **Tip**: You can use the default [values.yaml](values.yaml)
-
 ## Cleanup
 
-To remove the spawned pods you can run a simple `helm delete <release-name>`.
+To remove the spawned pods you can run a simple `helm uninstall <release-name> [--namespace <my-namespace>]`.
 
 Helm will however preserve created persistent volume claims and configmaps,
 to also remove them execute the commands below.
@@ -110,8 +113,6 @@ $ kubectl delete pvc -l release=$release
 $ kubectl delete configmaps -l release=$release
 ```
 
-
-
 ## Internals
 
 Patroni is responsible for electing a PostgreSQL master pod by leveraging the
diff --git a/helm/patroni/requirements.lock b/helm/patroni/requirements.lock
@@ -8,5 +8,5 @@ dependencies:
 - name: consul
   repository: https://charts.helm.sh/stable
   version: 3.6.1
-digest: sha256:1d1ed086586703e7cdc528c6d44e5c03f68f3f4fddfc713e50898eff18dc5acf
-generated: "2020-10-30T00:42:58.035153-04:00"
+digest: sha256:f9ef1101460c219c9cef3c44b360d1c9d4b206f56eaa95fae98f95ca76a92781
+generated: "2021-12-15T11:37:39.9090521-08:00"
diff --git a/helm/patroni/templates/ep-patroni.yaml b/helm/patroni/templates/ep-patroni.yaml
diff --git a/helm/patroni/values-sso-patroni.yaml b/helm/patroni/values-sso-patroni.yaml
diff --git a/helm/patroni/values.yaml b/helm/patroni/values.yaml

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-{{- if .Values.pingService.enabled }}`
	`1`	`+{{- if .Values.persistentLog.enabled }}`
`2`	`2`	`apiVersion: v1`
`3`	`3`	`kind: PersistentVolumeClaim`
`4`	`4`	`metadata:`