Merge pull request #34 from napptive/aks_installation

Add aks files

deployments/catalog-manager.001.team.configmap.aks.all.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: catalog-manager-team
+  namespace: TARGET_K8S_NAMESPACE
+  labels:
+    app: catalog-manager-team
+data:
+  TEAM_REPOSITORIES: napptive,test
+  TEAM_PRIVILEGED_USERS: aagea,dhiguero,ivdiaz,Carmendelope

deployments/catalog-manager.010.pvc.aks.all.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: catalog-manager-pv-claim
+  namespace: TARGET_K8S_NAMESPACE
+  labels:
+    app: catalog-manager
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: "managed-premium"
+  resources:
+    requests:
+      storage: 5Gi

deployments/catalog-manager.020.deployment.aks.all.yaml

@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: catalog-manager
+  namespace: TARGET_K8S_NAMESPACE
+  labels:
+    app: catalog-manager
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: catalog-manager
+  template:
+    metadata:
+      labels:
+        app: catalog-manager
+    spec:
+      priorityClassName: napptive-high-priority
+      containers:
+      - name: catalog-manager
+        image: TARGET_DOCKER_REGISTRY/catalog-manager:VERSION
+        imagePullPolicy: Always
+        env:
+          - name: AUTH_HEADER
+            valueFrom:
+              configMapKeyRef:
+                name: jwt-config
+                key: header
+          - name: AUTH_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: jwt-secret
+                key: secret
+        envFrom:
+          - configMapRef:
+              name: catalog-manager-team
+        args:
+          - "run"
+          - "--elasticAddress=http://elastic.TARGET_K8S_NAMESPACE:9200"
+          - "--repositoryPath=/napptive/repository/"
+          - "--adminAPIEnabled"
+          - "--authEnabled"
+          - "--authHeader=$(AUTH_HEADER)"
+          - "--authSecret=$(AUTH_SECRET)"
+          - "--teamPrivileges"
+          - "--teamUsers=$(TEAM_PRIVILEGED_USERS)"
+          - "--teamRepositories=$(TEAM_REPOSITORIES)"
+          - "--analyticsEnabled=false"
+          - "--launchSecureService"
+        volumeMounts:
+          - name: repository-path
+            mountPath: "/napptive/repository"
+          - name: certificates
+            mountPath: /certs
+      volumes:
+        #mount an pvc
+      - name: repository-path
+        persistentVolumeClaim:
+          claimName: catalog-manager-pv-claim
+      - name: certificates
+        secret:
+          # The secret is generated by cert-manager upon successfully issuing of the certificate.
+          secretName: catalog-manager-grpc-tls

deployments/catalog-manager.030.grpc-admin.service.aks.all.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: catalog-manager-admin-grpc
+  namespace: TARGET_K8S_NAMESPACE
+  labels:
+    app: catalog-manager
+spec:
+  selector:
+    app: catalog-manager
+  type: ClusterIP
+  ports:
+    - protocol: TCP
+      name: admin
+      port: 7062
+      targetPort: 7062

deployments/catalog-manager.030.http.service.aks.all.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: catalog-manager-http
+  namespace: TARGET_K8S_NAMESPACE
+  labels:
+    app: catalog-manager
+spec:
+  selector:
+    app: catalog-manager
+  type: NodePort
+  ports:
+    # Note that the service for the gRPC server will be created by the installer as it uses the static ip already reserved.
+    - protocol: TCP
+      name: http
+      port: 7061
+      targetPort: 7061

deployments/elastic.020.statefulset.aks.all.yaml

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: elastic
+  namespace: TARGET_K8S_NAMESPACE
+  labels:
+    app: elastic
+spec:
+  serviceName: "elastic"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: elastic
+  template:
+    metadata:
+      labels:
+        app: elastic
+    spec:
+      priorityClassName: napptive-high-priority
+      containers:
+        - name: elastic
+          image: elasticsearch:7.11.2
+          resources:
+            requests:
+              memory: "3Gi"
+              cpu: "250m"
+            limits:
+              memory: "3Gi"
+              cpu: "250m"
+          imagePullPolicy: "IfNotPresent"
+          ports:
+            - containerPort: 9200
+              name: http
+            - containerPort: 9300
+              name: transport
+          volumeMounts:
+            - name: storage
+              mountPath: /data
+            - name: config
+              mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+              subPath: elasticsearch.yml
+              readOnly: true
+          env:
+            - name: node.name
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: ES_JAVA_OPTS
+              value: -Xms2g -Xmx2g
+            - name: cluster.initial_master_nodes
+              value: elastic-0
+      initContainers:
+        - name: fix-permissions
+          image: busybox
+          command: ["sh", "-c", "chown -R 1000:1000 /data"]
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: storage
+              mountPath: /data
+        - name: increase-vm-max-map
+          image: busybox
+          command: ["sysctl", "-w", "vm.max_map_count=262144"]
+          securityContext:
+            privileged: true
+        - name: increase-fd-ulimit
+          image: busybox
+          command: ["sh", "-c", "ulimit -n 65536"]
+          securityContext:
+            privileged: true
+      volumes:
+        - name: config
+          configMap:
+            defaultMode: 0644
+            name: elastic-config
+  volumeClaimTemplates:
+    - metadata:
+        name: storage
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: "managed-premium"
+        resources:
+          requests:
+            storage: 5Gi