add efs and traefik helm charts

datopian · Nov 12, 2018 · ee7818e · ee7818e
1 parent 91b8fb4
commit ee7818e
Show file tree

Hide file tree

Showing 10 changed files with 212 additions and 2 deletions.
diff --git a/.travis.sh b/.travis.sh
@@ -15,6 +15,8 @@ elif [ "${1}" == "deploy" ]; then
     travis_ci_operator.sh github-update self master "
         cd charts_repository &&\
         helm package ../ckan --version "${TRAVIS_TAG}" &&\
+        helm package ../efs --version "${TRAVIS_TAG}" &&\
+        helm package ../traefik --version "${TRAVIS_TAG}" &&\
         helm repo index . &&\
         cd .. &&\
         git add charts_repository/index.yaml charts_repository/ckan-${TRAVIS_TAG}.tgz

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
-# CKAN Cloud Helm Chart
+# CKAN Cloud Helm Charts
 
-Helm chart which deploys a single CKAN instance and related infrastructure as part of a multi-tenant cluster.
+Helm charts to support the CKAN Cloud CKAN instances and other related infrastructure.
 
 Supported Kubernetes providers:
 

diff --git a/efs/Chart.yaml b/efs/Chart.yaml
@@ -0,0 +1 @@
+name: efs
diff --git a/efs/templates/deployment.yaml b/efs/templates/deployment.yaml
@@ -0,0 +1,32 @@
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: efs-provisioner
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: efs-provisioner
+    spec:
+      serviceAccountName: efs-provisioner
+      containers:
+        - name: efs-provisioner
+          image: quay.io/external_storage/efs-provisioner:latest
+          env:
+            - name: FILE_SYSTEM_ID
+              value: {{ .Values.efsFileSystemID }}
+            - name: AWS_REGION
+              value: {{ .Values.efsFileSystemRegion }}
+            - name: PROVISIONER_NAME
+              value: example.com/aws-efs
+          volumeMounts:
+            - name: pv-volume
+              mountPath: /persistentvolumes
+      volumes:
+        - name: pv-volume
+          nfs:
+            server: {{ .Values.efsFileSystemID }}.efs.{{ .Values.efsFileSystemRegion }}.amazonaws.com
+            path: /
diff --git a/efs/templates/rbac.yaml b/efs/templates/rbac.yaml
@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: efs-provisioner
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: efs-provisioner-runner
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: run-efs-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: efs-provisioner
+     # replace with namespace where provisioner is deployed
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: efs-provisioner-runner
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-efs-provisioner
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-efs-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: efs-provisioner
+    # replace with namespace where provisioner is deployed
+    namespace: default
+roleRef:
+  kind: Role
+  name: leader-locking-efs-provisioner
+  apiGroup: rbac.authorization.k8s.io
diff --git a/efs/templates/storage-class.yaml b/efs/templates/storage-class.yaml
@@ -0,0 +1,5 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: cca-ckan
+provisioner: example.com/aws-efs
diff --git a/traefik/Chart.yaml b/traefik/Chart.yaml
@@ -0,0 +1 @@
+name: traefik
diff --git a/traefik/templates/configmap.yaml b/traefik/templates/configmap.yaml
@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: etc-traefik
+data:
+  traefik.toml: |
+    # https://docs.traefik.io/configuration/commons/
+
+    debug = false
+
+    defaultEntryPoints = ["http", "https"]
+    
+    [entryPoints]
+        [entryPoints.http]
+        address = ":80"
+
+        [entryPoints.https]
+        address = ":443"
+          [entryPoints.https.tls]
+
+    [ping]
+      entryPoint = "http"
+
+    [acme]
+      email = {{ .Values.acmeEmail | quote }}
+      storage = "/traefik-acme/acme.json"
+      entryPoint = "https"
+{{ .Values.acmeDomains | indent 6 }}
+      [acme.dnsChallenge]
+        provider = {{ .Values.dnsProvider | quote }}
+
+    [accessLog]
+
+    [file]
+
+    [backends]
+{{ .Values.backends | indent 6 }}
+
+    [frontends]
+{{ .Values.frontends | indent 6}}
diff --git a/traefik/templates/deployment.yaml b/traefik/templates/deployment.yaml
@@ -0,0 +1,59 @@
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: traefik
+spec:
+  replicas: 1
+  revisionHistoryLimit: 5
+  template:
+    metadata:
+      labels:
+        app: traefik
+      annotations:
+        # update the pod on traefik configuration changes
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    spec:
+      containers:
+      - name: traefik
+        image: traefik
+        ports:
+        - {containerPort: 80}
+        - {containerPort: 443}
+        resources: {"requests": {"cpu": "100m", "memory": "50Mi"}}
+        volumeMounts:
+        - name: etc-traefik
+          mountPath: /etc-traefik
+        - name: traefik-acme
+          mountPath: /traefik-acme
+          subPath: {{ .Release.Namespace }}-traefik
+        args:
+        - "--configFile=/etc-traefik/traefik.toml"
+        {{ if eq .Values.dnsProvider "route53" }}
+        env:
+        - name: AWS_ACCESS_KEY_ID
+          value: {{ .Values.AWS_ACCESS_KEY_ID | quote }}
+        - name: AWS_REGION
+          value: {{ .Values.AWS_REGION | quote }}
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.awsSecretName }}
+              key: AWS_SECRET_ACCESS_KEY
+        {{ end }}
+        {{ if eq .Values.dnsProvider "cloudflare" }}
+        env:
+        - name: CLOUDFLARE_EMAIL
+          value: {{ .Values.CLOUDFLARE_EMAIL | quote }}
+        - name: CLOUDFLARE_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.cfSecretName }}
+              key: CLOUDFLARE_API_KEY
+        {{ end }}
+      volumes:
+      - name: etc-traefik
+        configMap:
+          name: etc-traefik
+      - name: traefik-acme
+        persistentVolumeClaim:
+          claimName: {{ .Release.Namespace }}-traefik
diff --git a/traefik/templates/pvc.yaml b/traefik/templates/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Namespace }}-traefik
+spec:
+  storageClassName: {{ .Values.ckanStorageClassName }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Mi