From ee7818ea60bbff4a27953d5ec483b8432012b253 Mon Sep 17 00:00:00 2001 From: Ori Hoch Date: Mon, 12 Nov 2018 08:32:34 +0200 Subject: [PATCH] add efs and traefik helm charts --- .travis.sh | 2 ++ README.md | 4 +-- efs/Chart.yaml | 1 + efs/templates/deployment.yaml | 32 +++++++++++++++++ efs/templates/rbac.yaml | 59 +++++++++++++++++++++++++++++++ efs/templates/storage-class.yaml | 5 +++ traefik/Chart.yaml | 1 + traefik/templates/configmap.yaml | 40 +++++++++++++++++++++ traefik/templates/deployment.yaml | 59 +++++++++++++++++++++++++++++++ traefik/templates/pvc.yaml | 11 ++++++ 10 files changed, 212 insertions(+), 2 deletions(-) create mode 100644 efs/Chart.yaml create mode 100644 efs/templates/deployment.yaml create mode 100644 efs/templates/rbac.yaml create mode 100644 efs/templates/storage-class.yaml create mode 100644 traefik/Chart.yaml create mode 100644 traefik/templates/configmap.yaml create mode 100644 traefik/templates/deployment.yaml create mode 100644 traefik/templates/pvc.yaml diff --git a/.travis.sh b/.travis.sh index 7bdc49c..d2c31a7 100644 --- a/.travis.sh +++ b/.travis.sh @@ -15,6 +15,8 @@ elif [ "${1}" == "deploy" ]; then travis_ci_operator.sh github-update self master " cd charts_repository &&\ helm package ../ckan --version "${TRAVIS_TAG}" &&\ + helm package ../efs --version "${TRAVIS_TAG}" &&\ + helm package ../traefik --version "${TRAVIS_TAG}" &&\ helm repo index . &&\ cd .. &&\ git add charts_repository/index.yaml charts_repository/ckan-${TRAVIS_TAG}.tgz diff --git a/README.md b/README.md index 7c75ee1..7c66a25 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# CKAN Cloud Helm Chart +# CKAN Cloud Helm Charts -Helm chart which deploys a single CKAN instance and related infrastructure as part of a multi-tenant cluster. +Helm charts to support the CKAN Cloud CKAN instances and other related infrastructure. Supported Kubernetes providers: diff --git a/efs/Chart.yaml b/efs/Chart.yaml new file mode 100644 index 0000000..df97af4 --- /dev/null +++ b/efs/Chart.yaml @@ -0,0 +1 @@ +name: efs \ No newline at end of file diff --git a/efs/templates/deployment.yaml b/efs/templates/deployment.yaml new file mode 100644 index 0000000..87f2f6f --- /dev/null +++ b/efs/templates/deployment.yaml @@ -0,0 +1,32 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: efs-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: efs-provisioner + spec: + serviceAccountName: efs-provisioner + containers: + - name: efs-provisioner + image: quay.io/external_storage/efs-provisioner:latest + env: + - name: FILE_SYSTEM_ID + value: {{ .Values.efsFileSystemID }} + - name: AWS_REGION + value: {{ .Values.efsFileSystemRegion }} + - name: PROVISIONER_NAME + value: example.com/aws-efs + volumeMounts: + - name: pv-volume + mountPath: /persistentvolumes + volumes: + - name: pv-volume + nfs: + server: {{ .Values.efsFileSystemID }}.efs.{{ .Values.efsFileSystemRegion }}.amazonaws.com + path: / diff --git a/efs/templates/rbac.yaml b/efs/templates/rbac.yaml new file mode 100644 index 0000000..4914a47 --- /dev/null +++ b/efs/templates/rbac.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: efs-provisioner +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: efs-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: run-efs-provisioner +subjects: + - kind: ServiceAccount + name: efs-provisioner + # replace with namespace where provisioner is deployed + namespace: default +roleRef: + kind: ClusterRole + name: efs-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-efs-provisioner +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-efs-provisioner +subjects: + - kind: ServiceAccount + name: efs-provisioner + # replace with namespace where provisioner is deployed + namespace: default +roleRef: + kind: Role + name: leader-locking-efs-provisioner + apiGroup: rbac.authorization.k8s.io diff --git a/efs/templates/storage-class.yaml b/efs/templates/storage-class.yaml new file mode 100644 index 0000000..292dc4f --- /dev/null +++ b/efs/templates/storage-class.yaml @@ -0,0 +1,5 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: cca-ckan +provisioner: example.com/aws-efs diff --git a/traefik/Chart.yaml b/traefik/Chart.yaml new file mode 100644 index 0000000..0dfb282 --- /dev/null +++ b/traefik/Chart.yaml @@ -0,0 +1 @@ +name: traefik \ No newline at end of file diff --git a/traefik/templates/configmap.yaml b/traefik/templates/configmap.yaml new file mode 100644 index 0000000..7d01c8d --- /dev/null +++ b/traefik/templates/configmap.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: etc-traefik +data: + traefik.toml: | + # https://docs.traefik.io/configuration/commons/ + + debug = false + + defaultEntryPoints = ["http", "https"] + + [entryPoints] + [entryPoints.http] + address = ":80" + + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + + [ping] + entryPoint = "http" + + [acme] + email = {{ .Values.acmeEmail | quote }} + storage = "/traefik-acme/acme.json" + entryPoint = "https" +{{ .Values.acmeDomains | indent 6 }} + [acme.dnsChallenge] + provider = {{ .Values.dnsProvider | quote }} + + [accessLog] + + [file] + + [backends] +{{ .Values.backends | indent 6 }} + + [frontends] +{{ .Values.frontends | indent 6}} diff --git a/traefik/templates/deployment.yaml b/traefik/templates/deployment.yaml new file mode 100644 index 0000000..3a08e51 --- /dev/null +++ b/traefik/templates/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: traefik +spec: + replicas: 1 + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: traefik + annotations: + # update the pod on traefik configuration changes + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + spec: + containers: + - name: traefik + image: traefik + ports: + - {containerPort: 80} + - {containerPort: 443} + resources: {"requests": {"cpu": "100m", "memory": "50Mi"}} + volumeMounts: + - name: etc-traefik + mountPath: /etc-traefik + - name: traefik-acme + mountPath: /traefik-acme + subPath: {{ .Release.Namespace }}-traefik + args: + - "--configFile=/etc-traefik/traefik.toml" + {{ if eq .Values.dnsProvider "route53" }} + env: + - name: AWS_ACCESS_KEY_ID + value: {{ .Values.AWS_ACCESS_KEY_ID | quote }} + - name: AWS_REGION + value: {{ .Values.AWS_REGION | quote }} + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.awsSecretName }} + key: AWS_SECRET_ACCESS_KEY + {{ end }} + {{ if eq .Values.dnsProvider "cloudflare" }} + env: + - name: CLOUDFLARE_EMAIL + value: {{ .Values.CLOUDFLARE_EMAIL | quote }} + - name: CLOUDFLARE_API_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.cfSecretName }} + key: CLOUDFLARE_API_KEY + {{ end }} + volumes: + - name: etc-traefik + configMap: + name: etc-traefik + - name: traefik-acme + persistentVolumeClaim: + claimName: {{ .Release.Namespace }}-traefik diff --git a/traefik/templates/pvc.yaml b/traefik/templates/pvc.yaml new file mode 100644 index 0000000..f092319 --- /dev/null +++ b/traefik/templates/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Namespace }}-traefik +spec: + storageClassName: {{ .Values.ckanStorageClassName }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Mi