Merge pull request #828 from iqb-berlin/re-add-helm

Revert "remove helm from master branch"
iqb-berlin · Feb 19, 2025 · d394df1 · d394df1
2 parents cdfbb52 + ef91158
commit d394df1
Show file tree

Hide file tree

Showing 167 changed files with 59,528 additions and 0 deletions.
diff --git a/scripts/helm/custom/longhorn/templates/longhorn-single-storage-class.yaml b/scripts/helm/custom/longhorn/templates/longhorn-single-storage-class.yaml
@@ -0,0 +1,13 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: longhorn-single
+provisioner: driver.longhorn.io
+allowVolumeExpansion: true
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+parameters:
+  numberOfReplicas: "1"
+  staleReplicaTimeout: "2880"
+  fromBackup: ""
+  fsType: "ext4"
diff --git a/scripts/helm/custom/traefik/custom-values.yaml b/scripts/helm/custom/traefik/custom-values.yaml
@@ -0,0 +1,65 @@
+httpPort: &httpPort 80
+httpsPort: &httpsPort 443
+tlsEnabled: &tlsEnabled false
+
+deployment:
+  replicas: 1
+  # -- Additional initContainers (e.g. for setting file permission as shown below)
+  initContainers: []
+  # The "volume-permissions" init container is required if you run into permission issues.
+  # Related issue: https://github.com/traefik/traefik-helm-chart/issues/396
+  # - name: volume-permissions
+  #   image: busybox:latest
+  #   command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
+  #   volumeMounts:
+  #     - name: data
+  #       mountPath: /data
+
+globalArguments:
+  - "--global.checknewversion=false"
+  - "--global.sendanonymoususage=false"
+
+ports:
+  web:
+    exposedPort: *httpPort
+#    redirections:
+#      entryPoint:
+#        to: websecure
+#        scheme: https
+  websecure:
+    exposedPort: *httpsPort
+    tls:
+      enabled: *tlsEnabled
+
+tlsOptions:
+  default:
+    sniStrict: false # set false to use self-signed certificates
+    cipherSuites:
+      - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+      - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+      - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+      - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+      - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+      - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+      - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+      - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+    minVersion: VersionTLS12
+
+persistence:
+  enabled: true
+  name: data
+  accessMode: ReadWriteOnce
+  size: 128Mi
+  storageClass: standard
+  path: /data
+  annotations: {}
+
+podSecurityContext:
+  # /!\ When setting fsGroup, Kubernetes will recursively change ownership and
+  # permissions for the contents of each volume to match the fsGroup. This can
+  # be an issue when storing sensitive content like TLS Certificates /!\
+  #fsGroup: 65532
+  # -- Specifies the policy for changing ownership and permissions of volume contents to match the fsGroup.
+  #fsGroupChangePolicy: "OnRootMismatch"
diff --git a/scripts/helm/helm-install-tc.sh b/scripts/helm/helm-install-tc.sh
@@ -0,0 +1,265 @@
+#!/bin/bash
+
+declare TESTCENTER_VERSION="16.0.0-alpha"
+declare TRAEFIK_VERSION="v3.3.2"
+declare LONGHORN_VERSION="v1.7.2"
+declare REQUIRED_PACKAGES=("kubectl version" "kubectl cluster-info" "helm version")
+
+declare LONGHORN_ENABLED=false
+declare TRAEFIK_ENABLED=false
+
+declare -A TRAEFIK_ENV_VARS
+TRAEFIK_ENV_VARS[TESTCENTER_BASE_DOMAIN]=testcenter.domain.tld
+TRAEFIK_ENV_VARS[HTTP_PORT]=80
+TRAEFIK_ENV_VARS[HTTPS_PORT]=443
+TRAEFIK_ENV_VARS[TLS_ENABLED]=false
+declare TRAEFIK_ENV_VAR_ORDER=(TESTCENTER_BASE_DOMAIN HTTP_PORT HTTPS_PORT TLS_ENABLED)
+
+declare -A TESTCENTER_ENV_VARS
+TESTCENTER_ENV_VARS[MYSQL_ROOT_PASSWORD]=$(LC_CTYPE=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 16 | head -n 1)
+TESTCENTER_ENV_VARS[MYSQL_USER]=iqb_tba_db_user
+TESTCENTER_ENV_VARS[MYSQL_PASSWORD]=$(LC_CTYPE=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 16 | head -n 1)
+TESTCENTER_ENV_VARS[MYSQL_SALT]=$(LC_CTYPE=C tr -dc 'a-zA-Z0-9' </dev/urandom | fold -w 5 | head -n 1)
+declare TESTCENTER_ENV_VAR_ORDER=(MYSQL_ROOT_PASSWORD MYSQL_USER MYSQL_PASSWORD MYSQL_SALT)
+
+check_prerequisites() {
+  printf "\nChecking required packages ...\n"
+  declare req_package
+
+  for req_package in "${REQUIRED_PACKAGES[@]}"; do
+
+    if ${req_package} >/dev/null 2>&1; then
+      printf -- "- '%s' is working.\n" "${req_package}"
+
+    else
+      printf "'%s' does not seem to work, please install the corresponding package before running the script! \n\n" \
+        "${req_package}"
+      printf 'Install script finished with error.\n'
+      exit 1
+    fi
+
+  done
+
+  printf "Checking required packages done.\n\n"
+}
+
+install_longhorn() {
+  declare continue
+  read -rep "Do you want to install 'Longhorn ${LONGHORN_VERSION}'? [Y/n] " -n 1 continue
+
+  if ! [[ ${continue} =~ ^[nN]$ ]]; then
+    printf "Installing 'Longhorn' in the 'longhorn-system' namespace ...\n"
+
+    if ! helm install longhorn ./longhorn --namespace longhorn-system --create-namespace; then
+      printf "\n'Longhorn %s' installation failed.\n" ${LONGHORN_VERSION}
+      read -rep "Do you want to continue anyway? [y/N] " -n 1 continue
+
+      if ! [[ ${continue} =~ ^[yY]$ ]]; then
+        printf 'Install script finished with error.\n\n'
+        exit 1
+      fi
+
+    else
+      printf "'Longhorn' installation done.\n"
+      LONGHORN_ENABLED=true
+    fi
+
+    printf "\n"
+  fi
+}
+
+install_traefik() {
+  declare continue
+  read -rep "Do you want to install 'Traefik ${TRAEFIK_VERSION}'? [Y/n] " -n 1 continue
+
+  if ! [[ ${continue} =~ ^[nN]$ ]]; then
+
+    if ${LONGHORN_ENABLED}; then
+      printf "Configure Traefik 'custom-values' for 'longhorn persistent volumes' ...\n"
+      sed -i.bak "s|accessMode:.*|accessMode: ReadWriteMany|" \
+        custom/traefik/custom-values.yaml && rm custom/traefik/custom-values.yaml.bak
+      sed -i.bak "s|storageClass:.*|storageClass: longhorn|" \
+        custom/traefik/custom-values.yaml && rm custom/traefik/custom-values.yaml.bak
+      sed -i.bak "s|#fsGroup:|fsGroup:|" \
+        custom/traefik/custom-values.yaml && rm custom/traefik/custom-values.yaml.bak
+      sed -i.bak "s|#fsGroupChangePolicy:|fsGroupChangePolicy:|" \
+        custom/traefik/custom-values.yaml && rm custom/traefik/custom-values.yaml.bak
+      printf "Traefik 'custom-values' configuration for 'longhorn persistent volumes' done.\n\n"
+    fi
+
+    printf "Configure Traefik Ingress for Testcenter ...\n"
+    declare traefik_env_var_name
+
+    for traefik_env_var_name in "${TRAEFIK_ENV_VAR_ORDER[@]}"; do
+      declare traefik_env_var_value
+      read -p "${traefik_env_var_name}: " -er -i "${TRAEFIK_ENV_VARS[${traefik_env_var_name}]}" traefik_env_var_value
+      TRAEFIK_ENV_VARS[${traefik_env_var_name}]=${traefik_env_var_value}
+    done
+
+    sed -i.bak "s|httpPort: \&httpPort.*|httpPort: \&httpPort ${TRAEFIK_ENV_VARS[HTTP_PORT]}|" \
+      custom/traefik/custom-values.yaml && rm custom/traefik/custom-values.yaml.bak
+    sed -i.bak "s|httpsPort: \&httpsPort.*|httpsPort: \&httpsPort ${TRAEFIK_ENV_VARS[HTTPS_PORT]}|" \
+      custom/traefik/custom-values.yaml && rm custom/traefik/custom-values.yaml.bak
+    sed -i.bak "s|tlsEnabled: \&tlsEnabled.*|tlsEnabled: \&tlsEnabled ${TRAEFIK_ENV_VARS[TLS_ENABLED]}|" \
+      custom/traefik/custom-values.yaml && rm custom/traefik/custom-values.yaml.bak
+    printf "Traefik Ingress configuration for Testcenter done.\n\n"
+
+    printf "Installing 'Traefik' Ingress Controller in the 'kube-system' namespace ...\n"
+    printf -- "-> 'Install Traefik-CRDs' ...\n"
+
+    if ! helm install traefik-crds ./traefik-crds --namespace kube-system; then
+      printf "\n-> 'Traefik-CRDs' installation failed.\n"
+      read -rep "Do you want to continue anyway? [y/N] " -n 1 continue
+
+      if ! [[ ${continue} =~ ^[yY]$ ]]; then
+        printf 'Install script finished with error.\n\n'
+        exit 1
+      fi
+
+    else
+      printf -- "-> 'Traefik-CRD' installation done.\n"
+    fi
+
+    printf "\n-> 'Install Traefik' ...\n"
+
+    if ! helm install traefik ./traefik \
+      --namespace kube-system \
+      --values ./traefik/values.yaml \
+      --values ./traefik/custom-values.yaml \
+      --skip-crds; then
+
+      printf "\n-> 'Traefik %s' installation failed.\n" ${TRAEFIK_VERSION}
+      read -rep "Do you want to continue anyway? [y/N] " -n 1 continue
+
+      if ! [[ ${continue} =~ ^[yY]$ ]]; then
+        printf 'Install script finished with error.\n\n'
+        exit 1
+
+      else
+        printf "'Traefik %s' Ingress Controller installation failed.\n\n" ${TRAEFIK_VERSION}
+        return
+      fi
+
+    else
+      printf -- "-> 'Traefik' installation done.\n"
+      TRAEFIK_ENABLED=true
+    fi
+
+    printf "\n'Traefik %s' Ingress Controller installation done.\n\n" ${TRAEFIK_VERSION}
+  fi
+}
+
+install_testcenter() {
+  declare continue
+  read -rep "Do you want to install 'Testcenter ${TESTCENTER_VERSION}'? [Y/n] " -n 1 continue
+
+  if ! [[ ${continue} =~ ^[nN]$ ]]; then
+
+    if ${LONGHORN_ENABLED}; then
+      printf "Configure Testcenter 'custom-values' for 'longhorn persistent volumes' ...\n"
+      sed -i.bak "s|longhornEnabled:.*|longhornEnabled: true|" \
+        testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+      sed -i.bak "s|cacheServerPvcStorageClassName:.*|cacheServerPvcStorageClassName: longhorn-single|" \
+        testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+      sed -i.bak "s|cacheServerPvcAccessMode:.*|cacheServerPvcAccessMode: ReadWriteOnce|" \
+        testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+      sed -i.bak "s|backendPvcStorageClassName:.*|backendPvcStorageClassName: longhorn|" \
+        testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+      sed -i.bak "s|backendPvcAccessMode:.*|backendPvcAccessMode: ReadWriteMany|" \
+        testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+      sed -i.bak "s|dbPvcStorageClassName:.*|dbPvcStorageClassName: longhorn-single|" \
+        testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+      sed -i.bak "s|dbPvcAccessMode:.*|dbPvcAccessMode: ReadWriteOnce|" \
+        testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+      printf "Testcenter 'custom-values' configuration for 'longhorn persistent volumes' done.\n\n"
+    fi
+
+    printf "Configure Testcenter 'custom-values' ...\n"
+
+    if ${TRAEFIK_ENABLED}; then
+      sed -i.bak "s|traefikEnabled:.*|traefikEnabled: true|" \
+        testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+    else
+      declare traefik_env_var_name
+
+      for traefik_env_var_name in "${TRAEFIK_ENV_VAR_ORDER[@]}"; do
+        declare traefik_env_var_value
+        read -p "${traefik_env_var_name}: " -er -i "${TRAEFIK_ENV_VARS[${traefik_env_var_name}]}" traefik_env_var_value
+        TRAEFIK_ENV_VARS[${traefik_env_var_name}]=${traefik_env_var_value}
+      done
+
+    fi
+
+    declare testcenter_env_var_name
+
+    for testcenter_env_var_name in "${TESTCENTER_ENV_VAR_ORDER[@]}"; do
+      declare testcenter_env_var_nameenv_var_value
+      read -rep "${testcenter_env_var_name}: " -i "${TESTCENTER_ENV_VARS[${testcenter_env_var_name}]}" \
+        testcenter_env_var_nameenv_var_value
+      TESTCENTER_ENV_VARS[${testcenter_env_var_name}]=${testcenter_env_var_nameenv_var_value}
+    done
+
+    sed -i.bak "s|baseDomain:.*|baseDomain: ${TRAEFIK_ENV_VARS[TESTCENTER_BASE_DOMAIN]}|" \
+      testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+    sed -i.bak "s|httpPort:.*|httpPort: ${TRAEFIK_ENV_VARS[HTTP_PORT]}|" \
+      testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+    sed -i.bak "s|httpsPort:.*|httpsPort: ${TRAEFIK_ENV_VARS[HTTPS_PORT]}|" \
+      testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+    sed -i.bak "s|tlsEnabled:.*|tlsEnabled: ${TRAEFIK_ENV_VARS[TLS_ENABLED]}|" \
+      testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+
+    sed -i.bak "s|mysqlRootPassword:.*|mysqlRootPassword: ${TESTCENTER_ENV_VARS[MYSQL_ROOT_PASSWORD]}|" \
+      testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+    sed -i.bak "s|mysqlUser: \&dbUser.*|mysqlUser: \&dbUser ${TESTCENTER_ENV_VARS[MYSQL_USER]}|" \
+      testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+    sed -i.bak "s|mysqlPassword: \&dbUserPassword.*|mysqlPassword: \&dbUserPassword ${TESTCENTER_ENV_VARS[MYSQL_PASSWORD]}|" \
+      testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+    sed -i.bak "s|passwordSalt:.*|passwordSalt: ${TESTCENTER_ENV_VARS[MYSQL_SALT]}|" \
+      testcenter/custom-values.yaml && rm testcenter/custom-values.yaml.bak
+    printf "Testcenter 'custom-values' configuration for Traefik Ingress Controller done.\n\n"
+
+    printf "Installing 'Testcenter' in the 'tc' namespace ...\n"
+
+    if ! helm install testcenter ./testcenter \
+      --namespace tc \
+      --create-namespace \
+      --values ./testcenter/values.yaml \
+      --values ./testcenter/custom-values.yaml; then
+
+      printf "\n'Testcenter %s' installation failed.\n" ${TESTCENTER_VERSION}
+      read -rep "Do you want to continue anyway? [y/N] " -n 1 continue
+
+      if ! [[ ${continue} =~ ^[yY]$ ]]; then
+        printf 'Install script finished with error.\n\n'
+        exit 1
+      fi
+
+    else
+      printf "'Testcenter' installation done.\n"
+    fi
+
+    printf "\n"
+  fi
+}
+
+main() {
+  printf "\n==================================================\n"
+  printf "Installing Testcenter K8s Cluster via Helm"
+  printf "\n==================================================\n"
+
+  check_prerequisites
+
+  printf "The Testcenter K8s Cluster uses 'Traefk %s' as Ingress Controller and " ${TRAEFIK_VERSION}
+  printf "'Longhorn %s' for persistent volumes.\n" ${LONGHORN_VERSION}
+  printf -- "- If you don't want to use these, you have to configure ingress routes and storages classes by yourself.\n"
+  printf -- "- If you are already running 'traefik' and/or 'longhorn' but using older versions, please update them "
+  printf "first to the appropriate version!\n\n"
+
+  install_longhorn
+  install_traefik
+  install_testcenter
+
+  printf "'%s' finished successfully.\n\n" "${0}"
+}
+
+main