diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/changelog b/kubernetes/armada-helm-toolkit/debian/deb_folder/changelog new file mode 100644 index 000000000..0fbe7950a --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +armada-helm-toolkit (1.0-1) unstable; urgency=medium + + * Initial release. + + -- Daniel Safta Thu, 04 Nov 2021 14:00:42 +0000 diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/control b/kubernetes/armada-helm-toolkit/debian/deb_folder/control new file mode 100644 index 000000000..7a3b4a456 --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/deb_folder/control @@ -0,0 +1,13 @@ +Source: armada-helm-toolkit +Section: admin +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), helm, chartmuseum, procps +Standards-Version: 4.4.1 +Homepage: https://www.starlingx.io + +Package: armada-helm-toolkit +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Openstack-Helm-Infra helm-toolkit chart. + helm-toolkit used in building armada. diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/copyright b/kubernetes/armada-helm-toolkit/debian/deb_folder/copyright new file mode 100644 index 000000000..54d426349 --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/deb_folder/copyright @@ -0,0 +1,29 @@ + +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: openstack-helm-infra +Source: https://github.com/openstack/openstack-helm-infra +Files: * +Copyright: (c) 2013-2021 Wind River Systems, Inc +License: Apache-2 + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2021 Wind River Systems, Inc +License: Apache-2 + +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/rules b/kubernetes/armada-helm-toolkit/debian/deb_folder/rules new file mode 100644 index 000000000..0a4f9a05a --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/deb_folder/rules @@ -0,0 +1,23 @@ +#!/usr/bin/make -f + +export ROOT = debian/armada-helm-toolkit +export APP_FOLDER = $(ROOT)/usr/lib/helm +export APP_NAME = armada-helm-toolkit + +%: + dh $@ + +override_dh_auto_build: + # Host a server for the charts + chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." & + sleep 2 + helm repo add local http://localhost:8879/charts + # Make the charts. These produce tgz files + make helm-toolkit + pkill chartmuseum + + +override_dh_auto_install: + # Install the app tar file. + install -d -m 755 $(APP_FOLDER) + install -p -D -m 755 helm-toolkit-0.1.0.tgz $(APP_FOLDER)/armada-helm-toolkit-0.1.0.tgz diff --git a/kubernetes/armada-helm-toolkit/debian/dl_hook b/kubernetes/armada-helm-toolkit/debian/dl_hook new file mode 100755 index 000000000..c3961ce7c --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/dl_hook @@ -0,0 +1,20 @@ +#!/bin/bash +set -x + +PKG_BUILD_NAME=$1 +PKG="openstack-helm-infra" +PKG_BUILD_ROOT=$(realpath `pwd`/${PKG_BUILD_NAME}) +mkdir -p ${PKG_BUILD_ROOT} +pushd ${PKG_BUILD_ROOT} + +# Local mirror workaround until CGCS_BASE mirror is supported. +STX_MIRROR=$(realpath "/import/mirrors/starlingx") + +# Download armada-helm-toolkit helm source package. +ARMADA_HELM_TOOLKIT_PKG="openstack-helm-infra-c9d6676bf9a5aceb311dc31dadd07cba6a3d6392.tar.gz" +ARMADA_HELM_TOOLKIT_SRC_PATH=$(realpath ${STX_MIRROR}/downloads/${ARMADA_HELM_TOOLKIT_PKG}) +cp ${ARMADA_HELM_TOOLKIT_SRC_PATH} ${PKG_BUILD_ROOT} + +# Extract the armada tar file. +tar xfz ${ARMADA_HELM_TOOLKIT_PKG} +cp -pr ${PKG}/* ${PKG_BUILD_ROOT} diff --git a/kubernetes/armada-helm-toolkit/debian/meta_data.yaml b/kubernetes/armada-helm-toolkit/debian/meta_data.yaml new file mode 100644 index 000000000..b94dad673 --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/meta_data.yaml @@ -0,0 +1,7 @@ +--- +debname: armada-helm-toolkit +debver: 1.0-1 +dl_hook: dl_hook +revision: + dist: $STX_DIST + PKG_GITREVCOUNT: true diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0001-Allow-multiple-containers-per-daemonset-pod.patch b/kubernetes/armada-helm-toolkit/debian/patches/0001-Allow-multiple-containers-per-daemonset-pod.patch new file mode 100644 index 000000000..c138f58f1 --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/patches/0001-Allow-multiple-containers-per-daemonset-pod.patch @@ -0,0 +1,40 @@ +From 47315e28d44cff586f6fff026dd00e61c2c77bcd Mon Sep 17 00:00:00 2001 +From: Gerry Kopec +Date: Wed, 9 Jan 2019 20:11:33 -0500 +Subject: [PATCH 1/4] Allow multiple containers per daemonset pod + +Remove code that restricted daemonset pods to single containers. +Container names will default to name from helm chart template. +Required for nova cold migrations to work. + +Story: 2003876 +Task: 26735 +Change-Id: Icce660415d43baefbbf768a785c5dedf04ea2930 +Signed-off-by: Gerry Kopec +(cherry picked from commit 7ca30319f418cd39db5ecf44cce5fb5fe39c458e) +Signed-off-by: Robert Church +--- + helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl +index e352bc9..10ab166 100644 +--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl ++++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl +@@ -225,13 +225,6 @@ limitations under the License. + {{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }} + {{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }} + +- {{/* set container name +- assume not more than one container is defined */}} +- {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }} +- {{- $_ := set $container "name" $current_dict.dns_1123_name }} +- {{- $cont_list := list $container }} +- {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }} +- + {{/* cross-reference configmap name to container volume definitions */}} + {{- $_ := set $context.Values "__volume_list" list }} + {{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }} +-- +2.7.4 + diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0002-Add-imagePullSecrets-in-service-account.patch b/kubernetes/armada-helm-toolkit/debian/patches/0002-Add-imagePullSecrets-in-service-account.patch new file mode 100644 index 000000000..07e2dd398 --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/patches/0002-Add-imagePullSecrets-in-service-account.patch @@ -0,0 +1,26 @@ +From ac3f9db5ac1a19af71136752f5709ba1da55d201 Mon Sep 17 00:00:00 2001 +From: Angie Wang +Date: Mon, 11 Feb 2019 11:29:03 -0500 +Subject: [PATCH 2/4] Add imagePullSecrets in service account + +Signed-off-by: Robert Church +--- + helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl +index b4cf1a6..2f4113b 100644 +--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl ++++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl +@@ -44,6 +44,8 @@ kind: ServiceAccount + metadata: + name: {{ $saName }} + namespace: {{ $saNamespace }} ++imagePullSecrets: ++ - name: default-registry-key + {{- range $k, $v := $deps -}} + {{- if eq $k "services" }} + {{- range $serv := $v }} +-- +2.16.5 + diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch b/kubernetes/armada-helm-toolkit/debian/patches/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch new file mode 100644 index 000000000..113d8fb91 --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/patches/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch @@ -0,0 +1,65 @@ +From b3829fef30e76fdf498fa1d0d35185f642dce5f6 Mon Sep 17 00:00:00 2001 +From: Robert Church +Date: Mon, 8 Apr 2019 02:12:39 -0400 +Subject: [PATCH 4/4] Partial revert of + 31e3469d28858d7b5eb6355e88b6f49fd62032be + +Suspect that new use of mergeOverwrite vs. merge is breaking the +per-host DaemonSet overrides. + +Signed-off-by: Robert Church +--- + helm-toolkit/templates/utils/_daemonset_overrides.tpl | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl +index 10ab166..ab1177a 100644 +--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl ++++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl +@@ -49,10 +49,10 @@ limitations under the License. + {{- $override_conf_copy := $host_data.conf }} + {{/* Deep copy to prevent https://storyboard.openstack.org/#!/story/2005936 */}} + {{- $root_conf_copy := omit ($context.Values.conf | toYaml | fromYaml) "overrides" }} +- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }} ++ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} + {{- $root_conf_copy2 := dict "conf" $merged_dict }} + {{- $context_values := omit (omit ($context.Values | toYaml | fromYaml) "conf") "__daemonset_list" }} +- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} ++ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $current_dict "nodeData" $root_conf_copy4 }} + +@@ -89,10 +89,10 @@ limitations under the License. + {{- $override_conf_copy := $label_data.conf }} + {{/* Deep copy to prevent https://storyboard.openstack.org/#!/story/2005936 */}} + {{- $root_conf_copy := omit ($context.Values.conf | toYaml | fromYaml) "overrides" }} +- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }} ++ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} + {{- $root_conf_copy2 := dict "conf" $merged_dict }} + {{- $context_values := omit (omit ($context.Values | toYaml | fromYaml) "conf") "__daemonset_list" }} +- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} ++ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }} + +@@ -187,7 +187,7 @@ limitations under the License. + {{- $root_conf_copy1 := omit $context.Values.conf "overrides" }} + {{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }} + {{- $context_values := omit $context.Values "conf" }} +- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} ++ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} + {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} + {{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }} + +@@ -198,7 +198,7 @@ limitations under the License. + {{- range $current_dict := $context.Values.__daemonset_list }} + + {{- $context_novalues := omit $context "Values" }} +- {{- $merged_dict := mergeOverwrite $context_novalues $current_dict.nodeData }} ++ {{- $merged_dict := merge $current_dict.nodeData $context_novalues }} + {{- $_ := set $current_dict "nodeData" $merged_dict }} + {{/* Deep copy original daemonset_yaml */}} + {{- $_ := set $context.Values "__daemonset_yaml" ($daemonset_yaml | toYaml | fromYaml) }} +-- +2.7.4 + diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch b/kubernetes/armada-helm-toolkit/debian/patches/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch new file mode 100644 index 000000000..272b3046b --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/patches/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch @@ -0,0 +1,46 @@ +From 326fcd76f54d7c099f4c3da6c31eefe0eef2e236 Mon Sep 17 00:00:00 2001 +From: Ovidiu Poncea +Date: Mon, 29 Jul 2019 08:00:01 -0400 +Subject: [PATCH] Fix pod restarts on all workers when worker added/removed + +--- + helm-toolkit/templates/utils/_daemonset_overrides.tpl | 4 ++-- + helm-toolkit/templates/utils/_hash.tpl | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl +index ab1177a..e564869 100644 +--- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl ++++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl +@@ -215,7 +215,7 @@ limitations under the License. + name uniqueness */}} + {{- $_ := set $current_dict "dns_1123_name" dict }} + {{- if hasKey $current_dict "matchExpressions" }} +- {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | quote | sha256sum | trunc 8))) }} ++ {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | toJson | sha256sum | trunc 8))) }} + {{- else }} + {{- $_ := set $current_dict "dns_1123_name" $name_format2 }} + {{- end }} +@@ -258,7 +258,7 @@ limitations under the License. + {{- if not $context.Values.__daemonset_yaml.spec.template.metadata }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "metadata" dict }}{{- end }} + {{- if not $context.Values.__daemonset_yaml.spec.template.metadata.annotations }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata "annotations" dict }}{{- end }} + {{- $cmap := list $current_dict.dns_1123_name $current_dict.nodeData | include $configmap_include }} +- {{- $values_hash := $cmap | quote | sha256sum }} ++ {{- $values_hash := $cmap | toJson | sha256sum }} + {{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata.annotations "configmap-etc-hash" $values_hash }} + + {{/* generate configmap */}} +diff --git a/helm-toolkit/templates/utils/_hash.tpl b/helm-toolkit/templates/utils/_hash.tpl +index 1041ec0..e419e3b 100644 +--- a/helm-toolkit/templates/utils/_hash.tpl ++++ b/helm-toolkit/templates/utils/_hash.tpl +@@ -19,5 +19,5 @@ limitations under the License. + {{- $context := index . 1 -}} + {{- $last := base $context.Template.Name }} + {{- $wtf := $context.Template.Name | replace $last $name -}} +-{{- include $wtf $context | sha256sum | quote -}} ++{{- include $wtf $context | toJson | sha256sum | quote -}} + {{- end -}} +-- +2.7.4 + diff --git a/kubernetes/armada-helm-toolkit/debian/patches/series b/kubernetes/armada-helm-toolkit/debian/patches/series new file mode 100644 index 000000000..1a31bffa3 --- /dev/null +++ b/kubernetes/armada-helm-toolkit/debian/patches/series @@ -0,0 +1,4 @@ +0001-Allow-multiple-containers-per-daemonset-pod.patch +0002-Add-imagePullSecrets-in-service-account.patch +0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch +0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch diff --git a/kubernetes/armada/debian/deb_folder/armada.lintian-overrides b/kubernetes/armada/debian/deb_folder/armada.lintian-overrides new file mode 100644 index 000000000..5d9719c23 --- /dev/null +++ b/kubernetes/armada/debian/deb_folder/armada.lintian-overrides @@ -0,0 +1 @@ +dir-or-file-in-opt diff --git a/kubernetes/armada/debian/deb_folder/changelog b/kubernetes/armada/debian/deb_folder/changelog new file mode 100644 index 000000000..17ea966c8 --- /dev/null +++ b/kubernetes/armada/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +armada (0.2.0-0) unstable; urgency=medium + + * Initial release. + + -- Daniel Safta Thu, 04 Nov 2021 14:00:42 +0000 diff --git a/kubernetes/armada/debian/deb_folder/control b/kubernetes/armada/debian/deb_folder/control new file mode 100644 index 000000000..45056ea2e --- /dev/null +++ b/kubernetes/armada/debian/deb_folder/control @@ -0,0 +1,14 @@ +Source: armada +Section: admin +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), helm, chartmuseum, procps,armada-helm-toolkit +Standards-Version: 4.4.1 +Homepage: https://www.starlingx.io + +Package: armada +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: An orchestrator for managing a collection of Kubernetes Helm charts. + Armada is a tool for managing multiple Helm charts with + dependencies by centralizing all configurations in a single Armada YAML. diff --git a/kubernetes/armada/debian/deb_folder/copyright b/kubernetes/armada/debian/deb_folder/copyright new file mode 100644 index 000000000..e70fa6dae --- /dev/null +++ b/kubernetes/armada/debian/deb_folder/copyright @@ -0,0 +1,29 @@ + +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: armada +Source: https://opendev.org/airship/armada.git +Files: * +Copyright: (c) 2013-2021 Wind River Systems, Inc +License: Apache-2 + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2021 Wind River Systems, Inc +License: Apache-2 + +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/kubernetes/armada/debian/deb_folder/rules b/kubernetes/armada/debian/deb_folder/rules new file mode 100644 index 000000000..10e6f9cbc --- /dev/null +++ b/kubernetes/armada/debian/deb_folder/rules @@ -0,0 +1,32 @@ +#!/usr/bin/make -f + +export ROOT = debian/armada +export APP_FOLDER = $(ROOT)/opt/extracharts +export CHARTS_STAGING = charts +export APP_NAME = armada +export APP_NAME_FULL = $(CHARTS_STAGING)/$(APP_NAME) + +%: + dh $@ + +override_dh_auto_build: + # Host a server for the charts + cp /usr/lib/helm/armada-helm-toolkit-0.1.0.tgz ./charts + + chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="./charts" & + sleep 2 + helm repo add local http://localhost:8879/charts + + helm dependency update $(APP_NAME_FULL) + helm lint $(APP_NAME_FULL) + rm -v -f ./requirements.lock ./requirements.yaml + helm template --set pod.resources.enabled=true $(APP_NAME_FULL) + helm package $(APP_NAME_FULL) + + pkill chartmuseum + + +override_dh_auto_install: + # Install the app tar file. + install -d -m 755 $(APP_FOLDER) + install -p -D -m 755 armada-0.1.0.tgz $(APP_FOLDER) diff --git a/kubernetes/armada/debian/dl_hook b/kubernetes/armada/debian/dl_hook new file mode 100755 index 000000000..1a77d4694 --- /dev/null +++ b/kubernetes/armada/debian/dl_hook @@ -0,0 +1,23 @@ +#!/bin/bash +set -x + +PKG_BUILD_NAME=$1 +PKG="armada" +PKG_BUILD_ROOT=$(realpath `pwd`/${PKG_BUILD_NAME}) +mkdir -p ${PKG_BUILD_ROOT} +pushd ${PKG_BUILD_ROOT} + +# Local mirror workaround until CGCS_BASE mirror is supported. +STX_MIRROR=$(realpath "/import/mirrors/starlingx") + +# Download armada helm source package. +ARMADA_PKG="armada-7ef4b8643b5ec5216a8f6726841e156c0aa54a1a.tar.gz" +ARMADA_SRC_PATH=$(realpath ${STX_MIRROR}/downloads/${ARMADA_PKG}) +cp ${ARMADA_SRC_PATH} ${PKG_BUILD_ROOT} + +# Extract the armada tar file. +tar xfz ${ARMADA_PKG} +cp -pr ${PKG}/charts ${PKG_BUILD_ROOT} + +rm -rf ${ARMADA_PKG} +rm -rf ${PKG} \ No newline at end of file diff --git a/kubernetes/armada/debian/meta_data.yaml b/kubernetes/armada/debian/meta_data.yaml new file mode 100644 index 000000000..0c7619aab --- /dev/null +++ b/kubernetes/armada/debian/meta_data.yaml @@ -0,0 +1,7 @@ +--- +debname: armada +debver: 0.2.0-0 +dl_hook: dl_hook +revision: + dist: $STX_DIST + PKG_GITREVCOUNT: true diff --git a/kubernetes/armada/debian/patches/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch b/kubernetes/armada/debian/patches/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch new file mode 100644 index 000000000..a6955e460 --- /dev/null +++ b/kubernetes/armada/debian/patches/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch @@ -0,0 +1,114 @@ +From 8c6cc4c0ad5569d7de3615463f7d8c4dd7429e63 Mon Sep 17 00:00:00 2001 +From: Thiago Brito +Date: Thu, 22 Apr 2021 20:00:51 -0300 +Subject: [PATCH] Add Helm v2 client initialization using tiller + postStart exec + +This adds helm v2 client initialization using the tiller +container postStart exec to access helm v2 binary. + +This will perform 'helm init', removes the default repos +'stable' and 'local', and add valid repos that were provided +as overrides. Note that helm will only add repos that exist. + +This expects overrides in this format: +conf: + tiller: + charts_url: 'http://192.168.204.1:8080/helm_charts' + repo_names: + - 'starlingx' + - 'stx-platform' + repos: + stable: https://kubernetes-charts.storage.googleapis.com + +This gives the following result: +helmv2-cli -- helm repo list +NAME URL +stable https://kubernetes-charts.storage.googleapis.com +starlingx http://192.168.204.1:8080/helm_charts/starlingx +stx-platform http://192.168.204.1:8080/helm_charts/stx-platform + +Signed-off-by: Jim Gauld +Signed-off-by: Thiago Brito +--- + charts/armada/templates/deployment-api.yaml | 33 +++++++++++++++++++++ + charts/armada/values.yaml | 10 +++++++ + 2 files changed, 43 insertions(+) + +diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml +index 562e3d0..483ec0b 100644 +--- a/charts/armada/templates/deployment-api.yaml ++++ b/charts/armada/templates/deployment-api.yaml +@@ -186,6 +186,39 @@ spec: + - -trace + {{- end }} + lifecycle: ++ postStart: ++ exec: ++ command: ++ - sh ++ - "-c" ++ - | ++ /bin/sh <<'EOF' ++ # Delay initialization since postStart handler runs asynchronously and there ++ # is no guarantee it is called before the Container’s entrypoint. ++ sleep 5 ++ # Initialize Helm v2 client. ++ export HELM_HOST=:{{ .Values.conf.tiller.port }} ++ /helm init --client-only --skip-refresh ++ ++ # Moving the ln up so eventual errors on the next commands doesn't prevent ++ # having helm available ++ ln -s -f /helm /tmp/helm ++ ++ # Removes all repos available so we don't get an error removing what ++ # doesn't exist anymore or error re-adding an existing repo ++ /helm repo list | awk '(NR>1){print $1}' | xargs --no-run-if-empty /helm repo rm ++{{- if .Values.conf.tiller.repos }} ++ {{- range $name, $repo := .Values.conf.tiller.repos }} ++ /helm repo add {{ $name }} {{ $repo }} ++ {{- end }} ++{{- end }} ++{{- if .Values.conf.tiller.repo_names }} ++ {{- range .Values.conf.tiller.repo_names }} ++ /helm repo add {{ . }} {{ $envAll.Values.conf.tiller.charts_url }}/{{ . }} ++ {{- end }} ++{{- end }} ++ exit 0 ++ EOF + preStop: + exec: + command: +diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml +index 3a4427e..da45810 100644 +--- a/charts/armada/values.yaml ++++ b/charts/armada/values.yaml +@@ -220,6 +220,10 @@ conf: + # Note: Defaulting to the (default) kubernetes grace period, as anything + # greater than that will have no effect. + prestop_sleep: 30 ++ # Helm v2 initialization ++ charts_url: null ++ repo_names: [] ++ repos: {} + + monitoring: + prometheus: +@@ -325,7 +329,13 @@ pod: + volumes: + - name: kubernetes-client-cache + emptyDir: {} ++ - name: tiller-tmp ++ emptyDir: {} + volumeMounts: ++ - name: tiller-tmp ++ # /tmp is now readOnly due to the security_context on L288, so ++ # mounting an emptyDir ++ mountPath: /tmp + - name: kubernetes-client-cache + # Should be the `$HOME/.kube` of the `runAsUser` above + # as this is where tiller's kubernetes client roots its cache dir. +-- +2.17.1 + + diff --git a/kubernetes/armada/debian/patches/0002-Tiller-wait-for-postgres-database-ping.patch b/kubernetes/armada/debian/patches/0002-Tiller-wait-for-postgres-database-ping.patch new file mode 100644 index 000000000..b256c9162 --- /dev/null +++ b/kubernetes/armada/debian/patches/0002-Tiller-wait-for-postgres-database-ping.patch @@ -0,0 +1,66 @@ +From 96e49fcc6d6b988d03a61261511abf64a0af2e2a Mon Sep 17 00:00:00 2001 +From: Dan Voiculeasa +Date: Tue, 11 May 2021 21:04:18 +0300 +Subject: [PATCH] Tiller wait for postgres database ping + +Networking might not be correctly initialized when tiller starts. + +Modify the pod command to wait for networking to be available before +starting up tiller. + +Signed-off-by: Dan Voiculeasa +--- + charts/armada/templates/deployment-api.yaml | 31 +++++++++++++-------- + 1 file changed, 19 insertions(+), 12 deletions(-) + +diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml +index 69036c0..3816366 100644 +--- a/charts/armada/templates/deployment-api.yaml ++++ b/charts/armada/templates/deployment-api.yaml +@@ -167,24 +167,31 @@ spec: + - name: TILLER_HISTORY_MAX + value: {{ .Values.conf.tiller.history_max | quote }} + command: +- - /tiller ++ - sh ++ - -c ++ - | ++ /bin/sh <<'EOF' + {{- if .Values.conf.tiller.storage }} +- - --storage={{ .Values.conf.tiller.storage }} + {{- if and (eq .Values.conf.tiller.storage "sql") (.Values.conf.tiller.sql_dialect) (.Values.conf.tiller.sql_connection) }} +- - --sql-dialect={{ .Values.conf.tiller.sql_dialect }} +- - --sql-connection-string={{ .Values.conf.tiller.sql_connection }} ++ while ! /bin/busybox nc -vz -w 1 {{ .Values.conf.tiller.sql_endpoint_ip}} 5432; do continue; done; + {{- end }} + {{- end }} +- - -listen +- - ":{{ .Values.conf.tiller.port }}" +- - -probe-listen +- - ":{{ .Values.conf.tiller.probe_port }}" +- - -logtostderr +- - -v +- - {{ .Values.conf.tiller.verbosity | quote }} ++ /tiller \ ++{{- if .Values.conf.tiller.storage }} ++ --storage={{ .Values.conf.tiller.storage }} \ ++{{- if and (eq .Values.conf.tiller.storage "sql") (.Values.conf.tiller.sql_dialect) (.Values.conf.tiller.sql_connection) }} ++ --sql-dialect={{ .Values.conf.tiller.sql_dialect }} \ ++ --sql-connection-string={{ .Values.conf.tiller.sql_connection }} \ ++{{- end }} ++{{- end }} ++ -listen ":{{ .Values.conf.tiller.port }}" \ ++ -probe-listen ":{{ .Values.conf.tiller.probe_port }}" \ ++ -logtostderr \ ++ -v {{ .Values.conf.tiller.verbosity | quote }} \ + {{- if .Values.conf.tiller.trace }} +- - -trace ++ -trace + {{- end }} ++ EOF + lifecycle: + postStart: + exec: +-- +2.30.0 + diff --git a/kubernetes/armada/debian/patches/0003-Update-the-liveness-probe-to-verify-postgres-connect.patch b/kubernetes/armada/debian/patches/0003-Update-the-liveness-probe-to-verify-postgres-connect.patch new file mode 100644 index 000000000..ecd3f8939 --- /dev/null +++ b/kubernetes/armada/debian/patches/0003-Update-the-liveness-probe-to-verify-postgres-connect.patch @@ -0,0 +1,45 @@ +From be3167e5342f2730ef43012d8fe4f3782c6ef468 Mon Sep 17 00:00:00 2001 +From: Robert Church +Date: Wed, 12 May 2021 02:38:52 -0400 +Subject: [PATCH 3/3] Update the liveness probe to verify postgres connectivity + +Change the tillerLivenessProbeTemplate to test the connectivity to the +postgres backend. We will override the periodSeconds and +failureThreshold when installing the helm chart to trigger a restart of +the tiller pod over a swact when the postgres DB/server moves from one +controller to the other. + +This will help guarantee that the tiller connection is always +reestablished if the connectivity to the postgres backend fails. + +Signed-off-by: Robert Church +--- + charts/armada/templates/deployment-api.yaml | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml +index bf23fb2..2b65494 100644 +--- a/charts/armada/templates/deployment-api.yaml ++++ b/charts/armada/templates/deployment-api.yaml +@@ -28,10 +28,14 @@ httpGet: + {{- end }} + + {{- define "tillerLivenessProbeTemplate" }} +-httpGet: +- path: /liveness +- port: {{ .Values.conf.tiller.probe_port }} +- scheme: HTTP ++exec: ++ command: ++ - nc ++ - -vz ++ - -w ++ - "1" ++ - {{ .Values.conf.tiller.sql_endpoint_ip}} ++ - "5432" + {{- end }} + + {{- if .Values.manifests.deployment_api }} +-- +2.16.6 + diff --git a/kubernetes/armada/debian/patches/0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch b/kubernetes/armada/debian/patches/0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch new file mode 100644 index 000000000..dbe88e809 --- /dev/null +++ b/kubernetes/armada/debian/patches/0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch @@ -0,0 +1,30 @@ +From e13416638b103fde04feb31027c3148c9685cf7f Mon Sep 17 00:00:00 2001 +From: Robert Church +Date: Sat, 15 May 2021 16:16:41 -0400 +Subject: [PATCH 4/4] Update postgres liveness check to support IPv6 addresses + +Templating will add square brackets for IPv6 addresses which are +interpreted as an array vs. a string. Quote this so that it interpreted +correctly. + +Signed-off-by: Robert Church +--- + charts/armada/templates/deployment-api.yaml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml +index 2b65494..5c4825c 100644 +--- a/charts/armada/templates/deployment-api.yaml ++++ b/charts/armada/templates/deployment-api.yaml +@@ -34,7 +34,7 @@ exec: + - -vz + - -w + - "1" +- - {{ .Values.conf.tiller.sql_endpoint_ip}} ++ - "{{ .Values.conf.tiller.sql_endpoint_ip }}" + - "5432" + {{- end }} + +-- +2.16.6 + diff --git a/kubernetes/armada/debian/patches/0005-Add-toleration-to-armada-api.patch b/kubernetes/armada/debian/patches/0005-Add-toleration-to-armada-api.patch new file mode 100644 index 000000000..31cb98c06 --- /dev/null +++ b/kubernetes/armada/debian/patches/0005-Add-toleration-to-armada-api.patch @@ -0,0 +1,57 @@ +From 8f38dcdc7ba6448487283d14a745b8c299c47a13 Mon Sep 17 00:00:00 2001 +From: Enzo Candotti +Date: Wed, 6 Oct 2021 18:25:10 -0300 +Subject: [PATCH] Add toleration to armada-api + +--- + charts/armada/templates/deployment-api.yaml | 4 ++++ + charts/armada/templates/tests/test-armada-api.yaml | 4 ++++ + charts/armada/values.yaml | 2 ++ + 3 files changed, 10 insertions(+) + +diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml +index d4eff7a..1859d99 100644 +--- a/charts/armada/templates/deployment-api.yaml ++++ b/charts/armada/templates/deployment-api.yaml +@@ -108,6 +108,10 @@ spec: + initContainers: + {{ tuple $envAll "api" $mounts_armada_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + {{ dict "envAll" $envAll "application" "armada" "container" "armada_api_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} ++{{- with .Values.pod.tolerations.api }} ++ tolerations: ++{{ toYaml . | indent 8 }} ++{{- end }} + containers: + - name: armada-api + {{ tuple $envAll "api" | include "helm-toolkit.snippets.image" | indent 10 }} +diff --git a/charts/armada/templates/tests/test-armada-api.yaml b/charts/armada/templates/tests/test-armada-api.yaml +index a467fc9..2733cfe 100644 +--- a/charts/armada/templates/tests/test-armada-api.yaml ++++ b/charts/armada/templates/tests/test-armada-api.yaml +@@ -32,6 +32,10 @@ metadata: + spec: + {{ dict "envAll" $envAll "application" "api_test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} + restartPolicy: Never ++{{- with .Values.pod.tolerations.api }} ++ tolerations: ++{{ toYaml . | indent 4 }} ++{{- end }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + containers: +diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml +index e583947..247b15e 100644 +--- a/charts/armada/values.yaml ++++ b/charts/armada/values.yaml +@@ -206,6 +206,8 @@ monitoring: + port: 8000 + + pod: ++ tolerations: ++ api: [] + mandatory_access_control: + type: apparmor + armada-api: +-- +2.25.1 + diff --git a/kubernetes/armada/debian/patches/series b/kubernetes/armada/debian/patches/series new file mode 100644 index 000000000..7c4ffe39e --- /dev/null +++ b/kubernetes/armada/debian/patches/series @@ -0,0 +1,5 @@ +0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch +0002-Tiller-wait-for-postgres-database-ping.patch +0003-Update-the-liveness-probe-to-verify-postgres-connect.patch +0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch +0005-Add-toleration-to-armada-api.patch