From e0bf31f63f2278648a63632af22ad3d183873807 Mon Sep 17 00:00:00 2001 From: Jim Gauld Date: Tue, 7 Apr 2020 14:13:34 -0400 Subject: [PATCH] Add support for Helm v3, chartmuseum, and armada chart This adds support for Helm v3: - 'helm init' and 'helm serv' were removed in v3, and helm initialization was simplified so that is not required in build. - chart validation and version checking is enforced with 'helm lint', so all Charts require the tag: apiVersion: v1 (or v2). - 'chartmuseum' is a drop-in replacement for 'helm serv', and is currently used for building charts only. It is not part of ISO image. - armada chart is built and installed to /opt/extracharts. This provides a Kubernetes pod with armada-api and tiller containers. This provides a Helm v2 client (i.e., helmv2-cli) that gives access to containerized armada/tiller managed charts. This can be used as an interactive shell, or as a wrapper for single helm v2 commands. Change-Id: Iff2b219ea765cf9278c6e80c6aeb5b98cc9a0626 Depends-On: https://review.opendev.org/732731 Story: 2007000 Task: 38893 Signed-off-by: Jim Gauld --- centos_iso_image.inc | 3 + centos_pkg_dirs | 2 + centos_tarball-dl.lst | 1 - kubernetes/armada/centos/armada.spec | 83 ++++++++++++++ kubernetes/armada/centos/build_srpm.data | 8 ++ ...nt-initialization-using-tiller-postS.patch | 92 +++++++++++++++ kubernetes/chartmuseum/centos/build_srpm.data | 6 + .../chartmuseum/centos/chartmuseum.spec | 67 +++++++++++ kubernetes/helm/centos/build_srpm.data | 4 +- kubernetes/helm/centos/files/helm-upload | 5 +- kubernetes/helm/centos/files/helmv2-cli | 105 ++++++++++++++++++ kubernetes/helm/centos/helm.spec | 5 +- 12 files changed, 375 insertions(+), 6 deletions(-) create mode 100644 kubernetes/armada/centos/armada.spec create mode 100644 kubernetes/armada/centos/build_srpm.data create mode 100644 kubernetes/armada/centos/files/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch create mode 100644 kubernetes/chartmuseum/centos/build_srpm.data create mode 100644 kubernetes/chartmuseum/centos/chartmuseum.spec create mode 100644 kubernetes/helm/centos/files/helmv2-cli diff --git a/centos_iso_image.inc b/centos_iso_image.inc index 64c90b08f..048d001e0 100644 --- a/centos_iso_image.inc +++ b/centos_iso_image.inc @@ -63,6 +63,9 @@ docker-distribution # helm helm +# armada +armada + # rpm rpm-plugin-systemd-inhibit diff --git a/centos_pkg_dirs b/centos_pkg_dirs index 21b5f20f3..dfeaae76e 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -58,6 +58,8 @@ kubernetes/kubernetes kubernetes/docker-distribution kubernetes/etcd kubernetes/helm +kubernetes/chartmuseum +kubernetes/armada grub/grubby base/dpkg base/cluster-resource-agents diff --git a/centos_tarball-dl.lst b/centos_tarball-dl.lst index 91ab32a4a..c26a0ff0e 100644 --- a/centos_tarball-dl.lst +++ b/centos_tarball-dl.lst @@ -25,7 +25,6 @@ googletest-fdb850479284e2aae047b87df6beae84236d0135.tar.gz#googletest#https://ap # gophercloud-gophercloud-aa00757ee3ab58e53520b6cb910ca0543116400a.tar.gz#gophercloud-gophercloud#github.com/gophercloud/gophercloud/archive/aa00757ee3ab58e53520b6cb910ca0543116400a.tar.gz#http## # gorilla-context-08b5f424b9271eedf6f9f0ce86cb9396ed337a42.tar.gz#gorilla-context#https://github.com/gorilla/context/archive/08b5f424b9271eedf6f9f0ce86cb9396ed337a42.tar.gz#http## # gorilla-mux-456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz#gorilla-mux#https://github.com/gorilla/mux/archive/456bcfa82d672db7cae587c9b541463f65bc2718.tar.gz#http## -helm-v2.13.1-linux-amd64.tar.gz#linux-amd64#https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz#http## helm-v3.2.1-linux-amd64.tar.gz#linux-amd64#https://get.helm.sh/helm-v3.2.1-linux-amd64.tar.gz#http## isa-l-7e1a337433a340bc0974ed0f04301bdaca374af6.tar.gz#isa-l#https://api.github.com/repos/ceph/isa-l/tarball/7e1a337433a340bc0974ed0f04301bdaca374af6#https## isa-l_crypto-603529a4e06ac8a1662c13d6b31f122e21830352.tar.gz#isa-l_crypto#https://api.github.com/repos/01org/isa-l_crypto/tarball/603529a4e06ac8a1662c13d6b31f122e21830352#https## diff --git a/kubernetes/armada/centos/armada.spec b/kubernetes/armada/centos/armada.spec new file mode 100644 index 000000000..ba9f47bfb --- /dev/null +++ b/kubernetes/armada/centos/armada.spec @@ -0,0 +1,83 @@ +%global git_sha 6cc6346cde888c683fec4df910ebefdf6dccb310 + +# Build variables +%global helm_folder /usr/lib/helm +%global toolkit_version 0.1.0 +%global charts_staging ./charts + +Name: armada +Version: 0.2.0 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Summary: An orchestrator for managing a collection of Kubernetes Helm charts +License: Apache-2.0 +Group: base +Packager: Wind River +URL: https://airship-armada.readthedocs.io/ +Source0: %{name}-%{git_sha}.tar.gz + +Patch1: 0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch + +BuildArch: noarch + +BuildRequires: helm +BuildRequires: openstack-helm-infra +BuildRequires: chartmuseum + +%description +%{summary} + +%prep +%setup -n armada +%patch1 -p1 + + +%build +# Package the armada chart tarball using methodology derived from: +# git clone https://opendev.org/airship/armada.git && cd armada +# make charts +# +# This provides the equivalent of 'make charts' and builds what is +# minimally sufficient to generate the armada chart tarball. +# - do not need to build helm-toolkit. +# - do not need to build tiller (armada chart contains tiller). +# - This does not download helm v2 or helm-toolkit as done by 'make charts', +# and does not require external network. +# - Everything else provided by the armada Makefile build is ignored. +# +# This is built using helm v3. +# - 'helm init' and 'helm serv' have been removed in helm v3 +# - chartmuseum is drop-in replacement for 'helm serv' +# - no initial repository exist +# - charts self-contain helm-toolkit and pass lint; requirements.yaml +# dependencies are safely removed from package so the cluster does +# not have to serve 'local' repo (i.e., with ChartMuseum). +# - helm config of setup directories and repositories is automated +# (we don't need to create them) + +# Stage helm-toolkit in the local repo +cp %{helm_folder}/helm-toolkit-%{toolkit_version}.tgz %{charts_staging} + +# Host a local server for the charts. +chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="%{charts_staging}" & +sleep 2 +helm repo add local http://localhost:8879/charts + +cd %{charts_staging} +helm dependency update armada +helm lint armada +rm -v -f ./requirements.lock ./requirements.yaml +helm template --set pod.resources.enabled=true armada +helm package armada +cd - + +# Terminate helm server (the last backgrounded task) +kill %1 + +%install +install -d -m 755 ${RPM_BUILD_ROOT}/opt/extracharts +install -p -D -m 755 %{charts_staging}/armada-*.tgz ${RPM_BUILD_ROOT}/opt/extracharts + +%files +%defattr(-,root,root,-) +/opt/extracharts/* + diff --git a/kubernetes/armada/centos/build_srpm.data b/kubernetes/armada/centos/build_srpm.data new file mode 100644 index 000000000..daebb95e7 --- /dev/null +++ b/kubernetes/armada/centos/build_srpm.data @@ -0,0 +1,8 @@ +TAR_NAME=armada +VERSION=0.2.0 +SHA=6cc6346cde888c683fec4df910ebefdf6dccb310 +TAR="$TAR_NAME-$SHA.tar.gz" + +COPY_LIST="${CGCS_BASE}/downloads/$TAR $FILES_BASE/*" + +TIS_PATCH_VER=0 diff --git a/kubernetes/armada/centos/files/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch b/kubernetes/armada/centos/files/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch new file mode 100644 index 000000000..43fd42310 --- /dev/null +++ b/kubernetes/armada/centos/files/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch @@ -0,0 +1,92 @@ +From 6e464edeadab3b2631775326fb12e6d6e6eb1e2a Mon Sep 17 00:00:00 2001 +From: Jim Gauld +Date: Mon, 1 Jun 2020 11:36:46 -0400 +Subject: [PATCH] Add Helm v2 client initialization using tiller postStart exec + +This adds helm v2 client initialization using the tiller +container postStart exec to access helm v2 binary. + +This will perform 'helm init', removes the default repos +'stable' and 'local', and add valid repos that were provided +as overrides. Note that helm will only add repos that exist. + +This expects overrides in this format: +conf: + tiller: + charts_url: 'http://192.168.204.1:8080/helm_charts' + repo_names: + - 'starlingx' + - 'stx-platform' + repos: + stable: https://kubernetes-charts.storage.googleapis.com + +This gives the following result: +helmv2-cli -- helm repo list +NAME URL +stable https://kubernetes-charts.storage.googleapis.com +starlingx http://192.168.204.1:8080/helm_charts/starlingx +stx-platform http://192.168.204.1:8080/helm_charts/stx-platform + +Signed-off-by: Jim Gauld +--- + charts/armada/templates/deployment-api.yaml | 28 ++++++++++++++++++++++++++++ + charts/armada/values.yaml | 4 ++++ + 2 files changed, 32 insertions(+) + +diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml +index a48c8b6..ccbdb4d 100644 +--- a/charts/armada/templates/deployment-api.yaml ++++ b/charts/armada/templates/deployment-api.yaml +@@ -179,6 +179,34 @@ spec: + - -trace + {{- end }} + lifecycle: ++ postStart: ++ exec: ++ command: ++ - sh ++ - "-c" ++ - | ++ /bin/sh <<'EOF' ++ # Delay initialization since postStart handler runs asynchronously and there ++ # is no guarantee it is called before the Container’s entrypoint. ++ sleep 5 ++ # Initialize Helm v2 client. ++ export HELM_HOST=:{{ .Values.conf.tiller.port }} ++ /helm init --client-only --skip-refresh ++ /helm repo rm stable ++ /helm repo rm local ++{{- if .Values.conf.tiller.repos }} ++ {{- range $name, $repo := .Values.conf.tiller.repos }} ++ /helm repo add {{ $name }} {{ $repo }} ++ {{- end }} ++{{- end }} ++{{- if .Values.conf.tiller.repo_names }} ++ {{- range .Values.conf.tiller.repo_names }} ++ /helm repo add {{ . }} {{ $envAll.Values.conf.tiller.charts_url }}/{{ . }} ++ {{- end }} ++{{- end }} ++ ln -s -f /helm /tmp/helm ++ exit 0 ++ EOF + preStop: + exec: + command: +diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml +index 4c1e603..fb3e5c2 100644 +--- a/charts/armada/values.yaml ++++ b/charts/armada/values.yaml +@@ -217,6 +217,10 @@ conf: + # Note: Defaulting to the (default) kubernetes grace period, as anything + # greater than that will have no effect. + prestop_sleep: 30 ++ # Helm v2 initialization ++ charts_url: null ++ repo_names: [] ++ repos: {} + + monitoring: + prometheus: +-- +1.8.3.1 + diff --git a/kubernetes/chartmuseum/centos/build_srpm.data b/kubernetes/chartmuseum/centos/build_srpm.data new file mode 100644 index 000000000..2884486b1 --- /dev/null +++ b/kubernetes/chartmuseum/centos/build_srpm.data @@ -0,0 +1,6 @@ +VERSION=0.12.0 +TAR_NAME=chartmuseum +TAR="$TAR_NAME-$VERSION.tar.gz" +COPY_LIST="${CGCS_BASE}/downloads/$TAR $STX_BASE/downloads/chartmuseum-v0.12.0-amd64" + +TIS_PATCH_VER=1 diff --git a/kubernetes/chartmuseum/centos/chartmuseum.spec b/kubernetes/chartmuseum/centos/chartmuseum.spec new file mode 100644 index 000000000..7877f1e8b --- /dev/null +++ b/kubernetes/chartmuseum/centos/chartmuseum.spec @@ -0,0 +1,67 @@ +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (c) 2020 Wind River Systems, Inc. +# +%global with_debug 0 + +%if 0%{?with_debug} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +Name: chartmuseum +Version: 0.12.0 +Release: %{tis_patch_ver}%{?_tis_dist} +Summary: Helm Chart Repository with support for Amazon S3 and Google Cloud Storage +Group: Kubernetes +License: Apache-2.0 +Source0: %{name}-%{version}.tar.gz +Source1: chartmuseum-v0.12.0-amd64 +Packager: Wind River +URL: https://github.com/helm/chartmuseum +#URL: https://s3.amazonaws.com/chartmuseum + +BuildRequires: pkgconfig(systemd) +BuildRequires: pkgconfig(libseccomp) +BuildRequires: pkgconfig(libsystemd-journal) +BuildRequires: golang >= 1.10.0 +BuildRequires: rsync +BuildRequires: go-md2man +BuildRequires: go-bindata +BuildRequires: rpm-devel >= 4.14.0 +BuildRequires: rpm-libs >= 4.14.0 + +Requires: /bin/bash + +%define CHARTMUSEUM_DIR ${HOME}/src/github.com/helm/%{name} + +%description +%{summary} + +%prep +%setup -q -c -n %{name} + +%build +# NOTE: chartmuseum is only used to build helm charts, and is not +# part of the ISO. +# Gather the licence and readme from the source tarball. +mkdir -v -p %{CHARTMUSEUM_DIR} +mv -v %{name}/* %{CHARTMUSEUM_DIR}/ +mv -v %{CHARTMUSEUM_DIR}/{LICENSE,README.md} %{name}/ +pushd %{CHARTMUSEUM_DIR} +# Stub out the make to build golang package; we are using a binary. +#make +popd + +%install +install -d %{buildroot}%{_bindir} +install -m 755 %{SOURCE1} %{buildroot}%{_bindir}/chartmuseum + +%files +%defattr(-,root,root,-) +%doc %{name}/README.md +%license %{name}/LICENSE +%{_bindir}/chartmuseum + +%changelog diff --git a/kubernetes/helm/centos/build_srpm.data b/kubernetes/helm/centos/build_srpm.data index f5632fa03..b9b3a2b64 100644 --- a/kubernetes/helm/centos/build_srpm.data +++ b/kubernetes/helm/centos/build_srpm.data @@ -1,6 +1,6 @@ -VERSION=2.13.1 +VERSION=3.2.1 TAR_NAME=helm TAR="$TAR_NAME-v$VERSION-linux-amd64.tar.gz" COPY_LIST="${CGCS_BASE}/downloads/$TAR $FILES_BASE/*" -TIS_PATCH_VER=2 +TIS_PATCH_VER=0 diff --git a/kubernetes/helm/centos/files/helm-upload b/kubernetes/helm/centos/files/helm-upload index f4ae8ef59..d88e49a7d 100644 --- a/kubernetes/helm/centos/files/helm-upload +++ b/kubernetes/helm/centos/files/helm-upload @@ -14,8 +14,9 @@ # We want to run as the "www" user and scripts can't be setuid. The # sudoers permissions are set up to allow sysadmin to run this script # as the "www" user without a password. -if [ $USER != "www" ]; then - exec sudo -u www $0 $@ +WWW_ID=$(id -u www) +if [ ${UID} -ne ${WWW_ID} ]; then + exec sudo -u www -g www "$0" "$@" fi diff --git a/kubernetes/helm/centos/files/helmv2-cli b/kubernetes/helm/centos/files/helmv2-cli new file mode 100644 index 000000000..e857a00d3 --- /dev/null +++ b/kubernetes/helm/centos/files/helmv2-cli @@ -0,0 +1,105 @@ +#!/bin/bash + +# Copyright (c) 2020 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# This script is wrapper to Helm v2 client, providing access to containerized +# armada/tiller managed charts. + +# There are two modes of operation: +# - no command specified: this is an interactive BusyBox shell +# - command and options specified: this executes a single helm v2 command + +set -euo pipefail + +# Define minimal path +PATH=/bin:/usr/bin:/usr/local/bin + +# Process input options +SCRIPT=$(basename $0) +OPTS=$(getopt -o dh --long debug,help -n ${SCRIPT} -- "$@") +if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi +eval set -- "$OPTS" + +DEBUG=false +HELP=false +while true; do + case "$1" in + -d | --debug ) DEBUG=true; shift ;; + -h | --help ) HELP=true; shift ;; + -- ) shift; break ;; + * ) break ;; + esac +done + +# Treat remaining arguments as commands + options +shift $((OPTIND-1)) +OTHERARGS="$@" + +if [ ${HELP} == 'true' ]; then + echo "Usage: ${SCRIPT} [-d|--debug] [-h|--help] -- [command] [options]" + echo "Options:" + echo " -d | --debug : display initialization information" + echo " -h | --help : this help" + echo + echo "Command option examples:" + echo " helmv2-cli -- helm search" + echo " helmv2-cli -- helm list" + echo " helmv2-cli -- helm list --namespace openstack --pending" + exit 0 +fi + +# Logger setup +LOG_FACILITY=user +LOG_PRIORITY=info +function LOG { + logger -t "${0##*/}[$$]" -p ${LOG_FACILITY}.${LOG_PRIORITY} "$@" + echo "${0##*/}[$$]" "$@" +} +function ERROR { + MSG="ERROR" + LOG "${MSG} $@" +} + +# Determine armada pod +POD=$(kubectl get pods -n armada --selector=application=armada \ + --output=jsonpath={.items..metadata.name}) +if [ -z "${POD}" ]; then + ERROR "Could not find armada pod." + exit 1 +fi +if [ ${DEBUG} == 'true' ]; then + LOG "Found armada pod: ${POD}" +fi + +# Determine tiller listen port (configured by armada chart) +# armada-api is container index 0, tiller is container index 1 +TILLER_PORT=$(kubectl get pod -n armada ${POD} \ + --output=jsonpath={.spec.containers[1].ports[0].containerPort}) +if [ -z "${TILLER_PORT}" ]; then + ERROR "Could not find tiller listen port." + exit 1 +fi +if [ ${DEBUG} == 'true' ]; then + LOG "Found tiller listen port: ${TILLER_PORT}" +fi + +# Launch BusyBox shell with access to local tiller. +# Can execute helm v2 commands as '/helm' or 'helm'. +if [ ${DEBUG} == 'true' ]; then + LOG "Launching Helm-v2 client" +fi +HELM_HOST=":${TILLER_PORT}" +if [ -z "${OTHERARGS}" ]; then + # Interactive BusyBox shell + kubectl exec -it -n armada ${POD} -c tiller -- \ + /bin/sh -c "PATH=${PATH}:/tmp PS1='Helm-v2 \h:\w $ ' HELM_HOST=${HELM_HOST} /bin/sh" +else + # Execute single helm v2 command in BusyBox shell + kubectl exec -n armada ${POD} -c tiller -- \ + /bin/sh -c "PATH=${PATH}:/tmp HELM_HOST=${HELM_HOST} /bin/sh -c '$OTHERARGS'" +fi + +exit 0 diff --git a/kubernetes/helm/centos/helm.spec b/kubernetes/helm/centos/helm.spec index c551812e9..733096a80 100644 --- a/kubernetes/helm/centos/helm.spec +++ b/kubernetes/helm/centos/helm.spec @@ -1,5 +1,5 @@ Name: helm -Version: 2.13.1 +Version: 3.2.1 Release: 0%{?_tis_dist}.%{tis_patch_ver} Summary: The Kubernetes Package Manager License: Apache-2.0 @@ -9,6 +9,7 @@ URL: https://github.com/kubernetes/helm/releases Source0: %{name}-v%{version}-linux-amd64.tar.gz Source1: helm-upload Source2: helm.sudo +Source3: helmv2-cli Requires: /bin/bash @@ -23,6 +24,7 @@ install -d %{buildroot}%{_sbindir} install -m 755 ${RPM_BUILD_DIR}/linux-amd64/helm %{buildroot}%{_sbindir}/helm install -d %{buildroot}/usr/local/sbin install -m 755 %{SOURCE1} %{buildroot}/usr/local/sbin/helm-upload +install -m 755 %{SOURCE3} %{buildroot}/usr/local/sbin/helmv2-cli install -d %{buildroot}%{_sysconfdir}/sudoers.d install -m 440 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudoers.d/helm @@ -30,4 +32,5 @@ install -m 440 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudoers.d/helm %defattr(-,root,root,-) %{_sbindir}/helm /usr/local/sbin/helm-upload +/usr/local/sbin/helmv2-cli %{_sysconfdir}/sudoers.d/helm