From d301c07edb956a73dc6a6c53515a853956d2c0f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Thu, 23 Jan 2020 13:30:30 +0100 Subject: [PATCH] added hawkbit chart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Bauer --- charts/hawkbit/.helmignore | 22 ++ charts/hawkbit/Chart.yaml | 15 ++ charts/hawkbit/README.md | 45 +++++ charts/hawkbit/requirements.lock | 9 + charts/hawkbit/requirements.yaml | 9 + charts/hawkbit/templates/NOTES.txt | 1 + charts/hawkbit/templates/_helpers.tpl | 45 +++++ charts/hawkbit/templates/configmap.yaml | 9 + charts/hawkbit/templates/deployment.yaml | 109 ++++++++++ charts/hawkbit/templates/ingress.yaml | 36 ++++ .../templates/poddisruptionbudget.yaml | 14 ++ charts/hawkbit/templates/secrets.yaml | 22 ++ charts/hawkbit/templates/service.yaml | 20 ++ .../templates/tests/test-connection.yaml | 18 ++ charts/hawkbit/values.yaml | 189 ++++++++++++++++++ 15 files changed, 563 insertions(+) create mode 100644 charts/hawkbit/.helmignore create mode 100644 charts/hawkbit/Chart.yaml create mode 100644 charts/hawkbit/README.md create mode 100644 charts/hawkbit/requirements.lock create mode 100644 charts/hawkbit/requirements.yaml create mode 100644 charts/hawkbit/templates/NOTES.txt create mode 100644 charts/hawkbit/templates/_helpers.tpl create mode 100644 charts/hawkbit/templates/configmap.yaml create mode 100644 charts/hawkbit/templates/deployment.yaml create mode 100644 charts/hawkbit/templates/ingress.yaml create mode 100644 charts/hawkbit/templates/poddisruptionbudget.yaml create mode 100644 charts/hawkbit/templates/secrets.yaml create mode 100644 charts/hawkbit/templates/service.yaml create mode 100644 charts/hawkbit/templates/tests/test-connection.yaml create mode 100644 charts/hawkbit/values.yaml diff --git a/charts/hawkbit/.helmignore b/charts/hawkbit/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/charts/hawkbit/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/hawkbit/Chart.yaml b/charts/hawkbit/Chart.yaml new file mode 100644 index 00000000..f9eb0681 --- /dev/null +++ b/charts/hawkbit/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +version: 1.0.0 +appVersion: "0.3.0M6-mysql" +description: A Helm chart for hawkBit update server +name: hawkbit +home: https://www.eclipse.org/hawkbit/ +sources: +- https://github.com/eclipse/hawkbit +- https://github.com/eclipse/packages +icon: https://www.eclipse.org/hawkbit/images/hawkbit_icon.png +maintainers: +- name: monotek + email: andre.bauer@kiwigrid.com +- name: axdotl + email: axel.koehler@kiwigrid.com diff --git a/charts/hawkbit/README.md b/charts/hawkbit/README.md new file mode 100644 index 00000000..caf58645 --- /dev/null +++ b/charts/hawkbit/README.md @@ -0,0 +1,45 @@ +# Hawkbit Update Server + +## Introduction + +[Eclipse hawkBit™](https://www.eclipse.org/hawkbit/) is a domain independent back-end framework for rolling out software updates to constrained edge devices as well as more powerful controllers and gateways connected to IP based networking infrastructure. + +This chart uses hawkbit/hawkbit-update-server container to run Hawkbit update server inside Kubernetes. + +## Prerequisites + +- Has been tested on Kubernetes 1.11+ + +## Installing the Chart + +To install the chart with the release name `eclipse-hawkbit`, run the following command: + +```bash +helm repo add eclipse-iot https://eclipse.org/packages/charts +relm repo update +helm install eclipse-hawkbit eclipse-iot/hawkbit +``` + +## Uninstalling the Chart + +To uninstall/delete the `eclipse-hawkbit` deployment: + +```bash +helm delete eclipse-hawkbit +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +> **Tip**: To completely remove the release, run `helm delete --purge eclipse-hawkbit` + +## Configuration + +Please view the `values.yaml` for the list of possible configuration values with its documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: + +```bash +helm install eclipse-hawkbit eclipse-iot/hawkbit --set podDisruptionBudget.enabled=true +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. diff --git a/charts/hawkbit/requirements.lock b/charts/hawkbit/requirements.lock new file mode 100644 index 00000000..ff4d050c --- /dev/null +++ b/charts/hawkbit/requirements.lock @@ -0,0 +1,9 @@ +dependencies: +- name: mysql + repository: https://charts.bitnami.com + version: 6.7.4 +- name: rabbitmq + repository: https://charts.bitnami.com + version: 6.16.0 +digest: sha256:515ffc3c905c6b32413d8089e297c1f38151a225203a5c1b0cb17c157e55625d +generated: "2020-01-15T11:04:01.389753897+01:00" diff --git a/charts/hawkbit/requirements.yaml b/charts/hawkbit/requirements.yaml new file mode 100644 index 00000000..6df2d14e --- /dev/null +++ b/charts/hawkbit/requirements.yaml @@ -0,0 +1,9 @@ +dependencies: + - name: mysql + version: 6.7.4 + repository: https://charts.bitnami.com + condition: mysql.enabled + - name: rabbitmq + version: 6.16.0 + repository: https://charts.bitnami.com + condition: rabbitmq.enabled diff --git a/charts/hawkbit/templates/NOTES.txt b/charts/hawkbit/templates/NOTES.txt new file mode 100644 index 00000000..459d084b --- /dev/null +++ b/charts/hawkbit/templates/NOTES.txt @@ -0,0 +1 @@ +Eclipse Hawkbit installed! diff --git a/charts/hawkbit/templates/_helpers.tpl b/charts/hawkbit/templates/_helpers.tpl new file mode 100644 index 00000000..b2db7a90 --- /dev/null +++ b/charts/hawkbit/templates/_helpers.tpl @@ -0,0 +1,45 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "hawkbit.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hawkbit.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hawkbit.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "hawkbit.labels" -}} +app.kubernetes.io/name: {{ include "hawkbit.name" . }} +helm.sh/chart: {{ include "hawkbit.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/charts/hawkbit/templates/configmap.yaml b/charts/hawkbit/templates/configmap.yaml new file mode 100644 index 00000000..de11d2a2 --- /dev/null +++ b/charts/hawkbit/templates/configmap.yaml @@ -0,0 +1,9 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "hawkbit.fullname" . }} + labels: +{{ include "hawkbit.labels" . | indent 4 }} +data: + application.yaml: |- +{{ toYaml .Values.config.application | indent 4}} diff --git a/charts/hawkbit/templates/deployment.yaml b/charts/hawkbit/templates/deployment.yaml new file mode 100644 index 00000000..ca9e76c5 --- /dev/null +++ b/charts/hawkbit/templates/deployment.yaml @@ -0,0 +1,109 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "hawkbit.fullname" . }} + labels: +{{ include "hawkbit.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + {{- with .Values.updateStrategy }} + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "hawkbit.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "hawkbit.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print .Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- with .Values.podTemplate.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: SPRING_PROFILES_ACTIVE + value: "{{ .Values.spring.profiles }}" + - name: "SPRING_DATASOURCE_URL" + value: "jdbc:mysql://{{ if .Values.mysql.enabled }}{{ .Release.Name }}-mysql{{ else }}{{ .Values.env.springDatasourceHost }}{{ end }}:3306/{{ .Values.env.springDatasourceDb }}" + - name: "SPRING_APPLICATION_JSON" + valueFrom: + secretKeyRef: + name: {{ include "hawkbit.fullname" . }} + key: "SPRING_APPLICATION_JSON" + - name: "SPRING_RABBITMQ_HOST" + value: "{{ if .Values.rabbitmq.enabled }}{{ .Release.Name }}-rabbitmq{{ else }}{{ .Values.env.springRabbitmqHost }}{{ end }}" + - name: "SPRING_RABBITMQ_USERNAME" + value: "{{ .Values.env.springRabbitmqUsername }}" + - name: "SPRING_RABBITMQ_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ template "hawkbit.fullname" . }}-rabbitmq-pass" + key: "rabbitmq-pass" + {{- range $key, $value := .Values.extraEnv }} + - name: "{{ $key }}" + value: "{{ $value }}" + {{- end }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /VAADIN/themes/hawkbit/favicon.ico + port: http + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + readinessProbe: + httpGet: + path: /VAADIN/themes/hawkbit/favicon.ico + port: http + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + volumeMounts: + - name: configmap + mountPath: {{ .Values.configMap.mountPath }} + {{- if .Values.extraVolumeMounts }} + {{ toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- if .Values.securityContext.extra }} + {{- toYaml .Values.securityContext.extra | nindent 8 }} + {{- end }} + {{- end }} + volumes: + - name: configmap + configMap: + name: {{ include "hawkbit.fullname" . }} + {{- if .Values.extraVolumes }} + {{ toYaml .Values.extraVolumes | nindent 6 }} + {{- end }} diff --git a/charts/hawkbit/templates/ingress.yaml b/charts/hawkbit/templates/ingress.yaml new file mode 100644 index 00000000..6f8d9b5b --- /dev/null +++ b/charts/hawkbit/templates/ingress.yaml @@ -0,0 +1,36 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "hawkbit.fullname" . -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: +{{ include "hawkbit.labels" . | indent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/hawkbit/templates/poddisruptionbudget.yaml b/charts/hawkbit/templates/poddisruptionbudget.yaml new file mode 100644 index 00000000..219afed6 --- /dev/null +++ b/charts/hawkbit/templates/poddisruptionbudget.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.podDisruptionBudget.enabled (gt .Values.replicaCount 1.0) -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "hawkbit.fullname" . }} + labels: +{{ include "hawkbit.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "hawkbit.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} diff --git a/charts/hawkbit/templates/secrets.yaml b/charts/hawkbit/templates/secrets.yaml new file mode 100644 index 00000000..2def1c4a --- /dev/null +++ b/charts/hawkbit/templates/secrets.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "hawkbit.fullname" . }} + labels: +{{ include "hawkbit.labels" . | indent 4 }} +type: Opaque +data: + SPRING_APPLICATION_JSON: {{ .Values.config.secrets | toJson | b64enc }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "hawkbit.fullname" . }}-rabbitmq-pass + labels: + app.kubernetes.io/name: {{ include "hawkbit.name" . }} + helm.sh/chart: {{ include "hawkbit.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + rabbitmq-pass: {{ .Values.env.springRabbitmqPassword | b64enc | quote }} diff --git a/charts/hawkbit/templates/service.yaml b/charts/hawkbit/templates/service.yaml new file mode 100644 index 00000000..db234663 --- /dev/null +++ b/charts/hawkbit/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "hawkbit.fullname" . }} + labels: +{{ include "hawkbit.labels" . | indent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "hawkbit.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/hawkbit/templates/tests/test-connection.yaml b/charts/hawkbit/templates/tests/test-connection.yaml new file mode 100644 index 00000000..43e10ee2 --- /dev/null +++ b/charts/hawkbit/templates/tests/test-connection.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "hawkbit.fullname" . }}-test-connection" + labels: + app.kubernetes.io/name: {{ include "hawkbit.name" . }} + helm.sh/chart: {{ include "hawkbit.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "hawkbit.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/hawkbit/values.yaml b/charts/hawkbit/values.yaml new file mode 100644 index 00000000..f2ec7eea --- /dev/null +++ b/charts/hawkbit/values.yaml @@ -0,0 +1,189 @@ +# Copyright (c) 2019 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Eclipse Public License 2.0 which is available at +# http://www.eclipse.org/legal/epl-2.0 +# +# SPDX-License-Identifier: EPL-2.0 +--- +# Default values for hawkbit. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: "hawkbit/hawkbit-update-server" + tag: 0.3.0M6-mysql + pullPolicy: IfNotPresent + +replicaCount: 1 + +## podDisruptionBudget configuration +podDisruptionBudget: + enabled: false + minAvailable: 1 + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +securityContext: + enabled: true + # 65534 is the uid of user nobody in the docker image + fsGroup: 65534 + runAsUser: 65534 + extra: {} + +## strategy used to replace old Pods by new ones +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +updateStrategy: + ## default is re-create, because of possible database migrations + type: Recreate + +nameOverride: "" +fullnameOverride: "" + +service: + type: ClusterIP + port: 80 + annotations: {} + # traefik.ingress.kubernetes.io/affinity: "true" + +livenessProbe: + initialDelaySeconds: 240 + timeoutSeconds: 5 +readinessProbe: + initialDelaySeconds: 120 + timeoutSeconds: 5 + +ingress: + enabled: false + annotations: {} + # ingress.kubernetes.io/ssl-redirect: "true" + # kubernetes.io/tls-acme: "true" + hosts: + - host: hawkbit.local + paths: [] + tls: [] + # - secretName: hawkbit-tls + # hosts: + # - hawkbit.local + +# env vars for configuration +env: + springDatasourceHost: "hawkbit-mysql" + springDatasourceDb: "hawkbit" + springRabbitmqHost: "hawkbit-rabbitmq" + springRabbitmqUsername: "hawkbit" + springRabbitmqPassword: "hawkbit" + +# optional env vars +extraEnv: {} + # JAVA_TOOL_OPTIONS: "-Xms1024m -Xmx1024m" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 500m + # memory: 1536Mi + # requests: + # cpu: 100m + # memory: 1024Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +podTemplate: + annotations: {} + +extraVolumes: [] +extraVolumeMounts: [] + +configMap: + mountPath: "/opt/hawkbit/config" + +spring: + profiles: "mysql" + +config: + application: + hawkbit: + ## Configuration for the device management federation + ## ref: https://www.eclipse.org/hawkbit/apis/dmf_api/ + ## These configuration will become available once https://github.com/eclipse/hawkbit/pull/890 is merged + # dmf: + # hono: + # enabled: false + # tenant-list-uri: "http://[DEVICE_REGISTRY_HOST]:8080/admin/tenants" + # device-list-uri: "http://[DEVICE_REGISTRY_HOST]:8080/admin/$$tenantId/devices" + # credentials-list-uri: "http://[DEVICE_REGISTRY_HOST]:8080/v1/credentials/$$tenantId/$$deviceId" + # authentication-method: "oidc" + # username: "[KEYCLOAK_HAWKBIT_USERNAME]" + # oidc-token-uri: "http://[KEYCLOAK_HOST]:8080/auth/realms/master/protocol/openid-connect/token" + # oidc-client-id: "[KEYCLOAK_DEVICE_REGISTRY_CLIENT_ID]" + spring: + cloud: + stream: + bindings: + default: + group: "hawkbit" + device-created: + destination: "device-registry.device-created" + device-updated: + destination: "device-registry.device-updated" + device-deleted: + destination: "device-registry.device-deleted" + security: + user: + name: admin + secrets: + hawkbit: + dmf: + hono: + password: "[KEYCLOAK_HAWKBIT_USER_PASSWORD]" + spring: + security: + user: + # the "{noop}" prefix is needed! + password: "{noop}admin" + datasource: + username: hawkbit + password: hawkbit + + +## dependency charts config +## ref: https://github.com/bitnami/charts/blob/master/bitnami/mysql/values.yaml +mysql: + enabled: true + master: + persistence: + enabled: true + volumePermissions: + enabled: false + db: + user: hawkbit + password: hawkbit + name: hawkbit + replication: + enabled: false + metrics: + enabled: true + +## ref: https://github.com/bitnami/charts/blob/master/upstreamed/rabbitmq/values.yaml +rabbitmq: + enabled: true + persistence: + enabled: true + volumePermissions: + enabled: true + rabbitmq: + username: hawkbit + password: hawkbit + metrics: + enabled: true