OPC-Router
diff --git a/‎README.md‎
Lines changed: 49 additions & 28 deletions b/‎README.md‎
Lines changed: 49 additions & 28 deletions
diff --git a/‎charts/opc-router/templates/NOTES.txt‎
Lines changed: 9 additions & 7 deletions b/‎charts/opc-router/templates/NOTES.txt‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎charts/opc-router/templates/_scripts.tpl‎
Lines changed: 27 additions & 1 deletion b/‎charts/opc-router/templates/_scripts.tpl‎
Lines changed: 27 additions & 1 deletion
diff --git a/‎charts/opc-router/templates/deletesecret.yaml‎
Lines changed: 2 additions & 0 deletions b/‎charts/opc-router/templates/deletesecret.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎charts/opc-router/templates/deployment.yaml‎
Lines changed: 44 additions & 7 deletions b/‎charts/opc-router/templates/deployment.yaml‎
Lines changed: 44 additions & 7 deletions
@@ -1,5 +1,23 @@
 # OPC-Router 4 Helm Chart
 
+## Prequisites
+- Kubernetes 1.12+
+- Helm 3.1.0
+
+## Installation
+To install the chart with the name `my-opcrouter`:
+```shell
+$ helm install my-opcrouter <Path> --set I_do_accept_the_EULA=true
+```
+This command will install the opc router with standard settings, as a service with a seperate mongodb container. Accepting the [End User License Agreement](https://www.opc-router.com/terms-of-use-and-eula/) by setting `I_do_accept_the_EULA` to true is required for the OPCRouter to run.
+
+## Uninstalling
+The chart with the name `my-opcrouter` can simply be uninstalled by executing:
+```shell
+$ helm uninstall my-opcrouter
+```
+However, keep in mind that the persitant volumes of the mongodb container don't get deleted by this. When reinstalling the chart under the same name you will have to use the previous mongodb root password and replica set key or delete the persistant volume beforehand.
+
 ## Parameters
 
 ### Global parameters
@@ -11,39 +29,42 @@
 | `global.storageClass`      | Global StorageClass for Persistent Volume(s)                                                                           | `""`  |
 | `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""`  |
 
-
 ### Common parameters
 
-| Name                     | Description                                                                                               | Value           |
-| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- |
-| `nameOverride`           | String to partially override opc-router.fullname template (will maintain the release name)                | `""`            |
-| `fullnameOverride`       | String to fully override opc-router.fullname template                                                     | `""`            |
-
+| Name               | Description                                                                                | Value |
+| ------------------ | ------------------------------------------------------------------------------------------ | ----- |
+| `nameOverride`     | String to partially override opc-router.fullname template (will maintain the release name) | `""`  |
+| `fullnameOverride` | String to fully override opc-router.fullname template                                      | `""`  |
 
 ### OPCRouter parameters
 
-| Name                                     | Description                                                                                            | Value                  |
-| ---------------------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- |
-| `I_do_accept_the_EULA`                   | If this is false the opc router container won't be able to run.                                        | `false`                |
-| `image.repository`                       | OPC-Router image registry.                                                                             | `opcrouter/runtime`    |
-| `image.tag`                              | OPC-Router image tag (immutable tags are recommended).                                                 | `""`                   |
-| `image.pullPolicy`                       | OPC-Router image pull policy.                                                                          | `IfNotPresent`         |
-| `serviceAccount.create`                  | Specifies whether a service account should be created.                                                 | `true`                 |
-| `serviceAccount.annotations`             | Annotations to add to the service account.                                                             | `{}`                   |
-| `serviceAccount.name`                    | Name of the service account to use. If not set and create is true, it is generated using the fullname. | `""`                   |
-| `service.type`                           | Type of the service. Possible values: ClusterIP, NodePort, LoadBalancer.                               | `ClusterIP`            |
-| `service.port`                           | Internal port. The service will be reachable under this port inside the cluster.                       | `27017`                |
-| `service.nodePort`                       | External port. When NodePort, this port will allow external access to the service.                     | `""`                   |
-| `project.projectRepo`                    | URL to git repository of a opcrouter4 project. Optional. Empty means no project gets loaded.           | `""`                   |
-| `project.projectPath`                    | Path to the project .rpe file in the repository. Don't begin with '/'. Optional.                       | `""`                   |
-| `project.configPath`                     | Path to a projects configuration file. Optional. Empty means no configuration file gets loaded.        | `""`                   |
-| `project.auth.ssh_secret`                | An existing secret containing the ssh-key under the key 'project-ssh-key'. Optional.                   | `""`                   |
-| `project.auth.ssh_key`                   | SSH private key for accessing the git repository. Overridden by ssh_secret, Optional.                  | `""`                   |
-| `project.auth.safe_key`                  | If false, the ssh key won't be saved on the cluster and will be deleted from the cluster.              | `true`                 |
-| `containerHistoryLimit`                  | The size of the history of deployments kept for potential rollbacks.                                   | `10`                   |
-| `mongodb.deploy`                         | If false, the mongodb container wont be deployed. Useful when using integrated db of opcrouter/runtime.| `true`                 |
-| `mongodb.auth.dbRootPassword`            | Root password for the mongodb. Will override autogenerated or existing one in secret.                  | `""`                   |
-| `mongodb.auth.dbReplicaKeySet`           | Replica set key for the mongodb. Will override autogenerated or existing one in secret.                | `""`                   |
+| Name                                         | Description                                                                                             | Value               |
+| -------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------- |
+| `I_do_accept_the_EULA`                       | If this is false the opc router container won't be able to run.                                         | `false`             |
+| `image.repository`                           | OPC-Router image registry.                                                                              | `opcrouter/service` |
+| `image.tag`                                  | OPC-Router image tag (immutable tags are recommended).                                                  | `""`                |
+| `image.pullPolicy`                           | OPC-Router image pull policy.                                                                           | `IfNotPresent`      |
+| `serviceAccount.create`                      | Specifies whether a service account should be created.                                                  | `true`              |
+| `serviceAccount.annotations`                 | Annotations to add to the service account.                                                              | `{}`                |
+| `serviceAccount.name`                        | Name of the service account to use. If not set and create is true, it is generated using the fullname.  | `""`                |
+| `project.projectRepo`                        | URL to git repository of a opcrouter4 project. Optional. Empty means no project gets loaded.            | `""`                |
+| `project.projectPath`                        | Path to the project .rpe file in the repository. Don't begin with '/'. Optional.                        | `""`                |
+| `project.configPath`                         | Path to a projects configuration file. Optional. Empty means no configuration file gets loaded.         | `""`                |
+| `project.auth.ssh_secret`                    | An existing secret containing the ssh-key under the key 'project-ssh-key'. Optional.                    | `""`                |
+| `project.auth.ssh_key`                       | SSH private key for accessing the git repository. Overridden by ssh_secret, Optional.                   | `""`                |
+| `project.auth.safe_key`                      | If false, the ssh key won't be saved on the cluster and will be deleted from the cluster.               | `true`              |
+| `project.persistantVolume.deploy`            | If true, deploys a persistant storage volume for the project and runtime db.                            | `true`              |
+| `project.persistantVolume.size`              | The size of the persistant volume.                                                                      | `3Gi`               |
+| `containerHistoryLimit`                      | The size of the history of deployments kept for potential rollbacks.                                    | `10`                |
+| `mongodb.deploy`                             | If false, the mongodb container wont be deployed. Useful when using integrated db of opcrouter/runtime. | `true`              |
+| `mongodb.replicaCount`                       | The number of mongodb pods to deploy. Set to two when using a redundency twin.                          | `1`                 |
+| `mongodb.auth.enabled`                       | If false, the mongodb won't require any authentification to access.                                     | `true`              |
+| `mongodb.auth.dbRootPassword`                | Root password for the mongodb. Will override autogenerated or existing one in secret.                   | `""`                |
+| `mongodb.auth.dbReplicaKeySet`               | Replica set key for the mongodb. Will override autogenerated or existing one in secret.                 | `""`                |
+| `mongodb.externalAccess.enabled`             | If false, the application won't be reachable from outside the cluster.                                  | `true`              |
+| `mongodb.externalAccess.service.type`        | Type of the service. Possible values: ClusterIP, NodePort, LoadBalancer.                                | `ClusterIP`         |
+| `mongodb.externalAccess.service.port`        | Internal port. The service will be reachable under this port inside the cluster.                        | `27017`             |
+| `mongodb.externalAccess.service.nodePorts`   | External ports. When NodePort, the ports configured here will allow external access to the service.     | ` -`                |
 
 ### WARNING: MongoDB root password and replica key set
 
 
@@ -6,22 +6,24 @@
   http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
   {{- end }}
 {{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "opc-router.fullname" . }})
+{{- else if not .Values.mongodb.externalAccess.enabled }}
+  External access was disabled, you will not be able to reach the application from the outside.
+{{- else if contains "NodePort" .Values.mongodb.externalAccess.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ if .Values.mongodb.deploy }}{{ .Release.Name }}-mongodb-0-external{{ else }}{{ include "opc-router.fullname" . }}{{ end }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo $NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
+{{- else if contains "LoadBalancer" .Values.mongodb.externalAccess.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
            You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "opc-router.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "opc-router.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo $SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ if .Values.mongodb.deploy }}{{ .Release.Name }}-mongodb-0-external{{ else }}{{ include "opc-router.fullname" . }}{{ end }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo $SERVICE_IP:{{ .Values.mongodb.externalAccess.service.port }}
+{{- else if contains "ClusterIP" .Values.mongodb.externalAccess.service.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "opc-router.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   echo "You can now reach the configuration at 127.0.0.1 with port 27020"
   kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 27020:$CONTAINER_PORT
 {{- end }}
 {{- else }}
 The chart was successfully installed but the opc-router container won't run:
-You need to accept to the terms and conditions of the EULA by setting the value I_do_accept_the_EULA to "true".
+You need to accept to the terms and conditions of the EULA (https://www.opc-router.com/terms-of-use-and-eula/) by setting the value I_do_accept_the_EULA to "true".
 {{ end }}
@@ -23,4 +23,30 @@ Commands to clone the project repo
   mkdir -p /data/project;
   git clone {{ .Values.project.projectRepo }} /data/project;
   echo Done;
-{{- end }}
+{{- end }}
+
+{{/*
+Commands to continuously update the project and restart the pod on new version
+*/}} 
+{{- define "project.gitops" }}
+{{- include "project.ssh" $}}
+  apk add curl; 
+  cat <<EOF > ~/gitops.sh
+    cd /data/project;
+    while [ true ]; do
+      sleep 60;
+      {{- if (or $.Values.project.auth.ssh_key $.Values.project.auth.ssh_secret) }}
+      eval \`ssh-agent\`;
+      ssh-add ~/.ssh/id;
+      {{- end }}
+      git fetch;
+      if [ \$(git rev-parse HEAD) != \$(git rev-parse @{u}) ]; then
+        git pull;
+        curl -XDELETE http://localhost:8001/api/v1/namespaces/{{ .Release.Namespace }}/pods?labelSelector=app.kubernetes.io/name={{ .Chart.Name }};
+      fi
+    done
+  EOF
+
+  chmod 777 ~/gitops.sh;
+  ~/gitops.sh;
+ {{- end }}
@@ -1,3 +1,4 @@
+{{- if .Values.project.projectRepo }}
 {{- if not .Values.project.auth.safe_key }}
 {{- with .Values.project.auth.ssh_key }}
 apiVersion: v1
@@ -11,4 +12,5 @@ type: Opaque
 data:
   project-ssh-key: {{ . | b64enc }}
 {{- end }}
+{{- end }}
 {{- end }}
@@ -33,24 +33,30 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
+          {{- if eq .Values.image.repository "opcrouter/runtime" }}
+          {{- if eq .Values.mongodb.deploy false }}
             - name: opcrouter
               containerPort: 27017
               protocol: TCP
+          {{- end }}
+          {{- end }}
           # Environment variables for the opcrouter container
           env:
           # Variables for connecting a service to the mongodb if a service is specified
-          {{- if eq .Values.image.repository "opcrouter/service" }}
-          - name: OR_DATABASE_USERNAME
-            value: root
+          {{- if .Values.mongodb.deploy }}
           - name: OR_DATABASE_HOST_ADRESS
             value: "{{ .Release.Name }}-mongodb-0.{{ .Release.Name }}-mongodb-headless"
+          {{- if .Values.mongodb.auth.enabled }}
+          - name: OR_DATABASE_USERNAME
+            value: root
           # Loading the password for the mongodb from secret
           - name: OR_DATABASE_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: {{ .Values.mongodb.auth.existingSecret }}
                 key: mongodb-root-password
           {{- end }}
+          {{- end }} 
           - name: OR_I_ACCEPT_EULA
             value: {{ .Values.I_do_accept_the_EULA | quote }}
           # Loading environment variables specified in the values file
@@ -60,9 +66,9 @@ spec:
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          # Project repo is specified: Get and load project
-          {{- if .Values.project.projectRepo }}
-          # Volume mount for the project and configuration file
+      {{- if .Values.project.projectRepo }}
+      # Project repo is specified: Get and load project
+      # Volume mount for the project and configuration file
           volumeMounts:
           - mountPath: /data
             name: project-volume
@@ -72,15 +78,42 @@ spec:
             - "--source"
             - "/data/project/{{ .Values.project.projectPath }}"
             {{- if eq .Values.image.repository "opcrouter/runtime" }}
+            {{- if eq .Values.mongodb.deploy false }}
             - "--configdb"
             - "OPCRouterRuntime"
             {{- end }}
+            {{- end }}
             - "--allow-clear-config"
             - "--start-service"
             {{- if .Values.project.configPath }}
             - "--runtime-configuration-filepath"
             - "/data/project/{{ .Values.project.configPath }}"
             {{- end }}
+        {{- if .Values.project.autoUpdate }}
+        - name: kubernetes-proxy
+          image: bitnami/kubectl:latest
+          # Script for setting ssh credentials and cloning the repository onto the volume
+          command: ['sh', '-c', "kubectl proxy;"]
+        - name: git-ops
+          image: alpine/git:latest
+          # Script for setting ssh credentials and cloning the repository onto the volume
+          command: ["sh", "-c"]
+          args:
+          - >-
+            {{- include "project.gitops" $ | indent 12}}
+          # Volume mount for the project and configuration file
+          volumeMounts:
+          - mountPath: /data
+            name: project-volume
+          {{- if (or .Values.project.auth.ssh_key .Values.project.auth.ssh_secret) }}
+          env:
+          - name: PROJECT_SSH_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.project.auth.ssh_secret | default (printf "%s-%s" (include "opc-router.fullname" $) "secret" | trunc 63 | trimSuffix "-") }}
+                key: project-ssh-key
+          {{- end }}
+        {{- end }}
       # Init container for pulling the project files
       initContainers:
       - name: pull-project
@@ -105,9 +138,13 @@ spec:
       # Volume for the project and configuration file
       volumes:
       - name: project-volume
+      {{- if .Values.project.persistantVolume.deploy }}
         persistentVolumeClaim:
           claimName: {{ include "opc-router.fullname" . }}
-          {{- end }}
+      {{- else}}
+        emptyDir: {}
+      {{- end }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}