In Cluste runtime (#237)

Author: yuri-denysenko-codefresh

charts/cf-runtime/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/cf-runtime/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: cf-runtime
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

charts/cf-runtime/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-runtime.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-runtime.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cf-runtime.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-runtime.labels" -}}
+helm.sh/chart: {{ include "cf-runtime.chart" . }}
+{{ include "cf-runtime.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-runtime.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/cf-runtime/templates/re/_helpers.tpl

@@ -0,0 +1,31 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-re.name" -}}
+    {{- printf "%s-%s" (include "cf-runtime.name" .) "re" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-re.fullname" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "re" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-re.labels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: runtime
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-re.selectorLabels" -}}
+{{ include "cf-runtime.selectorLabels" . }}
+codefresh.io/application: runtime
+{{- end }}

charts/cf-runtime/templates/re/codefresh-certs-server-secret.re.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+type: Opaque
+kind: Secret
+metadata:
+  {{/* has to be a constant */}}
+  name: codefresh-certs-server
+  labels: {{- include "cf-re.labels" . | nindent 4 }}
+data:
+  server-cert.pem: {{ .Values.global.keys.serverCert | b64enc }}
+  server-key.pem: {{ .Values.global.keys.key | b64enc }}
+  ca.pem: {{ .Values.global.keys.ca | b64enc }}
+

charts/cf-runtime/templates/re/dind-daemon-conf.re.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  {{/* has to be a constant */}}
+  name: codefresh-dind-config
+data:
+  daemon.json: |
+    {
+      "hosts": [ "unix:///var/run/docker.sock",
+                 "tcp://0.0.0.0:1300"],
+      "storage-driver": "overlay2",
+      "tlsverify": true,
+      "tls": true,
+      "tlscacert": "/etc/ssl/cf-client/ca.pem",
+      "tlscert": "/etc/ssl/cf/server-cert.pem",
+      "tlskey": "/etc/ssl/cf/server-key.pem",
+      "insecure-registries" : ["192.168.99.100:5000"],
+      "metrics-addr" : "0.0.0.0:9323",
+      "experimental" : true
+    }

charts/cf-runtime/templates/re/dind-headless-service.re.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: dind
+  {{/* has to be a constant */}}
+  name: dind
+spec:
+  ports:
+  - name: "dind-port"
+    port: 1300
+    protocol: TCP
+
+  # This is a headless service, Kubernetes won't assign a VIP for it.
+  # *.dind.default.svc.cluster.local
+  clusterIP: None
+  selector:
+    app: dind

charts/cf-runtime/templates/re/service-account.re.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{/* has to be a constant */}}
+  name: codefresh-engine
+  labels: {{- include "cf-re.labels" . | nindent 4 }}

charts/cf-runtime/templates/venona/_helpers.tpl

@@ -0,0 +1,35 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-venona.name" -}}
+    {{- printf "%s-%s" (include "cf-runtime.name" .) "venona" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-venona.fullname" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "venona" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-venona.labels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: venona
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-venona.selectorLabels" -}}
+{{ include "cf-runtime.selectorLabels" . }}
+codefresh.io/application: venona
+{{- end }}
+
+{{- define "cf-venona.docker-image" -}}
+{{- .Values.venona.image }}
+{{- end }}

charts/cf-runtime/templates/venona/deployment.venona.yaml

@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cf-venona.fullname" . }}
+  labels: {{- include "cf-venona.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels: {{- include "cf-venona.selectorLabels" . | nindent 6 }}
+  replicas: 1
+  revisionHistoryLimit: 5
+  strategy:
+    rollingUpdate:
+      maxSurge: 50%
+      maxUnavailable: 50%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels: {{- include "cf-venona.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "cf-venona.fullname" . }}
+      {{/*      {{ if ne .Values.nodeSelector "" }}*/}}
+      {{/*      nodeSelector:*/}}
+      {{/*      {{ .Values.NodeSelector | nodeSelectorParamToYaml | indent 8 | unescape }}*/}}
+      {{/*      {{ end }}*/}}
+      {{/*      tolerations:*/}}
+      {{/*      {{ toYaml .Values.Tolerations | indent 8 | unescape }}*/}}
+      containers:
+        - name: venona
+          env:
+            {{/*            {{- if .Values.EnvVars }}*/}}
+            {{/*            {{- range $key, $value := .Values.EnvVars }}*/}}
+            {{/*            - name: {{ $key }}*/}}
+            {{/*              value: "{{ $value}}"*/}}
+            {{/*            {{- end}}*/}}
+            {{/*            {{- end}}*/}}
+            {{/*            {{- if .Values.AdditionalEnvVars }}*/}}
+            {{/*            {{- range $key, $value := .Values.AdditionalEnvVars }}*/}}
+            {{/*            - name: {{ $key }}*/}}
+            {{/*              value: "{{ $value}}"*/}}
+            {{/*            {{- end}}*/}}
+            {{/*            {{- end}}*/}}
+            - name: SELF_DEPLOYMENT_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: CODEFRESH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "cf-venona.fullname" . }}
+                  key: codefresh.token
+            - name: CODEFRESH_IN_CLUSTER_RUNTIME
+              value: {{ .Values.global.runtimeName }}
+            - name: CODEFRESH_HOST
+              value: {{ .Values.global.codefreshHost }}
+            - name: AGENT_MODE
+              value: InCluster
+            - name: "AGENT_ID" {{/* agent name */}}
+              value: {{ .Values.global.agentName }}
+            {{- if ne .Values.dockerRegistry "" }}
+            - name: DOCKER_REGISTRY
+              value: {{ .Values.dockerRegistry }}
+            {{- end }}
+            {{- if .Values.newRelicLicense }}
+            - name: NEWRELIC_LICENSE_KEY
+              value: {{ .Values.newRelicLicense }}
+          {{- end }}
+          image: {{ include "cf-venona.docker-image" . }}
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+            periodSeconds: 5
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 5
+          {{/*          volumeMounts:*/}}
+          {{/*            - name: runnerconf*/}}
+          {{/*              mountPath: "/etc/secrets"*/}}
+          {{/*              readOnly: true*/}}
+          imagePullPolicy: Always
+      {{/*          resources: {{ toYaml .Values.Runner.resources | nindent 10 /* todo capital change  }}*/}}
+      securityContext:
+        runAsUser: 10001
+        runAsGroup: 10001
+        fsGroup: 10001
+      restartPolicy: Always