[ ADD ] : Scylladb helm chart(#47)

Author: jaya-kops

charts/scylladb/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Helm chart for deploying ScyllaDB
+name: scylladb
+version: 0.0.1
+icon: "https://zop.dev/logo.png"
+maintainers:
+  - name: ZopDev
+    url: zop.dev

charts/scylladb/templates/configmap.yaml

@@ -0,0 +1,13 @@
+{{- range $index, $service := .Values.services }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name }}-scylladb-configmap
+  namespace: {{ $.Release.Namespace }}
+data:
+  SCYLLADB_HOST: {{ $.Release.Name }}-scylladb
+  SCYLLADB_KEYSPACE: "{{ $service.database }}" 
+  SCYLLADB_PORT: "9042"
+  SCYLLADB_USERNAME: "{{ $service.name }}-user"
+---
+{{- end }}

charts/scylladb/templates/database-pod.yaml

@@ -0,0 +1,35 @@
+{{- range $index, $service := .Values.services }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ $.Release.Name }}-{{ $service.name }}-scylladb-init
+  namespace: {{ $.Release.Namespace }}
+spec:
+  containers:
+    - name: scylladb-init
+      image: {{ $.Values.image }}
+      command:
+        - /bin/bash
+        - -c
+        - |
+          until cqlsh -u superuser -p $SCYLLADB_PASSWORD {{ $.Release.Name }}-scylladb; do
+            echo "Waiting for ScyllaDB to be ready..."
+            sleep 5
+          done
+          cqlsh -u superuser -p $SCYLLADB_PASSWORD {{ $.Release.Name }}-scylladb -e "SOURCE '/etc/config/init-schema.cql';"
+      env:
+        - name: SCYLLADB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ $.Release.Name }}-scylladb-database-secret
+              key: pod_password
+      volumeMounts:
+        - name: script-volume
+          mountPath: /etc/config
+  volumes:
+    - name: script-volume
+      configMap:
+        name: {{ $.Release.Name }}-{{ $service.name }}-init-script
+  restartPolicy: OnFailure
+---
+{{- end}}

charts/scylladb/templates/database-secret.yaml

@@ -0,0 +1,11 @@
+{{- range $index, $service := .Values.services }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $.Release.Name }}-{{ $service.database }}-{{ $service.name}}-scylladb-database-secret
+  namespace: {{ $.Release.Namespace }}
+type: Opaque
+data:
+  SCYLLADB_PASSWORD: {{  $service.password | b64enc }}
+---
+{{- end }}

charts/scylladb/templates/init-script-config-map.yaml

@@ -0,0 +1,16 @@
+{{- range $index, $service := .Values.services }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $.Release.Name }}-{{ $service.name }}-init-script
+  namespace: {{ $.Release.Namespace }}
+data:
+  init-schema.cql: |
+    CREATE KEYSPACE IF NOT EXISTS "{{ $service.database }}"
+    WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 3};
+
+    USE "{{ $service.database }}";
+    CREATE ROLE IF NOT EXISTS "{{ $service.name }}-user" WITH PASSWORD = '{{ $service.password }}' AND LOGIN = true;
+    GRANT ALL PERMISSIONS ON KEYSPACE "{{ $service.database }}" TO "{{ $service.name }}-user";
+---
+{{- end }}

charts/scylladb/templates/secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $.Release.Name }}-scylladb-database-secret
+  namespace: {{ .Release.Namespace }}
+type: Opaque
+data:
+  pod_password: {{ .Values.scylladbRootPassword | b64enc }}

charts/scylladb/templates/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $.Release.Name }}-scylladb
+  labels:
+    app: {{ $.Release.Name }}-scylladb
+spec:
+  type: ClusterIP
+  clusterIP: None
+  ports:
+    - port: 9042
+      targetPort: 9042
+  selector:
+    app: {{ $.Release.Name }}-scylladb

charts/scylladb/templates/statefulset.yaml

@@ -0,0 +1,113 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ $.Release.Name }}-scylladb
+  labels:
+    app: {{ $.Release.Name }}-scylladb
+spec:
+  replicas: 1
+  serviceName: {{ $.Release.Name }}-scylladb
+  selector:
+    matchLabels:
+      app: {{ $.Release.Name }}-scylladb
+  template:
+    metadata:
+      labels:
+        app: {{ $.Release.Name }}-scylladb
+    spec:
+      initContainers:
+        - name: sysctl-tune
+          image: busybox:1.35.0-uclibc
+          command:
+            - "sh"
+            - "-c"
+            - "sysctl -w fs.aio-max-nr=524288"
+          securityContext:
+            privileged: true
+      containers:
+        - name: scylladb
+          image: {{ .Values.image }}
+          imagePullPolicy: {{ .Values.pullPolicy }}
+          command: ["/bin/bash", "-c", "--"]
+          args:
+            - |
+                sed -i "s/#cluster_name: .*/cluster_name: '${CLUSTER_NAME}'/" /etc/scylla/scylla.yaml
+                sed -i 's/# data_file_directories:/data_file_directories:/' /etc/scylla/scylla.yaml
+                sed -i 's/#    - \/var\/lib\/scylla\/data/    - \/var\/lib\/scylla\/data/' /etc/scylla/scylla.yaml
+                sed -i 's/# commitlog_directory: \/var\/lib\/scylla\/commitlog/commitlog_directory: \/var\/lib\/scylla\/commitlog/' /etc/scylla/scylla.yaml
+
+                # Modify the seeds in scylla.yaml by replacing "127.0.0.1" with the SCYLLA_SEEDS value
+                sed -i "s/seeds: \"127.0.0.1\"/seeds: '${SCYLLA_SEEDS}'/" /etc/scylla/scylla.yaml
+
+                # Modify Authenticator and Authorizer
+                sed -i "s/# authenticator: AllowAllAuthenticator/authenticator: '${SCYLLA_AUTHENTICATOR}'/" /etc/scylla/scylla.yaml
+                sed -i "s/# authorizer: AllowAllAuthorizer/authorizer: '${SCYLLA_AUTHORIZER}'/" /etc/scylla/scylla.yaml
+
+                # Modify listen_address to the Helm release name
+                sed -i "s/listen_address: localhost/listen_address: '{{ .Release.Name }}-scylladb-0'/" /etc/scylla/scylla.yaml
+
+                # Modify rpc_address to listen on all interfaces
+                sed -i "s/rpc_address: localhost/rpc_address: '0.0.0.0'/" /etc/scylla/scylla.yaml
+
+                # Set broadcast_rpc_address to Helm release name for correct node discovery
+                sed -i "s/# broadcast_rpc_address: 1.2.3.4/broadcast_rpc_address: '{{ .Release.Name }}-scylladb-0'/" /etc/scylla/scylla.yaml
+
+                # Enable Prometheus metrics on port 9180
+                sed -i 's/# prometheus_port: 9180/prometheus_port: 9180/' /etc/scylla/scylla.yaml
+                # Start ScyllaDB in the background
+                exec /docker-entrypoint.py
+          ports:
+            - containerPort: 9042
+          resources:
+            requests:
+              memory: {{ .Values.resources.requests.memory }}
+              cpu: {{ .Values.resources.requests.cpu }}
+            limits:
+              memory: {{ .Values.resources.limits.memory }}
+              cpu: {{ .Values.resources.limits.cpu }}
+          env:
+            - name: SCYLLA_SEEDS
+              value: "{{ $.Release.Name }}-scylladb-0.{{ $.Release.Name }}-scylladb.{{ $.Release.Namespace }}.svc.cluster.local"
+            - name: SCYLLA_AUTHENTICATOR
+              value: "PasswordAuthenticator"
+            - name: SCYLLA_AUTHORIZER
+              value: "CassandraAuthorizer"
+            - name: CLUSTER_NAME
+              value: "Cluster"
+            - name: SCYLLA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $.Release.Name }}-scylladb-database-secret
+                  key: pod_password
+          livenessProbe:
+            exec:
+              command:
+              - sh
+              - -c
+              - "nodetool status"
+            initialDelaySeconds: 120
+            periodSeconds: 20
+            timeoutSeconds: 15
+            failureThreshold: 3
+          readinessProbe:
+            exec:
+              command:
+              - sh
+              - -c
+              - "nodetool status"
+            initialDelaySeconds: 60
+            periodSeconds: 20
+            timeoutSeconds: 15
+            failureThreshold: 3
+          volumeMounts:
+            - name: {{ $.Release.Name }}-scylla-data
+              mountPath: /var/lib/scylla
+  volumeClaimTemplates:
+    - metadata:
+        name: {{ $.Release.Name }}-scylla-data
+      spec:
+        accessModes: ["ReadWriteOnce"]
+        resources:
+          requests:
+            storage: {{ .Values.diskSize }}
+        storageClassName: standard

charts/scylladb/templates/user-job.yaml

@@ -0,0 +1,29 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ $.Release.Name }}-scylladb-create-superuser
+  namespace: {{ $.Release.Namespace }}
+spec:
+  template:
+    spec:
+      containers:
+        - name: scylla-superuser-creation
+          image: {{ .Values.image }}
+          command:
+            - "/bin/bash"
+            - "-c"
+            - |
+              until cqlsh -u cassandra -p cassandra {{ $.Release.Name }}-scylladb; do
+                echo "Waiting for ScyllaDB to be ready..."
+                sleep 5
+              done
+            
+              cqlsh -u cassandra -p cassandra {{ $.Release.Name }}-scylladb -e "CREATE ROLE superuser WITH PASSWORD = '${SCYLLA_PASSWORD}' AND LOGIN = true AND SUPERUSER = true;"
+              cqlsh -u superuser -p ${SCYLLA_PASSWORD} {{ $.Release.Name }}-scylladb -e "DROP ROLE cassandra;"
+          env:
+            - name: SCYLLA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $.Release.Name }}-scylladb-database-secret
+                  key: pod_password
+      restartPolicy: OnFailure

charts/scylladb/values.yaml

@@ -0,0 +1,19 @@
+image: "scylladb/scylla:latest"
+pullPolicy: IfNotPresent
+
+resources:
+  requests:
+    memory: "1Gi"
+    cpu: "500m"
+  limits:
+    memory: "2Gi"
+    cpu: "1000m"
+
+diskSize: "10Gi"
+
+config:
+  cluster_name: "Cluster"
+
+scylladbRootPassword:
+
+services: