From 0ca54829463b0b739ca2e2e6fc6d9c77bae6c3ba Mon Sep 17 00:00:00 2001
From: Igor Gov <iggvrv@gmail.com>
Date: Mon, 10 Jan 2022 10:26:57 +0200
Subject: [PATCH] Helm chart for installing mizu standalone (#609)

---
 deploy/kubernetes/helm-chart/.helmignore      |  23 ++++
 deploy/kubernetes/helm-chart/Chart.yaml       |   7 +
 .../templates/PersistentVolumeClaim.yaml      |  13 ++
 .../helm-chart/templates/clusterRole.yaml     |  30 ++++
 .../helm-chart/templates/configmap.yaml       |   8 ++
 .../helm-chart/templates/deployment.yaml      | 128 ++++++++++++++++++
 .../kubernetes/helm-chart/templates/role.yaml |  29 ++++
 .../helm-chart/templates/service.yaml         |  14 ++
 .../helm-chart/templates/serviceAccount.yaml  |   7 +
 deploy/kubernetes/helm-chart/values.yaml      |  51 +++++++
 10 files changed, 310 insertions(+)
 create mode 100644 deploy/kubernetes/helm-chart/.helmignore
 create mode 100644 deploy/kubernetes/helm-chart/Chart.yaml
 create mode 100644 deploy/kubernetes/helm-chart/templates/PersistentVolumeClaim.yaml
 create mode 100644 deploy/kubernetes/helm-chart/templates/clusterRole.yaml
 create mode 100644 deploy/kubernetes/helm-chart/templates/configmap.yaml
 create mode 100644 deploy/kubernetes/helm-chart/templates/deployment.yaml
 create mode 100644 deploy/kubernetes/helm-chart/templates/role.yaml
 create mode 100644 deploy/kubernetes/helm-chart/templates/service.yaml
 create mode 100644 deploy/kubernetes/helm-chart/templates/serviceAccount.yaml
 create mode 100644 deploy/kubernetes/helm-chart/values.yaml

diff --git a/deploy/kubernetes/helm-chart/.helmignore b/deploy/kubernetes/helm-chart/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/deploy/kubernetes/helm-chart/Chart.yaml b/deploy/kubernetes/helm-chart/Chart.yaml
new file mode 100644
index 000000000..0dbe9a6dc
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: mizuhelm
+description: Mizu helm chart for Kubernetes
+type: application
+version: 0.1.1
+kubeVersion: ">= 1.16.0-0"
+appVersion: "0.21.29"
diff --git a/deploy/kubernetes/helm-chart/templates/PersistentVolumeClaim.yaml b/deploy/kubernetes/helm-chart/templates/PersistentVolumeClaim.yaml
new file mode 100644
index 000000000..80f7bbafa
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/templates/PersistentVolumeClaim.yaml
@@ -0,0 +1,13 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ .Values.volumeClaim.name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    limits:
+      storage: 700M
+    requests:
+      storage: 700M
diff --git a/deploy/kubernetes/helm-chart/templates/clusterRole.yaml b/deploy/kubernetes/helm-chart/templates/clusterRole.yaml
new file mode 100644
index 000000000..c8bc10574
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/templates/clusterRole.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.rbac.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    mizu-cli-version: {{ .Chart.AppVersion }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+  - apiGroups: [ "", "extensions", "apps" ]
+    resources: [ "endpoints", "pods", "services", "namespaces" ]
+    verbs: [ "get", "list", "watch" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Values.rbac.roleBindingName }}
+  labels:
+    mizu-cli-version: {{ .Chart.AppVersion }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccountName }}
+    namespace: {{ .Release.Namespace }}
+  {{- end -}}
diff --git a/deploy/kubernetes/helm-chart/templates/configmap.yaml b/deploy/kubernetes/helm-chart/templates/configmap.yaml
new file mode 100644
index 000000000..179985f79
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/templates/configmap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.configMap.name }}
+  namespace: {{ .Release.Namespace }}
+data:
+  mizu-config.json: >-
+    {"maxDBSizeBytes":200000000,"agentImage":"{{ .Values.container.tapper.image.repository }}:{{ .Values.container.tapper.image.tag }}","pullPolicy":"Always","logLevel":4,"tapperResources":{"CpuLimit":"750m","MemoryLimit":"1Gi","CpuRequests":"50m","MemoryRequests":"50Mi"},"mizuResourceNamespace":"{{ .Release.Namespace }}","agentDatabasePath":"/app/data/","standaloneMode":true}
diff --git a/deploy/kubernetes/helm-chart/templates/deployment.yaml b/deploy/kubernetes/helm-chart/templates/deployment.yaml
new file mode 100644
index 000000000..b09fcf975
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/templates/deployment.yaml
@@ -0,0 +1,128 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.pod.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ .Values.pod.name }}
+spec:
+  replicas: {{ .Values.deployment.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ .Values.pod.name }}
+  template:
+    metadata:
+      name: {{ .Values.pod.name }}
+      creationTimestamp: null
+      labels:
+        app: {{ .Values.pod.name }}
+    spec:
+      volumes:
+        - name: {{ .Values.configMap.name }}
+          configMap:
+            name: {{ .Values.configMap.name }}
+            defaultMode: 420
+        - name: {{ .Values.volumeClaim.name }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.volumeClaim.name }}
+      containers:
+        - name: {{ .Values.pod.name }}
+          image: "{{ .Values.container.mizuAgent.image.repository }}:{{ .Values.container.mizuAgent.image.tag | default .Chart.AppVersion }}"
+          command:
+            - ./mizuagent
+            - '--api-server'
+          env:
+            - name: SYNC_ENTRIES_CONFIG
+            - name: LOG_LEVEL
+              value: INFO
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          volumeMounts:
+            - name: {{ .Values.configMap.name }}
+              mountPath: /app/config/
+            - name: {{ .Values.volumeClaim.name }}
+              mountPath: /app/data/
+          livenessProbe:
+            httpGet:
+              path: /echo
+              port: {{ .Values.pod.port }}
+              scheme: HTTP
+            initialDelaySeconds: 1
+            timeoutSeconds: 1
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: Always
+        - name: {{ .Values.container.basenine.name }}
+          image: "{{ .Values.container.basenine.image.repository }}:{{ .Values.container.basenine.image.tag | default .Chart.AppVersion }}"
+          command:
+            - /basenine
+          args:
+            - '-addr'
+            - 0.0.0.0
+            - '-port'
+            - '9099'
+            - '-persistent'
+          workingDir: /app/data/
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          volumeMounts:
+            - name: {{ .Values.configMap.name }}
+              mountPath: /app/config/
+            - name: {{ .Values.volumeClaim.name }}
+              mountPath: /app/data/
+          readinessProbe:
+            tcpSocket:
+              port: 9099
+            timeoutSeconds: 1
+            periodSeconds: 1
+            successThreshold: 1
+            failureThreshold: 3
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: Always
+        - name: kratos
+          image: "{{ .Values.container.kratos.image.repository }}:{{ .Values.container.kratos.image.tag | default .Chart.AppVersion }}"
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          volumeMounts:
+            - name: {{ .Values.configMap.name }}
+              mountPath: /app/config/
+            - name: {{ .Values.volumeClaim.name }}
+              mountPath: /app/data/
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 4433
+              scheme: HTTP
+            timeoutSeconds: 1
+            periodSeconds: 1
+            successThreshold: 1
+            failureThreshold: 3
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: Always
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 0
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: {{ .Values.serviceAccountName }}
+      serviceAccount: {{ .Values.serviceAccountName }}
+      securityContext: { }
+      schedulerName: default-scheduler
diff --git a/deploy/kubernetes/helm-chart/templates/role.yaml b/deploy/kubernetes/helm-chart/templates/role.yaml
new file mode 100644
index 000000000..fbe8d73bb
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/templates/role.yaml
@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Values.roleName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    mizu-cli-version: {{ .Chart.AppVersion }}
+rules:
+  - apiGroups: [ "apps" ]
+    resources: [ "daemonsets" ]
+    verbs: [ "patch", "get", "list", "create", "delete" ]
+  - apiGroups: [ "events.k8s.i" ]
+    resources: [ "events" ]
+    verbs: [ "list", "watch" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Values.roleBindingName }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Values.roleName }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccountName }}
+    namespace: {{ .Release.Namespace }}
+---
diff --git a/deploy/kubernetes/helm-chart/templates/service.yaml b/deploy/kubernetes/helm-chart/templates/service.yaml
new file mode 100644
index 000000000..a9792532b
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/templates/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.service.name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: api
+      port: {{ .Values.service.port }}
+      targetPort: {{ .Values.pod.port }}
+      protocol: TCP
+  selector:
+    app: {{ .Values.pod.name }}
diff --git a/deploy/kubernetes/helm-chart/templates/serviceAccount.yaml b/deploy/kubernetes/helm-chart/templates/serviceAccount.yaml
new file mode 100644
index 000000000..9c4283dba
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/templates/serviceAccount.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccountName }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    mizu-cli-version: {{ .Chart.AppVersion }}
diff --git a/deploy/kubernetes/helm-chart/values.yaml b/deploy/kubernetes/helm-chart/values.yaml
new file mode 100644
index 000000000..3beb7b3c4
--- /dev/null
+++ b/deploy/kubernetes/helm-chart/values.yaml
@@ -0,0 +1,51 @@
+# Default values for mizu.
+rbac:
+  create: true
+  name: "mizu-cluster-role"
+  roleBindingName: "mizu-role-binding"
+
+serviceAccountName: "mizu-service-account"
+
+roleName: "mizu-role-daemon"
+roleBindingName: "mizu-role-binding-daemon"
+
+service:
+  name: "mizu-api-server"
+  type: ClusterIP
+  port: 80
+
+pod:
+  name: "mizu-api-server"
+  port: 8899
+
+container:
+  mizuAgent:
+    image:
+      repository: "709825985650.dkr.ecr.us-east-1.amazonaws.com/up9/mizufree"
+      tag: "0.21.29"
+  tapper:
+    image:
+      repository: "709825985650.dkr.ecr.us-east-1.amazonaws.com/up9/mizufree"
+      tag: "0.21.29"
+  basenine:
+    name: "basenine"
+    port: 9099
+    image:
+      repository: "709825985650.dkr.ecr.us-east-1.amazonaws.com/up9/basenine"
+      tag: "v0.2.26"
+  kratos:
+    name: "kratos"
+    port: 4433
+    image:
+      repository: "709825985650.dkr.ecr.us-east-1.amazonaws.com/up9/kratos"
+      tag: "0.0.0"
+
+deployment:
+  replicaCount: 1
+
+configMap:
+  name: "mizu-config"
+
+volumeClaim:
+  create: true
+  name: "mizu-volume-claim"