phase1 - Helm Chart

[shay-berman]

Description
Provide a basic helm chart for ubiqutiy instead of the the original ubiquity_installer.sh script.
Its just the first step to word a fully function helm chart, so its just the phase1. This phase1 will have some limitations to operation - some manual operations needed to be done before install or uninstall.

Note: this PR description below was up to date, so it has the right instruction for ubiquity helm chart tech preview for v2.0.0.

helm chart tree
├── IBM_Spectrum_Connect_icon.png
└── ibm_storage_enabler_for_containers
├── charts
├── Chart.yaml
├── myvalues.yaml
├── README.md
├── templates
│   ├── NOTES.txt
│   ├── scbe-credentials-secret.yml
│   ├── spectrumscale-credentials-secret.yml
│   ├── storage-class-spectrumscale.yml
│   ├── storage-class.yml
│   ├── ubiquity-configmap.yml
│   ├── ubiquity-db-credentials-secret.yml
│   ├── ubiquity-db-deployment.yml
│   ├── ubiquity-db-pvc.yml
│   ├── ubiquity-db-service.yml
│   ├── ubiquity-deployment.yml
│   ├── ubiquity-k8s-flex-daemonset.yml
│   ├── ubiquity-k8s-provisioner-clusterrolebindings.yml
│   ├── ubiquity-k8s-provisioner-clusterroles.yml
│   ├── ubiquity-k8s-provisioner-deployment.yml
│   ├── ubiquity-k8s-provisioner-serviceaccount.yml
│   └── ubiquity-service.yml
└── values.yaml

Limitations for the phase1 helm chart:

1. Before install the helm, you need to create ubiqutiy service and namespace objects (automatic set the service IP in the values will be done in later PR)
2. Before uninstall the helm, you need to delete manually the ubiquity-db and ubiqutiy-db-pvc (Using fixed order for uninstall will be done in later PR)
3. The helm install will take 1minutes because the provisioner deployment gets up before ubiqutiy deployment. (it will be fixed in later PR)
4. helm sanity is not included in this PR (will be done in later PR)
5. The helm include only Spectrum Connect backend support. Scale support will be added in later PR.
6. k8s config file provided as a file in the helm directory (will be done in later PR as service account.)

values.yaml
This file is basically like the old ubiqutiy_installer.conf file, but with helm like standard and with better separation and canonization of the keys.

• All the Spectrum Connect ubiqutiy backend settings are under "spectrumConnect" key.
• All the generic part of ubiquity framework settings are under the "genericConfig" key.
• All the image names are under "images" key.

Here is how to use this phase1 ubiquity helm chart:
======================================
#On the master node do the following:

# Pre requisites before installation

#copy helm chart 
export HOST=<host where you can find the ubiquity-k8s repository>
cd /var/tmp
scp -r $HOST/ubiquity-k8s/helm_chart /var/tmp/
 
#create ubiqutiy namespace (in order to create the ubiqutiy service for getting the IP in advance for the flex deamonset)

cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Namespace
metadata:
  name: ubiquity
  labels:
     product: ibm-storage-enabler-for-containers
EOF

cat <<EOF | kubectl create -n ubiquity -f -
apiVersion: v1
kind: Service
metadata:
  name: ubiquity
  labels:
    app: ubiquity
    product: ibm-storage-enabler-for-containers
spec:
  ports:
    - port: 9999
      protocol: TCP
      targetPort: 9999
  selector:
    app: ubiquity
EOF

kubectl get svc -n ubiquity

#update values.yaml with the right values + the IP of the ubiqutiy service (ubiquityIpAddress)
vi /var/tmp/helm_chart/ibm_storage_enabler_for_containers/values.yaml

# Installation phase:
#-----------------------------

helm install ./ibm_storage_enabler_for_containers -f ./ibm_storage_enabler_for_containers/myvalues.yaml  --name ubiquity --namespace ubiquity
#NOTE: it will take 2 minutes because the provision stuck first due to ubiqutiy service is not up yet.  So to avoid waiting, one can just kill the provisioner pod so it will start again and succeed.  if needed you can wait just 2 minute and it will go up.
helm ls 
helm status ubiquity
#wait until status is OK and all pods up

# tear down:
#-------------------
#Because in helm phase1 there is no uninstall dependancies, then one should do the followign steps to uninstall ubiqutiy helm:

kubectl delete deploy/ubiquity-db -n ubiquity		# to avoid zomby db deployment in terminating state
#wait until ubiquity-db pod is down :  kubectl get -n ubiquity deploy/ubiquity-db

kubectl delete -n ubiquity pvc/ibm-ubiquity-db			    # to avod zomby pv object
#wait until pvc deleted    : kubectl get -n ubiquity pvc/ibm-ubiquity-db

helm delete --purge ubiquity
kubectl delete svc -n ubiquity ubiquity
kubectl delete ns ubiquity

---

This change is 

[matt-levan]

Reviewed 18 of 18 files at r1.
Reviewable status: complete! all files reviewed, all discussions resolved

[27149chen]

NOTES.txt should be inside templates folder

[27149chen]

Done

[matt-levan]

This looks to be a good starting point for getting a working helm chart.

[matt-levan]

Reviewed 6 of 7 files at r2.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on @27149chen)

[shay-berman]

1. I update the description of the PR with more details
2. Just added also sslMode=verify-full support by using if statement in the helm charts for automatically add dedicated secrets if verify-full seted. So please if you can review it as well.
3. Fixed the NOTES.txt file (per code review comment)

Reviewable status: 12 of 17 files reviewed, 2 unresolved discussions (waiting on @matt-levan and @27149chen)

---

helm_chart/ibm_storage_enabler_for_containers/values.yaml, line 26 at r2 (raw file):

Previously, 27149chen wrote…

instanceName is confusing, it is a prefix, what about something like "volumePrefix"?

I agree that instanceName is not self explanatory, and volumePrefix could be an alternative.
For now lets keep it instanceName, and raise this aspect in the design so we will talk about it.
I am not sure i want to change it to volumePrefix, because it may confuse inside the templates (which hard to change in order to keep backword compatibility).
But let talk about it offline.

---

helm_chart/ibm_storage_enabler_for_containers/templates/ubiquity-db-service.yml, line 5 at r2 (raw file):

Previously, 27149chen wrote…

There are some standard labels that recommended by helm, we'd better add them for every resource, see https://docs.helm.sh/chart_best_practices/#standard-labels

sure
please add relevant labels in later PRs as needed.
I believe you should add release + chart labels.

[shay-berman]

Thanks @matt-levan
I also added support for dedicated certificates in the commit 0e9a429. Please review it as well and provide your feedback.

[matt-levan]

[27149chen]

lgtm

[matt-levan]

Successfully tested with IBM Cloud Private 3.1.0 and ubiquity images 1.2.0 by following the instructions associated with PR #213.