Merge pull request #1 from cardano-foundation/feat/add-cf-eks-baseline

feat: add cf-eks-baseline + cf-idw helm charts

charts/.gitignore

@@ -0,0 +1 @@
+*.tgz

charts/cf-eks-baseline/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/cf-eks-baseline/Chart.lock

@@ -0,0 +1,18 @@
+dependencies:
+- name: traefik
+  repository: https://helm.traefik.io/traefik
+  version: 27.0.2
+- name: external-secrets
+  repository: https://charts.external-secrets.io
+  version: 0.9.16
+- name: metrics-server
+  repository: https://kubernetes-sigs.github.io/metrics-server/
+  version: 3.12.1
+- name: aws-ebs-csi-driver
+  repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
+  version: 2.30.0
+- name: coredns
+  repository: https://coredns.github.io/helm
+  version: 1.29.0
+digest: sha256:a0afe3c31b11b8676c47e5e44ab3ffcfff8e6d4ddcf2b2ba550164412b3cb825
+generated: "2024-04-30T17:47:39.148897+02:00"

charts/cf-eks-baseline/Chart.yaml

@@ -0,0 +1,35 @@
+apiVersion: v2
+name: cf-eks-baseline
+description: A Helm chart for deploying the baseline services to CF's EKS clusters
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+dependencies:
+  - name: traefik
+    version: 27.0.2
+    repository: https://helm.traefik.io/traefik
+    condition: traefik.enabled
+  - name: external-secrets
+    version: 0.9.16
+    repository: https://charts.external-secrets.io
+    condition: external-secrets.enabled
+  - name: metrics-server
+    version: 3.12.1
+    repository: https://kubernetes-sigs.github.io/metrics-server/
+    condition: metrics-server.enabled
+  - name: aws-ebs-csi-driver
+    version: 2.30.0
+    repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
+    condition: aws-ebs-csi-driver.enabled
+  - name: coredns
+    version: 1.29.0
+    repository: https://coredns.github.io/helm
+    condition: coredns.enabled
+  - name: kube-prometheus-stack
+    version: 58.3.1
+    repository: https://prometheus-community.github.io/helm-charts
+    condition: kube-prometheus-stack.enabled
+  - name: nginx
+    version: 16.0.6
+    repository: https://charts.bitnami.com/bitnami
+    condition: nginx.enabled

charts/cf-eks-baseline/values.yaml

@@ -0,0 +1,49 @@
+traefik:
+  enabled: true
+  deployment:
+    enabled: true
+    kind: "DaemonSet"
+  service:
+    type: "NodePort"
+  ports:
+    web:
+      exposed: "false"
+    websecure:
+      nodePort: 30443
+      exposed: "false"
+
+kube-prometheus-stack:
+  enabled: true
+  grafana:
+    plugins:
+      - grafana-singlestat-panel
+    sidecar:
+      alerts:
+        enabled: true
+      datasources:
+        enabled: true
+      notifiers:
+        enabled: true
+
+nginx:
+  enabled: true
+  service:
+    type: ClusterIP
+  serverBlock: |-
+    server {
+      listen 0.0.0.0:8080;
+
+      location / {
+        return 404 "Not Found";
+      }
+
+    }
+
+external-secrets:
+  enabled: true
+metrics-server:
+  enabled: true
+aws-ebs-csi-driver:
+  enabled: true
+coredns:
+  enabled: true

charts/cf-idw/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/cf-idw/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: cf-idw
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1

charts/cf-idw/Dockerfile.initContainer

@@ -0,0 +1,2 @@
+FROM alpine
+RUN apk add --no-cache curl jq bash gettext

charts/cf-idw/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-idw.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-idw.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cf-idw.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-idw.labels" -}}
+helm.sh/chart: {{ include "cf-idw.chart" . }}
+{{ include "cf-idw.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-idw.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cf-idw.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cf-idw.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cf-idw.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/cf-idw/templates/cred-issuance-ingress.yaml

@@ -0,0 +1,36 @@
+{{- $root := .Values -}}
+{{ with .Values.credIssuance }}
+{{- if .ingress.enabled -}}
+{{- $credIssuance := . -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: cred-issuance-ingress
+  labels:
+    app: cred-issuance
+  labels:
+  {{- with .ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  rules:
+    {{- range $host := .ingress.hosts }}
+    - host: {{ $host }}.{{ $root.ingressTLD }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: cred-issuance
+                port:
+                  number: {{ $credIssuance.port | default 3010 }}
+    {{- end }}
+  tls:
+    - hosts:
+    {{- range $host := .ingress.hosts }}
+        - "{{ $host }}.{{ $root.ingressTLD }}"
+    {{- end }}
+{{ end }}
+{{ end }}

charts/cf-idw/templates/cred-issuance-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: cred-issuance
+  name: cred-issuance
+spec:
+  ports:
+    - name: {{ .port | default "3010" | quote }}
+      port: {{ .port | default "3010" }}
+      targetPort: {{ .port | default "3010" }}
+  selector:
+    app: cred-issuance

charts/cf-idw/templates/cred-issuance-statefulset.yaml

@@ -0,0 +1,66 @@
+{{ with .Values.credIssuance }}
+{{ if .enabled }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: cred-issuance
+  name: cred-issuance
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cred-issuance
+  template:
+    metadata:
+      labels:
+        app: cred-issuance
+    spec:
+      restartPolicy: Always
+      {{- if .tolerations }}
+      tolerations:
+        {{ with index .tolerations }}
+{{ toYaml . | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      {{- if .affinity }}
+      affinity:
+        {{ with index .affinity }}
+{{ toYaml . | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      containers:
+        - env:
+            - name: KERIA_BOOT_ENDPOINT
+              value: {{ .keriaBootEndpoint | default "http://keria:3903" }}
+            - name: KERIA_ENDPOINT
+              value: {{ .keriaEndpoint | default "http://keria:3901" }}
+            - name: OOBI_ENDPOINT
+              value: {{ .oobiEndpoint | default "http://keria:3901" }}
+            - name: PORT
+              value: {{ .port | default "3010" | quote }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          name: cred-issuance
+          ports:
+            - containerPort: {{ .port | default 3010 }}
+              hostPort: {{ .port | default 3010 }}
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /usr/local/var/keri
+              name: issuer-server-data
+      volumes:
+        - name: issuer-server-data
+          persistentVolumeClaim:
+            claimName: issuer-server-data
+
+  volumeClaimTemplates:
+    - metadata:
+        name: issuer-server-data
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: {{ .volumeSize | default "1Gi" }}
+
+{{ end }}
+{{ end }}

charts/cf-idw/templates/keria-configmap.yaml

@@ -0,0 +1,25 @@
+{{ with .Values.keria }}
+{{ if .enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: keria-configmap
+data:
+  initContainer-entrypoint.sh: |
+    #!/bin/sh
+    set -e
+    export KERIA_RENDERED_CURLS=$(for keria_curl in ${KERIA_CURLS}; do echo $keria_curl; done | jq -cRn '[inputs]')
+    envsubst < /configmap/backer-oobis.json.tpl > /config/backer-oobis.json
+
+  backer-oobis.json.tpl: |
+    {
+      "dt": "2022-01-20T12:57:59.823350+00:00",
+      "keria": {
+        "dt": "2022-01-20T12:57:59.823350+00:00",
+        "curls": ${KERIA_RENDERED_CURLS}
+      },
+      "iurls": []
+    }
+
+{{ end }}
+{{ end }}