Bring our own GUAC helm charts.

Update DEVELOPING.md for helmstuff.

deploy/k8s/DEVELOPING.md

@@ -11,12 +11,12 @@ helm dependency update chart/
 ## Linting Helm charts
 
 ```shell
-helm lint chart/ -f chart/staging.yaml
-helm lint chart/ -f chart/prod.yaml
+helm lint ./chart -f ./chart/trustification.dev/staging.yaml
+helm lint ./chart -f ./chart/trustification.dev/prod.yaml
 ```
 
 ## Find that whitespace
 
 ```shell
 helm template --debug chart/ -f chart/staging.yaml # or prod.yaml
-```
+```

deploy/k8s/chart/Chart.lock

@@ -1,9 +1,9 @@
 dependencies:
-- name: guac
-  repository: https://kusaridev.github.io/helm-charts
-  version: 0.1.5
+- name: nats
+  repository: https://nats-io.github.io/k8s/helm/charts/
+  version: 0.19.17
 - name: keycloak
   repository: https://charts.bitnami.com/bitnami
   version: 15.1.7
-digest: sha256:70d59bdebe62cdb1b75bb771c72fd7ac3de90905eee01a9c4cea3e18232486a2
-generated: "2023-09-07T15:51:43.133399574+02:00"
+digest: sha256:c60f0e6894cae8871a536c85ad3821775e905f3d3e99c1092a5f3fbacbf2f918
+generated: "2023-09-26T13:37:42.639028-04:00"

deploy/k8s/chart/Chart.yaml

@@ -7,9 +7,9 @@ version: 0.1.0
 appVersion: "1.16.0"
 
 dependencies:
-- name: guac
-  version: "0.1.x"
-  repository: "https://kusaridev.github.io/helm-charts"
+- name: nats
+  version: "~0.19.12"
+  repository: "https://nats-io.github.io/k8s/helm/charts/"
   condition: guac.enabled
 - name: keycloak
   version: "=15.1.7"

deploy/k8s/chart/templates/collectorist/api/030-Deployment.yaml

@@ -43,9 +43,9 @@ spec:
             - "-p"
             - "8080"
             - "--csub-url"
-            - "http://collectsub:2782"
+            - "http://guac-collectsub:2782"
             - "--guac-url"
-            - "http://graphql-server:8080/query"
+            - "http://guac-graphql:8080/query"
             - "--auth-configuration"
             - "/etc/config/auth.yaml"
             - "--storage-base"

deploy/k8s/chart/templates/exhort/api/030-Deployment.yaml

@@ -60,7 +60,7 @@ spec:
             - name: V11Y_URL
               value: "https://v11y-api.$(NAMESPACE).svc"
             - name: GUAC_URL
-              value: "http://graphql-server:8080/query"
+              value: "http://guac-graphql:8080/query"
             {{ include "trustification.authentication-client" ( dict "root" . "clientId" "walker" ) | nindent 12 }}
           volumeMounts:
             - mountPath: /etc/config

deploy/k8s/chart/templates/guac/collectsub/030-Deployment.yaml

@@ -0,0 +1,58 @@
+{{ if .Values.guac.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: guac-collectsub
+  labels:
+    app.kubernetes.io/name: guac-collectsub
+    app.kubernetes.io/component: collectsub
+    app.kubernetes.io/part-of: trustification
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: guac-collectsub
+      app.kubernetes.io/component: collectsub
+      app.kubernetes.io/part-of: trustification
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: guac-collectsub
+        app.kubernetes.io/component: api
+        app.kubernetes.io/part-of: trustification
+        metrics: "true"
+      annotations:
+        config/checksum: {{ include (print $.Template.BasePath "/config/020-ConfigMap.yaml") . | sha256sum }}
+    spec:
+      volumes:
+        - name: config
+          configMap:
+            name: {{ .Values.config.name }}
+        - name: guac-config
+          configMap:
+            name: guac-cm
+        {{ include "trustification.http-server-volumes" (dict "root" . "appName" "guac-collectsub") | nindent 8 }}
+      containers:
+        - image: {{ .Values.guacImage }}
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          name: service
+          command: ["/opt/guac/guaccsub"]
+          args: []
+          workingDir: "/guac"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{ include "trustification.http-server" . | nindent 12 }}
+          volumeMounts:
+            - name: guac-config
+              mountPath: /guac
+              readOnly: true
+            - mountPath: /etc/config
+              name: config
+            {{ include "trustification.http-server-volume-mounts" . | nindent 12 }}
+          ports:
+            - containerPort: 2782
+              protocol: TCP
+{{ end }}

deploy/k8s/chart/templates/guac/collectsub/040-Service.yaml

@@ -0,0 +1,23 @@
+{{ if .Values.guac.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: guac-collectsub
+    app.kubernetes.io/component: collectsub
+    app.kubernetes.io/part-of: trustification
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: guac-collectsub-tls
+  name: guac-collectsub
+spec:
+  ports:
+  - name: endpoint
+    port: 2782
+    protocol: TCP
+    targetPort: 2782
+  selector:
+    app.kubernetes.io/name: guac-collectsub
+    app.kubernetes.io/component: collectsub
+    app.kubernetes.io/part-of: trustification
+  type: ClusterIP
+{{ end }}

deploy/k8s/chart/templates/guac/config/020-ConfigMap.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: guac-cm
+  labels:
+    app.kubernetes.io/name: guac-cm
+    app.kubernetes.io/component: cm
+    app.kubernetes.io/part-of: trustification
+data:
+  guac.yaml: |
+
+    # Nats setup
+    nats-addr: nats://trustification-nats.{{ $.Release.Namespace }}.svc:4222
+
+    # CSub setup
+    csub-addr: "guac-collectsub.{{ $.Release.Namespace }}.svc.cluster.local:2782"
+    csub-listen-port: 2782
+
+    # GQL setup
+    gql-backend: inmem
+    gql-listen-port: 8080
+    gql-debug: {{ $.Values.guac.graphql.debug }}
+    gql-test-data: false
+    gql-addr: http://guac-graphql.{{ $.Release.Namespace }}.svc:8080/query
+
+    # Collector behavior
+    service-poll: false
+    use-csub: true

deploy/k8s/chart/templates/guac/graphql/030-Deployment.yaml

@@ -0,0 +1,58 @@
+{{ if .Values.guac.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: guac-graphql
+  labels:
+    app.kubernetes.io/name: guac-graphql
+    app.kubernetes.io/component: graphql
+    app.kubernetes.io/part-of: trustification
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: guac-graphql
+      app.kubernetes.io/component: graphql
+      app.kubernetes.io/part-of: trustification
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: guac-graphql
+        app.kubernetes.io/component: api
+        app.kubernetes.io/part-of: trustification
+        metrics: "true"
+      annotations:
+        config/checksum: {{ include (print $.Template.BasePath "/config/020-ConfigMap.yaml") . | sha256sum }}
+    spec:
+      volumes:
+        - name: config
+          configMap:
+            name: {{ .Values.config.name }}
+        - name: guac-config
+          configMap:
+            name: guac-cm
+        {{ include "trustification.http-server-volumes" (dict "root" . "appName" "guac-graphql") | nindent 8 }}
+      containers:
+        - image: {{ .Values.guacImage }}
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          name: service
+          command: ["/opt/guac/guacgql"]
+          args: []
+          workingDir: "/guac"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{ include "trustification.http-server" . | nindent 12 }}
+          volumeMounts:
+            - name: guac-config
+              mountPath: /guac
+              readOnly: true
+            - mountPath: /etc/config
+              name: config
+            {{ include "trustification.http-server-volume-mounts" . | nindent 12 }}
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+{{ end }}

deploy/k8s/chart/templates/guac/graphql/040-Service.yaml

@@ -0,0 +1,23 @@
+{{ if .Values.guac.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/name: guac-graphql
+    app.kubernetes.io/component: graphql
+    app.kubernetes.io/part-of: trustification
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: guac-graphql-tls
+  name: guac-graphql
+spec:
+  ports:
+  - name: endpoint
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app.kubernetes.io/name: guac-graphql
+    app.kubernetes.io/component: graphql
+    app.kubernetes.io/part-of: trustification
+  type: ClusterIP
+{{ end }}

deploy/k8s/chart/templates/guac/050-Route.yaml → deploy/k8s/chart/templates/guac/graphql/050-Route.yaml

@@ -3,10 +3,10 @@ apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
   labels:
-    app.kubernetes.io/name: quac-graphql-server
-    app.kubernetes.io/component: graphql-server
+    app.kubernetes.io/name: quac-graphql
+    app.kubernetes.io/component: graphql
     app.kubernetes.io/part-of: trustification
-  name: quac-graphql-server
+  name: quac-graphql
 spec:
   host: "guac-gql.{{ .Values.domain }}"
   tls:

deploy/trustification.dev/staging.yaml

@@ -3,6 +3,7 @@ trustImage: ghcr.io/trustification/trust
 uiImage: ghcr.io/trustification/trust-ui
 docsImage: ghcr.io/trustification/trust-docs
 testsImage: ghcr.io/trustification/trust-tests
+guacImage: ghcr.io/xkcd-2347/guac:v0.1.0-nightly.20230907
 domain: staging.trustification.dev
 replicas: 1
 imagePullPolicy: IfNotPresent
@@ -156,6 +157,8 @@ oidcClients:
           key: client-secret
 guac:
   enabled: true
+  graphql:
+    debug: true
 keycloak:
   enabled: true
   production: true