Adding initial helm chart implementation (Work In Progress)

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/README.MD

@@ -0,0 +1,8 @@
+# Best Practices for using Control-M to run a pod to completion in a Kubernetes-based cluster using a Helm chart
+
+| Objective             | Corresponding CLI command                                  |
+|-----------------------|------------------------------------------------------------|
+| Deploy the Agent Locally     | ```helm upgrade -i control-m-agent ./control-m-agent -n controlm -f values.yaml``` |
+| Get details                  | ```kubectl describe job “job name” This returns the pod name.``` |
+| Monitor the job’s pod        | ```kubectl get pod “pod name”```                                 |
+| Get the job output           | ```kubectl logs “pod name”```                                    |

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/control-m-agent/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/control-m-agent/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: control-m-agent
+description: A BMC Control-M Agent Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.0.1"

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/control-m-agent/templates/RBAC.yaml

@@ -0,0 +1,42 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+        type: stateful-service-ctmag-srv
+  name: statefulset-agent
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: statefulset-agent
+  labels:
+        type: stateful-service-ctmag-srv
+rules:
+- apiGroups: [""]
+  resources: ["pods", "pods/log", "pods/status"]
+  verbs: ["get", "list", "create", "update", "patch", "watch", "delete"]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["get", "list", "create", "update", "patch", "watch", "delete"]
+{{- if .Values.runOnOpenShift }}
+- apiGroups: ["security.openshift.io"] 
+  resourceNames: ["anyuid"] 
+  resources: ["securitycontextconstraints"] 
+  verbs: ["use"]
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: statefulset-agent
+  labels:
+        type: stateful-service-ctmag-srv
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: statefulset-agent
+subjects:
+- kind: ServiceAccount
+  name: statefulset-agent
+

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/control-m-agent/templates/pvc.yaml

@@ -0,0 +1,10 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: agent-pvc
+spec:
+  accessModes:
+    - {{ .Values.pvc.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.pvc.volumeSize }}

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/control-m-agent/templates/secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: controlmusercreds
+type: Opaque
+data:
+  AAPI_USER: "{{ .Values.controlM.api.user | b64enc }}"
+  AAPI_PASS: "{{ .Values.controlM.api.pass | b64enc }}"

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/control-m-agent/templates/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ctmag
+spec:
+  clusterIP: None # headless service
+  selector:
+    type: stateful-service-ctmag-srv
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: {{ .Values.controlM.agent.agport }}

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/control-m-agent/templates/stateful.yaml

@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: statefulset-agent
+  labels:
+        type: stateful-service-ctmag-srv
+spec:
+    serviceName: ctmag
+    selector:
+        matchLabels:
+            type: stateful-service-ctmag-srv
+    replicas: {{ .Values.controlM.agent.replicas }} # number of running agents
+    template:
+        metadata:
+            labels:
+                type: stateful-service-ctmag-srv
+        spec:
+          containers:
+          - name: ctmagent-container
+            # container in ECR
+            image: {{ .Values.controlM.agent.image }}
+            env:
+            - name: PERSISTENT_VOL
+              value: "{{ .Values.controlM.volumePath }}"
+            - name: CTM_SERVER_NAME
+              # update value to your Control-M/Server name
+              value: {{ .Values.controlM.serverName }}
+            - name: CTM_AGPORT
+              value: "{{ .Values.controlM.agent.agport }}"
+            - name: AAPI_END_POINT
+              # update value to your AAPI end point
+              value: "{{ .Values.controlM.api.endpoint }}"
+            - name: AAPI_USER
+              valueFrom:
+                secretKeyRef:
+                  name: controlmusercreds
+                  key: AAPI_USER
+            - name: AAPI_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: controlmusercreds
+                  key: AAPI_PASS
+            imagePullPolicy: {{ .Values.controlM.agent.pullPolicy }}
+            ports:
+            - containerPort: {{ .Values.controlM.agent.agport }}
+            volumeMounts:
+              - name: pv-data
+                mountPath: "{{ .Values.controlM.volumePath }}"
+          terminationGracePeriodSeconds: 10
+    #      This sample is pulling the container from ECR. DockerHub is using imagePullSecret
+    #      imagePullSecrets:
+    #      - name: regcred
+    #     See example_RBC.yaml for sample RBC Configuration
+          serviceAccountName: statefulset-agent
+          securityContext:
+            # the agent account gid so it will be able to access the PV
+            fsGroup: 1000
+          volumes:
+            - name: pv-data
+              persistentVolumeClaim:
+                claimName: agent-pvc

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/control-m-agent/values.yaml

@@ -0,0 +1,24 @@
+# Default values for control-m-agent.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+runOnOpenShift: true
+
+pvc:
+  volumeSize: 10Gi
+  accessMode: ReadWriteOnce
+
+controlM:
+  serverName:
+  api:
+    endpoint:
+    user: change
+    pass: this    
+  agent:
+    image: 000000000000.dkr.ecr.us-west-2.amazonaws.com/appdev-dockers-repo:agent-example
+    pullPolicy: IfNotPresent
+    replicas: 1
+    agport: "7006"
+  volumePath: "/home/controlm/persistent_folder"
+
+

3-infrastructure-as-code-examples/kubernetes-agent-using-helm/docker/Dockerfile

@@ -0,0 +1,124 @@
+#FROM registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef as builder
+FROM registry.access.redhat.com/ubi8/ubi:8.4 as builder
+ARG AAPI_END_POINT
+ARG AAPI_USER
+ARG AAPI_PASS
+ARG AGENT_IMAGE_NAME
+ARG SUB_USER
+ARG SUB_PWD
+#ENV HOME=/home
+
+RUN subscription-manager register --username $SUB_USER --password $SUB_PWD \
+    && subscription-manager attach --auto
+
+RUN  yum -y install wget \
+        && yum -y install procps \
+		&& yum -y install yp-tools \
+        && yum -y install telnet \
+        && yum -y install unzip \
+        && yum -y install sudo \
+        && yum -y install net-tools \
+        && yum -y install tcsh \
+        && yum -y install openssl \
+        && yum -y install openssl-devel \
+        && yum -y install gcc \
+        && yum -y install make \
+        && yum -y install zlib-devel \
+        && yum -y install libffi-devel \
+#		&& yum -y install compat-libstdc++-33.x86_64 C++ mandatory \    
+		&& cd /usr/src \
+# install python
+    && wget https://www.python.org/ftp/python/3.8.5/Python-3.8.5.tgz \
+    && tar -zxf Python-3.8.5.tgz \
+    && cd /usr/src/Python-3.8.5 \
+#		&& wget https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tgz \
+#		&& tar -zxf Python-2.7.15.tgz \
+#		&& cd /usr/src/Python-2.7.15 \
+		&& ./configure --prefix=/usr/local --enable-shared LDFLAGS="-Wl,-rpath /usr/local/lib" --with-system-ffi --with-lto --enable-optimization \
+		&& make altinstall \
+# install pip
+		&& cd \
+		&& wget https://bootstrap.pypa.io/get-pip.py \
+		&& /usr/src/Python-3.8.5/python get-pip.py \
+#		&& /usr/src/Python-2.7.15/python get-pip.py \
+		&& ln -sf /usr/local/bin/pip3.8 /bin/pip3.8 \
+		&& pip3.8 install kubernetes \
+#		&& ln -sf /usr/local/bin/pip3.8 /bin/pip2.7 \
+#		&& pip2.7 install kubernetes \
+# cleanup python install files
+		&& cd /usr/src \
+		&& rm -rf Python-3.8.5.tgz \
+		&& rm -rf /usr/src/Python-3.8.5 \
+#		&& rm -rf Python-2.7.15.tgz \
+#		&& rm -rf /usr/src/Python-2.7.15 \
+# install nodejs
+		&& curl --silent --location https://rpm.nodesource.com/setup_12.x | bash - \
+		&& yum -y install nodejs \
+		&& node -v \
+		&& npm -v \
+# install aapi CLI
+		&& curl -k -O $AAPI_END_POINT/ctm-cli.tgz \
+		&& npm install -g ctm-cli.tgz \
+		&& ctm -v \
+		&& rm -rf ctm-cli.tgz \
+# create controlm useruser
+		&& useradd -d /home/controlm -s /bin/tcsh -m controlm \
+		&&  chmod -R 755 /home/controlm \
+# add controlm user and root to soduers list
+		&& echo 'root ALL=(ALL) ALL' >> /etc/sudoers \
+		&& echo 'controlm ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers \
+		&& yum clean all \
+		&& rm -rf /var/cache/yum
+USER controlm
+WORKDIR /home/controlm
+
+# Create AAPI env
+RUN ctm env add myenv $AAPI_END_POINT $AAPI_USER $AAPI_PASS \
+# install java 8
+		&& sudo yum -y install java-1.8.0-openjdk-headless \
+        && java -version \
+# install agent, setup will be done during statup
+		&& ctm provision image $AGENT_IMAGE_NAME && echo installation ended successfully \
+# clean
+		&& sudo yum -y autoremove java-1.8.0-openjdk-headless \
+		&& sudo yum clean all \
+		&& sudo rm -rf /var/cache/yum
+
+
+# entry point script
+COPY container_agent_startup.sh  .
+# script to run and monitor k8s jobs
+COPY runJob.py .
+# agent configuration file
+COPY agent_configuration.json .
+
+#copy license
+COPY LICENSE /licenses/LICENSE
+
+EXPOSE 7000-8000
+EXPOSE 22
+
+# create final image - reduce size
+FROM builder AS builderbase
+
+RUN sudo rm -rf /home
+RUN sudo rm -rf /tmp/*
+
+FROM scratch AS leanimage
+
+LABEL name="Control-M Agent" \
+      vendor="BMC" \
+      version="v0.0.1" \
+      release="1" \
+      summary="Control-M/Agent image." \
+      description="This is a Control-M/Agent image that planned to run in K8s env." \
+      maintainer="ybergman@bmc.com"
+
+COPY --from=builderbase / /
+COPY --from=builder --chown=controlm:controlm /home /home
+
+USER controlm
+WORKDIR /home/controlm
+
+
+ENTRYPOINT ["tcsh" , "-c" , "pwd ; ./container_agent_startup.sh $PERSISTENT_VOL $CTM_SERVER_NAME $CTM_AGPORT"]