Helm charts for Hyrax and FCRepo

.dassie/values.stage.yaml

@@ -0,0 +1,7 @@
+ingress:
+  enabled: true
+  annotations: {}
+  hosts:
+    - host: "staging.dassie.dld.library.ucsb.edu"
+      paths: ["/"]
+  tls: []

.dassie/values.yaml

@@ -0,0 +1,15 @@
+image:
+  repository: samveralabs/dassie
+  pullPolicy: IfNotPresent
+  tag: "stable"
+
+ingress:
+  enabled: true
+  annotations: {}
+  hosts:
+    - host: "dassie.dld.library.ucsb.edu"
+      paths: ["/"]
+  tls: []
+
+memcached:
+  enabled: true

CONTAINERS.md

@@ -66,4 +66,17 @@ docker push samveralabs/dassie:(git rev-parse HEAD)
 docker push samveralabs/dassie:$HYRAX_VERSION
 ```
 
+## Helm Chart
+
+Also under development is a Helm chart, which we are developing into a robust,
+configurable production environment for Hyrax applications.
+
+If you have a Kubernetes cluster configured (`kubectl cluster-info`), you can
+deploy the `dassie` test applications with:
+
+```sh
+helm dependency update chart/hyrax
+helm install -n hyrax --set image.tag=(git rev-parse HEAD) dassie chart/hyrax
+```
+
 [dockerhub-samveralabs]: https://hub.docker.com/r/samveralabs

Dockerfile

@@ -24,6 +24,7 @@ WORKDIR /app/samvera/hyrax-webapp
 COPY --chown=1001:101 ./bin /app/samvera
 ENV PATH="/app/samvera:$PATH"
 ENV RAILS_ROOT="/app/samvera/hyrax-webapp"
+ENV RAILS_SERVE_STATIC_FILES="1"
 
 ENTRYPOINT ["hyrax-entrypoint.sh"]
 CMD ["bundle", "exec", "puma", "-v", "-b", "tcp://0.0.0.0:3000"]
@@ -38,14 +39,15 @@ ONBUILD COPY --chown=1001:101 $APP_PATH /app/samvera/hyrax-webapp
 ONBUILD RUN bundle install --jobs "$(nproc)"
 ONBUILD RUN DB_ADAPTER=nulldb DATABASE_URL='postgresql://fake' bundle exec rake assets:precompile
 
-
 FROM hyrax-base as hyrax-engine-dev
 
 ARG APP_PATH=.dassie
 ARG BUNDLE_WITHOUT=
 
+ENV HYRAX_ENGINE_PATH /app/samvera/hyrax-engine
+
 COPY --chown=1001:101 $APP_PATH /app/samvera/hyrax-webapp
 COPY --chown=1001:101 . /app/samvera/hyrax-engine
 
 RUN cd /app/samvera/hyrax-engine; bundle install --jobs "$(nproc)"
-RUN DB_ADAPTER=nulldb DATABASE_URL='postgresql://fake' bundle exec rake assets:precompile
+RUN DB_ADAPTER=nulldb DATABASE_URL='postgresql://fake' bundle exec rake assets:precompile

chart/fcrepo/.gitignore

@@ -0,0 +1,2 @@
+charts/*
+Chart.lock

chart/fcrepo/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/fcrepo/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: fcrepo
+description: Fedora Commons Repository 4
+type: application
+version: 0.4.0
+appVersion: 4.7
+dependencies:
+  - name: postgresql
+    version: 9.3.3
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.enabled

chart/fcrepo/README.md

@@ -0,0 +1,50 @@
+Fedora Commons Helm Chart
+=========================
+
+Fedora is the flexible, modular, open source repository platform with native
+linked data support.
+
+## Installation
+
+```sh
+helm dep up chart/fcrepo
+helm install fcrepo chart/fcrepo
+```
+
+## Configuration
+
+By default, this chart deploys with Postgresql as the backend for Fedora.
+Without other configuration, it will deploy a new Postgresql instance/database
+as a service available to the `fcrepo` deployment.
+
+In practice, users may want to forego installing postgres for two reasons:
+
+_First_, when you are deploying Fedora into a more complex application
+environment you may wish to reuse an existing Postgres instance already
+maintained with that environment.
+
+In this case, `fcrepo` should be deployed with postgresql explictly disabled, an
+`exernalDatabaseUsername`, and an `fcrepoSecretName`. `fcrepoSecretName` must
+correspond to an existing secret providing `DATABASE_PASSWORD`, `DATABASE_HOST`,
+and `JAVA_OPTS`.
+
+Optionally, a `externalDatabaseName` may be given to avoid collissions in the
+case that the default `fcrepo` is not an acceptable database name.
+
+This is usually done in the context of a parent chart which provides the postgresql instance, for example:
+
+```yaml
+fcrepo:
+  enabled: true
+  fcrepoSecretName: "mychart.fcrepo.fullname"
+  externalDatabaseUsername: "mydbuser"
+  servicePort: 8080
+  postgresql:
+    enabled: false
+```
+
+_Second_, because they want to use another backend for Fedora. This use case is broadly unsupported here. In theory, you can get a default (Infinispan) configuration by setting `postgresql.enabled` to `false`. **THIS CONFIGURATION IS UNTESTED AND UNSUPPORTED**:
+
+```sh
+helm install --set postgresql.enabled=false fcrepo-test chart/fcrepo
+```

chart/fcrepo/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fcrepo.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fcrepo.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fcrepo.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.servicePort | default .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fcrepo.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:{{ .Values.servicePort | default .Values.service.port }}
+{{- end }}

chart/fcrepo/templates/_helpers.tpl

@@ -0,0 +1,68 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fcrepo.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fcrepo.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fcrepo.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "fcrepo.labels" -}}
+helm.sh/chart: {{ include "fcrepo.chart" . }}
+{{ include "fcrepo.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "fcrepo.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "fcrepo.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "fcrepo.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "fcrepo.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{- define "fcrepo.postgresql.fullname" -}}
+{{- $name := default "postgresql" .Values.postgresql.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

chart/fcrepo/templates/configmap-env.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "fcrepo.fullname" . }}-env
+  labels:
+    app.kubernetes.io/name: {{ include "fcrepo.name" . }}
+    helm.sh/chart: {{ include "fcrepo.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  {{- if .Values.postgresql.enabled }}
+  DATABASE_NAME: {{ .Values.postgresql.postgresqlDatabase }}
+  DATABASE_USER: {{ .Values.postgresql.postgresqlUsername }}
+  {{- else }}
+  {{- if .Values.externalDatabaseUsername }}
+  DATABASE_NAME: {{ .Values.externalDatabaseName | default "fcrepo" }}
+  DATABASE_USER: {{ .Values.externalDatabaseUsername }}
+  {{- end }}
+  {{- end }}

chart/fcrepo/templates/deployment.yaml

@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "fcrepo.fullname" . }}
+  labels:
+    {{- include "fcrepo.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "fcrepo.selectorLabels" . | nindent 6 }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+    {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      labels:
+        {{- include "fcrepo.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: Always
+      serviceAccountName: {{ include "fcrepo.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ template "fcrepo.fullname" . }}
+      initContainers:
+        - name: "remove-lost-found"
+          image: "busybox:1.32.0"
+          command:
+            - rm
+            - -fr
+            - /data/lost+found
+          volumeMounts:
+            - name: data
+              mountPath: /data
+        {{- if not .Values.postgresql.enabled }}
+        {{- if .Values.fcrepoSecretName }}
+        - name: "init-db"
+          image: {{ .Values.postgresql.image.repository | default "bitnami/postgresql" }}:{{ .Values.postgresql.image.tag | default "latest" }}
+          command:
+            - sh
+            - -c
+            - export PGPASSWORD=$DATABASE_PASSWORD PGHOST=$DATABASE_HOST PGUSER=$DATABASE_USER
+            - psql -tc "SELECT 1 FROM pg_database WHERE datname = '$DATABASE_NAME'" | grep -q 1 || createdb -e -w $DATABASE_NAME
+          envFrom:
+            - configMapRef:
+                name: {{ include "fcrepo.fullname" . }}-env
+            - secretRef:
+                name: {{ include .Values.fcrepoSecretName . }}
+        {{- end }}
+        {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "fcrepo.fullname" . }}-env
+            {{- if .Values.postgresql.enabled }}
+            - secretRef:
+                name: {{ template "fcrepo.fullname" . }}
+            {{- else }}
+            {{- if .Values.fcrepoSecretName }}
+            - secretRef:
+                name: {{ include .Values.fcrepoSecretName . }}
+            {{- end }}
+            {{- end }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - name: data
+              mountPath: /data
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: {{ default 15 .Values.healthCheck.initialDelay }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: {{ default 15 .Values.healthCheck.initialDelay }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}