uselagoon · tobybellwood · Sep 16, 2021 · Sep 16, 2021 · Oct 5, 2021
diff --git a/docs/using-lagoon-advanced/service-types.md b/docs/using-lagoon-advanced/service-types.md
@@ -8,6 +8,7 @@ This table lists all service types that can be defined via `lagoon.type` within
 | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
 | `cli` | Use for any kind of CLI container \(like PHP, Node.js, etc.\). Automatically gets the customer SSH private key that is mounted in `/var/run/secrets/lagoon/sshkey/ssh-privatekey`. | - | No | No | No | - |
 | `cli-persistent` | Like `cli`, expects `lagoon.persistent.name` to be given the name of a service that has persistent storage, which will be mounted under defined `lagoon.persistent` label. Does NOT generate its own persistent storage, only used to mount another service's persistent storage. | - | No | No | Yes | `lagoon.persistent.name`, `lagoon.persistent` |
+| `worker` | Identitical to `cli-persistent`, except that it's designed for always running worker processes, so will not be idled. Does NOT generate its own persistent storage, only used to mount another service's persistent storage. | - | No | No | Yes | `lagoon.persistent.name`, `lagoon.persistent` |
 | `elasticsearch` | Elasticsearch container, will auto-generate persistent storage under `/usr/share/elasticsearch/data`. | HTTP on `localhost:9200/_cluster/health?local=true` | `9200` | No | Yes | `lagoon.persistent.size` |
 | `kibana` | Kibana container. | TCP connection on `5601` | `5601` | Yes | No | - |
 | `logstash` | Logstash container. | TCP connection on `9600` | `9600` | No | No | - |

diff --git a/images/kubectl-build-deploy-dind/helmcharts/worker/.helmignore b/images/kubectl-build-deploy-dind/helmcharts/worker/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/images/kubectl-build-deploy-dind/helmcharts/worker/Chart.yaml b/images/kubectl-build-deploy-dind/helmcharts/worker/Chart.yaml
@@ -0,0 +1,17 @@
+apiVersion: v2
+name: worker
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
diff --git a/images/kubectl-build-deploy-dind/helmcharts/worker/templates/_helpers.tpl b/images/kubectl-build-deploy-dind/helmcharts/worker/templates/_helpers.tpl
@@ -0,0 +1,98 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "worker.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "worker.fullname" -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "worker.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "worker.labels" -}}
+helm.sh/chart: {{ include "worker.chart" . }}
+{{ include "worker.selectorLabels" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{ include "worker.lagoonLabels" . }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "worker.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "worker.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create a PriorityClassName.
+(this is based on the Lagoon Environment Type)).
+*/}}
+{{- define "worker.lagoonPriority" -}}
+{{- printf "lagoon-priority-%s" .Values.environmentType }}
+{{- end -}}
+
+{{/*
+Lagoon Labels
+*/}}
+{{- define "worker.lagoonLabels" -}}
+lagoon.sh/service: {{ .Release.Name }}
+lagoon.sh/service-type: {{ .Chart.Name }}
+lagoon.sh/project: {{ .Values.project }}
+lagoon.sh/environment: {{ .Values.environment }}
+lagoon.sh/environmentType: {{ .Values.environmentType }}
+lagoon.sh/buildType: {{ .Values.buildType }}
+{{- end -}}
+
+{{/*
+Datadog Admission Controller label
+*/}}
+{{- define "worker.datadogLabels" -}}
+{{- if eq .Values.environmentType "production" -}}
+admission.datadoghq.com/enabled: "true"
+{{- end -}}
+{{- end -}}
+
+{{/*
+Annotations
+*/}}
+{{- define "worker.annotations" -}}
+lagoon.sh/version: {{ .Values.lagoonVersion | quote }}
+{{- if .Values.branch }}
+lagoon.sh/branch: {{ .Values.branch | quote }}
+{{- end }}
+{{- if .Values.prNumber }}
+lagoon.sh/prNumber: {{ .Values.prNumber | quote }}
+lagoon.sh/prHeadBranch: {{ .Values.prHeadBranch | quote }}
+lagoon.sh/prBaseBranch: {{ .Values.prBaseBranch | quote }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Generate name for twig storage emptyDir
+*/}}
+{{- define "worker.twig-storage.name" -}}
+{{- printf "%s-twig" .Values.persistentStorage.name }}
+{{- end -}}
+
+{{/*
+Generate path for twig storage emptyDir
+*/}}
+{{- define "worker.twig-storage.path" -}}
+{{- printf "%s/php" .Values.persistentStorage.path }}
+{{- end -}}
diff --git a/images/kubectl-build-deploy-dind/helmcharts/worker/templates/cronjob.yaml b/images/kubectl-build-deploy-dind/helmcharts/worker/templates/cronjob.yaml
@@ -0,0 +1,85 @@
+{{- range $cronjobName, $cronjobConfig := .Values.nativeCronjobs }}
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: cronjob-{{ $.Release.Name }}-{{ $cronjobName }}
+  labels:
+    {{- include "worker.labels" $ | nindent 4 }}
+  annotations:
+    {{- include "worker.annotations" $ | nindent 4 }}
+spec:
+  schedule: {{ $cronjobConfig.schedule | quote }}
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 0
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    metadata:
+      labels:
+        {{- include "worker.labels" $ | nindent 8 }}
+      annotations:
+        {{- include "worker.annotations" $ | nindent 8 }}
+    spec:
+      backoffLimit: 0
+      template:
+        metadata:
+          labels:
+            {{- include "worker.labels" $ | nindent 12 }}
+          annotations:
+            {{- include "worker.annotations" $ | nindent 12 }}
+        spec:
+        {{- with $.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
+          priorityClassName: {{ include "worker.lagoonPriority" $ }}
+          enableServiceLinks: false
+          securityContext:
+            {{- toYaml $.Values.podSecurityContext | nindent 12 }}
+          volumes:
+            - name: lagoon-sshkey
+              secret:
+                defaultMode: 420
+                secretName: lagoon-sshkey
+            - name: {{ $.Values.persistentStorage.name }}
+              persistentVolumeClaim:
+                claimName: {{ $.Values.persistentStorage.name }}
+          containers:
+            - image: {{ $.Values.image | quote }}
+              name: cronjob-{{ $.Release.Name }}-{{ $cronjobName }}
+              securityContext:
+                {{- toYaml $.Values.securityContext | nindent 16 }}
+              imagePullPolicy: {{ $.Values.imagePullPolicy }}
+              command:
+                - /lagoon/cronjob.sh
+                - {{ $cronjobConfig.command }}
+              env:
+                - name: LAGOON_GIT_SHA
+                  value: {{ $.Values.gitSha | quote }}
+                - name: SERVICE_NAME
+                  value: {{ $.Release.Name | quote }}
+              envFrom:
+                - configMapRef:
+                    name: lagoon-env
+              resources:
+                {{- toYaml $.Values.resources | nindent 16 }}
+              volumeMounts:
+                - mountPath: /var/run/secrets/lagoon/sshkey/
+                  name: lagoon-sshkey
+                  readOnly: true
+                - name: {{ $.Values.persistentStorage.name }}
+                  mountPath: {{ $.Values.persistentStorage.path | quote }}
+          restartPolicy: Never
+          {{- with $.Values.nodeSelector }}
+          nodeSelector:
+            {{- toYaml $ | nindent 12 }}
+          {{- end }}
+        {{- with $.Values.affinity }}
+          affinity:
+            {{- toYaml $ | nindent 12 }}
+        {{- end }}
+        {{- with $.Values.tolerations }}
+          tolerations:
+            {{- toYaml $ | nindent 12 }}
+        {{- end }}
+{{- end }}
diff --git a/images/kubectl-build-deploy-dind/helmcharts/worker/templates/deployment.yaml b/images/kubectl-build-deploy-dind/helmcharts/worker/templates/deployment.yaml
@@ -0,0 +1,92 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "worker.fullname" . }}
+  labels:
+    {{- include "worker.labels" . | nindent 4 }}
+  annotations:
+    {{- include "worker.annotations" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "worker.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "worker.labels" . | nindent 8 }}
+        {{- include "worker.datadogLabels" . | nindent 8 }}
+      annotations:
+        {{- include "worker.annotations" . | nindent 8 }}
+        lagoon.sh/configMapSha: {{ .Values.configMapSha | quote }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      volumes:
+        - name: lagoon-sshkey
+          secret:
+            defaultMode: 420
+            secretName: lagoon-sshkey
+        - name: {{ .Values.persistentStorage.name }}
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistentStorage.name }}
+        - name: {{ include "worker.twig-storage.name" . | quote }}
+          emptyDir: {}
+      priorityClassName: {{ include "worker.lagoonPriority" . }}
+      enableServiceLinks: false
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - image: {{ .Values.image | quote }}
+          name: {{ include "worker.fullname" . }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          env:
+            - name: CRONJOBS
+              value: {{ .Values.inPodCronjobs | quote }}
+            ## LAGOON_GIT_SHA is injected directly and not loaded via `lagoon-env` config
+            ## This will cause the pod to redeploy on every deployment, even the files have not changed
+            - name: LAGOON_GIT_SHA
+              value: {{ .Values.gitSha | quote }}
+            - name: SERVICE_NAME
+              value: {{ .Release.Name | quote }}
+          envFrom:
+            - configMapRef:
+                name: lagoon-env
+          volumeMounts:
+            - mountPath: /var/run/secrets/lagoon/sshkey/
+              name: lagoon-sshkey
+              readOnly: true
+            - name: {{ .Values.persistentStorage.name }}
+              mountPath: {{ .Values.persistentStorage.path | quote }}
+            - name: {{ include "worker.twig-storage.name" . | quote }}
+              mountPath: {{ include "worker.twig-storage.path" . | quote }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          readinessProbe:
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            failureThreshold: 3
+            exec:
+              command:
+              - "/bin/sh"
+              - "-c"
+              - >
+                if [ -x /bin/entrypoint-readiness ]; then
+                  /bin/entrypoint-readiness;
+                fi
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
diff --git a/images/kubectl-build-deploy-dind/helmcharts/worker/values.yaml b/images/kubectl-build-deploy-dind/helmcharts/worker/values.yaml
@@ -0,0 +1,51 @@
+# Default values for worker.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+environmentType: production
+
+gitSha: ""
+
+image: ""
+
+persistentStorage:
+  name: ""
+
+imagePullPolicy: Always
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+resources:
+  limits:
+    cpu: 2
+    memory: 8Gi
+  requests:
+    cpu: 10m
+    memory: 10Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+inPodCronjobs: ""
+
+nativeinPodCronjobs: ""
+
+configMapSha: ""