Merge pull request #16 from jmesnil/EAP7-1680_eap-xp3-chart

[EAP7-1680] Helm Chart for EAP XP3

charts/eap-xp3/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/eap-xp3/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: eap-xp3
+description: Build and Deploy EAP XP3 applications on OpenShift
+type: application
+version: 1.0.0
+
+appVersion: "3.0"
+
+dependencies:
+- name: wildfly-common
+  version: 1.3.0
+  repository: https://docs.wildfly.org/wildfly-charts/
+  # for local development
+  #repository: file://../../../wildfly-charts/charts/wildfly-common

charts/eap-xp3/README.md

@@ -0,0 +1,104 @@
+# Helm Chart for EAP XP3 
+
+A Helm chart for building and deploying a [JBoss EAP XP3](https://www.redhat.com/en/technologies/jboss-middleware/application-platform) application on OpenShift.
+
+The build and deploy steps are configured in separate `build` and `deploy` values.
+
+The input of the `build` step is a Git repository that contains the application code and the output is an `ImageStreamTag` resource that contains the built application image.
+
+The input of the `deploy` step is an application image (coming from the `build` output or from an external Docker registry) and the output is a `Deployment` and other related resources to access the application from inside and outside OpenShift.
+
+## Prerequisites
+Below are prerequisites that may apply to your use case.
+
+### Pull Secret
+You will need to create a pull secret to pull the EAP Builder and Runtime images from the Red Hat Container Catalog that requires authentication. Use the following command as a reference to create your pull secret:
+```bash
+$ oc create secret docker-registry my-pull-secret --docker-server=registry.redhat.io --docker-username=$USERNAME --docker-password=$PASSWORD --docker-email=$EMAIL
+```
+
+You can use this secret by passing `--set build.pullSecret=eap-pull-secret` to `helm install`, or you can configure this in a values file:
+
+```yaml
+build:
+  pullSecret: eap-pull-secret
+```
+
+### Push Secret
+
+You will need to create a push secret if you want to push your image to an external registry. Use the following command as a reference to create your push secret:
+
+```bash
+oc create secret docker-registry my-push-secret --docker-server=$SERVER_URL --docker-username=$USERNAME --docker-password=$PASSWORD --docker-email=$EMAIL
+```
+
+You can use this secret by passing `--set build.output.pushSecret=my-push-secret` and `--set build.output.kind=DockerImage`, or you can configure these in a values file:
+
+```yaml
+build:
+  output:
+    kind: DockerImage
+    pushSecret: my-push-secret
+```
+
+## Application Image
+
+The configuration for the image that is built and deployed is configured in a `image` section.
+
+| Value | Description | Default | Additional Information |
+| ----- | ----------- | ------- | ---------------------- |
+| `image.name` | Name of the image you want to build/deploy | Defaults to the Helm release name. | The chart will create/reference an [ImageStream](https://docs.openshift.com/container-platform/latest/openshift_images/image-streams-manage.html) based on this value. |
+| `image.tag` | Tag that you want to build/deploy | `latest` | The chart will create/reference an [ImageStreamTag](https://docs.openshift.com/container-platform/latest/openshift_images/image-streams-manage.html#images-using-imagestream-tags_image-streams-managing) based on the name provided |
+
+## Building the Application
+
+The configuration to build the application image is configured in a `build` section.
+
+| Value | Description | Default | Additional Information |
+| ----- | ----------- | ------- | ---------------------- |
+| `build.enabled` | Determines if build-related resources should be created. | `true` | Set this to `false` if you want to deploy a previously built image. Leave this set to `true` if you want to build and deploy a new image. |
+| `build.uri` | Git URI that references your git repo | <required> | Be sure to specify this to build the application. |
+| `build.ref` | Git ref containing the application you want to build | `main` | - |
+| `build.contextDir` | The sub-directory where the application source code exists | - | - |
+| `build.output.kind`|	Determines if the image will be pushed to an `ImageStreamTag` or a `DockerImage` | `ImageStreamTag` | [OpenShift Documentation](https://docs.openshift.com/container-platform/4.6/builds/managing-build-output.html) |
+| `build.output.pushSecret` | Push secret name | - | The secret must exist in the same namespace or the chart will fail to install - Used only if `build.output.kind` is `DockerImage` |
+| `build.pullSecret` | Image pull secret | - | The secret must exist in the same namespace or the chart will fail to install - [OpenShift documentation](https://docs.openshift.com/container-platform/latesst/openshift_images/managing_images/using-image-pull-secrets.html) |
+| `build.mode` | Determines whether the application will be built using WildFly S2I images or Bootable Jar | `bootable-jar` | Allowed values: `s2i` or `bootable-jar` |
+| `build.env` | Freeform `env` items | - | [Kubernetes documentation](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/). These environment variables will be used when the application is _built_. If you need to specify environment variables for the running application, use `deploy.env` instead. |
+| `build.resources` | Freeform `resources` items | - | [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| `build.images`| Freeform images injected in the source during build | - | [OpenShift documentation](https://docs.openshift.com/container-platform/latest/builds/creating-build-inputs.html#builds-define-build-inputs_creating-build-inputs) |
+| `build.triggers.githubSecret`| Name of the secret containing the WebHookSecretKey for the GitHub Webhook | - | The secret must exist in the same namespace or the chart will fail to install - [OpenShift documentation](https://docs.openshift.com/container-platform/latest/cicd/builds/triggering-builds-build-hooks.html#builds-webhook-triggers_triggering-builds-build-hooks) |
+| `build.triggers.genericSecret`| Name of the secret containing the WebHookSecretKey for the Generic Webhook | - | The secret must exist in the same namespace or the chart will fail to install - [OpenShift documentation](https://docs.openshift.com/container-platform/latest/cicd/builds/triggering-builds-build-hooks.html#builds-webhook-triggers_triggering-builds-build-hooks) |
+| `build.s2i` | Configuration specific to building with EAP S2I images | - | - |
+| `build.s2i.version` | Version of the EAP S2I images | Defaults to this chart `AppVersion` | - |
+| `build.s2i.jdk` | JDK Version of the EAP S2I images | `"11"` | Allowed Values: `"11"` |
+| `build.s2i.arch` | Architecture of the EAP S2I images | `amd64` | Allowed Values: `amd64` |
+| `build.s2i.amd64.jdk11.builderImage` | EAP S2I Builder image for JDK 11 (for amd64 arch)| `registry.redhat.io/jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8` | [EAP Documentation](https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/getting_started_with_jboss_eap_for_openshift_container_platform/index)  |
+| `build.s2i.amd64.jdk11.runtimeImage` | EAP S2I Runtime image for JDK 11 (for amd64 arch)| `registry.redhat.io/jboss-eap-7/eap-xp3-openjdk11-runtime-openshift-rhel8` | [EAP Documentation](https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/getting_started_with_jboss_eap_for_openshift_container_platform/index)  |
+| `build.s2i.galleonLayers` | A list of layer names to compose a EAP server | - |  [EAP Documentation](https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/getting_started_with_jboss_eap_for_openshift_container_platform/index) |
+ | `build.s2i.galleonDir` | Directory relative to the root directory for the build that contains custom content for Galleon. | - | [EAP Documentation](https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/getting_started_with_jboss_eap_for_openshift_container_platform/index)|
+ | `build.s2i.featurePacks` | List of additional Galleon feature-packs identified by Maven coordinates (`<groupId>:<artifactId>:<version>`) | - | The value can be be either a `string` with a list of comma-separated Maven coordinate or an array where each item is the Maven coordinate of a feature pack - [EAP Documentation](https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/getting_started_with_jboss_eap_for_openshift_container_platform/index) |
+| `build.bootableJar.builderImage` | JDK Builder image for Bootable Jar | [registry.access.redhat.com/ubi8/openjdk-11:latest](https://catalog.redhat.com/software/containers/ubi8/openjdk-11/5dd6a4b45a13461646f677f4?gti-tabs=unauthenticated) | - |
+
+
+## Deploying the Application
+
+The configuration to build the application image is configured in a `deploy` section.
+
+| Value | Description | Default | Additional Information |
+| ----- | ----------- | ------- | ---------------------- |
+| `deploy.enabled` | Determines if deployment-related resources should be created. | `true` | Set this to `false` if you do not want to deploy an application image built by this chart. |
+| `deploy.replicas` | Number of pod replicas to deploy. | `1` | [OpenShift Documentation](https://docs.openshift.com/container-platform/latest/applications/deployments/what-deployments-are.html) | 
+| `deploy.route.enabled` | Determines if a `Route` should be created | `true` | Allows clients outside of OpenShift to access your application |
+| `deploy.route.tls.enabled` | Determines if the `Route` should be TLS-encrypted | `true`| [OpenShift Documentation](https://docs.openshift.com/container-platform/latest/networking/routes/secured-routes.html) |
+| `deploy.route.tls.termination` | Determines the type of TLS termination to use | `edge`| Allowed values: `edge, reencrypt, passthrough` |
+| `deploy.route.tls.insecureEdgeTerminationPolicy` | Determines if insecure traffic should be redirected | `Redirect` | Allowed values: `Allow, Disable, Redirect` |
+| `deploy.env` | Freeform `env` items | - | [Kubernetes documentation](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/).  These environment variables will be used when the application is _running_. If you need to specify environment variables when the application is built, use `build.env` instead. |
+| `deploy.envFrom` | Freeform `envFrom` items | - | [Kubernetes documentation](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/).  These environment variables will be used when the application is _running_. If you need to specify environment variables when the application is built, use `build.envFrom` instead. |
+| `deploy.resources` | Freeform `resources` items | - | [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| `deploy.livenessProbe` | Freeform `livenessProbe` field. | HTTP Get on `<ip>:admin/health/live` | [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| `deploy.readinessProbe` | Freeform `readinessProbe` field. | HTTP Get on `<ip>:admin/health/ready` | [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| `deploy.volumeMounts` | Freeform `volumeMounts` items| - | [Kubernetes Documentation](https://kubernetes.io/docs/concepts/storage/volumes/) |
+| `deploy.volumes` | Freeform `volumes` items| - | [Kubernetes Documentation](https://kubernetes.io/docs/concepts/storage/volumes/) |
+| `deploy.initContainers` | Freeform `initContainers` items | - | [Kubernetes Documentation](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) |
+| `deploy.extraContainers` | Freeform extra `containers` items | - | [Kubernetes Documentation](https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates) |

charts/eap-xp3/templates/NOTES.txt

@@ -0,0 +1,18 @@
+{{- if .Release.IsInstall }}
+
+{{- if .Values.build.enabled }}
+Your EAP XP3 application is building! To follow the build, run:
+
+$ oc get build -w
+
+Note that your Deployment will report "ErrImagePull" and "ImagePullBackOff" until the build is complete. Once the build is complete, your image will be automatically rolled out.
+{{- end }}
+
+{{- if .Values.deploy.enabled }}
+
+To follow the deployment of your application, run:
+
+$ oc get deployment {{ include "wildfly-common.appName" . }} -w
+{{- end }}
+
+{{- end }}

charts/eap-xp3/templates/_helpers.tpl

@@ -0,0 +1,59 @@
+
+{{/*
+eap-xp3.eapBuilderImage corresponds to the imagestream for the EAP S2I Builder image.
+It depends on the build.s2i.jdkVersion.
+
+TODO: the build.s2i.arch is not used and is hard-coded to "amd64".
+When we add support for Z-Series and PowerPC, we will rely on the value of build.s2i.arch
+to get the proper S2I images (and validate that only jdk11 can be used with Z & P)
+*/}}
+{{- define "eap-xp3.eapBuilderImage" -}}
+{{ .Values.build.s2i.amd64.jdk11.builderImage}}:{{ include "eap-xp3.version" . }}
+{{- end -}}
+
+{{/*
+eap-xp3.eapRuntimeImage corresponds to the imagestream for the EAP S2I Runtime image.
+It depends on the build.s2i.jdkVersion.
+*/}}
+{{- define "eap-xp3.eapRuntimeImage" -}}
+{{ .Values.build.s2i.amd64.jdk11.runtimeImage}}:{{ include "eap-xp3.version" . }}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "eap-xp3.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+If build.s2i.version is not defined, use by defaul the Chart's appVersion
+*/}}
+{{- define "eap-xp3.version" -}}
+{{- default .Chart.AppVersion .Values.build.s2i.version -}}
+{{- end -}}
+
+
+{{- define "eap-xp3.labels" -}}
+helm.sh/chart: {{ include "eap-xp3.chart" . }}
+{{ include "wildfly-common.selectorLabels" . }}
+app.kubernetes.io/version: {{ quote .Chart.AppVersion }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.openshift.io/runtime: eap-xp
+{{- end }}
+
+{{- define "eap-xp3.metering.labels" -}}
+com.company: "Red_Hat"
+com.redhat.product-name: "Red_Hat_Runtimes"
+com.redhat.product-version: "2021-Q3"
+com.redhat.component-name: EAP_XP
+com.redhat.component-version: {{ quote .Chart.AppVersion }}
+com.redhat.component-type: application
+{{- end }}
+
+{{- define "eap-xp3.metadata.labels" -}}
+metadata:
+  labels:
+  {{- include "eap-xp3.labels" . | nindent 4 }}
+  {{- include "eap-xp3.metering.labels" . | nindent 4 }}
+{{- end -}}

charts/eap-xp3/templates/buildconfig-bootable-jar.yaml

@@ -0,0 +1,3 @@
+{{- if and .Values.build.enabled (eq .Values.build.mode "bootable-jar") }}
+{{- include "wildfly-common.buildconfig-bootable-jar" (list . "eap-xp3.metadata.labels") -}}
+{{- end }}

charts/eap-xp3/templates/buildconfig-s2i-build-artifacts.yaml

@@ -0,0 +1,13 @@
+{{- if and .Values.build.enabled (eq .Values.build.mode "s2i") }}
+{{- include "wildfly-common.buildconfig-s2i-build-artifacts" (list . "eap-xp3.buildconfig-s2i-build-artifacts") -}}
+{{- end -}}
+
+{{- define "eap-xp3.buildconfig-s2i-build-artifacts" -}}
+{{ include "eap-xp3.metadata.labels" . }}
+spec:
+  strategy:
+    sourceStrategy:
+      from:
+        kind: DockerImage
+        name: {{ include "eap-xp3.eapBuilderImage" . }}
+{{- end -}}

charts/eap-xp3/templates/buildconfig-s2i.yaml

@@ -0,0 +1,21 @@
+{{- if and .Values.build.enabled (eq .Values.build.mode "s2i") }}
+{{- include "wildfly-common.buildconfig-s2i" (list . "eap-xp3.buildconfig-s2i") -}}
+{{- end -}}
+
+{{- define "eap-xp3.buildconfig-s2i" -}}
+{{ include "eap-xp3.metadata.labels" . }}
+spec:
+  source:
+    dockerfile: |-
+      FROM {{ include "eap-xp3.eapRuntimeImage" . }}
+      COPY /server $JBOSS_HOME
+      USER root
+      RUN chown -R jboss:root $JBOSS_HOME && chmod -R ug+rwX $JBOSS_HOME
+      USER jboss
+      CMD $JBOSS_HOME/bin/openshift-launch.sh
+  strategy:
+    dockerStrategy:
+      from:
+        kind: DockerImage
+        name: {{ include "eap-xp3.eapRuntimeImage" .}}
+{{- end -}}

charts/eap-xp3/templates/deployment.yaml

@@ -0,0 +1,10 @@
+{{- if .Values.deploy.enabled }}
+{{- include "wildfly-common.deployment" (list . "eap-xp3.deployment") -}}
+{{- end -}}
+
+{{ define "eap-xp3.deployment" }}
+{{- include "eap-xp3.metadata.labels" . }}
+spec:
+  template:
+    {{- include "eap-xp3.metadata.labels" . | nindent 4 }}
+{{- end -}}

charts/eap-xp3/templates/imagestream.yaml

@@ -0,0 +1,8 @@
+{{- if and .Values.build.enabled (eq .Values.build.output.kind "ImageStreamTag") -}}
+{{- include "wildfly-common.imagestream" (list . "eap-xp3.metadata.labels") }}
+
+{{- if eq .Values.build.mode "s2i" }}
+---
+{{- include "wildfly-common.imagestream-s2i-build-artifacts" (list . "eap-xp3.metadata.labels") }}
+{{- end -}}
+{{- end -}}

charts/eap-xp3/templates/route.yaml

@@ -0,0 +1,3 @@
+{{- if (and .Values.deploy.enabled .Values.deploy.route.enabled) }}
+{{- include "wildfly-common.route" (list . "eap-xp3.metadata.labels") -}}
+{{- end -}}

charts/eap-xp3/templates/service.yaml

@@ -0,0 +1,5 @@
+{{- if .Values.deploy.enabled }}
+{{- include "wildfly-common.service.http" (list . "eap-xp3.metadata.labels") }}
+---
+{{- include "wildfly-common.service.ping" (list . "eap-xp3.metadata.labels") }}
+{{- end -}}