Add precheck job to validate options for ACE installer (#491)

Signed-off-by: Rokibul Hasan <[email protected]>
Signed-off-by: Tamal Saha <[email protected]>
Co-authored-by: Tamal Saha <[email protected]>

apis/installer/v1alpha1/ace_installer_types.go

@@ -19,6 +19,7 @@ package v1alpha1
 import (
 	configapi "go.bytebuilders.dev/resource-model/apis/config/v1alpha1"
 
+	core "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"kmodules.xyz/resource-metadata/apis/shared"
 )
@@ -53,6 +54,20 @@ type AceInstallerSpec struct {
 	DeploymentType          DeploymentType `json:"deploymentType"`
 	shared.BootstrapPresets `json:",inline,omitempty"`
 	SelfManagement          configapi.SelfManagement `json:"selfManagement"`
+	Precheck                AceInstallerPrecheckSpec `json:"precheck"`
+}
+
+type AceInstallerPrecheckSpec struct {
+	Enabled            bool                      `json:"enabled"`
+	Image              ImageReference            `json:"image"`
+	PodAnnotations     map[string]string         `json:"podAnnotations"`
+	PodSecurityContext *core.PodSecurityContext  `json:"podSecurityContext"`
+	SecurityContext    *core.SecurityContext     `json:"securityContext"`
+	Resources          core.ResourceRequirements `json:"resources"`
+	//+optional
+	NodeSelector map[string]string `json:"nodeSelector"`
+	Tolerations  []core.Toleration `json:"tolerations"`
+	Affinity     *core.Affinity    `json:"affinity"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

charts/ace-installer/templates/_helpers.tpl

@@ -111,3 +111,11 @@ Image Templates
 {{- define "clustermanager.openshift" -}}
 {{- ternary "true" "false" (.Capabilities.APIVersions.Has "project.openshift.io/v1/Project") -}}
 {{- end }}
+
+{{/*
+Returns the registry used for app docker image
+*/}}
+{{- define "precheck.image.registry" -}}
+{{- list .Values.image.proxies.ghcr .Values.precheck.image.registry | compact | join "/" }}
+{{- end }}
+

charts/ace-installer/templates/precheck/config.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.precheck.enabled }}
+
+{{- $encodedLicenses := dig "license-proxyserver" "values" "encodedLicenses" (dict) .Values.helm.releases -}}
+{{- $licenses := dict -}}
+{{- range $k, $v := $encodedLicenses }}
+{{ $_ := set $licenses $k (b64dec $v) }}
+{{- end }}
+
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-precheck-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ace-installer.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+stringData:
+  options.yaml: |
+    {{- with $licenses }}
+    licenses: {{ . | toJson }}
+    {{- end }}
+    {{- if .Values.registry }}
+    registry:
+      {{- .Values.registry | toYaml | nindent 6 }}
+      {{- if .Values.image }}
+      image:
+        {{- .Values.image | toYaml | nindent 8 }}
+      {{- end }}
+    {{- end }}
+    {{- if .Values.selfManagement }}
+    selfManagement:
+      {{- .Values.selfManagement | toYaml | nindent 6 }}
+    {{- end }}
+
+{{- end }}

charts/ace-installer/templates/precheck/job.yaml

@@ -0,0 +1,73 @@
+{{- if .Values.precheck.enabled }}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-precheck
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  backoffLimit: 4
+  manualSelector: true
+  selector:
+    matchLabels:
+      {{- include "ace-installer.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.precheck.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "ace-installer.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "ace-installer.fullname" . }}-precheck
+      securityContext:
+        {{- toYaml .Values.precheck.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.precheck.securityContext | nindent 12 }}
+          image: "{{ include "precheck.image.registry" . }}/{{ .Values.precheck.image.repository }}:{{ .Values.precheck.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: Always
+          args:
+            - installer
+            - validate
+            - --options=/data/installer/options.yaml
+          resources:
+            {{- toYaml .Values.precheck.resources | nindent 12 }}
+          volumeMounts:
+            - name: tmp
+              mountPath: /tmp
+            - name: data
+              mountPath: /data
+            - name: installer-options
+              mountPath: /data/installer/options.yaml
+              subPath: options.yaml
+      volumes:
+        - name: tmp
+          emptyDir: {}
+        - name: data
+          emptyDir: {}
+        - name: installer-options
+          secret:
+            defaultMode: 420
+            secretName: {{ include "ace-installer.fullname" . }}-precheck-config
+      {{- with .Values.precheck.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.precheck.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.precheck.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: Never
+
+{{- end }}

charts/ace-installer/templates/precheck/rbac.yaml

@@ -0,0 +1,49 @@
+{{- if .Values.precheck.enabled }}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-precheck
+  labels:
+    {{- include "ace-installer.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["cluster-info"]
+    verbs: ["get"]
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-precheck
+  labels:
+    {{- include "ace-installer.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "ace-installer.fullname" . }}-precheck
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ace-installer.fullname" . }}-precheck
+    namespace: {{ .Release.Namespace }}
+
+{{- end }}

charts/ace-installer/templates/precheck/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.precheck.enabled }}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-precheck
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+
+{{- end }}