Add job to check environment for ACE setup

Signed-off-by: Rokibul Hasan <[email protected]>

apis/installer/v1alpha1/ace_installer_types.go

@@ -52,7 +52,9 @@ type AceInstallerSpec struct {
 	// +optional
 	DeploymentType          DeploymentType `json:"deploymentType"`
 	shared.BootstrapPresets `json:",inline,omitempty"`
-	SelfManagement          configapi.SelfManagement `json:"selfManagement"`
+	// +optional
+	Licenses       map[string]string        `json:"licenses,omitempty"`
+	SelfManagement configapi.SelfManagement `json:"selfManagement"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

charts/ace-installer/templates/check/check-config.yaml

@@ -0,0 +1,29 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-check-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ace-installer.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation
+stringData:
+  options.yaml: |
+    {{- if .Values.licenses }}
+    licenses:
+      {{- toYaml .Values.licenses | nindent 6 }}
+    {{- end }}
+    {{- if .Values.registry }}
+    registry:
+      {{- .Values.registry | toYaml | nindent 6 }}
+      {{- if .Values.image }}
+      image:
+        {{- .Values.image | toYaml | nindent 8 }}
+      {{- end }}
+    {{- end }}
+    {{- if .Values.selfManagement }}
+    selfManagement:
+      {{- .Values.selfManagement | toYaml | nindent 6 }}
+    {{- end }}

charts/ace-installer/templates/check/job.yaml

@@ -0,0 +1,69 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-check
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  backoffLimit: 4
+  manualSelector: true
+  selector:
+    matchLabels:
+      {{- include "ace-installer.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "ace-installer.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "ace-installer.fullname" . }}-check
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Values.helm.releases.ace.version }}"
+          imagePullPolicy: Always
+          args:
+            - installer
+            - validate
+            - --options=/data/installer/options.yaml
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: tmp
+              mountPath: /tmp
+            - name: data
+              mountPath: /data
+            - name: installer-options
+              mountPath: /data/installer/options.yaml
+              subPath: options.yaml
+      volumes:
+        - name: tmp
+          emptyDir: {}
+        - name: data
+          emptyDir: {}
+        - name: installer-options
+          secret:
+            defaultMode: 420
+            secretName: {{ include "ace-installer.fullname" . }}-check-config
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: Never

charts/ace-installer/templates/check/rbac.yaml

@@ -0,0 +1,45 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-check
+  labels:
+    {{- include "ace-installer.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["cluster-info"]
+    verbs: ["get"]
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-check
+  labels:
+    {{- include "ace-installer.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "ace-installer.fullname" . }}-check
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ace-installer.fullname" . }}-check
+    namespace: {{ .Release.Namespace }}

charts/ace-installer/templates/check/serviceaccount.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ace-installer.fullname" . }}-check
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-delete-policy": before-hook-creation

charts/ace-installer/values.openapiv3_schema.yaml

@@ -85,6 +85,10 @@ properties:
             type: string
         type: object
     type: object
+  licenses:
+    additionalProperties:
+      type: string
+    type: object
   nameOverride:
     type: string
   offlineInstaller:

charts/ace-installer/values.yaml

@@ -24,6 +24,14 @@ image:
     kubernetes: registry.k8s.io
     microsoft: mcr.microsoft.com
 
+  # Docker registry used to pull app container image
+  registry: appscode
+  # App container image
+  repository: ace
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+  pullPolicy: Always
+
 # image:
 #   proxies:
 #     dockerHub: harbor.appscode.ninja/dockerhub
@@ -43,6 +51,44 @@ registry:
   imagePullSecrets: []
   # imagePullSecrets: ["abc", "xyz"]
 
+# Docker registry fqdn used to pull app related images.
+# Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}
+registryFQDN: ghcr.io
+
+podAnnotations: {}
+
+podSecurityContext: {}
+# fsGroup: 2000
+
+securityContext: # +doc-gen:break
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop: ["ALL"]
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 65534
+  seccompProfile:
+    type: RuntimeDefault
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+#   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+
 helm:
   createNamespace: true
 
@@ -136,6 +182,8 @@ helm:
 selfManagement:
   createCAPICluster: false
   import: true
-  targetIPs:
+  targetIPs: []
   enableFeatures: []
   disableFeatures: []
+
+licenses: {}