diff --git a/templates/datadirsync/datadirsync-deployment.yaml b/templates/datadirsync/datadirsync-deployment.yaml new file mode 100644 index 0000000..5041741 --- /dev/null +++ b/templates/datadirsync/datadirsync-deployment.yaml @@ -0,0 +1,96 @@ +{{- $webapp := .Values.georchestra.datadirsync -}} +{{- if $webapp.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "georchestra.fullname" . }}-datadirsync + labels: + {{- include "georchestra.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ include "georchestra.fullname" . }}-datadirsync +spec: + replicas: 1 + selector: + matchLabels: + app: {{ include "georchestra.fullname" . }}-datadirsync + template: + metadata: + labels: + app: {{ include "georchestra.fullname" . }}-datadirsync + spec: + serviceAccountName: {{ include "georchestra.fullname" . }}-datadirsync-serviceaccount + initContainers: + - name: init-permissions + image: busybox + command: + - sh + - -c + - | + echo "Setting up SSH key..." + if cp /tmp-ssh/id_rsa /tmp/git-rollout-operator/id_rsa; then + echo "SSH key copied successfully" + else + echo "Copy failed" + fi + if chown 1001:1001 /tmp/git-rollout-operator/id_rsa && chmod 600 /tmp/git-rollout-operator/id_rsa; then + echo "SSH key permissions and ownership set successfully" + else + echo "Failed to set permissions or ownership" + fi + volumeMounts: + - name: ssh-key-volume + mountPath: /tmp-ssh + - name: git-rollout-operator-volume + mountPath: /tmp/git-rollout-operator + containers: + - name: operator + image: {{ $webapp.image }} + env: + - name: GIT_REPO_URL + value: "{{ .Values.georchestra.datadir.git.url }}" + - name: GIT_BRANCH + value: "{{ .Values.georchestra.datadir.git.ref }}" + - name: POLL_INTERVAL + value: "{{ $webapp.pollInterval }}" + - name: ROLLOUT_DEPLOYMENTS + value: | + {{ $prefix := include "georchestra.fullname" . -}} + {{ $suffixes := $webapp.deploymentSuffixNameList -}} + {{ $deployments := list -}} + {{- range $suffix := $suffixes }} + {{ $deployments = append $deployments (printf "%s-%s" $prefix $suffix) }} + {{- end -}} + {{- join ", " $deployments }} + - name: ROLLOUT_NAMESPACE + value: "{{ .Release.Namespace }}" + {{- if and .Values.georchestra.datadir.git.username .Values.georchestra.datadir.git.token }} + - name: GIT_USERNAME + valueFrom: + secretKeyRef: + name: "{{ $webapp.gitCredentials.secretName }}" + key: "{{ $webapp.gitCredentials.usernameKey }}" + - name: GIT_TOKEN + valueFrom: + secretKeyRef: + name: "{{ $webapp.gitCredentials.secretName }}" + key: "{{ $webapp.gitCredentials.tokenKey }}" + {{- end }} + {{- if .Values.georchestra.datadir.git.ssh_secret }} + - name: GIT_SSH_COMMAND + value: ssh -i /tmp/git-rollout-operator/id_rsa -o "IdentitiesOnly=yes" -o "StrictHostKeyChecking=no" + volumeMounts: + - name: ssh-key-volume + mountPath: /tmp-ssh/id_rsa + subPath: id_rsa + - name: git-rollout-operator-volume + mountPath: /tmp/git-rollout-operator + {{- end }} + volumes: + - name: ssh-key-volume + secret: + secretName: {{ include "georchestra.fullname" . }}-{{ $webapp.gitCredentials.secretSuffixName }} + items: + - key: {{ $webapp.gitCredentials.sshKey }} + path: id_rsa + - name: git-rollout-operator-volume + emptyDir: {} +{{- end }} \ No newline at end of file diff --git a/templates/datadirsync/datadirsync-role.yaml b/templates/datadirsync/datadirsync-role.yaml new file mode 100644 index 0000000..2f2c55d --- /dev/null +++ b/templates/datadirsync/datadirsync-role.yaml @@ -0,0 +1,18 @@ +{{- $webapp := .Values.georchestra.datadirsync -}} +{{- if $webapp.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Release.Namespace }} + name: {{ include "georchestra.fullname" . }}-datadirsync-role +rules: + - apiGroups: ["apps"] + resources: ["pods", "replicasets", "deployments"] + resourceNames: [{{- $prefix := include "georchestra.fullname" . -}} + {{- $suffixes := $webapp.deploymentSuffixNameList -}} + {{- $deployments := list -}} + {{- range $index, $suffix := $suffixes }} + {{ if $index }}, {{ end }}"{{ printf "%s-%s" $prefix $suffix }}" + {{- end }}] + verbs: ["get", "patch"] +{{- end }} \ No newline at end of file diff --git a/templates/datadirsync/datadirsync-rolebinding.yaml b/templates/datadirsync/datadirsync-rolebinding.yaml new file mode 100644 index 0000000..cca2440 --- /dev/null +++ b/templates/datadirsync/datadirsync-rolebinding.yaml @@ -0,0 +1,15 @@ +{{- $webapp := .Values.georchestra.datadirsync -}} +{{- if $webapp.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "georchestra.fullname" . }}-datadirsync-rolebinding +subjects: + - kind: ServiceAccount + name: {{ include "georchestra.fullname" . }}-datadirsync-serviceaccount + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "georchestra.fullname" . }}-datadirsync-role + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/templates/datadirsync/datadirsync-secrets.yaml b/templates/datadirsync/datadirsync-secrets.yaml new file mode 100644 index 0000000..c4d0180 --- /dev/null +++ b/templates/datadirsync/datadirsync-secrets.yaml @@ -0,0 +1,12 @@ +{{- $webapp := .Values.georchestra.datadirsync -}} +{{- if $webapp.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "georchestra.fullname" . }}-datadirsync-credentials +type: Opaque +data: + username: {{ default "" .Values.georchestra.datadir.git.username | b64enc }} + token: {{ default "" .Values.georchestra.datadir.git.token | b64enc }} + ssh: {{ default "" .Values.georchestra.datadir.git.ssh_secret | b64enc }} +{{- end }} diff --git a/templates/datadirsync/datadirsync-serviceaccount.yaml b/templates/datadirsync/datadirsync-serviceaccount.yaml new file mode 100644 index 0000000..fa0c557 --- /dev/null +++ b/templates/datadirsync/datadirsync-serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- $webapp := .Values.georchestra.datadirsync -}} +{{- if $webapp.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "georchestra.fullname" . }}-datadirsync-serviceaccount + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/values.yaml b/values.yaml index 6e748a5..43f03eb 100644 --- a/values.yaml +++ b/values.yaml @@ -214,6 +214,8 @@ georchestra: url: https://github.com/georchestra/datadir.git ref: docker-master # ssh_secret: my-private-ssh-key + # username: my-git-username + # token: my-git-token # Some cloud providers automatically create & assign PVs to PVCs # some other need to create a PV first ; if so, then you can # uncomment the `pv_name` entries below. @@ -263,6 +265,17 @@ georchestra: # relay_username: aaaa # relay_password: aaaa extra_environment: [] + datadirsync: + enabled: false + image: jemacchi/simple-git-rollout-operator:1.3.1 # TODO: image should be in context of c2c dockerhub account (?) + pollInterval: 10 + deploymentSuffixNameList: + - geoserver + gitCredentials: + secretSuffixName: datadirsync-credentials + usernameKey: username + tokenKey: token + sshKey: ssh fqdn: "georchestra-127-0-1-1.traefik.me"