chore: enable init container for centralidp and sharedidp seeding

nicoprow · Apr 17, 2024 · 74c202c · 74c202c
1 parent a70dbd5
commit 74c202c
Show file tree

Hide file tree

Showing 9 changed files with 9,361 additions and 3 deletions.
diff --git a/.github/workflows/build-init-container.yml b/.github/workflows/build-init-container.yml
@@ -0,0 +1,93 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+name: Build - Init container IAM
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'init-container/**'
+      - '.github/workflows/build-init-container.yml'
+    # trigger events for SemVer like tags
+    tags:
+      - '*.*.*-init*'
+  workflow_dispatch:
+
+env:
+  IMAGE_NAMESPACE: "tractusx"
+  IMAGE_NAME: "umbrella-init-container"
+
+jobs:
+  build:
+    name: Build-and push image for init container
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        with:
+          images: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=raw,value=latest
+            type=raw,value=${{ github.sha }}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Build and push init container
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        with:
+          context: ./init-container/
+          platforms: linux/amd64, linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # https://github.com/peter-evans/dockerhub-description
+      - name: Update Docker Hub description
+        if: github.event_name != 'pull_request'
+        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
+        with:
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          readme-filepath: ./init-container/DOCKER-NOTICE.md
diff --git a/.github/workflows/helm-checks.yaml b/.github/workflows/helm-checks.yaml
@@ -100,13 +100,19 @@ jobs:
       run: kubectl describe node
 
     - name: Build simple data backend
-      id: build-simple-data-backend
       uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
       with:
-        context: simple-data-backend/
+        context: ./simple-data-backend/
         push: true
         tags: kind-registry:5000/simple-data-backend:testing
 
+    - name: Build init container
+      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+      with:
+        context: ./init-container/
+        push: true
+        tags: kind-registry:5000/init-container:testing
+
     - name: Set up Helm
       uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4.1.0
       with:
@@ -132,7 +138,7 @@ jobs:
 
     - name: Install chart and run tests (umbrella)
       run: |
-        helm install umbrella charts/umbrella --namespace install --create-namespace --debug
+        helm install umbrella charts/umbrella -f charts/values-test.yaml --namespace install --create-namespace --debug
         helm uninstall umbrella --namespace install
 
     ## Skip upgrade for now until a working chart is released

diff --git a/charts/umbrella/values.yaml b/charts/umbrella/values.yaml
@@ -150,6 +150,20 @@ centralidp:
   keycloak:
     nameOverride: "centralidp"
     replicaCount: 1
+    initContainers:
+      - name: import
+        image: docker.io/tractusx/umbrella-init-container:0.0.1-init
+        imagePullPolicy: Always
+        command:
+          - sh
+        args:
+          - -c
+          - |
+            echo "Copying realms..."
+            cp -R /import/catenax-central/realms/* /realms
+        volumeMounts:
+        - name: realms
+          mountPath: "/realms"
     postgresql:
       nameOverride: "centralidp-postgresql"
       architecture: standalone
@@ -159,6 +173,20 @@ sharedidp:
   keycloak:
     nameOverride: "sharedidp"
     replicaCount: 1
+    initContainers:
+      - name: import
+        image: docker.io/tractusx/umbrella-init-container:0.0.1-init
+        imagePullPolicy: Always
+        command:
+          - sh
+        args:
+          - -c
+          - |
+            echo "Copying realms..."
+            cp -R /import/catenax-shared/realms/* /realms
+        volumeMounts:
+        - name: realms
+          mountPath: "/realms"
     postgresql:
       nameOverride: "sharedidp-postgresql"
       architecture: standalone

diff --git a/charts/values-test.yaml b/charts/values-test.yaml
@@ -0,0 +1,52 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+centralidp:
+  keycloak:
+    initContainers:
+      - name: import
+        image: kind-registry:5000/init-container:testing
+        imagePullPolicy: Always
+        command:
+          - sh
+        args:
+          - -c
+          - |
+            echo "Copying realms..."
+            cp -R /import/catenax-central/realms/* /realms
+        volumeMounts:
+        - name: realms
+          mountPath: "/realms"
+
+sharedidp:
+  keycloak:
+    initContainers:
+      - name: import
+        image: kind-registry:5000/init-container:testing
+        imagePullPolicy: Always
+        command:
+          - sh
+        args:
+          - -c
+          - |
+            echo "Copying realms..."
+            cp -R /import/catenax-shared/realms/* /realms
+        volumeMounts:
+        - name: realms
+          mountPath: "/realms"
diff --git a/init-container/DOCKER_NOTICE.md b/init-container/DOCKER_NOTICE.md
@@ -0,0 +1,26 @@
+## Notice for Docker image
+
+This application provides container images for demonstration purposes.
+
+DockerHub: https://hub.docker.com/r/tractusx/umbrella-init-container
+
+Eclipse Tractus-X product(s) installed within the image:
+
+Init Container with IAM realms for umbrella chart
+
+- GitHub: https://github.com/eclipse-tractusx/tractus-x-umbrella
+- Project home: https://projects.eclipse.org/projects/automotive.tractusx
+- Dockerfile: https://github.com/eclipse-tractusx/tractus-x-umbrella/blob/main/init-container/Dockerfile
+- Project license: [Apache License, Version 2.0](https://github.com/eclipse-tractusx/tractus-x-umbrella/blob/main/LICENSE)
+
+**Used base image**
+
+- Dockerfile: [alpinelinux/docker-alpine:3.19](https://github.com/alpinelinux/docker-alpine/blob/v3.19/x86_64/Dockerfile)
+- GitHub project: [https://github.com/alpinelinux/docker-alpine](https://github.com/alpinelinux/docker-alpine)
+- DockerHub: [https://hub.docker.com/_/alpine](https://hub.docker.com/_/alpine)
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc
+from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies
+with any relevant licenses for all software contained within.
diff --git a/init-container/Dockerfile b/init-container/Dockerfile
@@ -0,0 +1,28 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+FROM alpine:3.19
+
+RUN mkdir import
+
+RUN chown -R 1000:3000 /import
+USER 1000:3000
+
+COPY iam/centralidp/ import/catenax-central/realms
+COPY iam/sharedidp/ import/catenax-shared/realms