From 060ee1f2d1848495b9ffd28262e29cd9e16b0d08 Mon Sep 17 00:00:00 2001
From: Ulf Seltmann <seltmann@ub.uni-leipzig.de>
Date: Tue, 7 Aug 2018 16:41:17 +0200
Subject: [PATCH] added helm-chart for deploy-environment added docs

---
 docs/deployenv.md                             | 33 +++++++++++++++++++
 docs/workflow.wsd                             | 19 +++++++++++
 k8s-admin/deployenv/.helmignore               | 21 ++++++++++++
 k8s-admin/deployenv/Chart.yaml                |  5 +++
 k8s-admin/deployenv/templates/NOTES.txt       |  0
 k8s-admin/deployenv/templates/_helpers.tpl    | 32 ++++++++++++++++++
 k8s-admin/deployenv/templates/namespace.yaml  |  4 +++
 k8s-admin/deployenv/templates/role.yaml       |  9 +++++
 .../deployenv/templates/rolebinding.yaml      | 13 ++++++++
 .../deployenv/templates/serviceaccount.yaml   |  5 +++
 k8s-admin/deployenv/values.yaml               |  5 +++
 11 files changed, 146 insertions(+)
 create mode 100644 docs/deployenv.md
 create mode 100644 docs/workflow.wsd
 create mode 100644 k8s-admin/deployenv/.helmignore
 create mode 100644 k8s-admin/deployenv/Chart.yaml
 create mode 100644 k8s-admin/deployenv/templates/NOTES.txt
 create mode 100644 k8s-admin/deployenv/templates/_helpers.tpl
 create mode 100644 k8s-admin/deployenv/templates/namespace.yaml
 create mode 100644 k8s-admin/deployenv/templates/role.yaml
 create mode 100644 k8s-admin/deployenv/templates/rolebinding.yaml
 create mode 100644 k8s-admin/deployenv/templates/serviceaccount.yaml
 create mode 100644 k8s-admin/deployenv/values.yaml

diff --git a/docs/deployenv.md b/docs/deployenv.md
new file mode 100644
index 0000000..e9f386d
--- /dev/null
+++ b/docs/deployenv.md
@@ -0,0 +1,33 @@
+# create deploy environment
+
+consists of
+* _namespace_: where will all services be deployed
+* _service account_: which account will deploy the services
+
+## install via helm
+
+assuming the service-account name is "testuser" and the namespace is "testns"
+
+```
+$ helm install k8s-admin/deployenv/ \
+	--wait \
+	--name test-deployenv \
+	--set saName=testuser \
+	--set namespace=testns \
+```
+_will create a service account *testuser* in namespace *testns*. the helm install-name is *test-deployenv*_
+
+# remove serviceaccount
+
+```
+$ helm delete --purge test-deployenv
+```
+
+_will remove namespace service account, role and rolebinding for helm-install *test-deployenv*_
+
+# retrieve bearer token for service account
+
+```
+$ export ns=testns
+$ export user=testuser
+$ kubectl --namespace $ns get secret $(kubectl --namespace ${ns} get serviceaccount $user -o jsonpath={.secrets[0].name}) -o jsonpath={.data.token}
\ No newline at end of file
diff --git a/docs/workflow.wsd b/docs/workflow.wsd
new file mode 100644
index 0000000..768b468
--- /dev/null
+++ b/docs/workflow.wsd
@@ -0,0 +1,19 @@
+@startuml
+'include
+"Developer" as dev -> "Gitlab" as gitlab: commit:1-issue
+gitlab -> "CI-Runner" as runner: build image
+runner->runner: docker build
+runner-->gitlab: ok (docker-image)
+gitlab->runner: publish image
+runner->hub as "Docker-Hub": docker push alpha-1-issue
+hub-->runner: ok
+runner-->gitlab: ok
+gitlab->runner: deploy
+runner->cluster as "K8S-Cluster": helm install alpha-1-issue
+cluster->hub: docker pull alpha-1-issue
+hub-->cluster: docker-image
+cluster->cluster: deploy alpha
+cluster-->runner: ok
+runner-->gitlab: ok
+gitlab-->dev: https://alpha.uni-leipzig.de/alpha-1-issue/
+@enduml
\ No newline at end of file
diff --git a/k8s-admin/deployenv/.helmignore b/k8s-admin/deployenv/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/k8s-admin/deployenv/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/k8s-admin/deployenv/Chart.yaml b/k8s-admin/deployenv/Chart.yaml
new file mode 100644
index 0000000..e97f8f5
--- /dev/null
+++ b/k8s-admin/deployenv/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Create helm deploy environment
+name: deployenv
+version: 0.1.0
diff --git a/k8s-admin/deployenv/templates/NOTES.txt b/k8s-admin/deployenv/templates/NOTES.txt
new file mode 100644
index 0000000..e69de29
diff --git a/k8s-admin/deployenv/templates/_helpers.tpl b/k8s-admin/deployenv/templates/_helpers.tpl
new file mode 100644
index 0000000..6317769
--- /dev/null
+++ b/k8s-admin/deployenv/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "dacap.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "dacap.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "dacap.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/k8s-admin/deployenv/templates/namespace.yaml b/k8s-admin/deployenv/templates/namespace.yaml
new file mode 100644
index 0000000..77db5f9
--- /dev/null
+++ b/k8s-admin/deployenv/templates/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespace }}
diff --git a/k8s-admin/deployenv/templates/role.yaml b/k8s-admin/deployenv/templates/role.yaml
new file mode 100644
index 0000000..8da2459
--- /dev/null
+++ b/k8s-admin/deployenv/templates/role.yaml
@@ -0,0 +1,9 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: {{ .Values.roleName }}
+  namespace: {{ .Values.namespace }}
+rules:
+- apiGroups: ["", "batch", "extensions", "apps"]
+  resources: ["*"]
+  verbs: ["*"]
\ No newline at end of file
diff --git a/k8s-admin/deployenv/templates/rolebinding.yaml b/k8s-admin/deployenv/templates/rolebinding.yaml
new file mode 100644
index 0000000..8e4f217
--- /dev/null
+++ b/k8s-admin/deployenv/templates/rolebinding.yaml
@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: {{ .Values.roleBindingName }}
+  namespace: {{ .Values.namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.saName }}
+  namespace: {{ .Values.namespace }}
+roleRef:
+  kind: Role
+  name: {{ .Values.roleName }}
+  apiGroup: rbac.authorization.k8s.io
diff --git a/k8s-admin/deployenv/templates/serviceaccount.yaml b/k8s-admin/deployenv/templates/serviceaccount.yaml
new file mode 100644
index 0000000..72a62b5
--- /dev/null
+++ b/k8s-admin/deployenv/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.saName }}
+  namespace: {{ .Values.namespace }}
\ No newline at end of file
diff --git a/k8s-admin/deployenv/values.yaml b/k8s-admin/deployenv/values.yaml
new file mode 100644
index 0000000..df06642
--- /dev/null
+++ b/k8s-admin/deployenv/values.yaml
@@ -0,0 +1,5 @@
+
+namespace: default
+saName: tiller
+roleName: tiller-manager
+roleBindingName: tiller-binding
\ No newline at end of file
-- 
GitLab