WIP

charts/service-deployment/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: dockerconfigjson
+  repository: https://snowplow-devops.github.io/helm-charts
+  version: 0.1.0
+- name: cloudserviceaccount
+  repository: https://snowplow-devops.github.io/helm-charts
+  version: 0.1.0
+digest: sha256:92127ad4fb4b1721b3a51927e4e199bb40ae8d26f0c85369b672845bf061ddaf
+generated: "2022-07-25T09:44:35.530345+02:00"

charts/service-deployment/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v2
+name: service-deployment
+description: A Helm Chart to setup a generic deployment with optional service/hpa bindings
+version: 0.1.0
+icon: https://raw.githubusercontent.com/snowplow-devops/helm-charts/master/docs/logo/snowplow.png
+home: https://github.com/snowplow-devops/helm-charts
+sources:
+  - https://github.com/snowplow-devops/helm-charts
+maintainers:
+  - name: jbeemster
+    url: https://github.com/jbeemster
+    email: [email protected]
+keywords:
+  - service
+  - deployment
+dependencies:
+  - name: dockerconfigjson
+    version: 0.1.0
+    repository: "https://snowplow-devops.github.io/helm-charts"
+  - name: cloudserviceaccount
+    version: 0.1.0
+    repository: "https://snowplow-devops.github.io/helm-charts"

charts/service-deployment/README.md

@@ -0,0 +1,44 @@
+# service-deployment
+
+A helm chart to deploy a generic deployment with optional service bindings.
+
+## TL;DR
+
+```bash
+helm repo add snowplow-devops https://snowplow-devops.github.io/helm-charts
+helm install service-deployment snowplow-devops/cron-job
+```
+
+## Introduction
+
+This chart takes care of all the most common requirements such as:
+
+- Downloading from private Docker repositories
+- Auto-scaling pod counts
+- Binding config volumes
+- Configuring secrets
+- Binding cloud service-accounts via OIDC hooks
+
+_Note_: This should be a long running process - if you are looking for cron-based execution see our `cron-job` chart.
+
+## Installing the Chart
+
+Install or upgrading the chart with default configuration:
+
+```bash
+helm upgrade --install service-deployment snowplow-devops/service-deployment
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `service-deployment` release:
+
+```bash
+helm delete service-deployment
+```
+
+## Configuration
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| global.cloud | string | `""` | Cloud specific bindings (options: aws, gcp) |

charts/service-deployment/templates/NOTES.txt

@@ -0,0 +1,16 @@
+Deployment {{ .Release.Name }} has been installed/updated - to get basic information about the pods:
+
+    kubectl describe pod {{ .Release.Name }}
+
+{{- if .Values.service.deploy }}
+
+The service can be accessed via port {{ .Values.service.port }} on the following DNS names from within your cluster:
+
+    {{ include "app.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+
+To connect to your server from outside the cluster execute the following commands:
+
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "app.fullname" . }} 8080:{{ .Values.service.port }}
+
+You can then navigate to your service in your browser at localhost:8080 or issue request with tools like cURL.
+{{- end }}

charts/service-deployment/templates/_helpers.tpl

@@ -0,0 +1,23 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "app.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- define "app.secret.fullname" -}}
+{{ include "app.fullname" . }}-secret
+{{- end -}}
+
+{{/*
+Define the default NEG name for GCP deployments.
+*/}}
+{{- define "service.gcp.networkEndpointGroupName" -}}
+{{- default .Release.Name .Values.service.gcp.networkEndpointGroupName -}}
+{{- end -}}

charts/service-deployment/templates/configmaps.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.configMaps }}
+{{- range $v := .Values.configMaps }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $v.name }}
+binaryData:
+  {{ $v.key }}: "{{ $v.contentsB64 }}"
+---
+{{- end }}
+{{- end }}

charts/service-deployment/templates/deployment.yaml

@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "app.fullname" . }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "app.fullname" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "app.fullname" . }}
+      annotations:
+        {{- if .Values.configMaps }}
+        {{- range $v := .Values.configMaps }}
+        checksum/{{ $v.name }}-{{ $v.key }}: "{{ $v.contentsB64 | sha256sum }}"
+        {{- end }}
+        {{- end }}
+    spec:
+      {{- if .Values.cloudserviceaccount.deploy }}
+      serviceAccountName: {{ .Values.cloudserviceaccount.name }}
+      {{- end }}
+      automountServiceAccountToken: true
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+
+      {{- if not .Values.image.isRepositoryPublic }}
+      imagePullSecrets:
+      - name: {{ .Values.dockerconfigjson.name }}
+      {{- end }}
+
+      {{- if .Values.configMaps }}
+      volumes:
+      {{- range $v := .Values.configMaps }}
+      - configMap:
+          name: {{ $v.name }}
+          optional: false
+        name: {{ $v.name }}
+      {{- end }}
+      {{- end }}
+
+      containers:
+      - name: "{{ include "app.fullname" . }}"
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: Always
+
+        {{- if .Values.config.command  }}
+        command:
+        {{- range $v := .Values.config.command }}
+        - "{{ $v }}"
+        {{- end }}
+        {{- end }}
+
+        {{- if .Values.config.args  }}
+        args:
+        {{- range $v := .Values.config.args }}
+        - "{{ $v }}"
+        {{- end }}
+        {{- end }}
+
+        {{- if .Values.config.env  }}
+        env:
+        {{- range $k, $v := .Values.config.env }}
+        - name: "{{ $k }}"
+          value: "{{ $v }}"
+        {{- end }}
+        {{- end }}
+
+        {{- if .Values.config.secrets  }}
+        envFrom:
+        - secretRef:
+            name: {{ include "app.secret.fullname" . }}
+        {{- end }}
+
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+
+        {{- if .Values.configMaps }}
+        volumeMounts:
+        {{- range $v := .Values.configMaps }}
+        - mountPath: "{{ $v.mountPath }}"
+          {{- if $v.mountPropagation }}
+          mountPropagation: {{ $v.mountPropagation }}
+          {{- else }}
+          mountPropagation: None
+          {{- end }}
+          name: {{ $v.name }}
+        {{- end }}
+        {{- end }}

charts/service-deployment/templates/hpa.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.hpa.deploy }}
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "app.fullname" . }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "app.fullname" . }}
+  minReplicas: {{ .Values.hpa.minReplicas }}
+  maxReplicas: {{ .Values.hpa.maxReplicas }}
+  targetCPUUtilizationPercentage: {{ .Values.hpa.averageCPUUtilization }}
+{{- end }}

charts/service-deployment/templates/secrets.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.config.secrets  }}
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ include "app.secret.fullname" . }}
+type: Opaque
+data:
+  {{- range $k, $v := .Values.config.secrets }}
+  {{ $k }}: "{{ $v | b64enc }}"
+  {{- end }}
+{{- end }}

charts/service-deployment/templates/service.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.service.deploy }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "app.fullname" . }}
+  {{- if eq .Values.global.cloud "gcp" }}
+  annotations:
+    cloud.google.com/app-protocols:  '{"http-port": "HTTP"}'
+    cloud.google.com/neg: '{"exposed_ports": {"{{ .Values.service.port }}":{"name": "{{ include "service.gcp.networkEndpointGroupName" . }}"}}}'
+  {{- end }}
+spec:
+  type: NodePort
+  selector:
+    app: {{ include "app.fullname" . }}
+  ports:
+  - name: http-port
+    port: {{ .Values.service.port }}
+    protocol: TCP
+    targetPort: {{ .Values.service.port }}
+{{- end }}

charts/service-deployment/templates/targetgroupbinding.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.service.deploy }}
+{{- if eq .Values.global.cloud "aws" }}
+apiVersion: elbv2.k8s.aws/v1beta1
+kind: TargetGroupBinding
+metadata:
+  name: {{ include "app.fullname" . }}
+spec:
+  serviceRef:
+    name: {{ include "app.fullname" . }}
+    port: {{ .Values.service.port }}
+  targetGroupARN: {{ .Values.service.aws.targetGroupARN }}
+{{- end }}
+{{- end }}

charts/service-deployment/values.yaml

@@ -0,0 +1,90 @@
+global:
+  # -- Cloud specific bindings (options: aws, gcp)
+  cloud: ""
+
+image:
+  repository: "nginx"
+  tag: "latest"
+  # -- Whether the repository is public
+  isRepositoryPublic: true
+
+config:
+  command: []
+  #  - "/bin/sh"
+  args: []
+  #  - "-c"
+  #  - "echo 'Environment $(hello_env)! Secret $(username).'"
+
+  # -- Map of environment variables to use within the job
+  env:
+  #  hello_env: "world"
+
+  # -- Map of secrets that will be exposed as environment variables within the job
+  secrets: {}
+  #  username: "password"
+
+# -- List of config maps to mount to the deployment
+configMaps: []
+#  - name: "volume-1"
+#    key: "file.cfg"
+#    contentsB64: "" # The file contents which have already been base-64 encoded
+#    mountPath: "/etc/config" # Must be unique
+#    mountPropagation: None # If unset will default to 'None'
+
+# -- Map of resource constraints for the service
+resources: {}
+#  limits:
+#    cpu: 746m
+#    memory: 900Mi
+#  requests:
+#    cpu: 400m
+#    memory: 512Mi
+
+# -- Grace period for termination of the service
+terminationGracePeriodSeconds: 60
+
+hpa:
+  # -- Whether to deploy HPA rules
+  deploy: false
+  # -- Minimum number of pods to deploy
+  minReplicas: 1
+  # -- Maximum number of pods to deploy
+  maxReplicas: 20
+  # -- Average CPU utilization before auto-scaling starts
+  averageCPUUtilization: 75
+
+service:
+  # -- Whether to setup service bindings (note: only NodePort is supported)
+  deploy: false
+  # -- Port to bind and expose the service on
+  port: 80
+  aws:
+    # -- EC2 TargetGroup ARN to bind the service onto
+    targetGroupARN: ""
+  gcp:
+    # -- Name of the Network Endpoint Group to bind onto
+    networkEndpointGroupName: ""
+
+dockerconfigjson:
+  # -- Name of the secret to use for the private repository
+  name: "snowplow-cron-job-dockerhub"
+  # -- Username for the private repository
+  username: ""
+  # -- Password for the private repository
+  password: ""
+  # -- Repository server URL
+  server: "https://index.docker.io/v1/"
+  # -- Email address for user of the private repository
+  email: ""
+
+cloudserviceaccount:
+  # -- Whether to create a service-account
+  deploy: false
+  # -- Name of the service-account to create
+  name: "snowplow-cron-job-service-account"
+  aws:
+    # -- IAM Role ARN to bind to the k8s service account
+    roleARN: ""
+  gcp:
+    # -- Service Account email to bind to the k8s service account
+    serviceAccount: ""