[MOSIP-36190] added charts for softhsm backup utility

Signed-off-by: Rakshithb1 <[email protected]>
mosip · Oct 8, 2024 · 5f27b3f · 5f27b3f
1 parent 28f6ca2
commit 5f27b3f
Show file tree

Hide file tree

Showing 14 changed files with 603 additions and 0 deletions.
diff --git a/charts/softhsm-backup/.gitignore b/charts/softhsm-backup/.gitignore
@@ -0,0 +1 @@
+charts/
diff --git a/charts/softhsm-backup/.helmignore b/charts/softhsm-backup/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/softhsm-backup/Chart.yaml b/charts/softhsm-backup/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: softhsmbackup
+description: A Helm chart to deploy softhsmbackup
+type: application
+version: 0.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - softhsmbackup
+maintainers:
+  - email: [email protected]
+    name: MOSIP
diff --git a/charts/softhsm-backup/README.md b/charts/softhsm-backup/README.md
@@ -0,0 +1,10 @@
+# softhsmbackup
+
+Helm chart to deploy softhsmbackup
+
+## TL;DR
+
+```console
+$ helm repo add mosip https://mosip.github.io
+$ helm install my-release mosip/softhsmbackup
+```
diff --git a/charts/softhsm-backup/templates/NOTES.txt b/charts/softhsm-backup/templates/NOTES.txt
@@ -0,0 +1 @@
+
diff --git a/charts/softhsm-backup/templates/_helpers.tpl b/charts/softhsm-backup/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "softhsmbackup.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "softhsmbackup.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "softhsmbackup.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "softhsmbackup.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "softhsmbackup.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "softhsmbackup.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "softhsmbackup.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "softhsmbackup.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+{{/* Create the name for restart cronjob */}}
+{{- define "softhsmbackup.cronjob" -}}
+{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- end -}}
diff --git a/charts/softhsm-backup/templates/clusterrole.yaml b/charts/softhsm-backup/templates/clusterrole.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "softhsmbackup.serviceAccountName" . }}-{{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list" ]
+  - apiGroups: [ "" ]
+    resources: [ "pods/exec" ]
+    verbs: [ "create", "get" ]
diff --git a/charts/softhsm-backup/templates/clusterrolebinding.yaml b/charts/softhsm-backup/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+kind: ClusterRoleBinding
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}-{{ .Release.Namespace }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "softhsmbackup.serviceAccountName" . }}-{{ .Release.Namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "softhsmbackup.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
diff --git a/charts/softhsm-backup/templates/configmaps.yaml b/charts/softhsm-backup/templates/configmaps.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.softhsmbackup.configmaps }}
+{{- range $cm_name, $cm_value := .Values.softhsmbackup.configmaps }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $cm_name }}
+  namespace: {{ $.Release.Namespace }}
+  labels: {{- include "common.labels.standard" $ | nindent 8 }}
+    {{- if $.Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }}
+    {{- end }}
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }}
+  {{- end }}
+data:
+  {{- range $key, $value := $cm_value }}
+  {{ $key }}: {{ $value | quote }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/softhsm-backup/templates/cronjob.yaml b/charts/softhsm-backup/templates/cronjob.yaml
@@ -0,0 +1,75 @@
+apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }}
+kind: CronJob
+metadata:
+  name: {{ template "softhsmbackup.cronjob" $ }}
+  namespace: {{ $.Release.Namespace }}
+  annotations:
+    {{- if $.Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  labels: {{- include "common.labels.standard" $ | nindent 4 }}
+    {{- if $.Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+
+spec:
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1  # remove jobs which are successfully executed
+  failedJobsHistoryLimit: 1      # except 1 recent failed job, remove jobs which are not successfully executed
+  #schedule: '*/3 * * * *' # cron spec of time, here, 8 o'clock
+  schedule: {{ $.Values.crontime }}
+  jobTemplate:
+    spec:
+      backoffLimit: 0 # this has very low chance of failing, as all this does
+                      # is prompt kubernetes to schedule new replica set for
+      # the deployment
+      # activeDeadlineSeconds: 600 # timeout, makes most sense with
+      # "waiting for rollout" variant specified below
+      template:
+        spec:
+          # account configured above
+          restartPolicy: Never
+          serviceAccountName: {{ template "softhsmbackup.serviceAccountName" $ }}
+          initContainers:
+              {{- if $.Values.enable_insecure }}
+              {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 12 }}
+              {{- end }}
+          containers:
+          - name: {{ template "softhsmbackup.serviceAccountName" $ }}
+            image: {{ template "softhsmbackup.image" $ }}
+            imagePullPolicy: {{ $.Values.image.pullPolicy }}
+            {{- if $.Values.lifecycleHooks }}
+            lifecycle: {{- include "common.tpvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }}
+            {{- end }}
+            {{- if $.Values.containerSecurityContext.enabled }}
+            securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+            {{- end }}
+            {{- if $.Values.command }}
+            command: {{- include "common.tplvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }}
+            {{- end }}
+            {{- if $.Values.args }}
+            args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }}
+            {{- end }}
+            env:
+              - name: container_user
+                value: {{ $.Values.containerSecurityContext.runAsUser }}
+              {{- if $.Values.extraEnvVars }}
+              {{- include "common.tpvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }}
+              {{- end }}
+            envFrom:
+              {{- if $.Values.extraEnvVarsCM }}
+                {{- range $.Values.extraEnvVarsCM }}
+                  - configMapRef:
+                        name: {{ . }}
+                {{- end }}
+                {{- end }}
+                {{- if $.Values.extraEnvVarsSecret }}
+                {{- range $.Values.extraEnvVarsSecret }}
+                  - secretRef:
+                        name: {{ . }}
+                {{- end }}
+                {{- end }}
+            {{- if $.Values.resources }}
+            resources: {{- toYaml $.Values.resources | nindent 14 }}
+            {{- end }}
+
diff --git a/charts/softhsm-backup/templates/extra-list.yaml b/charts/softhsm-backup/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/charts/softhsm-backup/templates/secrets.yaml b/charts/softhsm-backup/templates/secrets.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.softhsmbackup.secrets }}
+{{- range $secret_name, $secret_value := .Values.softhsmbackup.secrets }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secret_name }}
+  namespace: {{ $.Release.Namespace }}
+  labels: {{- include "common.labels.standard" $ | nindent 8 }}
+    {{- if $.Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }}
+    {{- end }}
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }}
+  {{- end }}
+type: Opaque
+data:
+  {{- range $key, $value := $secret_value }}
+  {{ $key }}: {{ $value | b64enc | quote }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/softhsm-backup/templates/service-account.yaml b/charts/softhsm-backup/templates/service-account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "softhsmbackup.serviceAccountName" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}