Merge pull request #20 from Rakshithb1/INJICERT-13

[DSD-5387] added helm chart
mosip · Jun 3, 2024 · 9e2eadc · 9e2eadc
2 parents 30f3916 + a10bc4a
commit 9e2eadc
Show file tree

Hide file tree

Showing 19 changed files with 1,023 additions and 1 deletion.
diff --git a/.github/workflows/chart-lint-publish.yml b/.github/workflows/chart-lint-publish.yml
@@ -6,7 +6,7 @@ on:
   pull_request:
     types: [opened, reopened, synchronize]
     paths:
-      - 'charts/**'
+      - 'helm/**'
   workflow_dispatch:
     inputs:
       IGNORE_CHARTS:

diff --git a/helm/inji-certify/.gitignore b/helm/inji-certify/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Chart.lock
diff --git a/helm/inji-certify/.helmignore b/helm/inji-certify/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/inji-certify/Chart.yaml b/helm/inji-certify/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: inji-certify
+description: A Helm chart for MOSIP inji-certify module
+type: application
+version: 0.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - inji-certify
+maintainers:
+  - email: [email protected]
+    name: MOSIP
diff --git a/helm/inji-certify/README.md b/helm/inji-certify/README.md
@@ -0,0 +1,6 @@
+# Inji Certify
+
+## Install 
+```sh
+./install.sh
+```
diff --git a/helm/inji-certify/copy_cm.sh b/helm/inji-certify/copy_cm.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# Copy configmaps from other namespaces
+# DST_NS: Destination namespace 
+
+function copying_cm() {
+  COPY_UTIL=./copy_cm_func.sh
+  DST_NS=inji-certify
+
+  $COPY_UTIL configmap global default $DST_NS
+  $COPY_UTIL configmap artifactory-share artifactory $DST_NS
+  $COPY_UTIL configmap config-server-share config-server $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_cm   # calling function
diff --git a/helm/inji-certify/copy_cm_func.sh b/helm/inji-certify/copy_cm_func.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Copy configmap and secret from one namespace to another.
+# ./copy_cm_func.sh <resource> <configmap_name> <source_namespace> <destination_namespace> [name]
+# Parameters:
+#   resource: configmap|secret
+#   name: Optional new name of the configmap or secret in destination namespace.  This may be needed if there is
+#         clash of names
+
+if [ $1 = "configmap" ]
+then
+  RESOURCE=configmap
+elif [ $1 = "secret" ]
+then
+  RESOURCE=secret
+else
+  echo "Incorrect resource $1. Exiting.."
+  exit 1
+fi
+
+
+if [ $# -ge 5 ]
+then
+   kubectl -n $4 delete --ignore-not-found=true $RESOURCE $5
+   kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" | sed "s/name: $2/name: $5/g" | kubectl -n $4 create -f -  
+else
+   kubectl -n $4 delete --ignore-not-found=true $RESOURCE $2
+   kubectl -n $3 get $RESOURCE $2 -o yaml | sed "s/namespace: $3/namespace: $4/g" |  kubectl -n $4 create -f -  
+fi 
+
+
+
+
+
diff --git a/helm/inji-certify/delete.sh b/helm/inji-certify/delete.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# Uninstalls all inji-certify helm charts
+## Usage: ./delete.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function Deleting_inji-certify() {
+  NS=inji-certify
+  while true; do
+      read -p "Are you sure you want to delete all inji-certify helm charts?(Y/n) " yn
+      if [ $yn = "Y" ]
+        then
+          helm -n $NS delete inji-certify
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+Deleting_inji-certify   # calling function
+
diff --git a/helm/inji-certify/install.sh b/helm/inji-certify/install.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Installs inji-certify
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=inji-certify
+CHART_VERSION=0.0.1-develop
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+function installing_inji-certify() {
+  echo Istio label
+  kubectl label ns $NS istio-injection=enabled --overwrite
+  helm repo update
+
+  echo Copy configmaps
+  sed -i 's/\r$//' copy_cm.sh
+  ./copy_cm.sh
+
+  echo Running inji-certify
+  helm -n $NS install inji-certify mosip/inji-certify --version $CHART_VERSION
+
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Installed inji-certify service
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+installing_inji-certify  # calling function
diff --git a/helm/inji-certify/restart.sh b/helm/inji-certify/restart.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# Restart the inji-certify services
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+function Restarting_inji-certify() {
+  NS=inji-certify
+  kubectl -n $NS rollout restart deploy  inji-certify
+
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Retarted inji-certify services
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+Restarting_inji-certify   # calling function
diff --git a/helm/inji-certify/templates/_helpers.tpl b/helm/inji-certify/templates/_helpers.tpl
@@ -0,0 +1,60 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "inji-certify.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "inji-certify.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "inji-certify.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "inji-certify.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "inji-certify.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "inji-certify.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "inji-certify.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "inji-certify.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+
diff --git a/helm/inji-certify/templates/clusterrolebinding.yaml b/helm/inji-certify/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+kind: ClusterRoleBinding
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "common.names.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "inji-certify.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}