Skip to content

Latest commit

 

History

History
115 lines (76 loc) · 4.89 KB

README.md

File metadata and controls

115 lines (76 loc) · 4.89 KB

UrbanOS Helm Charts

Helm charts for UrbanOS.

Usage

Use our charts in two steps:

  1. Add our repository with helm repo add urbanos https://urbanos-public.github.io/charts/.
  2. Install a chart with helm upgrade --install ${RELEASE_NAME} urbanos/${CHART_NAME}. See the Helm docs for more options.

Contributing

Making updates to existing charts

  1. Make changes to the chart.
  2. Bump the chart version as part of those changes.
  3. Submit a pull request, following the PR template steps to ensure releases are created correctly.
  4. When merged, a release will be created with new chart bundles as attachments. They are then available at the above mentioned helm repo under "usage".

Creating new charts

  1. Run helm create ${CHART_NAME} to create a new chart subdirectory.
  2. Add templates, helpers, values, dependencies, etc. to your chart.
  3. Submit a pull request.

Deploying the UrbanOS Chart

Running

  • (set up a connection to a kubernetes cluster using a kubeconfig or similar)
  • helm repo add urbanos https://urbanos-public.github.io/charts/
  • Create a values file for configuring the deployment (e.g. deployment_values.yaml)
    • This file will contain configuration overrides for the deployment
  • helm upgrade --install urban-os urbanos/urban-os -f deployment_values.yaml
  • Validate with kubectl get pods --all-namespaces

Vault

Info on installing, unsealing, and setting up policies for UrbanOS services, is described in docs/vault.md

Minio

Minio operator and tenant is managed as an external dependency. The operator needs to be installed first, then a subsequent deployment is needed to install the tenant.

There is a known bug regarding the log-search-api failing after destroying/recreating a tenant.

Source: minio/operator#1220

Fix:

NS={Namesapce}
TENANT_NAME={tenant name}
kubectl exec -n $NS ${TENANT_NAME}-log-0 -c log-search-pg -- psql -U postgres -c "ALTER USER postgres WITH PASSWORD '$(kubectl get secret -n $NS ${TENANT_NAME}-log-secret -o jsonpath={.data.POSTGRES_PASSWORD} | base64 --decode)';"

Sauron

Sauron is our automated deployment updater. Sauron must first be independently deployed, then it will detect upstream changes and issue deployment commands as needed.

Sauron's responsibilities include:

  • Detecting docker hub image patch updates and triggering a pod image update if using deployment tag
  • Detecting upstream Remote Deployment Repo's changes and issuing an automated deployment command with all known secrets and values from current deployment and remote repo, respectively.

Sauron will:

  • First check for docker image patch updates (Current functionality)
  • Then it will check if the Remote Deployment Repo's target branch SHA matches the SHA most recently used by Sauron
  • If not, it will clone the Remote Deployments Repo with the GITHUB_TOKEN provided in the Sauron deployment
  • It will then use the secrets that were provided in the Sauron Deployment to issue a helm upgrade --install of urban-os, using the latest chart version. It will also use the values file (From the remote repo) that was specified in the Sauron deployment config.

Deploying Sauron:

  • Initial Sauron deployment should be manually done, similar to urban-os deployments. Be sure to override all secrets defined in the values.yaml file.
  • Sauron only needs to be updated if secrets change, or if the sauron chart itself changes
  • Sauron currently needs to run as a specific user. Be sure it has permissions on a cluster level: oc adm policy add-scc-to-user anyuid -z updater-cron

How to use:

  • Simply merge any change into the configured Remote Deployment Repo
  • The cronjob will automatically update your urban-os deployment with the new values file from the remote deployment repo.

Git Hooks

To install from root:

./scripts/install_git_hooks.sh

Documentation

Documentation per chart is generated by the helm-docs utility.

Helm-docs has now been integrated into pre-commit hooks. See the Git Hooks section to install.

If you're on MacOS, the pre-commit hook will automatically install helm-docs if not present. If you're on windows, you must manually install with scoop.

Github Actions / Pages

When PRs are merged correctly following PR template steps (up chart versions, including urbanos, and running helm dependency update to commit new lock files), actions will kick off a github pages build. The index.yaml file on the gh-pages branch will contain an index of all versions of all charts. Chart tar locations served by that index will be present as release attachments, created automatically as part of upping the chart versions. Old charts created before this actions workflow was implemented are available next to the index.yaml on the gh-pages branch.