Apicurio chart (#8)

* Apicurio chart

* Fix ingress names

* Fix default auth URL

* CI auth values

* Add ingress values

* Fix CI realm

.gitignore

@@ -0,0 +1 @@
+localtests

charts/apicurio/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/apicurio/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 10.1.4
+digest: sha256:b79146f20eed3e6c73b0c84f7abaca0dd11315f3969ce39287c716a7fc161417
+generated: "2021-05-21T15:41:14.494171+02:00"

charts/apicurio/Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: apicurio
+version: 1.0.0
+description: Apicurio Studio API designer
+icon: https://avatars.githubusercontent.com/u/28107283?s=400&v=4
+type: application
+keywords:
+  - api
+home: http://www.apicur.io/
+sources:
+  - https://github.com/Apicurio/apicurio-studio
+  - https://github.com/one-acre-fund/oaf-public-charts/tree/main/charts/apicurio
+maintainers:
+  - name: Yann-J
+    email: yann.jouanique@gmail.com
+dependencies:
+  - name: postgresql
+    version: ~10.1.2
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.enabled

charts/apicurio/README.md

@@ -0,0 +1,94 @@
+# apicurio
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+Apicurio Studio API designer
+
+**Homepage:** <http://www.apicur.io/>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Yann-J | yann.jouanique@gmail.com |  |
+
+## Source Code
+
+* <https://github.com/Apicurio/apicurio-studio>
+* <https://github.com/one-acre-fund/oaf-public-charts/tree/main/charts/apicurio>
+
+## TL;DR;
+
+This chart will install an Apicurio instance, with an optional dependent Postgres backing db.
+
+```console
+$ helm repo add one-acre-fund https://one-acre-fund.github.io/oaf-public-charts
+$ helm install my-release one-acre-fund/apicurio
+```
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.bitnami.com/bitnami | postgresql | ~10.1.2 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| api.extraEnvVars | object | `{"APICURIO_DB_TYPE":"postgres","APICURIO_LOGGING_LEVEL":"INFO","JAVA_TOOL_OPTIONS":"-Djava.net.preferIPv4Stack=true"}` | Dictionary of name/value environment var pairs -- Will ve evaluated as templates @default See `values.yaml` and the [container docs](https://hub.docker.com/r/apicurio/apicurio-studio-api) |
+| api.extraEnvVars.APICURIO_DB_TYPE | string | `"postgres"` | Database type |
+| api.extraEnvVars.APICURIO_LOGGING_LEVEL | string | `"INFO"` | API logging level |
+| api.extraEnvVars.JAVA_TOOL_OPTIONS | string | `"-Djava.net.preferIPv4Stack=true"` | API JVM options |
+| api.extraSecretEnvVars | object | `{}` | Same as `envVars` but passed as secrets |
+| api.image.name | string | `"apicurio/apicurio-studio-api"` | Image name for API container |
+| api.image.tag | string | `"latest"` | Image tag for API container |
+| api.imagePullPolicy | string | `"IfNotPresent"` | API Image pull policy |
+| api.replicas | int | `1` | API Replicas |
+| api.securityContext | object | `{"runAsGroup":1000,"runAsUser":1000}` | Security context for API container |
+| api.wait | bool | `true` | Wait for DB to be up? |
+| database.driver | string | `"postgresql"` | DB driver - `mysql` / `postgresql` |
+| database.initialize | bool | `true` | Initialize DB? |
+| database.type | string | `"postgresql9"` | DB type - `postgresql9` / `mysql5` |
+| general.hostname | string | `"www.example.com"` | Publicly reachable host name for the UI |
+| general.serviceType | string | `"ClusterIP"` | Service type for all services |
+| general.shareForEveryone | bool | `true` | Enable Share to everyone feature? |
+| global.storageClass | string | `nil` | Storage class for all volumes created by this chart or subcharts |
+| ingress.enabled | bool | `false` | Enable ingresses? |
+| ingress.tls | list | `[]` | TLS settings |
+| keycloak.client.id | string | `"apicurio-studio"` | Keycloak Client ID |
+| keycloak.client.secret | string | `"apicuriokc"` | Keycloak Client Secret |
+| keycloak.realm | string | `"Apicurio"` | Keycloak Realm |
+| keycloak.url | string | `"https://www.example.com/auth"` | Public URL to Keycloak |
+| microcks.api.url | string | `"http://www.example.com/api"` | URL to mickrocks application |
+| microcks.client.id | string | `"microcks-serviceaccount"` | Microcks Client ID |
+| microcks.client.secret | string | `"apicuriomr"` | Microcks Client Secret |
+| postgresql.enabled | bool | `true` | Install Postgres? See See https://artifacthub.io/packages/helm/bitnami/postgresql for docs on all Postgres values |
+| postgresql.host | string | `nil` | Custom db host name if not using the subchart |
+| postgresql.postgresqlDatabase | string | `"apicuriodb"` | Apicurio DB name |
+| postgresql.postgresqlPassword | string | `"vSX5RILHBk"` | Apicurio DB user password |
+| postgresql.postgresqlUsername | string | `"apicuriodb"` | Apicurio DB user |
+| postgresql.service.port | int | `5432` | postgres port |
+| ui.apiUrl | string | `nil` | Override API URL - will default to `https://<.Values.general.hostname>/studio-api` |
+| ui.editingUrl | string | `nil` | Override Edit URL - will default to `wss://<.Values.general.hostname>/ws` |
+| ui.extraEnvVars | object | `{"APICURIO_LOGGING_LEVEL":"INFO","APICURIO_UI_FEATURE_MICROCKS":"false","APICURIO_UI_LOGOUT_REDIRECT_URI":"/","APICURIO_UI_VALIDATION_CHANNELNAME_REGEXP":"([^{}\\/]*(\\{[a-zA-Z_][0-9a-zA-Z_]*\\})?)+","JAVA_TOOL_OPTIONS":"-Djava.net.preferIPv4Stack=true"}` | Dictionary of name/value environment var pairs -- Will ve evaluated as templates @default See `values.yaml` and [container docs](https://hub.docker.com/r/apicurio/apicurio-studio-ui/) |
+| ui.extraEnvVars.APICURIO_LOGGING_LEVEL | string | `"INFO"` | UI logging level |
+| ui.extraEnvVars.APICURIO_UI_FEATURE_MICROCKS | string | `"false"` | Enable Microcks integration? |
+| ui.extraEnvVars.APICURIO_UI_LOGOUT_REDIRECT_URI | string | `"/"` | Redirect URI |
+| ui.extraEnvVars.APICURIO_UI_VALIDATION_CHANNELNAME_REGEXP | string | `"([^{}\\/]*(\\{[a-zA-Z_][0-9a-zA-Z_]*\\})?)+"` | Channel Regex |
+| ui.extraEnvVars.JAVA_TOOL_OPTIONS | string | `"-Djava.net.preferIPv4Stack=true"` | UI JVM options |
+| ui.extraSecretEnvVars | object | `{}` | Same as `envVars` but passed as secrets |
+| ui.image.name | string | `"apicurio/apicurio-studio-ui"` | Image name for UI container |
+| ui.image.tag | string | `"latest"` | Image tag for UI container |
+| ui.imagePullPolicy | string | `"IfNotPresent"` | UI Image pull policy |
+| ui.replicas | int | `1` | UI Replicas |
+| ui.securityContext | object | `{"runAsGroup":1000,"runAsUser":1000}` | Security context for UI container |
+| ws.extraEnvVars | object | `{"APICURIO_LOGGING_LEVEL":"INFO","JAVA_TOOL_OPTIONS":"-Djava.net.preferIPv4Stack=true"}` | Dictionary of name/value environment var pairs -- Will ve evaluated as templates @default See `values.yaml` and [container docs](https://hub.docker.com/r/apicurio/apicurio-studio-ws/) |
+| ws.extraEnvVars.APICURIO_LOGGING_LEVEL | string | `"INFO"` | WS logging level |
+| ws.extraEnvVars.JAVA_TOOL_OPTIONS | string | `"-Djava.net.preferIPv4Stack=true"` | WS JVM options |
+| ws.extraSecretEnvVars | object | `{}` | Same as `envVars` but passed as secrets |
+| ws.image.name | string | `"apicurio/apicurio-studio-ws"` | Image name for WS container |
+| ws.image.tag | string | `"latest"` | Image tag for WS container |
+| ws.imagePullPolicy | string | `"IfNotPresent"` | WS Image pull policy |
+| ws.replicas | int | `1` | WS Replicas |
+| ws.securityContext | object | `{"runAsGroup":1000,"runAsUser":1000}` | Security context for WS container |

charts/apicurio/README.md.gotmpl

@@ -0,0 +1,25 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+## TL;DR;
+
+This chart will install an Apicurio instance, with an optional dependent Postgres backing db.
+
+```console
+$ helm repo add one-acre-fund https://one-acre-fund.github.io/oaf-public-charts
+$ helm install my-release one-acre-fund/apicurio
+```
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/apicurio/ci/ci-values.yaml

@@ -0,0 +1,6 @@
+keycloak:
+  url: https://studio-auth.apicur.io/auth
+  realm: apicurio-local
+  client:
+    id: apicurio-studio
+    secret: apicuriokc

charts/apicurio/templates/NOTES.txt

@@ -0,0 +1,8 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get {{ .Release.Name }}

charts/apicurio/templates/_helpers.tpl

@@ -0,0 +1,52 @@
+{{ define "secrets_api" -}}
+APICURIO_DB_PASSWORD: {{ .Values.postgresql.postgresqlPassword | b64enc }}
+APICURIO_KC_CLIENT_SECRET: {{ .Values.keycloak.client.secret | b64enc }}
+APICURIO_MICROCKS_CLIENT_SECRET: {{ .Values.microcks.client.secret | b64enc }}
+# Extras
+{{- range $key, $value := .Values.api.extraSecretEnvVars }}
+{{ $key }}: {{- tpl $value $ | b64enc }}
+{{- end }}
+{{- end }}
+
+{{ define "secrets_ui" -}}
+APICURIO_KC_CLIENT_SECRET: {{ .Values.keycloak.client.secret | b64enc }}
+APICURIO_MICROCKS_CLIENT_SECRET: {{ .Values.microcks.client.secret | b64enc }}
+# Extras
+{{- range $key, $value := .Values.ui.extraSecretEnvVars }}
+{{ $key }}: {{- tpl $value $ | b64enc }}
+{{- end }}
+{{- end }}
+
+{{ define "secrets_ws" -}}
+APICURIO_DB_PASSWORD: {{ .Values.postgresql.postgresqlPassword | b64enc }}
+# Extras
+{{- range $key, $value := .Values.ws.extraSecretEnvVars }}
+{{ $key }}: {{- tpl $value $ | b64enc }}
+{{- end }}
+{{- end }}
+
+{{- define "dbHost" -}}
+{{ coalesce .Values.postgresql.host ( print .Release.Name "-postgresql" ) }}
+{{- end -}}
+
+# TODO: support other db... for H2: "jdbc:h2:mem:apicuriodb"
+{{- define "dbUrl" -}}
+{{ printf "postgresql://%s:%s@%s:%s/%s" .Values.postgresql.postgresqlUsername .Values.postgresql.postgresqlPassword (include "dbHost" .) ( toString .Values.postgresql.service.port ) .Values.postgresql.postgresqlDatabase }}
+{{- end -}}
+
+{{- define "tcpProbe" -}}
+tcpSocket:
+  port: 8080
+initialDelaySeconds: 10
+periodSeconds: 5
+failureThreshold: 15
+{{- end -}}
+
+{{- define "httpProbe" -}}
+httpGet:
+  path: {{ . | quote }}
+  port: 8080
+initialDelaySeconds: 10
+periodSeconds: 5
+failureThreshold: 15
+{{- end -}}

charts/apicurio/templates/apicurio-studio-api-deployment.yaml

@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-api
+  namespace: {{ .Release.Namespace }}
+  labels:
+    org.apicurio.instance: {{ .Release.Name }}-api
+spec:
+  replicas: {{ .Values.api.replicas }}
+  selector:
+    matchLabels:
+      org.apicurio.instance: {{ .Release.Name }}-api
+  template:
+    metadata:
+      labels:
+        org.apicurio.instance: {{ .Release.Name }}-api
+      annotations:
+        # Force a pod restart if secret values change
+        checksum/secrets: {{ include "secrets_api" . | sha256sum }}
+    spec:
+      securityContext:
+        {{- .Values.api.securityContext | toYaml | nindent 8 }}
+      restartPolicy: Always
+
+      initContainers:
+        {{- if .Values.api.wait }}
+        # Wait for db
+        - name: wait-db
+          image: jwilder/dockerize
+          imagePullPolicy: IfNotPresent
+          args:
+            - -timeout=300s
+            - -wait=tcp://{{ include "dbHost" . }}:{{ .Values.postgresql.service.port }}
+        {{- end}}
+
+      containers:
+        - name: api
+          image: "{{ .Values.api.image.name }}:{{ .Values.api.image.tag }}"
+          imagePullPolicy: {{ .Values.api.imagePullPolicy }}
+          terminationMessagePolicy: FallbackToLogsOnError
+          env:
+            # DB settings
+            - name: APICURIO_DB_CONNECTION_URL
+              value: {{ include "dbUrl" . | quote }}
+            - name: APICURIO_DB_DRIVER_NAME
+              value: {{ .Values.database.driver | quote }}
+            - name: APICURIO_DB_INITIALIZE
+              value: {{ .Values.database.initialize | quote }}
+            - name: APICURIO_DB_TYPE
+              value: {{ .Values.database.type | quote }}
+            - name: APICURIO_DB_USER_NAME
+              value: {{ .Values.postgresql.postgresqlUsername | quote }}
+
+            # Microcks settings
+            - name: APICURIO_MICROCKS_API_URL
+              value: {{ .Values.microcks.api.url | quote }}
+            - name: APICURIO_MICROCKS_CLIENT_ID
+              value: {{ .Values.microcks.client.id | quote }}
+
+            # Keycloak settings
+            - name: APICURIO_KC_AUTH_URL
+              value: {{ .Values.keycloak.url | quote }}
+            - name: APICURIO_KC_REALM
+              value: {{ .Values.keycloak.realm | quote }}
+            - name: APICURIO_KC_CLIENT_ID
+              value: {{ .Values.keycloak.client.id | quote }}
+
+            # Others
+            - name: APICURIO_SHARE_FOR_EVERYONE
+              value: {{ .Values.general.shareForEveryone | quote }}
+
+            {{- range $key, $value := .Values.api.extraEnvVars }}
+            - name: {{ $key }}
+              value: |-
+                {{- tpl $value $ | nindent 16 }}
+            {{- end }}
+
+          envFrom:
+            - secretRef:
+                name: {{ .Release.Name }}-api
+
+          ports:
+            - containerPort: 8080
+
+          readinessProbe:
+            {{- include "tcpProbe" . | nindent 12 }}
+          livenessProbe:
+            {{- include "tcpProbe" . | nindent 12 }}