This patch introduces a new structure of the it/dep repo.
Components are restructured into a tree. Helm charts are
designed with common templates so that parameters can be
standardized.
This patches introduced installation scripts that take override
value.yaml files for all the helm charts.
Signed-off-by: Zhe Huang <zhehuang@research.att.com>
Change-Id: I44f043f8c7a93fa7f50ac31c37f9cb5e0efbfb53
diff --git a/infra/10-Nexus/bin/install b/infra/10-Nexus/bin/install
new file mode 100755
index 0000000..18102f8
--- /dev/null
+++ b/infra/10-Nexus/bin/install
@@ -0,0 +1,122 @@
+#!/bin/bash
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+OVERRIDEYAML=$1
+
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+source $DIR/../etc/nexus.conf
+
+if [ -z "$RICINFRA_RELEASE_NAME" ];then
+ RELEASE_NAME=$helm_release_name
+else
+ RELEASE_NAME=$RICINFRA_RELEASE_NAME
+fi
+if [ -z "$RICINFRA_NAMESPACE" ];then
+ NAMESPACE=$namespace
+else
+ NAMESPACE=$RICINFRA_NAMESPACE
+fi
+if [ -z "$INGRESS_PORT" ];then
+ INGRESS_PORT_NEXUS=$ingress_port
+else
+ INGRESS_PORT_NEXUS=$INGRESS_PORT
+fi
+
+
+
+echo "Deploying nexus repo managers for local docker registry and helm repo."
+echo "Name Space: $NAMESPACE"
+echo "Helm Release: $RELEASE_NAME"
+
+HOSTPOSTFIX=$(cat $DIR/../charts/values.yaml | grep hostpostfix | awk '{print $2}')
+
+
+echo "****************************************************************************************************************"
+echo " WARNING "
+echo "****************************************************************************************************************"
+
+echo "Nexus is deployed using default admin password. It is not for production deployment."
+echo "If you want to secure the repositories, you should change the admin password immediately."
+echo "You can access this nexus here: http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS"
+echo "If nexus.$HOSTPOSTFIX is not resolved by your DNS server, please add an entry in your /etc/hosts file."
+echo "****************************************************************************************************************"
+
+COMMON_CHART_VERSION=$(cat $DIR/../../50-RIC-Platform/charts/common/Chart.yaml | grep version | awk '{print $2}')
+helm package -d /tmp $DIR/../../50-RIC-Platform/charts/common
+
+cp /tmp/common-$COMMON_CHART_VERSION.tgz $DIR/../charts/charts/
+
+if [ -z $OVERRIDEYAML ]; then
+helm install --namespace "${NAMESPACE}" --name "${RELEASE_NAME}-nexus" $DIR/../charts
+else
+helm install -f $OVERRIDEYAML --namespace "${NAMESPACE}" --name "${RELEASE_NAME}-nexus" $DIR/../charts
+fi
+
+NEXUS_POD_NAME=$(kubectl get pod -n $NAMESPACE | grep nexus | grep ContainerCreating | awk '{print $1}')
+
+
+
+echo "Waiting Nexus to be ready."
+echo " "
+
+sleep 10
+
+IS_NEXUS_READY=$(kubectl logs -n $NAMESPACE $NEXUS_POD_NAME | grep "Started Sonatype Nexus OSS")
+
+COUNTER=1
+while [[ -z $IS_NEXUS_READY ]]; do
+ echo -e "\033[2AWaiting Nexus to be ready."
+ echo -e "\033[2K"
+ PROGRESS=$(printf "%0.s-" $(seq 1 $COUNTER))
+ echo -e "\033[1A$PROGRESS"
+
+
+ COUNTER=$((COUNTER+1))
+ if [ $COUNTER -gt 5 ]; then
+ COUNTER=1
+ fi
+
+ IS_NEXUS_READY=$(kubectl logs -n $NAMESPACE $NEXUS_POD_NAME | grep "Started Sonatype Nexus OSS")
+
+ sleep 5
+done
+
+echo $IS_NEXUS_READY
+
+
+DOCKERPORT=$(cat $DIR/../charts/templates/deployment.yaml | awk '/.*- name: docker.*/{getline; print $2}')
+
+
+DOCKERREPOSCRIPT="{\"name\":\"create_docker_repo\",\
+ \"type\":\"groovy\",\
+ \"content\":\"repository.createDockerHosted('docker.snapshot',\
+ $DOCKERPORT, null, 'default', false, true)\"}"
+
+echo $DOCKERREPOSCRIPT
+
+# This line uses the default admin password
+curl -u admin:admin123 -X POST -H "Content-Type: application/json" --data "$DOCKERREPOSCRIPT" http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script
+
+curl -u admin:admin123 -X POST -H 'Content-Type: text/plain' -H 'Accept: application/json' http://nexus.$HOSTPOSTFIX:$INGRESS_PORT_NEXUS/service/rest/v1/script/create_docker_repo/run
+
+
+
+
+
+
diff --git a/infra/10-Nexus/docker/Dockerfile b/infra/10-Nexus/docker/Dockerfile
new file mode 100644
index 0000000..f61b21c
--- /dev/null
+++ b/infra/10-Nexus/docker/Dockerfile
@@ -0,0 +1,45 @@
+ARG NEXUS_VERSION=3.15.2
+ARG NEXUS_BUILD=01
+
+FROM maven:3-jdk-8-alpine AS aptbuild
+#ARG NEXUS_VERSION=3.14.0
+#ARG NEXUS_BUILD=04
+
+COPY ./nexus-repository-apt /nexus-repository-apt/
+#RUN cd /nexus-repository-apt/; sed -i "s/3.15.2-01/${NEXUS_VERSION}-${NEXUS_BUILD}/g" pom.xml; \
+# mvn;
+RUN cd /nexus-repository-apt/; mvn;
+
+
+FROM maven:3-jdk-8-alpine AS helmbuild
+ARG NEXUS_VERSION=3.15.2
+ARG NEXUS_BUILD=01
+
+COPY ./nexus-repository-helm /nexus-repository-helm/
+RUN cd /nexus-repository-helm/; sed -i "s/3.14.0-04/${NEXUS_VERSION}-${NEXUS_BUILD}/g" pom.xml; \
+ mvn clean package;
+
+
+
+
+FROM sonatype/nexus3:$NEXUS_VERSION
+ARG NEXUS_VERSION=3.15.2
+ARG NEXUS_BUILD=01
+# Will not seem to work in sed without some magick
+ARG APT_VERSION=1.0.10
+ARG COMP_VERSION=1.18
+#ARG COMP_VERSION=1.16.1
+ARG XZ_VERSION=1.8
+ARG APT_TARGET=/opt/sonatype/nexus/system/net/staticsnow/nexus-repository-apt/${APT_VERSION}/
+ARG HELM_VERSION=0.0.7
+ARG TARGET_DIR=/opt/sonatype/nexus/system/org/sonatype/nexus/plugins/nexus-repository-helm/${HELM_VERSION}/
+USER root
+RUN mkdir -p ${APT_TARGET}; \
+ sed -i "s@nexus-repository-maven</feature>@nexus-repository-maven</feature>\n <feature version=\"${APT_VERSION}\" prerequisite=\"false\" dependency=\"false\">nexus-repository-apt</feature>@g" /opt/sonatype/nexus/system/org/sonatype/nexus/assemblies/nexus-core-feature/${NEXUS_VERSION}-${NEXUS_BUILD}/nexus-core-feature-${NEXUS_VERSION}-${NEXUS_BUILD}-features.xml; \
+ sed -i "s@<feature name=\"nexus-repository-maven\"@<feature name=\"nexus-repository-apt\" description=\"net.staticsnow:nexus-repository-apt\" version=\"${APT_VERSION}\">\n <details>net.staticsnow:nexus-repository-apt</details>\n <bundle>mvn:net.staticsnow/nexus-repository-apt/${APT_VERSION}</bundle>\n <bundle>mvn:org.apache.commons/commons-compress/${COMP_VERSION}</bundle>\n <bundle>mvn:org.tukaani/xz/${XZ_VERSION}</bundle>\n </feature>\n <feature name=\"nexus-repository-maven\"@g" /opt/sonatype/nexus/system/org/sonatype/nexus/assemblies/nexus-core-feature/${NEXUS_VERSION}-${NEXUS_BUILD}/nexus-core-feature-${NEXUS_VERSION}-${NEXUS_BUILD}-features.xml;
+COPY --from=aptbuild /nexus-repository-apt/target/nexus-repository-apt-${APT_VERSION}.jar ${APT_TARGET}
+RUN mkdir -p ${TARGET_DIR}; \
+ sed -i 's@nexus-repository-maven</feature>@nexus-repository-maven</feature>\n <feature prerequisite="false" dependency="false">nexus-repository-helm</feature>@g' /opt/sonatype/nexus/system/org/sonatype/nexus/assemblies/nexus-core-feature/${NEXUS_VERSION}-${NEXUS_BUILD}/nexus-core-feature-${NEXUS_VERSION}-${NEXUS_BUILD}-features.xml; \
+ sed -i 's@<feature name="nexus-repository-maven"@<feature name="nexus-repository-helm" description="org.sonatype.nexus.plugins:nexus-repository-helm" version="0.0.7">\n <details>org.sonatype.nexus.plugins:nexus-repository-helm</details>\n <bundle>mvn:org.sonatype.nexus.plugins/nexus-repository-helm/0.0.7</bundle>\n <bundle>mvn:org.apache.commons/commons-compress/1.18</bundle>\n </feature>\n <feature name="nexus-repository-maven"@g' /opt/sonatype/nexus/system/org/sonatype/nexus/assemblies/nexus-core-feature/${NEXUS_VERSION}-${NEXUS_BUILD}/nexus-core-feature-${NEXUS_VERSION}-${NEXUS_BUILD}-features.xml;
+COPY --from=helmbuild /nexus-repository-helm/target/nexus-repository-helm-${HELM_VERSION}.jar ${TARGET_DIR}
+USER nexus
diff --git a/infra/10-Nexus/docker/nexus-repository-helm b/infra/10-Nexus/docker/nexus-repository-helm
new file mode 160000
index 0000000..6de9776
--- /dev/null
+++ b/infra/10-Nexus/docker/nexus-repository-helm
@@ -0,0 +1 @@
+Subproject commit 6de97765b747008e3016f202ccbe2dba18667b83
diff --git a/infra/10-Nexus/etc/nexus.conf b/infra/10-Nexus/etc/nexus.conf
new file mode 100644
index 0000000..cd40a73
--- /dev/null
+++ b/infra/10-Nexus/etc/nexus.conf
@@ -0,0 +1,30 @@
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+
+
+# helm_release_name defines the release name helm will use to deploy nexus
+# It will be overrided by RICINFRA_RELEASE_NAME
+helm_release_name=r0
+
+# namespace defines the namespace that helm will use to deploy nexus
+# It will be overrided by RICINFRA_NAMESPACE
+namespace=ric-infra
+
+# ingress port number of the K8S cluster
+# It will be overrided by INGRESS_PORT
+ingress_port=30000
diff --git a/infra/10-Nexus/helm/.helmignore b/infra/10-Nexus/helm/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/infra/10-Nexus/helm/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/infra/10-Nexus/helm/Chart.yaml b/infra/10-Nexus/helm/Chart.yaml
new file mode 100644
index 0000000..0f3fb98
--- /dev/null
+++ b/infra/10-Nexus/helm/Chart.yaml
@@ -0,0 +1,22 @@
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+appVersion: "1.0"
+description: RIC Aux Nexus Helm Chart
+name: nexus
+version: 1.1.0
diff --git a/infra/10-Nexus/helm/charts/common-1.1.0.tgz b/infra/10-Nexus/helm/charts/common-1.1.0.tgz
new file mode 100644
index 0000000..ccccfe6
--- /dev/null
+++ b/infra/10-Nexus/helm/charts/common-1.1.0.tgz
Binary files differ
diff --git a/infra/10-Nexus/helm/requirements.yaml b/infra/10-Nexus/helm/requirements.yaml
new file mode 100644
index 0000000..aa94575
--- /dev/null
+++ b/infra/10-Nexus/helm/requirements.yaml
@@ -0,0 +1,20 @@
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+dependencies:
+ - name: common
+ version: ~1.1.0
diff --git a/infra/10-Nexus/helm/templates/_helpers.tpl b/infra/10-Nexus/helm/templates/_helpers.tpl
new file mode 100644
index 0000000..9f9800c
--- /dev/null
+++ b/infra/10-Nexus/helm/templates/_helpers.tpl
@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nexus.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "nexus.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nexus.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/infra/10-Nexus/helm/templates/deployment.yaml b/infra/10-Nexus/helm/templates/deployment.yaml
new file mode 100644
index 0000000..d3184c0
--- /dev/null
+++ b/infra/10-Nexus/helm/templates/deployment.yaml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+ name: {{ template "nexus.fullname" . }}
+ labels:
+ app: {{ template "nexus.name" . }}
+ chart: {{ template "nexus.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ template "nexus.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "nexus.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ # volumeMounts:
+ #- name: certs
+ # mountPath: /var/run/certs
+ # readOnly: true
+ ports:
+ - name: nexus
+ containerPort: 8081
+ protocol: TCP
+ - name: docker
+ containerPort: 10001
+ protocol: TCP
+ # livenessProbe:
+ # httpGet:
+ # path: /
+ # port: nexus
+# readinessProbe:
+# httpGet:
+# path: /
+# port: http
+# volumes:
+# - name: certs
+# secret:
+# secretName: {{ template "nexus.name" . }}-certs
diff --git a/infra/10-Nexus/helm/templates/ingress.yaml b/infra/10-Nexus/helm/templates/ingress.yaml
new file mode 100644
index 0000000..1a7522a
--- /dev/null
+++ b/infra/10-Nexus/helm/templates/ingress.yaml
@@ -0,0 +1,28 @@
+{{- $fullName := include "nexus.fullname" . -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ app: {{ template "nexus.name" . }}
+ chart: {{ template "nexus.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ tls:
+ - hosts:
+ - docker.{{ .Values.ingress.hostpostfix }}
+ secretName: {{ include "common.repositorycert" . }}
+ rules:
+ - host: nexus.{{ .Values.ingress.hostpostfix }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ $fullName }}
+ servicePort: nexus
+ - host: docker.{{ .Values.ingress.hostpostfix }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ $fullName }}
+ servicePort: docker
diff --git a/infra/10-Nexus/helm/templates/save-secret-job.yaml b/infra/10-Nexus/helm/templates/save-secret-job.yaml
new file mode 100644
index 0000000..801df24
--- /dev/null
+++ b/infra/10-Nexus/helm/templates/save-secret-job.yaml
@@ -0,0 +1,27 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cert-copy
+spec:
+ template:
+ spec:
+ containers:
+ - name: cert-copy
+ image: alpine
+ command: ["cp", "-rL", "/var/run/certs/..data/tls.crt", "/var/run/certs-copy/"]
+ # command: ["tail", "-f", "/dev/null"]
+ volumeMounts:
+ - name: certs
+ mountPath: /var/run/certs
+ readOnly: true
+ - name: write-to-volume
+ mountPath: /var/run/certs-copy
+ volumes:
+ - name: certs
+ secret:
+ secretName: {{ include "common.repositorycert" . }}
+ - name: write-to-volume
+ hostPath:
+ path: /tmp
+ restartPolicy: Never
+ backoffLimit: 4
diff --git a/infra/10-Nexus/helm/templates/secret-docker.yaml b/infra/10-Nexus/helm/templates/secret-docker.yaml
new file mode 100644
index 0000000..7365f7e
--- /dev/null
+++ b/infra/10-Nexus/helm/templates/secret-docker.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/tls
+metadata:
+ name: {{ include "common.repositorycert" . }}
+ labels:
+ app: {{ template "nexus.name" . }}
+ chart: {{ template "nexus.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ annotations:
+ "helm.sh/hook": "pre-install"
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+data:
+{{ ( include "common.repository.gen-certs" . ) | indent 2 }}
diff --git a/infra/10-Nexus/helm/templates/service.yaml b/infra/10-Nexus/helm/templates/service.yaml
new file mode 100644
index 0000000..cc9b518
--- /dev/null
+++ b/infra/10-Nexus/helm/templates/service.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "nexus.fullname" . }}
+ labels:
+ app: {{ template "nexus.name" . }}
+ chart: {{ template "nexus.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - port: {{ .Values.service.port.nexus }}
+ targetPort: nexus
+ protocol: TCP
+ name: nexus
+ - port: {{ .Values.service.port.docker }}
+ targetPort: docker
+ protocol: TCP
+ name: docker
+ selector:
+ app: {{ template "nexus.name" . }}
+ release: {{ .Release.Name }}
diff --git a/infra/10-Nexus/helm/values.yaml b/infra/10-Nexus/helm/values.yaml
new file mode 100644
index 0000000..d7324f5
--- /dev/null
+++ b/infra/10-Nexus/helm/values.yaml
@@ -0,0 +1,24 @@
+# Default values for nexus.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+# This is the name of K8S secret that contains the docker registry cert
+# You can override this by using
+# repositoryCertOverride: ""
+repositoryCert: docker-reg-certs
+
+# This is designed to be deployed using local image
+image:
+ repository: nexus-repository-helm-apt
+ tag: 1.0.0
+ pullPolicy: Never
+
+service:
+ port:
+ nexus: 80
+ docker: 10001
+ingress:
+ hostpostfix: ricinfra.local
+