Skip to content

Commit

Permalink
feat: initial helm charts
Browse files Browse the repository at this point in the history
fixes: #3063
  • Loading branch information
stuartwdouglas committed Oct 10, 2024
1 parent 1775e8f commit 5265fc2
Show file tree
Hide file tree
Showing 34 changed files with 704 additions and 466 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,4 @@ junit*.xml
.ftl.lock
docker-build/
**/.ftl
charts/charts/
3 changes: 2 additions & 1 deletion Dockerfile.controller
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ COPY . /src/
RUN just errtrace
# Reset timestamps so that the build state is reset
RUN git ls-files -z | xargs -0 touch -r go.mod
RUN just build ftl-controller
RUN just build ftl-controller ftl-initdb

# Finally create the runtime image.
FROM scratch
Expand All @@ -37,6 +37,7 @@ COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
WORKDIR /service/

COPY --from=builder /src/build/release/ftl-controller .
COPY --from=builder /src/build/release/ftl-initdb . #TODO: do we want to have a separate image for this?

EXPOSE 8891
EXPOSE 8892
Expand Down
50 changes: 50 additions & 0 deletions Dockerfile.initdb
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
FROM ubuntu:24.04 AS builder
RUN apt-get update
RUN apt-get install -y curl git zip

# Copy Hermit bin stubs and install all packages. This is done
# separately so that Docker will cache the tools correctly.
COPY ./bin /src/bin
ENV PATH="/src/bin:$PATH"
WORKDIR /src

# Seed some of the most common tools - this will be cached
RUN go version
RUN node --version

# Download Go dependencies separately so Docker will cache them
COPY go.mod go.sum ./
RUN go mod download -x

# Download PNPM dependencies separately so Docker will cache them
COPY frontend/console/package.json ./frontend/console/
COPY frontend/vscode/package.json ./frontend/vscode/
COPY pnpm-workspace.yaml pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile

# Build
COPY . /src/
RUN just errtrace
# Reset timestamps so that the build state is reset
RUN git ls-files -z | xargs -0 touch -r go.mod
RUN just build ftl-controller

# Finally create the runtime image.
FROM scratch

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

WORKDIR /service/

COPY --from=builder /src/build/release/ftl-controller .
COPY --from=builder /src/build/release/ftl-initdb . #TODO: Remove this line, we need a different migration image, this will get us moving for now though

EXPOSE 8891
EXPOSE 8892

ENV FTL_CONTROLLER_BIND="http://0.0.0.0:8892"
ENV FTL_CONTROLLER_ADVERTISE="http://127.0.0.1:8892"
ENV FTL_CONTROLLER_CONSOLE_URL="*"
ENV FTL_CONTROLLER_DSN="postgres://host.docker.internal/ftl?sslmode=disable&user=postgres&password=secret"

CMD ["/service/ftl-controller"]
3 changes: 3 additions & 0 deletions Justfile
Original file line number Diff line number Diff line change
Expand Up @@ -264,3 +264,6 @@ build-docker name:
-t ftl0/ftl-{{name}}:"${GITHUB_SHA:-$(git rev-parse HEAD)}" \
-t ftl0/ftl-{{name}}:latest \
-f Dockerfile.{{name}} .

chart *args:
@cd charts && just {{args}}
9 changes: 9 additions & 0 deletions charts/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
dependencies:
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 15.5.29
- name: harbor
repository: https://helm.goharbor.io
version: 1.15.1
digest: sha256:54ee3d28306509e5360950f19a6ff0add5552f2a90adef6c50dcecf77d7fd119
generated: "2024-10-10T14:53:25.059332+11:00"
17 changes: 17 additions & 0 deletions charts/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: v2
name: ftl
description: |
A Helm chart for Kubernetes that deploys FTL
home: https://github.com/TBD54566975/ftl
version: 0.0.1
appVersion: v0.354.1

dependencies:
- name: postgresql
version: 15.5.29
repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled
- name: harbor
version: v1.15.1
repository: https://helm.goharbor.io
condition: harbor.enabled
5 changes: 5 additions & 0 deletions charts/Justfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
_help:
@just -l

dep-update:
helm dep update .
44 changes: 44 additions & 0 deletions charts/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ftl.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{/*
Common labels
*/}}
{{- define "ftl.labels" -}}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app.kubernetes.io/name: {{ include "ftl.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.customLabels -}}
{{ toYaml .Values.customLabels }}
{{- end -}}
{{- end -}}

{{/*
Selector labels
*/}}
{{- define "ftl-controller.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ftl.fullname" . }}
app.kubernetes.io/component: controller
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- define "ftl-runner.selectorLabels" -}}
app.kubernetes.io/name: {{ include "ftl.fullname" . }}
app.kubernetes.io/component: runner
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
48 changes: 48 additions & 0 deletions charts/templates/controller-role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ftl.fullname" . }}-controller
namespace: {{ .Release.Namespace }}
{{- if .Values.controller.controllersRoleArn }}
annotations:
eks.amazonaws.com/role-arn: {{ .Values.controller.controllersRoleArn }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "ftl.fullname" . }}-controller
labels:
{{- include "ftl.labels" . | nindent 4 }}
rules:
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get", "list", "watch", "delete", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "services" , "serviceaccounts"]
verbs: [ "get", "list", "watch", "delete", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "configmaps" ]
resourceNames:
- ftl-controller-deployment-config
verbs: [ "get"]
- apiGroups: [ "security.istio.io" ]
resources: [ "authorizationpolicies" ]
verbs: [ "get", "list", "watch", "delete", "create", "update", "patch" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "ftl.fullname" . }}-controller
labels:
{{- include "ftl.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ftl.fullname" . }}-controller
subjects:
- kind: ServiceAccount
name: {{ include "ftl.fullname" . }}-controller
46 changes: 46 additions & 0 deletions charts/templates/controller-services.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "ftl.labels" . | nindent 4 }}
name: {{ include "ftl.fullname" . }}-controller
{{- if .Values.controller.service.annotations }}
annotations:
{{- toYaml .Values.controller.service.annotations | nindent 4 }}
{{- end }}
spec:
ports:
{{- range .Values.controller.service.ports }}
- name: {{ .name }}
port: {{ .port }}
protocol: {{ .protocol | default "TCP" }}
{{- if .appProtocol }}
appProtocol: {{ .appProtocol }}
{{- end }}
targetPort: {{ .targetPort }}
{{- end }}
selector:
{{- include "ftl-controller.selectorLabels" . | nindent 4 }}
type: {{ .Values.controller.service.type | default "ClusterIP" }}
---
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "ftl.labels" . | nindent 4 }}
name: {{ include "ftl.fullname" . }}-controller-ingress
{{- if .Values.controller.ingressService.annotations }}
annotations:
{{- toYaml .Values.controller.ingressService.annotations | nindent 4 }}
{{- end }}
spec:
ports:
{{- range .Values.controller.ingressService.ports }}
- name: {{ .name }}
port: {{ .port }}
protocol: {{ .protocol | default "TCP" }}
targetPort: {{ .targetPort }}
{{- end }}
selector:
{{- include "ftl-controller.selectorLabels" . | nindent 4 }}
type: {{ .Values.controller.ingressService.type | default "ClusterIP" }}
85 changes: 85 additions & 0 deletions charts/templates/controller.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ftl.fullname" . }}-controller
labels:
{{- include "ftl.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.controller.replicas }}
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "ftl-controller.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "ftl-controller.selectorLabels" . | nindent 8 }}
{{- if .Values.controller.podAnnotations }}
annotations:
{{- toYaml .Values.controller.podAnnotations | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "ftl.fullname" . }}-controller
containers:
- name: app
image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
{{- if .Values.controller.envFrom }}
envFrom:
{{- if .Values.controller.envFrom }}
{{- toYaml .Values.controller.envFrom | nindent 12 }}
{{- end }}
{{- else if or .Values.secrets.logEncryptionKey .Values.secrets.asyncEncryptionKey }}
envFrom:
- secretRef:
name: {{ include "ftl.fullname" . }}-secrets
{{- end }}
env:
{{- if .Values.controller.env }}
{{- toYaml .Values.controller.env | nindent 12 }}
{{- end }}
{{- if not .Values.postgresql.enabled }}
- name: FTL_CONTROLLER_DSN
value: "{{ .Values.controller.dbConnectionString }}"
{{- else }}
- name: FTL_CONTROLLER_DSN
value: "postgres://{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.global.postgresql.auth.database }}?sslmode=disable&user={{ .Values.postgresql.global.postgresql.auth.username }}&password={{ .Values.postgresql.global.postgresql.auth.password }}"
{{- end }}
{{- if .Values.controller.kmsUri }}
- name: FTL_KMS_URI
value: "{{ .Values.controller.kmsUri }}"
{{- end }}
ports:
{{- range .Values.controller.ports }}
- name: {{ .name }}
containerPort: {{ .containerPort }}
protocol: {{ .protocol | default "TCP" }}
{{- end }}
readinessProbe:
{{- if .Values.controller.readinessProbe }}
{{- toYaml .Values.controller.readinessProbe | nindent 12 }}
{{- else }}
httpGet:
path: /healthz
port: 8892
initialDelaySeconds: 1
periodSeconds: 2
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 15
{{- end }}
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.affinity }}
affinity:
{{- toYaml .Values.controller.affinity | nindent 8 }}
{{- end }}
{{- if .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml .Values.controller.topologySpreadConstraints | nindent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{- toYaml .Values.controller.tolerations | nindent 8 }}
{{- end }}
Loading

0 comments on commit 5265fc2

Please sign in to comment.