Release Crowd Helm Chart (#45)

Signed-off-by: Oliver Bähler <[email protected]>
bedag · Apr 13, 2021 · e1b3fad · e1b3fad
1 parent 700199d
commit e1b3fad
Show file tree

Hide file tree

Showing 13 changed files with 1,916 additions and 0 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -97,6 +97,12 @@ The documentation for each chart is done with [helm-docs](https://github.com/nor
 
 See [here](https://github.com/norwoodj/helm-docs#installation) how to install the tool. Don't forget to execute `helm-docs` before pushing ;), our workflows will check that.
 
+We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible, might require sudo privileges):
+
+``` 
+bash scripts/helm-docs.sh 
+``` 
+
 **NOTE**: When creating your own `README.md.gotmpl`, don't forget to add it to your `.helmignore` file.
 
 ### Major Changes

diff --git a/charts/crowd/.helmignore b/charts/crowd/.helmignore
@@ -0,0 +1,29 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+# Custom
+values_*
+README.md.gotmpl
+.kube-linter.yaml
+examples/
diff --git a/charts/crowd/.kube-linter.yaml b/charts/crowd/.kube-linter.yaml
@@ -0,0 +1,5 @@
+---
+checks:
+  exclude:
+    - (( prepend ))
+    - "run-as-non-root"
diff --git a/charts/crowd/Chart.yaml b/charts/crowd/Chart.yaml
@@ -0,0 +1,29 @@
+apiVersion: v2
+name: crowd
+description: Manage users from multiple directories - Active Directory, LDAP, OpenLDAP or Microsoft Azure AD - and control application authentication permissions in one single location
+type: application
+version: 0.4.0
+appVersion: 4.2.3
+keywords:
+  - atlassian
+  - crowd
+  - data center
+home: https://www.atlassian.com/software/crowd
+icon: https://media.trustradius.com/product-logos/CP/PJ/9AQZ6ALXTFKJ-180x180.PNG
+sources:
+  - https://hub.docker.com/r/atlassian/crowd
+maintainers:
+  - name: SRE
+    email: [email protected]
+dependencies:
+- name: manifests
+  version: "~0.5.0"
+  repository: https://bedag.github.io/helm-charts
+annotations:
+  artifacthub.io/containsSecurityUpdates: "false"
+  artifacthub.io/prerelease: "false"  
+  artifacthub.io/changes: |
+    - "[Added]: Chart Release"
+  artifacthub.io/images: |
+    - name: crowd
+      image: atlassian/crowd:4.2.3
diff --git a/charts/crowd/README.md b/charts/crowd/README.md
diff --git a/charts/crowd/README.md.gotmpl b/charts/crowd/README.md.gotmpl
@@ -0,0 +1,165 @@
+# Crowd
+
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{/*
+  Chart Maintainers
+*/}}
+{{ template "chart.maintainersSection" . }}
+
+{{/*
+  Chart Requirements
+*/}}
+{{ template "chart.requirementsSection" . }}
+
+{{/*
+  Chart Sources
+*/}}
+{{ template "chart.sourcesSection" . }}
+
+# Major Changes
+
+Major Changes to functions are documented with the version affected. **Before upgrading the dependency version, check this section out!**
+
+| **Change** | **Chart Version** | **Description** | **Commits/PRs** |
+| :----------- | :---------------- | :--------------------- | :-------------- |
+|||||
+
+
+{{/*
+  Chart Values
+*/}}
+{{ template "chart.valuesSection" . }}
+
+This Chart implements the Bedag Manifest Chart. Therefor there are a lot of values for you to play around.
+
+## Configuration
+
+Generally Configuration for Crowd is done via Environment variables. See all the possible configurations on the [Crowd Docker Image](https://hub.docker.com/r/atlassian/crowd). Our intent with this chart is to keep configurations and resource layout as flexible as possible. This way have the possibility the deploy Crowd to your needs.
+
+
+### Server Mode (Standalone)
+
+When running Crowd in Server Mode, you can have a single instance of Crowd running simultaneously.
+
+To Run Crowd in Server Mode, simply toggle the `crowd.cluster.enabled` option to `false`:
+
+```
+crowd:
+  cluster:
+    enabled: false
+```
+
+### Data Center Mode (Clustered)
+
+When running Crowd in Data Center Mode, you have the ability to have multiple Crowd instances running at once, providing a HA setup. For more information read about [Crowd Data Center](https://www.atlassian.com/enterprise/data-center/crowd)
+
+To run Crowd in Data Center Mode, simply toggle the `crowd.cluster.enabled` option to `true`:
+
+```
+crowd:
+  cluster:
+    enabled: true
+```
+
+By enabling clustered mode, you enable the following resources, which aren't available in standalone mode:
+
+  * [Horizontal Pod Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
+  * [Shared PVC](https://kubernetes.io/docs/concepts/storage/persistent-volumes/)
+
+These are only useful when running Data Center Mode.
+
+### Persistence (Server/Data Center)
+
+Read the following before configuring persistence for your Crowd instance.
+
+Currently there are three default mounts supported by this chart:
+
+  * `$.Values.home` - Mounts a volume to the entire Crowd home directory (`$.Values.crowd.home`)
+  * `$.Values.shared` - Mounts a volume to the `shared` directory in the Crowd home (Data Center only)
+
+If that doesn't fit your setup, you can add your volumes/volumemounts through given values and disable the named volumes.
+
+#### Disable Persistence
+
+Disable all the predefined persistence from the chart (Will disable all the above mentioned mounts):
+
+```
+crowd:
+  persistence: false
+```
+
+Disable persistence for the Home directory
+
+```
+home:
+  enabled: false
+```
+
+Disable persistence for the Shared directory (Data Center Only)
+
+```
+shared:
+  enabled: false
+```
+
+### Tomcat Proxy
+
+If your Crowd instance is deployed behind a reverse proxy/ingress, then you will need to specify the following environment variables
+
+```
+- name: ATL_PROXY_NAME
+  value: "{ (index .Values.ingress.hosts 0).host }"
+- name: ATL_PROXY_PORT
+  value: "443"
+- name: ATL_TOMCAT_SCHEME
+  value: "https"
+- name: ATL_TOMCAT_SECURE
+  value: "true"
+```
+
+More information about the image can be found on the [Crowd documentation](https://hub.docker.com/r/atlassian/crowd).
+
+### VolumePermissions
+
+VolumePermissions is a slim initContainer, which sets the correct permissions on all the mounts. This is effectively required only the first time the application is deployed. We recommend disabling it when having large data directories in your jira home, since the startup could extend to several minutes. Disable volumePermissions like:
+
+```
+volumePermissions:
+  enabled: false
+```
+
+## Known Issues/Solutions
+
+Here we have documented some issues and solutions while running Crowd on Kubernetes.
+
+### Data Center Setup 
+
+Here's how we got Crowd in Data Center working.
+
+  1. Spin up the first deployment with a single Pod.
+  2. Go through the setup via Web interface (Setup license etc.)
+    * When altering the Database configuration crowd will reload itself. **Don't** touch anything while it's doing that. Watch the logs and reaccess is via Web Interface only after it says it's ready. We had very weird behaviors when not doing so.
+  3. When the instance is functional, scale up the amount of pods and confirm they are joining the cluster.
+
+If you encounter any other issues or have tips, let us know.
+
+### Database Changelog Lock
+
+This can happen when the livenessprobe kills crowd to early. You will find the following message in your pod (and it will be crashing):
+
+``` 
+[liquibase] Waiting for changelog lock....
+```
+
+You will need to do some fixing in the database. [See the following article for more](https://confluence.atlassian.com/crowdkb/crowd-server-does-not-start-could-not-acquire-change-log-lock-1019399699.html). To prevent this, increase the `initialDelaySeconds` value for the livenessProbe.
+
+
+
+
diff --git a/charts/crowd/templates/NOTES.txt b/charts/crowd/templates/NOTES.txt
@@ -0,0 +1,24 @@
+  Next Steps
+
+    1. Visit the Crowd Setup page and finish the setup manually:
+
+        {{ include "bedag-lib.utils.notes.public" (dict "ingress" $.Values.ingress "service" $.Values.service "context" $)| indent 8 }}
+
+
+    NOTE: Before you can join additional nodes go through the setup process and complete it. Otherwise you
+      will have a hard time bootstraping the Crowd cluster.
+
+    2. Confirm Crowd Setup is complete:
+
+        {{ include "bedag-lib.utils.notes.public" (dict "path" "/crowd/console/setup/setuplicense.action" "ingress" $.Values.ingress "service" $.Values.service "context" $) | indent 8 }}
+
+
+    3. Configure Crowd to your needs.
+
+  Upgrade
+
+    To upgrade your Crowd cluster, first visit the upgrade page:
+
+      * https://confluence.atlassian.com/crowd/upgrading-crowd-22544441.html
+
+    Then you can simply change the image tag to the newer version. For more details take a look at the README.md.
diff --git a/charts/crowd/templates/_crowd.tpl b/charts/crowd/templates/_crowd.tpl
@@ -0,0 +1,90 @@
+{{/*
+ Crowd Component Label
+*/}}
+{{- define "crowd.component" -}}
+app.kubernetes.io/component: "crowd"
+{{- end -}}
+
+{{/*
+Crowd Mode Label
+*/}}
+{{- define "crowd.mode" -}}
+  {{- if $.Values.crowd.cluster.enabled -}}
+atlassian.com/mode: "clustered"
+  {{- else -}}
+atlassian.com/mode: "standalone"
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Crowd Labels
+*/}}
+{{- define "crowd.Labels" -}}
+atlassian.com/component: "crowd"
+app.kubernetes.io/part-of: "crowd"
+{{ include "crowd.mode" $ | indent 0 }}
+{{- end -}}
+
+{{/*
+Crowd Home
+*/}}
+{{- define "crowd.home" -}}
+{{ .Values.crowd.home | trimSuffix "/" }}
+{{- end -}}
+
+{{/*
+  Crowd JVM Arguments
+*/}}
+{{- define "crowd.jvm_args" -}}
+{{ if $.Values.crowd.jvm_args }}{{- include "lib.utils.strings.stringify" (dict "list" $.Values.crowd.jvm_args "delimiter" "  " "context" $) }}{{- end }} {{ include "bedag-lib.utils.helpers.javaProxies" (dict "proxy" $.Values.proxy "context" $) }}
+{{- end -}}
+
+{{/*
+  Crowd Catalina Options
+*/}}
+{{- define "crowd.catalina_opts" -}}
+{{ if $.Values.crowd.cluster.enabled }}{{ if $.Values.crowd.cluster.nodeName }}-Dcluster.node.name="$POD_NAME"{{ end }}{{ end }}{{ if $.Values.crowd.catalina_opts }}{{- include "lib.utils.strings.stringify" (dict "list" $.Values.crowd.catalina_opts "delimiter" "  " "context" $) }}{{- end }} 
+{{- end -}}
+
+
+{{/*
+  Crowd Volumepermission Preset
+*/}}
+{{- define "crowd.volumePermission.values" -}}
+  {{- if $.Values.volumePermissions.enabled }}
+enabled: true
+    {{- if or (and $.Values.crowd.persistence (or (and $.Values.crowd.clustered $.Values.shared.enabled) $.Values.home.enabled)) $.Values.volumePermissions.volumeMounts }}
+volumeMounts:
+      {{- if $.Values.volumePermissions.volumeMounts }}
+        {{- toYaml $.Values.volumePermissions.volumeMounts | nindent 2 }}
+      {{- end }}
+      {{- if $.Values.crowd.persistence }}
+        {{- if and $.Values.crowd.clustered $.Values.shared.enabled }}
+  - name: shared
+    mountPath: /crowd/share
+        {{- end }}
+        {{- if $.Values.home.enabled }}
+  - name: home
+    mountPath: /crowd/data
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- else }}
+enabled: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+  Crowd Environment Variables based on Configuration
+*/}}
+{{- define "crowd.configuration" -}}
+- name: "JVM_MINIMUM_MEMORY"
+  value: {{ $.Values.crowd.memory.min }}
+- name: "JVM_MAXIMUM_MEMORY"
+  value: {{ $.Values.crowd.memory.max }}
+- name: "CROWD_HOME"
+  value: {{ template "crowd.home" . }}
+- name: "ATL_TOMCAT_PORT"
+  value: {{ $.Values.crowd.port | quote }}
+{{- end -}}