From 1e38eeb6bbd8a18e16e27e70b97afc1c1d891510 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Sun, 4 Jun 2023 15:05:01 +0200
Subject: [PATCH] wip

---
 README.md                                     |  16 +-
 fruits-chart/Chart.yaml                       |   5 +
 .../templates/database-operator.yaml          |   6 +-
 fruits-chart/templates/database-vm.yaml       | 160 ++++++++++++++++++
 fruits-chart/templates/deployment.yaml        |  59 +++++++
 fruits-chart/templates/route.yaml             |  20 +++
 fruits-chart/templates/service.yaml           |  23 +++
 fruits-chart/templates/servicebinding.yaml    |  15 ++
 fruits-chart/values.yaml                      |   2 +
 infrastructure/templates/crunchy.yaml         |  14 ++
 infrastructure/templates/fruits-dev.yaml      |  47 ++++-
 .../templates/helmchartrepository.yaml        |  10 ++
 infrastructure/templates/servicebinding.yaml  |  14 ++
 kustomize/postgres/kustomization.yaml         |   4 -
 14 files changed, 377 insertions(+), 18 deletions(-)
 create mode 100644 fruits-chart/Chart.yaml
 rename kustomize/postgres/postgres.yaml => fruits-chart/templates/database-operator.yaml (87%)
 create mode 100644 fruits-chart/templates/database-vm.yaml
 create mode 100644 fruits-chart/templates/deployment.yaml
 create mode 100644 fruits-chart/templates/route.yaml
 create mode 100644 fruits-chart/templates/service.yaml
 create mode 100644 fruits-chart/templates/servicebinding.yaml
 create mode 100644 fruits-chart/values.yaml
 create mode 100644 infrastructure/templates/crunchy.yaml
 create mode 100644 infrastructure/templates/helmchartrepository.yaml
 create mode 100644 infrastructure/templates/servicebinding.yaml
 delete mode 100644 kustomize/postgres/kustomization.yaml

diff --git a/README.md b/README.md
index a22a638..d86a1f7 100644
--- a/README.md
+++ b/README.md
@@ -58,14 +58,10 @@ aws s3api put-bucket-policy --bucket mad-roadshow-france-2023-helm-charts --poli
 }'
 rclone config
 rclone ls aws:mad-roadshow-france-2023-helm-charts
+mkdir -p /tmp/mad-roadshow-france-2023-helm-charts
+helm package -d /tmp/mad-roadshow-france-2023-helm-charts fruits-chart
+helm repo index --url "https://mad-roadshow-france-2023-helm-charts.s3.eu-west-3.amazonaws.com/" "/tmp/mad-roadshow-france-2023-helm-charts"
+rclone sync --delete-after /tmp/mad-roadshow-france-2023-helm-charts aws:mad-roadshow-france-2023-helm-charts
+rclone ls aws:mad-roadshow-france-2023-helm-charts
+curl https://mad-roadshow-france-2023-helm-charts.s3.eu-west-3.amazonaws.com/index.yaml
 ```
-
-## Deploy Postgres CrunchyDB
-
-1. Create a namespace ***preprod-database***
-2. Install the crunchyDB operator
-3. run oc apply -k kustomize/postgres
-
-More details here : https://access.crunchydata.com/documentation/postgres-operator/5.3.1/quickstart/
-
-
diff --git a/fruits-chart/Chart.yaml b/fruits-chart/Chart.yaml
new file mode 100644
index 0000000..f8bc210
--- /dev/null
+++ b/fruits-chart/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: fruits-app
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/kustomize/postgres/postgres.yaml b/fruits-chart/templates/database-operator.yaml
similarity index 87%
rename from kustomize/postgres/postgres.yaml
rename to fruits-chart/templates/database-operator.yaml
index ecf6c0c..5284082 100644
--- a/kustomize/postgres/postgres.yaml
+++ b/fruits-chart/templates/database-operator.yaml
@@ -1,10 +1,11 @@
+{{ if eq .Values.db.deployment "operator" }}
 apiVersion: postgres-operator.crunchydata.com/v1beta1
 kind: PostgresCluster
 metadata:
   name: hippo
 spec:
-  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.2-0
-  postgresVersion: 15
+  image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.7-0
+  postgresVersion: 14
   instances:
     - name: instance1
       dataVolumeClaimSpec:
@@ -25,3 +26,4 @@ spec:
             resources:
               requests:
                 storage: 1Gi
+{{ end }}
diff --git a/fruits-chart/templates/database-vm.yaml b/fruits-chart/templates/database-vm.yaml
new file mode 100644
index 0000000..ddc01fb
--- /dev/null
+++ b/fruits-chart/templates/database-vm.yaml
@@ -0,0 +1,160 @@
+{{ if eq .Values.db.deployment "vm" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: database-cloudinit
+type: Opaque
+stringData:
+  userData: |
+    #cloud-config
+
+    users:
+    - name: nicolas
+      gecos: Nicolas MASSE
+      groups: wheel
+      lock_passwd: false
+      passwd: $6$XUTB20jVVXIqh78k$L1A9Lft5JlbOtNbeDP.fOZ5giLl09LfJGGCon5uwtsIhPJoNkj4SIk08Rb6vSowOps2ik5tlUwT2ZOZ6jjr7.0
+      ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain
+
+    write_files:
+    - path: /etc/sudoers
+      content: |
+        Defaults   !visiblepw
+        Defaults    always_set_home
+        Defaults    match_group_by_gid
+        Defaults    always_query_group_plugin
+        Defaults    env_reset
+        Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
+        Defaults    env_keep += "MAIL QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+        Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
+        Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
+        Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
+        Defaults    secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/var/lib/snapd/snap/bin
+        root    ALL=(ALL)       ALL
+        %wheel  ALL=(ALL)       NOPASSWD: ALL
+        #includedir /etc/sudoers.d
+      permissions: '0440'
+      append: false
+
+    - path: /root/bootstrap.sh
+      content: |
+        #!/bin/bash
+        set -Eeuo pipefail
+        PGSETUP_INITDB_OPTIONS=--auth-host=scram-sha-256 postgresql-setup --initdb --unit postgresql
+        sed -i.bak -E "s/^#*\s*listen_addresses\s*=\s*'[^']*'/listen_addresses = '0.0.0.0'/" /var/lib/pgsql/data/postgresql.conf
+        cat >> /var/lib/pgsql/data/pg_hba.conf <<EOF
+        host    all             all             0.0.0.0/0               scram-sha-256
+        EOF
+        systemctl start postgresql.service
+        systemctl enable postgresql.service
+        cd /tmp
+        sudo -u postgres psql -c "CREATE USER appli WITH ENCRYPTED PASSWORD 'secret'"
+        sudo -u postgres psql -c "CREATE DATABASE appli OWNER 'appli';"
+      permissions: '0755'
+
+    packages:
+    - postgresql-server
+
+    runcmd:
+    - [ "/root/bootstrap.sh" ]
+---
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  labels:
+    app: database
+  name: database
+spec:
+  dataVolumeTemplates:
+  - apiVersion: cdi.kubevirt.io/v1beta1
+    kind: DataVolume
+    metadata:
+      creationTimestamp: null
+      name: database
+    spec:
+      source:
+        http:
+          url: https://download.fedoraproject.org/pub/fedora/linux/releases/38/Cloud/x86_64/images/Fedora-Cloud-Base-38-1.6.x86_64.qcow2
+      pvc:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 6Gi
+  runStrategy: Always
+  template:
+    metadata:
+      annotations:
+        vm.kubevirt.io/flavor: small
+        vm.kubevirt.io/os: fedora
+        vm.kubevirt.io/workload: server
+      creationTimestamp: null
+      labels:
+        kubevirt.io/domain: database
+        kubevirt.io/size: small
+    spec:
+      domain:
+        cpu:
+          cores: 2
+          sockets: 1
+          threads: 1
+        devices:
+          disks:
+          - disk:
+              bus: virtio
+            name: rootdisk
+          - disk:
+              bus: virtio
+            name: cloudinitdisk
+          interfaces:
+          - macAddress: '02:cd:c9:00:00:00'
+            masquerade: {}
+            name: default
+          networkInterfaceMultiqueue: true
+          rng: {}
+        features:
+          acpi: {}
+          smm:
+            enabled: true
+        firmware:
+          bootloader:
+            efi: {}
+        machine:
+          type: pc-q35-rhel8.4.0
+        resources:
+          requests:
+            memory: 2Gi
+      evictionStrategy: LiveMigrate
+      networks:
+      - name: default
+        pod: {}
+      terminationGracePeriodSeconds: 180
+      volumes:
+      - dataVolume:
+          name: database
+        name: rootdisk
+      - cloudInitNoCloud:
+          secretRef:
+            name: database-cloudinit
+        name: cloudinitdisk
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: database
+spec:
+  ports:
+  - name: ssh
+    port: 22
+    protocol: TCP
+    targetPort: 22
+  - name: psql
+    port: 5432
+    protocol: TCP
+    targetPort: 5432
+  selector:
+    kubevirt.io/domain: database
+  type: ClusterIP
+{{ end }}
diff --git a/fruits-chart/templates/deployment.yaml b/fruits-chart/templates/deployment.yaml
new file mode 100644
index 0000000..5b4da53
--- /dev/null
+++ b/fruits-chart/templates/deployment.yaml
@@ -0,0 +1,59 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: fruits
+  labels:
+    app: fruits
+    app.kubernetes.io/component: fruits
+    app.kubernetes.io/instance: fruits
+    app.kubernetes.io/name: fruits
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      deployment: fruits
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        deployment: fruits
+    spec:
+      containers:
+        - resources: {}
+          terminationMessagePath: /dev/termination-log
+          name: fruits
+          env:
+{{ if eq .Values.db.deployment "vm" }}
+          - name: QUARKUS_DATASOURCE_USERNAME
+            value: appli
+          - name: QUARKUS_DATASOURCE_PASSWORD
+            value: secret
+          - name: QUARKUS_DATASOURCE_JDBC_URL
+            value: jdbc:postgresql://database:5432/appli
+          - name: QUARKUS_HIBERNATE_ORM_SQL_LOAD_SCRIPT
+            value: import-prod.sql
+{{ end }}
+{{ if eq .Values.db.deployment "operator" }}
+          - name: QUARKUS_HIBERNATE_ORM_SQL_LOAD_SCRIPT
+            value: import-test.sql
+{{ end }}
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+            - containerPort: 8080
+              protocol: TCP
+          imagePullPolicy: Always
+          terminationMessagePolicy: File
+          image: image-registry.openshift-image-registry.svc:5000/fruits-dev/fruits:latest
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 25%
+      maxSurge: 25%
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600
diff --git a/fruits-chart/templates/route.yaml b/fruits-chart/templates/route.yaml
new file mode 100644
index 0000000..0ee1ccc
--- /dev/null
+++ b/fruits-chart/templates/route.yaml
@@ -0,0 +1,20 @@
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: fruits
+  labels:
+    app: fruits
+    app.kubernetes.io/component: fruits
+    app.kubernetes.io/instance: fruits
+    app.kubernetes.io/name: fruits
+spec:
+  to:
+    kind: Service
+    name: fruits
+    weight: 100
+  port:
+    targetPort: 8080-tcp
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Allow
+  wildcardPolicy: None
diff --git a/fruits-chart/templates/service.yaml b/fruits-chart/templates/service.yaml
new file mode 100644
index 0000000..9d9c1f8
--- /dev/null
+++ b/fruits-chart/templates/service.yaml
@@ -0,0 +1,23 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: fruits
+  labels:
+    app: fruits
+    app.kubernetes.io/component: fruits
+    app.kubernetes.io/instance: fruits
+    app.kubernetes.io/name: fruits
+spec:
+  ports:
+    - name: 8080-tcp
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+    - name: 8443-tcp
+      protocol: TCP
+      port: 8443
+      targetPort: 8443
+  type: ClusterIP
+  sessionAffinity: None
+  selector:
+    deployment: fruits
diff --git a/fruits-chart/templates/servicebinding.yaml b/fruits-chart/templates/servicebinding.yaml
new file mode 100644
index 0000000..e7a1d94
--- /dev/null
+++ b/fruits-chart/templates/servicebinding.yaml
@@ -0,0 +1,15 @@
+{{ if eq .Values.db.deployment "operator" }}
+apiVersion: servicebinding.io/v1beta1
+kind: ServiceBinding
+metadata:
+  name: fruits
+spec:
+  workload:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: fruits
+  service:
+    apiVersion: postgres-operator.crunchydata.com/v1beta1
+    kind: PostgresCluster
+    name: hippo
+{{ end }}
diff --git a/fruits-chart/values.yaml b/fruits-chart/values.yaml
new file mode 100644
index 0000000..5e8622d
--- /dev/null
+++ b/fruits-chart/values.yaml
@@ -0,0 +1,2 @@
+db:
+  deployment: operator # or vm
diff --git a/infrastructure/templates/crunchy.yaml b/infrastructure/templates/crunchy.yaml
new file mode 100644
index 0000000..fcb2df9
--- /dev/null
+++ b/infrastructure/templates/crunchy.yaml
@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+  name: crunchy-postgres-operator
+  namespace: openshift-operators
+spec:
+  channel: v5
+  installPlanApproval: Automatic
+  name: crunchy-postgres-operator
+  source: certified-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: postgresoperator.v5.3.0
diff --git a/infrastructure/templates/fruits-dev.yaml b/infrastructure/templates/fruits-dev.yaml
index d64e664..736a315 100644
--- a/infrastructure/templates/fruits-dev.yaml
+++ b/infrastructure/templates/fruits-dev.yaml
@@ -65,6 +65,38 @@ subjects:
   name: stackrox-hook
   namespace: stackrox
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: test-can-pull
+  namespace: fruits-dev
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:image-puller
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: fruits-test
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: prod-can-pull
+  namespace: fruits-dev
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:image-puller
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: fruits-prod
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -233,7 +265,7 @@ spec:
     - name: deploy-in-test
       params:
         - name: SCRIPT
-          value: oc rollout status deploy/$(params.APP_NAME) -n test
+          value: oc delete pods -l deployment=$(params.APP_NAME) -n fruits-test
       runAfter:
         - build
       taskRef:
@@ -254,7 +286,7 @@ spec:
     - name: deploy-in-prod
       params:
         - name: SCRIPT
-          value: oc rollout status deploy/$(params.APP_NAME) -n prod
+          value: oc delete pods -l deployment=$(params.APP_NAME) -n fruits-prod
       runAfter:
         - slack-approval
       taskRef:
@@ -263,3 +295,14 @@ spec:
 
   workspaces:
     - name: workspace
+---
+apiVersion: image.openshift.io/v1
+kind: ImageStream
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: fruits
+  namespace: fruits-dev
+spec:
+  lookupPolicy:
+    local: false
diff --git a/infrastructure/templates/helmchartrepository.yaml b/infrastructure/templates/helmchartrepository.yaml
new file mode 100644
index 0000000..907001b
--- /dev/null
+++ b/infrastructure/templates/helmchartrepository.yaml
@@ -0,0 +1,10 @@
+apiVersion: helm.openshift.io/v1beta1
+kind: HelmChartRepository
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  name: fruits-charts
+spec:
+  name: fruits-charts
+  connectionConfig:
+    url: https://mad-roadshow-france-2023-helm-charts.s3.eu-west-3.amazonaws.com
diff --git a/infrastructure/templates/servicebinding.yaml b/infrastructure/templates/servicebinding.yaml
new file mode 100644
index 0000000..7add1b0
--- /dev/null
+++ b/infrastructure/templates/servicebinding.yaml
@@ -0,0 +1,14 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+  name: rh-service-binding-operator
+  namespace: openshift-operators
+spec:
+  channel: stable
+  installPlanApproval: Automatic
+  name: rh-service-binding-operator
+  source: redhat-operators
+  sourceNamespace: openshift-marketplace
+  startingCSV: service-binding-operator.v1.3.3
diff --git a/kustomize/postgres/kustomization.yaml b/kustomize/postgres/kustomization.yaml
deleted file mode 100644
index 249b410..0000000
--- a/kustomize/postgres/kustomization.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-namespace: postgres-operator
-
-resources:
-- postgres.yaml