Merge pull request #34 from ripienaar/ajts

new chart for asyncjobs task scheduler

README.md

@@ -1,12 +1,12 @@
 ## Choria Helm Chart Repository
 
-This is a repository of Helm Charts related to the [Choria](https://choria.io) eco system.
+This is a repository of Helm Charts related to the [Choria](https://choria.io) ecosystem.
 
 This is a work in progress and not yet ready for wider use.
 
 ## Installation
 
-To use this repository you have to add it to your Helm installtion:
+To use this repository you have to add it to your Helm installation:
 
 ```
 $ helm repo add choria https://choria-io.github.io/helm
@@ -17,7 +17,7 @@ $ helm repo update
 
 It's best to install the Choria components in their own Namespace but Helm cannot create this for you.
 
-By default these Charts assume Namespace `choria`:
+By default, these Charts assume Namespace `choria`:
 
 ```nohighlight
 $ kubectl create namespace choria
@@ -40,13 +40,21 @@ The charts that do integrate with the CA all default to `choria-ca` as Issuer na
 
 The [ca](https://github.com/choria-io/helm/tree/master/charts/ca) chart can create the Issuer, Role, RoleBindings and ServiceAccount needed.
 
-## Charts
+## Choria Orchestrator related charts
 
-|Chart|Description|
-|-----|-----------|
-|[broker](https://github.com/choria-io/helm/tree/master/charts/broker)|Installs and configure [Choria Broker](https://github.com/choria-io/go-choria)|
-|[ca](https://github.com/choria-io/helm/tree/master/charts/ca)|Creates a self hosted CA integrated with [Cert Manager](https://cert-manager.io)|
-|[provisioner](https://github.com/choria-io/helm/tree/master/charts/provisioner)|Installs and configure [Choria Provisioner](https://github.com/choria-io/provisioning-agent)|
-|[aaasvc](https://github.com/choria-io/helm/tree/master/charts/aaasvc)|Installs and configures [Choria AAA Service](https://github.com/choria-io/aaasvc)|
-|[tally](https://github.com/choria-io/helm/tree/master/charts/tally)|Installs and configure Network Tally|
+| Chart                                                                           | Description                                                                                  |
+|---------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|
+| [broker](https://github.com/choria-io/helm/tree/master/charts/broker)           | Installs and configure [Choria Broker](https://github.com/choria-io/go-choria)               |
+| [ca](https://github.com/choria-io/helm/tree/master/charts/ca)                   | Creates a self hosted CA integrated with [Cert Manager](https://cert-manager.io)             |
+| [provisioner](https://github.com/choria-io/helm/tree/master/charts/provisioner) | Installs and configure [Choria Provisioner](https://github.com/choria-io/provisioning-agent) |
+| [aaasvc](https://github.com/choria-io/helm/tree/master/charts/aaasvc)           | Installs and configures [Choria AAA Service](https://github.com/choria-io/aaasvc)            |
+| [tally](https://github.com/choria-io/helm/tree/master/charts/tally)             | Installs and configure Network Tally                                                         |
 
+## Other Charts
+
+These Charts are for other parts of the Choria Ecosystem and do not require things like the above-mentioned Certificate
+Authority and can use any namespace.
+
+| Chart                                                                                                     | Description                                                                      |
+|-----------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------|
+| [asyncjobs-task-scheduler](https://github.com/choria-io/helm/tree/master/charts/asyncjobs-task-scheduler) | Configures an [asyncjobs](https://github.com/choria-io/asyncjobs) Task Scheduler |

charts/asyncjobs-task-scheduler/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+name: asyncjobs-task-scheduler
+version: 0.0.1
+appVersion: 0.5.0
+description: Choria Asynchronous Jobs Task Scheduler
+keywords:
+  - choria
+  - middleware
+  - go
+  - golang
+  - scheduler
+  - asynchronous
+home: https://github.com/choria-io/asyncjobs
+sources:
+  - https://github.com/choria-io/asyncjobs
+maintainers:
+  - name: R.I.Pienaar
+    email: [email protected]
+    url: https://choria.io
+icon: https://choria.io/img/choria.png
+

charts/asyncjobs-task-scheduler/README.md

@@ -0,0 +1,68 @@
+## Choria Asynchronous Jobs Task Scheduler
+
+This Helm chart installs the [Choria Asynchronous Jobs](https://github.com/choria-io/asyncjobs) Task Scheduler used
+to support cron-like [Scheduled Task](https://github.com/choria-io/asyncjobs/wiki/Scheduled-Tasks) creation.
+
+## Requirements
+
+### JetStream
+
+You will need a NATS JetStream server such as the one provided by [Choria Streams](choria.io/docs/streams/) or one deployed
+using the [NATS Helm Charts](https://github.com/nats-io/k8s).
+
+### Namespace
+
+You need to create a namespace to run the related services in, you could use default but that is not recommended. We'll
+assume you created one called `asyncjobs`
+
+```nohighlight
+$ kubectl create namespace asyncjobs
+```
+
+### NATS Connection Context
+
+You will need username, password, credentials, TLS files and anything else you need for the connection to NATS.
+
+In my case I needed a set of TLS certificates and keys, I store this in a secret called `asyncjobs-tls`.
+
+```nohighlight
+$ find asyncjobs/task-scheduler
+asyncjobs/task-scheduler/secret
+asyncjobs/task-scheduler/secret/tls.crt
+asyncjobs/task-scheduler/secret/tls.key
+asyncjobs/task-scheduler/secret/ca.crt
+$ kubectl -n asyncjobs create secret generic task-scheduler-tls --from-file asyncjobs/task-scheduler/secret
+```
+
+You'll see that the chart will mount your secret in `/etc/asyncjobs/secret` so you can reference those in your values later.
+
+In my case the context is made using this:
+
+```
+taskScheduler:
+  sslSecret: task-scheduler-tls
+  context:
+    url: nats://broker-broker-ss:4222
+    ca: /etc/asyncjobs/secret/ca.crt
+    key: /etc/asyncjobs/secret/tls.key
+    cert: /etc/asyncjobs/secret/tls.crt
+```
+
+Valid keys are: `url`, `token`, `user`, `password`, `creds` (path to a file), `nkey` (path to a file), `cert`, `key`, `ca`,
+`jetstream_domain`, `jetstream_api_prefix`, `inbox_prefix`.
+
+## Values
+
+| Variable                  | Description                                                      | Default            |
+|---------------------------|------------------------------------------------------------------|--------------------|
+| `image.registry`          | Domain name of the docker registry hosting your image            | `docker.io`        |
+| `image.repository`        | The docker repository with the image                             | `choria/asyncjobs` |
+| `image.tag`               | The tag to deploy                                                | `latest`           |
+| `image.pullPolicy`        | The kubernetes pull policy to use                                | `Always`           |
+| `image.pullSecret`        | If you need a secret to access a private repository specify here | `""`               |
+| `podAnnotations`          | Additional annotations to apply to the pod                       | `{}`               |
+| `podLabels`               | Additional labels to apply to the pod                            | `{}`               |
+| `prometheus.enabled`      | Add annotations for prometheus discovery                         | `true`             |
+| `taskScheduler.replicas`  | How many instances to run                                        | `2`                |
+| `taskScheduler.sslSecret` | An optional secret to mount onto `/etc/asyncjobs/secret`         | `""`               |
+| `taskScheduler.context`   | A required NATS connection context, see above                    | `{}`               |

charts/asyncjobs-task-scheduler/templates/_helpers.tpl

@@ -0,0 +1,3 @@
+{{- define "ajcts.fullname" -}}
+{{- printf "%s-%s" $.Release.Name .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/asyncjobs-task-scheduler/templates/context.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "ajcts.fullname" . }}-context
+  namespace: {{ .Release.Namespace }}
+data:
+  AJC.json: |-
+{{ .Values.taskScheduler.context | toJson | indent 5 }}

charts/asyncjobs-task-scheduler/templates/deployment.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "ajcts.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.taskScheduler.replicas }}
+  selector:
+    matchLabels:
+      app: asyncjobs-task-scheduler
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        {{- if .Values.prometheus.enabled }}
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8080"
+        {{- end }}
+        {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+        {{- end }}
+
+      labels:
+        app: asyncjobs-task-scheduler
+      {{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+      {{- end }}
+
+    spec:
+      {{- if .Values.image.pullSecret }}
+      imagePullSecrets:
+        - name: {{ .Values.image.pullSecret }}
+      {{- end }}
+      securityContext:
+        runAsUser: 2048
+        fsGroup: 2048
+
+      containers:
+        - name: asyncjobs-task-scheduler
+          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          command: ["/bin/sh","-c"]
+          args:
+           - "/usr/bin/ajc task cron scheduler ${HOSTNAME} --monitor 8080"
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: context
+              mountPath: "/home/asyncjobs/.config/nats/context"
+              readOnly: true
+          {{- if .Values.taskScheduler.sslSecret }}
+            - name: ssl-secret
+              mountPath: "/etc/asyncjobs/secret"
+              readOnly: true
+          {{- end }}
+
+      volumes:
+        - name: context
+          configMap:
+            name: {{ template "ajcts.fullname" . }}-context
+        {{- if .Values.taskScheduler.sslSecret }}
+        - name: ssl-secret
+          secret:
+            secretName: "{{ .Values.taskScheduler.sslSecret }}"
+        {{- end }}

charts/asyncjobs-task-scheduler/values.yaml

@@ -0,0 +1,28 @@
+# details about where to get the image and secret to use for it
+image:
+  registry: docker.io
+  repository: choria/asyncjobs
+  tag: latest
+  pullPolicy: Always
+  pullSecret: ""
+
+# additional annotations to apply to pods
+podAnnotations: {}
+
+# additional labels to apply to pods
+podLabels: {}
+
+# configures exposing of prometheus data on /metrics
+prometheus:
+  # sets annotations for prometheus discovery
+  enabled: true
+
+taskScheduler:
+  # run multiple instances, leader election will elect one of them active
+  replicas: 2
+
+  # if set mounts the secret on /etc/asyncjobs/secret
+  sslSecret: ~
+
+  # configures the connection to NATS JetStream
+  context: {}