diff --git a/repo/components/index.yaml b/repo/components/index.yaml index 35176f0d8c..b6dc38f202 100644 --- a/repo/components/index.yaml +++ b/repo/components/index.yaml @@ -4010,4 +4010,4 @@ entries: urls: - https://raw.githubusercontent.com/IBM/charts/master/repo/components/zenhelper-0.1.5.tgz version: 0.1.5 -generated: 2022-09-27T19:20:49.75641346Z +generated: 2022-09-28T14:46:24.747659074-07:00 diff --git a/repo/entitled/index.yaml b/repo/entitled/index.yaml index 52ad08d868..a18e73a3bb 100644 --- a/repo/entitled/index.yaml +++ b/repo/entitled/index.yaml @@ -2702,4 +2702,4 @@ entries: urls: - https://raw.githubusercontent.com/IBM/charts/master/repo/entitled/ibm-wml-accelerator-prod-1.0.0.tgz version: 1.0.0 -generated: 2022-09-27T19:19:53.129838054Z +generated: 2022-09-28T14:45:31.246667959-07:00 diff --git a/repo/ibm-helm/ibm-chart-dev-0.4.0.tgz b/repo/ibm-helm/ibm-chart-dev-0.4.0.tgz new file mode 100644 index 0000000000..4b48a7683e Binary files /dev/null and b/repo/ibm-helm/ibm-chart-dev-0.4.0.tgz differ diff --git a/repo/ibm-helm/ibm-chart-dev.md b/repo/ibm-helm/ibm-chart-dev.md new file mode 100644 index 0000000000..dd6185ea33 --- /dev/null +++ b/repo/ibm-helm/ibm-chart-dev.md @@ -0,0 +1,210 @@ + # (CHARTNAME) (-Beta) +* [(PRODUCTNAME)](https://) is ... brief sentence regarding product +* Add "-Beta" as suffix if beta version - beta versions are generally < 1.0.0 +* Don't include versions of charts or products + +## Introduction +This chart ... +* Paragraph overview of the workload +* Include links to external sources for more product info +* Don't say "for xxx" - the chart should remain a general chart not directly stating target platform. + +## Chart Details +* Simple bullet list of what is deployed as the standard config +* General description of the topology of the workload +* Keep it short and specific with items such as : ingress, services, storage, pods, statefulsets, etc. + +## Prerequisites +* See the [IBM Cloud Pak Dependency Management Guidance](https://ibm.biz/Bdfjqd) for help with this section. +* Kubernetes Level - indicate if specific APIs must be enabled (i.e. Kubernetes 1.6 with Beta APIs enabled) +* PersistentVolume requirements (if persistence.enabled) - PV provisioner support, StorageClass defined, etc. (i.e. PersistentVolume provisioner support in underlying infrastructure with ibmc-file-gold StorageClass defined if persistance.enabled=true) +* Simple bullet list of CPU, MEM, Storage requirements +* Even if the chart only exposes a few resource settings, this section needs to be inclusive of all / total resources of all charts and subcharts. +* Describe any custom image policy requirements if using a non-whitelisted image repository. +* +### SecurityContextConstraints Requirements +_WRITER NOTES: Replace the Predefined SCC Name and SCC Definition with the required values in your chart. See [ https://ibm.biz/icppbk-psp] for help._ + +This chart requires a SecurityContextConstraints to be bound to the target namespace prior to installation. To meet this requirement there may be cluster scoped as well as namespace scoped pre and post actions that need to occur. + +The predefined OpenShift SecurityContextConstraints name: `anyuid` has been verified for this chart, if your target namespace is bound to this SecurityContextConstraints resource you can proceed to install the chart. + +This chart also defines a custom SecurityContextConstraints which can be used to finely control the permissions/capabilities needed to deploy this chart. You can enable this custom SecurityContextConstraints resource using the supplied instructions/scripts in the pak_extension pre-install directory. + +- From the user interface, you can copy and paste the following snippets to enable the custom SecurityContextConstraints + - Custom SecurityContextConstraints definition: + ``` + apiVersion: security.openshift.io/v1 + kind: SecurityContextConstraints + metadata: + name: ibm-chart-dev-scc + readOnlyRootFilesystem: false + allowedCapabilities: + - CHOWN + - DAC_OVERRIDE + - SETGID + - SETUID + - NET_BIND_SERVICE + seLinux: + type: MustRunAs + supplementalGroups: + type: RunAsAny + runAsUser: + type: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - configMap + - secret + ``` + +## Resources Required +* Describes Minimum System Resources Required + +## Pre-install steps + +Before installing the chart to your cluster, the cluster admin must perform the following pre-install steps. + +* Create a namespace +* Create a ServiceAccount + ``` + apiVersion: v1 + kind: ServiceAccount + metadata: + name: {{ sa_name }}-nginxref-nginx + imagePullSecrets: + - name: sa-{{ NAMESPACE }} + ``` +* Create a RoleBinding + ``` + apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: RoleBinding + metadata: + name: {{ rb_name }}-rb + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ role_name }}-role + subjects: + - kind: ServiceAccount + name: {{ sa_name }}-nginxref-nginx + namespace: {{ NAMESPACE }} + ``` +* Create a Role + ``` + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: {{ role_name }}-role + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + ``` + +If you use the custom security configuration provided here, you must specify messagesight-sa as the service account for your charts. + + +## Installing the Chart +* Include at the basic things necessary to install the chart from the Helm CLI - the general happy path +* Include setup of other items required +* Security privileges required to deploy chart (role, SecurityContextConstraint, etc) +* Include verification of the chart +* Ensure CLI only and avoid any product-specific language used + +To install the chart with the release name `my-release`: + +```bash +$ helm install --tls --namespace --name my-release stable/ +``` + +The command deploys on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + + +> **Tip**: List all releases using `helm list` + +* Generally teams have subsections for : + * Verifying the Chart + * Uninstalling the Chart + +### Verifying the Chart +See the instruction (from NOTES.txt within chart) after the helm installation completes for chart verification. The instruction can also be viewed by running the command: helm status my-release --tls. + +### Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release --purge --tls +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. If a delete can result in orphaned components include instructions with additional commands required for clean-up. + +For example : + +When deleting a release with stateful sets the associated persistent volume will need to be deleted. +Do the following after deleting the chart release to clean up orphaned Persistent Volumes. + +```console +$ kubectl delete pvc -l release=my-release +``` + +### Cleanup any pre-reqs that were created +If cleanup scripts were included in the pak_extensions/post-delete directory; run them to cleanup namespace and cluster scoped resources when appropriate. + +## Configuration +* Define all the parms in the values.yaml +* Include "how used" information +* If special configuration impacts a "set of values", call out the set of values required (a = true, y = abc_value, c = 1) to get a desired outcome. One example may be setting on multiple values to turn on or off TLS. + +The following tables lists the configurable parameters of the chart and their default values. + +| Parameter | Description | Default | +| ----------------------- | --------------------------------------------- | ---------------------------------------------------------- | +| `replicaCount` | Number of deployment replicas | `1` | +| `image.repository` | `PRODUCTNAME` image repository | `nginx` | +| `image.pullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | +| `image.tag` | `PRODUCTNAME` image tag | `stable` | +| `service.type` | k8s service type exposing ports, e.g. `NodePort`| `ClusterIP` | +| `service.externalPort` | External TCP Port for this service | `80` | +| `ingress.enabled` | Ingress enabled | `false` | +| `ingress.hosts` | Host to route requests based on | `false` | +| `ingress.annotations` | Meta data to drive ingress class used, etc. | `nil` | +| `ingress.tls` | TLS secret to secure channel from client / host | `nil` | +| `resources.requests.memory`| Memory resource requests | `128Mi` | +| `resources.requests.cpu` | CPU resource requests | `100m' | +| `resources.limits.memory` | Memory resource limits | `128Mi` | +| `resources.limits.cpu` | CPU resource limits | `100m` | +| `dashboard.enabled` | Enable automatic load of grafana dashboard | `true` | + + +A subset of the above parameters map to the env variables defined in [(PRODUCTNAME)](PRODUCTDOCKERURL). For more information please refer to the [(PRODUCTNAME)](PRODUCTDOCKERURL) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +> **Tip**: You can use the default values.yaml + +## Storage +* Define how storage works with the workload +* Dynamic vs PV pre-created +* Considerations if using hostpath, local volume, empty dir +* Loss of data considerations +* Any special quality of service or security needs for storage + +## Limitations +* Deployment limits - can you deploy more than once, can you deploy into different namespace +* List specific limitations such as platforms, security, replica's, scaling, upgrades etc.. - noteworthy limits identified +* List deployment limitations such as : restrictions on deploying more than once or into custom namespaces. +* Not intended to provide chart nuances, but more a state of what is supported and not - key items in simple bullet form. +* Does it work on ROKS or ? + +## Documentation +* Can have as many supporting links as necessary for this specific workload however don't overload the consumer with unnecessary information. +* Can be links to special procedures in the knowledge center. diff --git a/repo/ibm-helm/index.yaml b/repo/ibm-helm/index.yaml index a1ea53500c..83bcd3063c 100644 --- a/repo/ibm-helm/index.yaml +++ b/repo/ibm-helm/index.yaml @@ -298,6 +298,43 @@ entries: urls: - https://raw.githubusercontent.com/IBM/charts/master/repo/ibm-helm/ibm-b2bi-prod-2.0.0.tgz version: 2.0.0 + ibm-chart-dev: + - apiVersion: v2 + appVersion: "1.1" + created: "2022-09-28T14:47:27.477518021-07:00" + dependencies: + - alias: sch + name: ibm-sch + repository: '@sch' + version: ^1.2.19 + description: 'IBM provides ... (Note: first 97 chars are displayed + in OCP Developer Catalog) Documentation For additional details regarding + install parameters check: http://ibm.biz/-readme. License By installing + this product you accept the license terms http://ibm.biz/-license.' + digest: 2c7adde1f8512e0354aae4dfc31dcceafa1262e071e4d69448173bb1d334d112 + home: https://github.com/IBM/charts/blob/master/README.md + icon: http://raw.githubusercontent.com/IBM/charts/master/logo/icp-logo-box.svg + keywords: + - Tech + - amd64 + - ppc64le + - reference + - sample + - nginx + - Tools + - Beta + - Limited + - Development + - RHOCP + - Other + kubeVersion: '>=1.19.0' + maintainers: + - email: camgit@us.ibm.com + name: IBM + name: ibm-chart-dev + urls: + - https://raw.githubusercontent.com/IBM/charts/master/repo/ibm-helm/ibm-chart-dev-0.4.0.tgz + version: 0.4.0 ibm-connect-direct: - apiVersion: v2 appVersion: 6.2.0.4_ifix022 @@ -8093,4 +8130,4 @@ entries: urls: - https://raw.githubusercontent.com/IBM/charts/master/repo/ibm-helm/ibm-ucv-prod-2.3.0.tgz version: 2.3.0 -generated: "2022-09-27T19:22:08.450985106Z" +generated: "2022-09-28T14:47:27.474833167-07:00" diff --git a/repo/samples/index.yaml b/repo/samples/index.yaml index 50aa909d42..d8418922e8 100644 --- a/repo/samples/index.yaml +++ b/repo/samples/index.yaml @@ -185,4 +185,4 @@ entries: urls: - https://raw.githubusercontent.com/IBM/charts/master/repo/samples/ibm-sch-1.2.8.tgz version: 1.2.8 -generated: 2022-09-27T19:19:57.306321548Z +generated: 2022-09-28T14:45:37.199424925-07:00 diff --git a/repo/stable/index.yaml b/repo/stable/index.yaml index 4bb552482c..88ec887a1d 100644 --- a/repo/stable/index.yaml +++ b/repo/stable/index.yaml @@ -5314,4 +5314,4 @@ entries: urls: - https://raw.githubusercontent.com/IBM/charts/master/repo/stable/ibm-ws-dyn-agent-dev-1.0.0.tgz version: 1.0.0 -generated: 2022-09-27T19:22:47.905176453Z +generated: 2022-09-28T14:48:01.742167992-07:00