PE: Storagebox

applications/storagebox/Makefile

@@ -0,0 +1,87 @@
+manifests_dir := $(shell pwd)/kots
+chart_archives := $(wildcard $(manifests_dir)/*.tgz)
+
+ARGS = $(filter-out $@,$(MAKECMDGOALS))
+%:
+	@:
+
+SHELL := /bin/bash
+.SHELLFLAGS = -x +u
+
+# Define the base path to your Helm charts directory
+HELM_CHARTS_DIR = ./charts
+
+# Define the path to your target KOTS directory
+KOTS_DIR = ./kots
+
+# Path to Storagebox's Chart.yaml
+STORAGEBOX_CHART_PATH = ./charts/storagebox/Chart.yaml
+
+# Function to extract version from Chart.yaml
+define get_storagebox_chart_version
+	cat $(STORAGEBOX_CHART_PATH) | grep '^version:' | cut -d ' ' -f 2
+endef
+
+
+# Define the function to extract chartVersion
+define get_kots_chart_version
+	grep 'chartVersion:' $(1) | sed 's/.*chartVersion: //'
+endef
+
+# Function to get chart version
+define get_helm_chart_version
+    helm show chart $(1) | grep '^version:' | cut -d ' ' -f 2
+endef
+
+# Target to package charts and update versions
+.PHONY: package-and-update
+package-and-update: clean
+	@for chart in $(HELM_CHARTS_DIR)/*; do \
+	    echo "Packaging $$chart"; \
+	    helm package $$chart -d $(KOTS_DIR); \
+	    version=$$(eval $(call get_helm_chart_version,$$chart)); \
+		chart_name=$$(basename $$chart); \
+	    echo "Updating version to $$version in $(KOTS_DIR)/*-chart.yaml"; \
+	    sed -i '' 's|chartVersion: [0-9a-zA-Z.-]*|chartVersion: '$$version'|g' $(KOTS_DIR)/$$chart_name-chart.yaml; \
+	done
+
+
+.PHONY: clean
+clean:
+	@echo "Cleaning up build artifacts in $(KOTS_DIR)"
+	@rm -f $(KOTS_DIR)/*.tgz
+	@echo "Removing old Helm tmpcharts-* directories"
+	@rm -rf $(HELM_CHARTS_DIR)/*/tmpcharts-*
+
+
+.PHONY: update-dependencies
+update-dependencies:
+	@for chart_dir in $(HELM_CHARTS_DIR)/*; do \
+	    if [ -d $$chart_dir ]; then \
+	        echo "Updating dependencies for $$chart_dir"; \
+	        helm dependency update $$chart_dir; \
+	    fi; \
+	done
+
+
+# Target to add Helm repositories from Chart.yaml files
+.PHONY: add-helm-repositories
+add-helm-repositories:
+	@for chart_file in $(HELM_CHARTS_DIR)/*/Chart.yaml; do \
+	    echo "Processing $$chart_file"; \
+	    repo_name=$$(grep '^name:' $$chart_file | awk '{print $$2}'); \
+	    grep 'dependencies:' -A 10 $$chart_file | grep 'repository:' | awk '{print $$2}' | while read repo; do \
+	        if ! helm repo list | grep -q "^$$repo_name[[:space:]]"; then \
+	            echo "Adding Helm repo $$repo_name from $$repo"; \
+	            helm repo add $$repo_name $$repo || true; \
+	        fi; \
+	    done; \
+	done
+	@helm repo update
+
+
+.PHONY: release
+release: package-and-update
+	@chart_version=$$(eval $(call get_storagebox_chart_version)); \
+	echo "Creating a new release with Replicated using version $$chart_version"; \
+	replicated release create --yaml-dir $(KOTS_DIR) --promote Unstable --version "$$chart_version"

applications/storagebox/README.md

@@ -0,0 +1,22 @@
+# Storagebox
+
+This application is a collection of storage options for use with apps deployed on Kubernetes.  It includes:
+
+- Apache Cassandra [deployed with Bitnami helm chart](https://github.com/bitnami/charts/tree/master/bitnami/cassandra)
+- NFS Server [deployed with Obéone helm chart](https://github.com/obeonetwork/charts/tree/master/stable/nfs-server)
+- MinIO [deployed with MinIO Operator](https://github.com/minio/operator/tree/master/helm/minio)
+- Postgres [deployed with Cloudnative-PG Operator](https://github.com/cloudnative-pg/cloudnative-pg)
+
+Currently, it is designed to be used as an EC application.  Cluster-scope dependencies (the Operators for Minio and Postgres) are deployed as part of the EC lifecycle and are not managed by the Storagebox chart.
+
+Each component can be enabled or disabled from the EC admin console or via helm values `enabled` field.  The default is to enable all components.
+
+## Future Work
+
+The Storagebox application is currently in development and is not yet ready for production use.  The following features are planned for future releases:
+
+- Support for other storage options
+  - Ceph
+  - local block storage
+  - MySQL
+  - Redis

applications/storagebox/charts/storagebox/Chart.lock

@@ -0,0 +1,15 @@
+dependencies:
+- name: replicated
+  repository: oci://registry.replicated.com/library
+  version: 1.1.0
+- name: cassandra
+  repository: https://charts.bitnami.com/bitnami
+  version: 11.4.2
+- name: nfs-server
+  repository: https://charts.obeone.cloud
+  version: 1.1.2
+- name: tenant
+  repository: https://operator.min.io
+  version: 6.0.4
+digest: sha256:d3aa337c748cf7959a01aa3f45a00b516990d6b1e79fbea94a758dced1eb74de
+generated: "2025-02-11T13:29:13.913789-05:00"

applications/storagebox/charts/storagebox/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: storagebox
+description: A Helm chart for different storage options
+type: application
+version: 0.17.0
+appVersion: 1.0.0
+dependencies:
+- name: replicated
+  version: "~1.1.0"
+  repository: "oci://registry.replicated.com/library"
+  condition: replicated.enabled
+- name: cassandra
+  version: "~11.4.2"
+  repository: https://charts.bitnami.com/bitnami
+  condition: cassandra.enabled
+- name: nfs-server
+  version: "~1.1.2"
+  repository: https://charts.obeone.cloud
+  condition: nfs-server.enabled
+- name: tenant
+  version: "6.0.4"
+  repository: https://operator.min.io
+  condition: tenant.enabled

applications/storagebox/charts/storagebox/templates/_helpers.tpl

@@ -0,0 +1,52 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "storagebox.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "storagebox.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "storagebox.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "storagebox.labels" -}}
+helm.sh/chart: {{ include "storagebox.chart" . }}
+{{ include "storagebox.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+
+{{/*
+Selector labels
+*/}}
+{{- define "storagebox.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "storagebox.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

applications/storagebox/charts/storagebox/templates/cassandra-credentials-secret.yaml

@@ -0,0 +1,9 @@
+{{- if .Values.cassandra.enabled }}
+apiVersion: v1
+data:
+  keystore-password: {{ .Values.cassandra.keystore_password | b64enc }}
+  truststore-password: {{ .Values.cassandra.truststore_password | b64enc }}
+metadata:
+  name: cassandra-credentials
+kind: Secret
+{{- end }}

applications/storagebox/charts/storagebox/templates/cassandra-tls-secret.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.cassandra.tls.clientEncryption -}}
+  {{- $cert := dict -}}
+  {{- $ca := dict -}}
+  {{- if .Values.cassandra.tls.selfSignedCA -}}
+    {{- $ca = genCA "cassandra-ca" 730 -}}
+    {{- $cert = genSignedCert "cassandra-client" nil nil 730 $ca -}}
+  {{- else -}}
+    {{- $_ := set $ca "CA" .Values.cassandra.tls.ca -}}
+    {{- $_ := set $cert "Cert" .Values.cassandra.tls.cert -}}
+    {{- $_ := set $cert "Key" .Values.cassandra.tls.key -}}
+  {{- end -}}
+apiVersion: v1
+data:
+  ca.crt: {{ $ca.CA }}
+  tls.crt: {{ $cert.Cert  }}
+  tls.key: {{ $cert.Key  }}
+kind: Secret
+metadata:
+  name: cassandra-crt
+  labels:
+    {{- include "storagebox.labels" . | nindent 4 }}
+type: kubernetes.io/tls
+{{- end -}}

applications/storagebox/charts/storagebox/templates/postgres-db.yaml

@@ -0,0 +1,67 @@
+{{- if .Values.postgres.embedded.enabled -}}
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres
+  {{- with .Values.postgres.embedded.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+  {{- end }}
+  labels:
+  {{- with .Values.postgres.embedded.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  bootstrap:
+    initdb:
+      database: {{ .Values.postgres.embedded.initdb.database | quote }}
+      owner: {{ .Values.postgres.embedded.initdb.owner | quote }}
+      secret:
+        name: {{ .Values.postgres.embedded.initdb.secret.name }}
+  instances: 1
+  imageName: "{{ .Values.postgres.embedded.image.repository }}:{{ .Values.postgres.embedded.image.tag }}"
+  imagePullPolicy: {{ .Values.postgres.embedded.imagePullPolicy }}
+  {{- with .Values.postgres.embedded.imagePullSecrets}}
+  imagePullSecrets:
+    {{- . | toYaml | nindent 4 }}
+  {{- end }}
+  postgresUID: {{ .Values.postgres.embedded.postgresUID }}
+  postgresGID: {{ .Values.postgres.embedded.postgresGID }}
+  storage:
+    size: {{ .Values.postgres.embedded.storage.size }}
+    storageClass: {{ .Values.postgres.embedded.storage.storageClass }}
+  {{- with .Values.postgres.embedded.resources }}
+  resources:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  {{- with .Values.postgres.embedded.affinity }}
+  affinity:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  priorityClassName: {{ .Values.postgres.embedded.priorityClassName }}
+  primaryUpdateMethod: {{ .Values.postgres.embedded.primaryUpdateMethod }}
+  primaryUpdateStrategy: {{ .Values.postgres.embedded.primaryUpdateStrategy }}
+  logLevel: {{ .Values.postgres.embedded.logLevel }}
+  {{- with .Values.postgres.embedded.certificates }}
+  certificates:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+  enableSuperuserAccess: {{ .Values.postgres.embedded.enableSuperuserAccess }}
+  {{- with .Values.postgres.embedded.superuserSecret }}
+  superuserSecret:
+    name: {{ . }}
+  {{ end }}
+  postgresql:
+    {{- with .Values.postgres.embedded.postgresql }}
+    parameters:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+  managed:
+    {{- with .Values.postgres.embedded.roles }}
+    roles:
+      {{- toYaml . | nindent 6 }}
+    {{ end }}
+{{- end -}}

applications/storagebox/charts/storagebox/templates/postgres-secret.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.postgres.embedded.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-initdb-secret
+  {{- with .Values.postgres.embedded.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+  {{- end }}
+  labels:
+  {{- with .Values.postgres.embedded.additionalLabels }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/basic-auth
+stringData:
+  username: {{ .Values.postgres.auth.username }}
+  password: {{ .Values.postgres.auth.password }}
+{{- end -}}

applications/storagebox/charts/storagebox/templates/postgres-service.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.postgres.embedded.service.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-nodeport
+  labels:
+    app.kubernetes.io/name: postgres
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/component: primary
+    cnpg.io/cluster: postgres
+    cnpg.io/instanceRole: primary
+spec:
+  type: {{ .Values.postgres.embedded.service.type | default "ClusterIP" }}
+  ports:
+    - name: postgres
+      port: {{ .Values.postgres.embedded.service.port | default 5432 }}
+      targetPort: {{ .Values.postgres.embedded.service.targetPort | default 5432 }}
+      {{- if eq .Values.postgres.embedded.service.type "NodePort" }}
+      nodePort: {{ .Values.postgres.embedded.service.nodePort | default 5432 }}
+      {{- end }}
+  selector:
+    cnpg.io/cluster: postgres
+    cnpg.io/instanceRole: primary
+{{- end -}}

applications/storagebox/charts/storagebox/templates/replicated-preflight.yaml

@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  labels:
+    troubleshoot.sh/kind: preflight
+  name: "{{ .Release.Name }}-preflight-config"
+stringData:
+  preflight.yaml: |
+    kind: Preflight
+    apiVersion: troubleshoot.sh/v1beta2
+    metadata:
+      name: cassandra
+    spec:
+      collectors:
+        - clusterInfo: {}
+        - clusterResources: {}
+      analyzers:
+        - clusterVersion:
+            outcomes:
+              - fail:
+                  when: "< 1.21.0"
+                  message: The application requires at Kubernetes 1.21.0 or later, and recommends 1.28.0.
+                  uri: https://www.kubernetes.io
+              - warn:
+                  when: "< 1.28.0"
+                  message: Your cluster meets the minimum version of Kubernetes, but we recommend you update to 1.28.0 or later.
+                  uri: https://kubernetes.io
+              - pass:
+                  message: Your cluster meets the recommended and required versions of Kubernetes.
+        - nodeResources:
+            checkName: Total CPU Cores in the cluster is 2 or greater
+            outcomes:
+              - fail:
+                  when: "sum(cpuCapacity) < 2"
+                  message: The cluster must contain at least 2 cores
+              - pass:
+                  message: There are at least 2 cores in the cluster
+        - storageClass:
+            checkName: Check for default storage class
+            outcomes:
+              - fail:
+                  message: No default storage class found
+              - pass:
+                  message: Default storage class found