feat: base for polaris-k8s deployer image

deployer/DockerFile

@@ -0,0 +1 @@
+FROM gcr.io/cloud-marketplace-tools/k8s/deployer_helm/onbuild

deployer/chart/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

deployer/chart/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+description: A Helm chart for Polaris Kubernetes Offer
+name: polaris
+version: 1.0.1

deployer/chart/templates/application.yaml

@@ -0,0 +1,23 @@
+apiVersion: app.k8s.io/v1beta1
+kind: Application
+metadata:
+  name: "{{ .Release.Name }}"
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    app.kubernetes.io/name: "{{ .Release.Name }}"
+  annotations:
+    # Replace partner and partner_name
+    marketplace.cloud.google.com/deploy-info: '{"partner_id": "partner", "product_id": "polaris-k8s", "partner_name": "Partner"}'
+spec:
+  descriptor:
+    type: polaris-proxy
+    version: { { .Values.global.images.polarisProxy.image.tag } }
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: "{{ .Release.Name }}"
+  addOwnerRef: true
+  componentKinds:
+    - group: ""
+      kind: Service
+    - group: apps
+      kind: Deployment

deployer/chart/templates/deployments.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: polaris-proxy-deployment
+  labels:
+    app: polaris-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: polaris-proxy 
+  template:
+    metadata:
+      labels:
+        app: polaris-proxy
+        azure-extensions-usage-release-identifier: {{.Release.Name}}
+        {{- range $key, $value := .Values.labels }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+    spec:
+      containers:
+      - name: polaris-proxy 
+        image: {{ .Values.global.azure.images.polarisProxy.registry }}/{{ .Values.global.images.polarisProxy.image }}:{{ .Values.global.images.polarisProxy.tag }}
+        ports:
+          - containerPort: {{ .Values.polarisContainerProxyPort }}
+        env:
+            - name: PORT
+              value: "{{ .Values.polarisContainerProxyPort }}"
+            - name: POLARIS_CONTAINER_KEY_TYPE
+              value: "ephemeral"
+            - name: POLARIS_CONTAINER_WORKLOAD_BASE_URL
+              value: "{{ .Values.polarisContainerWorkloadBaseUrl }}"
+            - name: POLARIS_CONTAINER_ENABLE_INPUT_ENCRYPTION
+              value: "{{ .Values.polarisContainerEnableInputEncryption }}"
+            - name: POLARIS_CONTAINER_ENABLE_OUTPUT_ENCRYPTION
+              value: "{{ .Values.polarisContainerEnableOutputEncryption }}"
+            - name: POLARIS_CONTAINER_ENABLE_CORS
+              value: "{{ .Values.polarisContainerEnableCors }}"
+            - name: POLARIS_CONTAINER_ENABLE_LOGGING
+              value: "{{ .Values.polarisContainerEnableLogging }}"
+        resources:
+          requests:
+            cpu: {{ index .Values.resourcesLimit.cpuLimit 0}}
+            memory: {{ index .Values "resourcesLimit" "memory.Limit" 0}}
+          limits:
+            cpu: {{ index .Values.resourcesLimit.cpuLimit 1}}
+            memory: {{ index .Values "resourcesLimit" "memory.Limit" 1}}
+          readinessProbe:
+            httpGet:
+              path: /polaris-container/health
+              port: {{ .Values.polarisContainerProxyPort }}
+            initialDelaySeconds: 5
+            periodSeconds: 10
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app: {{ .Values.customWorkloadKubernetesAppName }} 
+            topologyKey: "kubernetes.io/hostname"
+            namespaceSelector: {}
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.azure.com/security-type
+                operator: In
+                values:
+                - ConfidentialVM

deployer/chart/templates/services.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: polaris-proxy-service
+spec:
+  selector:
+    app: polaris-proxy
+  ports:
+    - protocol: TCP
+      port: {{ .Values.polarisContainerProxyPort }}
+      targetPort: {{ .Values.polarisContainerProxyPort }}
+  type: LoadBalancer

deployer/chart/values.yaml

@@ -0,0 +1,23 @@
+title: "Polaris Proxy"
+global:
+  images:
+    polarisProxy:
+      tag: latest
+      image: polaris-proxy
+      registry: us-docker.pkg.dev/fr0ntierx-public/fr0ntierx-public-registry
+
+resourcesLimit:
+  cpuLimit:
+    - 0.25
+    - 0.5
+  memory.Limit:
+    - 128Mi
+    - 256Mi
+
+polarisContainerEnableCors: "true"
+polarisContainerEnableInputEncryption: "false"
+polarisContainerEnableOutputEncryption: "false"
+polarisContainerEnableLogging: "true"
+polarisContainerProxyPort: 3000
+polarisContainerWorkloadBaseUrl: "http://custom-workload-service:8080"
+customWorkloadKubernetesAppName: "custom-workload"

deployer/schema.yaml

@@ -0,0 +1,50 @@
+x-google-marketplace:
+  schemaVersion: v2
+
+  applicationApiVersion: v1beta1
+  # The published version is required and MUST match the tag
+  # of the deployer image
+  publishedVersion: "latest"
+  publishedVersionMetadata:
+    releaseNote: >-
+      A first release.
+  images:
+    registry: us-docker.pkg.dev
+    repository: fr0ntierx-public/fr0ntierx-public-registry
+    tag: latest
+
+properties:
+  name:
+    type: string
+    x-google-marketplace:
+      type: NAME
+  namespace:
+    type: string
+    x-google-marketplace:
+      type: NAMESPACE
+  polarisContainerEnableCors:
+    type: boolean
+    default: true
+  polarisContainerEnableInputEncryption:
+    type: boolean
+    default: false
+  polarisContainerEnableOutputEncryption:
+    type: boolean
+    default: false
+  polarisContainerEnableLogging:
+    type: boolean
+    default: true
+  polarisContainerProxyPort:
+    type: integer
+    default: 3000
+  polarisContainerWorkloadBaseUrl:
+    type: string
+    default: "http://custom-workload-service:8080"
+  customWorkloadKubernetesAppName:
+    type: string
+    default: "custom-workload"
+
+required:
+  - name
+  - namespace
+  - polarisContainerWorkloadBaseUrl