GCP Marketplace installer

Google Cloud Platform has a Marketplace for Kubernetes Applications that
makes it easy for users to install and manage functionality.

Issue: [ch6131]

Author: cbandy

ansible/roles/pgo-operator/templates/deployment.json.j2

@@ -21,7 +21,9 @@
                 "containers": [
                     {
                         "name": "apiserver",
-                        "image": "{{ pgo_image_prefix }}/pgo-apiserver:{{ pgo_image_tag }}",
+                        "image": "{% if pgo_apiserver_image | default('') != '' %}{{ pgo_apiserver_image }}
+                                {%- else %}{{ pgo_image_prefix }}/pgo-apiserver:{{ pgo_image_tag }}
+                                {%- endif %}",
                         "imagePullPolicy": "IfNotPresent",
                         "ports": [
                             {
@@ -70,7 +72,9 @@
                     },
                     {
                         "name": "operator",
-                        "image": "{{ pgo_image_prefix }}/postgres-operator:{{ pgo_image_tag }}",
+                        "image": "{% if pgo_image | default('') != '' %}{{ pgo_image }}
+                                {%- else %}{{ pgo_image_prefix }}/postgres-operator:{{ pgo_image_tag }}
+                                {%- endif %}",
                         "imagePullPolicy": "IfNotPresent",
                         "readinessProbe": {
                             "exec": {
@@ -124,7 +128,9 @@
                     },
                     {
                         "name": "scheduler",
-                        "image": "{{ pgo_image_prefix }}/pgo-scheduler:{{ pgo_image_tag }}",
+                        "image": "{% if pgo_scheduler_image | default('') != '' %}{{ pgo_scheduler_image }}
+                                {%- else %}{{ pgo_image_prefix }}/pgo-scheduler:{{ pgo_image_tag }}
+                                {%- endif %}",
                         "readinessProbe": {
                             "exec": {
                                 "command": [
@@ -166,7 +172,9 @@
                         "imagePullPolicy": "IfNotPresent"
                     }, {
                         "name": "event",
-                        "image": "{{ pgo_image_prefix }}/pgo-event:{{ pgo_image_tag }}",
+                        "image": "{% if pgo_event_image | default('') != '' %}{{ pgo_event_image }}
+                                {%- else %}{{ pgo_image_prefix }}/pgo-event:{{ pgo_image_tag }}
+                                {%- endif %}",
                         "env": [
                             {
                                 "name": "TIMEOUT",

installers/gcp-marketplace/Dockerfile

@@ -0,0 +1,43 @@
+ARG MARKETPLACE_VERSION
+FROM gcr.io/cloud-marketplace-tools/k8s/deployer_envsubst:${MARKETPLACE_VERSION} AS build
+
+# Verify Bash (>= 4.3) has `wait -n`
+RUN bash -c 'echo -n & wait -n'
+
+
+FROM gcr.io/cloud-marketplace-tools/k8s/deployer_envsubst:${MARKETPLACE_VERSION}
+
+RUN install -D /bin/create_manifests.sh /opt/postgres-operator/cloud-marketplace-tools/bin/create_manifests.sh
+
+# https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#latest-releases-via-apt-debian
+RUN if [ -f /etc/os-release ] && [ debian = "$(. /etc/os-release; echo $ID)" ] && [ 10 -ge "$(. /etc/os-release; echo $VERSION_ID)" ]; then \
+      apt-get update && apt-get install -y --no-install-recommends gnupg && rm -rf /var/lib/apt/lists/* && \
+      wget -qO- 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x93C4A3FD7BB9C367' | apt-key add && \
+      echo > /etc/apt/sources.list.d/ansible.list deb http://ppa.launchpad.net/ansible/ansible-2.8/ubuntu trusty main ; \
+    fi
+
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends ansible=2.8.* openssh-client \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY ansible/* \
+     /opt/postgres-operator/ansible/
+COPY installers/gcp-marketplace/install-job.yaml \
+     installers/gcp-marketplace/install.sh \
+     installers/gcp-marketplace/inventory.ini \
+     /opt/postgres-operator/
+
+COPY installers/gcp-marketplace/install-hook.sh \
+     /bin/create_manifests.sh
+COPY installers/gcp-marketplace/schema.yaml \
+     /data/
+COPY installers/gcp-marketplace/application.yaml \
+     /data/manifest/
+COPY installers/gcp-marketplace/test-pod.yaml \
+     /data-test/manifest/
+
+ARG PGO_VERSION
+RUN for file in \
+      /data/schema.yaml \
+      /data/manifest/application.yaml \
+    ; do envsubst '$PGO_VERSION' < "$file" > /tmp/sponge && mv /tmp/sponge "$file" ; done

installers/gcp-marketplace/Makefile

@@ -0,0 +1,55 @@
+.DEFAULT_GOAL := help
+
+DEPLOYER_IMAGE ?= registry.localhost:5000/postgres-operator-gcp-marketplace-deployer:$(PGO_VERSION)
+IMAGE_BUILDER ?= buildah
+MARKETPLACE_TOOLS ?= gcr.io/cloud-marketplace-tools/k8s/dev:$(MARKETPLACE_VERSION)
+MARKETPLACE_VERSION ?= 0.9.4
+KUBECONFIG ?= $(HOME)/.kube/config
+PARAMETERS ?= {}
+PGO_VERSION ?= 4.1.1
+
+IMAGE_BUILD_ARGS = --build-arg MARKETPLACE_VERSION='$(MARKETPLACE_VERSION)' \
+		   --build-arg PGO_VERSION='$(PGO_VERSION)'
+
+MARKETPLACE_TOOLS_DEV = docker run --net=host --rm \
+			--mount 'type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,readonly' \
+			--mount 'type=bind,source=$(KUBECONFIG),target=/mount/config/.kube/config,readonly' \
+			'$(MARKETPLACE_TOOLS)'
+
+# One does _not_ need to be logged in with gcloud.
+.PHONY: doctor
+doctor: ## Check development prerequisites
+	$(MARKETPLACE_TOOLS_DEV) doctor
+
+.PHONY: doctor-fix
+doctor-fix:
+	@# https://github.com/kubernetes-sigs/application/tree/master/config/crds
+	kubectl 2>/dev/null get crd/applications.app.k8s.io -o jsonpath='{""}' || \
+		kubectl create -f https://raw.githubusercontent.com/GoogleCloudPlatform/marketplace-k8s-app-tools/master/crd/app-crd.yaml
+
+.PHONY: help
+help: ALIGN=14
+help: ## Print this message
+	@awk -F ': ## ' -- "/^[^':]+: ## /"' { printf "'$$(tput bold)'%-$(ALIGN)s'$$(tput sgr0)' %s\n", $$1, $$2 }' $(MAKEFILE_LIST)
+
+.PHONY: image
+image: image-$(IMAGE_BUILDER)
+
+.PHONY: image-buildah
+image-buildah: ## Build the deployer image with Buildah
+	sudo buildah bud --file Dockerfile --tag '$(DEPLOYER_IMAGE)' $(IMAGE_BUILD_ARGS) --layers ../..
+	sudo buildah push '$(DEPLOYER_IMAGE)' docker-daemon:'$(DEPLOYER_IMAGE)'
+
+.PHONY: image-docker
+image-docker: ## Build the deployer image with Docker
+	docker build --file Dockerfile --tag '$(DEPLOYER_IMAGE)' $(IMAGE_BUILD_ARGS) ../..
+
+# PARAMETERS='{"OPERATOR_NAMESPACE": "", "OPERATOR_NAME": "", "OPERATOR_ADMIN_PASSWORD": ""}'
+.PHONY: install
+install: ## Execute the deployer image in an existing Kubernetes namespace
+	$(MARKETPLACE_TOOLS_DEV) install --deployer='$(DEPLOYER_IMAGE)' --parameters='$(PARAMETERS)'
+
+# PARAMETERS='{"OPERATOR_ADMIN_PASSWORD": ""}'
+.PHONY: verify
+verify: ## Execute and test the deployer image in a new (random) Kubernetes namespace then clean up
+	$(MARKETPLACE_TOOLS_DEV) verify --deployer='$(DEPLOYER_IMAGE)' --parameters='$(PARAMETERS)'

installers/gcp-marketplace/README.md

@@ -0,0 +1,144 @@
+
+This directory contains the files needed to offer the Operator as a
+[Google Cloud Platform Marketplace Kubernetes application][gcp-k8s].
+
+The integration centers around a container [image](./Dockerfile) that contains an installation
+[schema](./schema.yaml) and an [Application][k8s-app] [manifest](./application.yaml).
+Consult the [technical requirements][gcp-k8s-requirements] when making changes.
+
+[k8s-app]: https://github.com/kubernetes-sigs/application/
+[gcp-k8s]: https://cloud.google.com/marketplace/docs/kubernetes-apps/
+[gcp-k8s-requirements]: https://cloud.google.com/marketplace/docs/partners/kubernetes-solutions/create-app-package
+[gcp-k8s-tool-images]: https://console.cloud.google.com/gcr/images/cloud-marketplace-tools
+[gcp-k8s-tool-repository]: https://github.com/GoogleCloudPlatform/marketplace-k8s-app-tools
+
+
+# Installation
+
+## Quick install with Google Cloud Marketplace
+
+Install this application to a Google Kubernetes Engine cluster using Google Cloud Marketplace.
+
+## Command line instructions
+
+### Prepare
+
+1. You'll need the following tools in your development environment. If you are using Cloud Shell,
+   everything is already installed.
+
+   - envsubst
+   - [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+   - [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/)
+
+2. Clone this repository.
+
+   ```shell
+   git clone https://github.com/CrunchyData/postgres-operator.git
+   ```
+
+3. Install the [Application][k8s-app] Custom Resource Definition.
+
+   ```shell
+   kubectl apply -f 'https://raw.githubusercontent.com/GoogleCloudPlatform/marketplace-k8s-app-tools/master/crd/app-crd.yaml'
+   ```
+
+4. At least one Storage Class is required. Google Kubernetes Engine is preconfigured with a default.
+
+   ```shell
+   kubectl get storageclasses
+   ```
+
+### Install the PostgreSQL Operator
+
+1. Configure the installation by setting environment variables.
+
+   1. Choose a version to install.
+
+      ```shell
+      IMAGE_REPOSITORY=gcr.io/crunchydata-public/postgres-operator
+
+      export PGO_VERSION=4.1.1
+      export INSTALLER_IMAGE=${IMAGE_REPOSITORY}/deployer:${PGO_VERSION}
+      export OPERATOR_IMAGE=${IMAGE_REPOSITORY}:${PGO_VERSION}
+      export OPERATOR_IMAGE_API=${IMAGE_REPOSITORY}/pgo-apiserver:${PGO_VERSION}
+      export OPERATOR_IMAGE_EVENT=${IMAGE_REPOSITORY}/pgo-event:${PGO_VERSION}
+      export OPERATOR_IMAGE_SCHEDULER=${IMAGE_REPOSITORY}/pgo-scheduler:${PGO_VERSION}
+      ```
+
+   2. Choose a namespace and name for the application.
+
+      ```shell
+      export OPERATOR_NAMESPACE=pgo OPERATOR_NAME=pgo
+      ```
+
+   2. Choose a password for the application admin.
+
+      ```shell
+      export OPERATOR_ADMIN_PASSWORD=changethis
+      ```
+
+   4. Choose default values for new PostgreSQL clusters.
+
+      ```shell
+      export POSTGRES_METRICS=false
+      export POSTGRES_SERVICE_TYPE=ClusterIP
+      export POSTGRES_CPU=1000 # mCPU
+      export POSTGRES_MEM=2 # GiB
+      export POSTGRES_STORAGE_CAPACITY=1 # GiB
+      export POSTGRES_STORAGE_CLASS=ssd
+      export PGBACKREST_STORAGE_CAPACITY=2 # GiB
+      export PGBACKREST_STORAGE_CLASS=ssd
+      export BACKUP_STORAGE_CAPACITY=1 # GiB
+      export BACKUP_STORAGE_CLASS=ssd
+      ```
+
+2. Prepare the Kubernetes namespace.
+
+   ```shell
+   export INSTALLER_SERVICE_ACCOUNT=postgres-operator-installer
+
+   kubectl create namespace "$OPERATOR_NAMESPACE"
+   kubectl create serviceaccount -n "$OPERATOR_NAMESPACE" "$INSTALLER_SERVICE_ACCOUNT"
+   kubectl create clusterrolebinding \
+     "$OPERATOR_NAMESPACE:$INSTALLER_SERVICE_ACCOUNT:cluster-admin" \
+     --serviceaccount="$OPERATOR_NAMESPACE:$INSTALLER_SERVICE_ACCOUNT" \
+     --clusterrole=cluster-admin
+   ```
+
+3. Generate and apply Kubernetes manifests.
+
+   ```shell
+   envsubst < application.yaml > "${OPERATOR_NAME}_application.yaml"
+   envsubst < install-job.yaml > "${OPERATOR_NAME}_install-job.yaml"
+   envsubst < inventory.ini > "${OPERATOR_NAME}_inventory.ini"
+
+   kubectl create -n "$OPERATOR_NAMESPACE" secret generic install-postgres-operator \
+     --from-file=inventory="${OPERATOR_NAME}_inventory.ini"
+
+   kubectl create -n "$OPERATOR_NAMESPACE" -f "${OPERATOR_NAME}_application.yaml"
+   kubectl create -n "$OPERATOR_NAMESPACE" -f "${OPERATOR_NAME}_install-job.yaml"
+   ```
+
+The application can be seen in Google Cloud Platform Console at [Kubernetes Applications][].
+
+[Kubernetes Applications]: https://console.cloud.google.com/kubernetes/application
+
+
+# Uninstallation
+
+## Using Google Cloud Platform Console
+
+1. In the Console, open [Kubernetes Applications][].
+2. From the list of applications, select _Crunchy PostgreSQL Operator_ then click _Delete_.
+
+## Command line instructions
+
+Delete the Kubernetes resources created during install.
+
+```shell
+export OPERATOR_NAMESPACE=pgo OPERATOR_NAME=pgo
+
+kubectl delete -n "$OPERATOR_NAMESPACE" job install-postgres-operator
+kubectl delete -n "$OPERATOR_NAMESPACE" secret install-postgres-operator
+kubectl delete -n "$OPERATOR_NAMESPACE" application "$OPERATOR_NAME"
+```

installers/gcp-marketplace/application.yaml

@@ -0,0 +1,52 @@
+apiVersion: app.k8s.io/v1beta1
+kind: Application
+metadata:
+  name: '${OPERATOR_NAME}'
+  labels:
+    app.kubernetes.io/name: '${OPERATOR_NAME}'
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: '${OPERATOR_NAME}'
+  componentKinds:
+    - { group: core, kind: ConfigMap }
+    - { group: core, kind: Secret }
+    - { group: core, kind: Service }
+    - { group: apps, kind: Deployment }
+    - { group: batch, kind: Job }
+  descriptor:
+    description: Enterprise PostgreSQL-as-a-Service for Kubernetes
+    type: Crunchy PostgreSQL Operator
+    version: '${PGO_VERSION}'
+    icons:
+      - src: https://raw.githubusercontent.com/CrunchyData/crunchy-containers/master/images/crunchy_logo.png
+    maintainers:
+      - name: Crunchy Data
+        url: https://www.crunchydata.com/
+        email: [email protected]
+    keywords:
+      - postgres
+      - postgresql
+      - database
+      - sql
+      - operator
+      - crunchy data
+    links:
+      - description: Crunchy PostgreSQL for Kubernetes
+        url: https://www.crunchydata.com/products/crunchy-postgresql-for-kubernetes/
+      - description: Documentation
+        url: 'https://access.crunchydata.com/documentation/postgres-operator/${PGO_VERSION}'
+      - description: GitHub
+        url: https://github.com/CrunchyData/postgres-operator
+
+  info:
+    - name: Operator API
+      value: kubectl port-forward --namespace '${OPERATOR_NAMESPACE}' service/postgres-operator 8443
+    - name: Operator Client
+      value: 'https://github.com/CrunchyData/postgres-operator/releases/tag/v${PGO_VERSION}'
+    - name: Operator User
+      type: Reference
+      valueFrom: { type: SecretKeyRef, secretKeyRef: { name: pgouser-admin, key: username } }
+    - name: Operator Password
+      type: Reference
+      valueFrom: { type: SecretKeyRef, secretKeyRef: { name: pgouser-admin, key: password } }

installers/gcp-marketplace/install-hook.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+# vim: set noexpandtab :
+set -eu
+
+kc() { kubectl --namespace="$NAMESPACE" "$@"; }
+
+application_metadata="$( kc get "applications.app.k8s.io/$NAME" --output=json )"
+application_metadata="$( jq <<< "$application_metadata" '{ metadata: {
+	labels: { "app.kubernetes.io/name": .metadata.name },
+	ownerReferences: [{
+		apiVersion, kind, name: .metadata.name, uid: .metadata.uid
+	}]
+} }' )"
+
+existing="$( kc get deployment/postgres-operator --output=json 2> /dev/null || true )"
+
+if [ -n "$existing" ]; then
+	>&2 echo ERROR: Crunchy PostgreSQL Operator is already installed in this namespace
+	exit 1
+fi
+
+installer="$( /bin/config_env.py envsubst < /opt/postgres-operator/install-job.yaml )"
+inventory="$( /bin/config_env.py envsubst < /opt/postgres-operator/inventory.ini )"
+
+kc create --filename=/dev/stdin <<< "$installer"
+kc patch job/install-postgres-operator --type=strategic --patch="$application_metadata"
+
+job_metadata="$( kc get job/install-postgres-operator --output=json )"
+job_metadata="$( jq <<< "$job_metadata" '{ metadata: {
+	labels: { "app.kubernetes.io/name": .metadata.labels["app.kubernetes.io/name"] },
+	ownerReferences: [{
+		apiVersion, kind, name: .metadata.name, uid: .metadata.uid
+	}]
+} }' )"
+
+kc create secret generic install-postgres-operator --from-file=inventory=/dev/stdin <<< "$inventory"
+kc patch secret/install-postgres-operator --type=strategic --patch="$job_metadata"
+
+# Wait for either status condition then terminate the other.
+kc wait --for=condition=complete --timeout=5m job/install-postgres-operator &
+kc wait --for=condition=failed --timeout=5m job/install-postgres-operator &
+wait -n
+kill -s INT %% 2> /dev/null || true
+
+kc logs --selector=job-name=install-postgres-operator --tail=-1
+test 'Complete' = "$( kc get job/install-postgres-operator --output=jsonpath='{.status.conditions[*].type}' )"
+
+exec /opt/postgres-operator/cloud-marketplace-tools/bin/create_manifests.sh "$@"