eck-operator

Signed-off-by: Batuhan Apaydin <[email protected]>

images/eck-operator/README.md

@@ -0,0 +1,101 @@
+<!--monopod:start-->
+# eck-operator
+| | |
+| - | - |
+| **OCI Reference** | `cgr.dev/chainguard/eck-operator` |
+
+
+* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/eck-operator/overview/)
+* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags.
+* [Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.*
+
+---
+<!--monopod:end-->
+
+<!--overview:start-->
+Elastic Cloud on Kubernetes
+<!--overview:end-->
+
+<!--getting:start-->
+## Download this Image
+The image is available on `cgr.dev`:
+
+```
+docker pull cgr.dev/chainguard/eck-operator:latest
+```
+<!--getting:end-->
+
+<!--body:start-->
+
+## Usage
+
+There are several ways to deploy the ECK operator. You can follow up the [Quickstart guide](https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html) or you can use the [Helm Chart](https://artifacthub.io/packages/helm/elastic/eck-operator) available in Artifact Hub to deploy the operator.
+
+The following example is going to show how to deploy the ECK operator using a its Helm Chart.
+
+### Deploy the ECK operator using Helm
+
+1. Add the Elastic Helm repository:
+
+```bash
+helm repo add elastic https://helm.elastic.co
+```
+
+2. Install the ECK operator:
+
+```bash
+
+helm install elastic-operator elastic/eck-operator --namespace elastic-system --set image.repository=cgr.dev/chainguard/eck-operator --set image.tag=latest
+```
+
+### Deploy an Elasticsearch cluster
+
+1. Create a file called `elasticsearch.yaml` with the following content:
+
+```yaml
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: quickstart
+spec:
+  version: 8.13.3
+  nodeSets:
+  - name: default
+    count: 1
+    config:
+      node.store.allow_mmap: false
+```
+
+2. Deploy the Elasticsearch cluster:
+
+```
+kubectl apply -f elasticsearch.yaml
+```
+
+3. Check the Elasticsearch cluster status:
+
+```
+kubectl get elasticsearch quickstart -o=jsonpath='{.status.phase}'
+```
+
+4. Access the Elasticsearch cluster:
+
+```
+kubectl port-forward service/quickstart-es-http 9200
+```
+
+5. Get the password for the `elastic` user:
+
+```
+PASSWORD=$(kubectl get secret quickstart-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode)
+```
+
+6. Access the Elasticsearch cluster using curl:
+
+```
+curl -u "elastic:$PASSWORD" -k "https://localhost:9200"
+```
+
+That's it! You have deployed an Elasticsearch cluster using the ECK operator.
+
+<!--body:end-->

images/eck-operator/config/main.tf

@@ -0,0 +1,42 @@
+terraform {
+  required_providers {
+    apko = { source = "chainguard-dev/apko" }
+  }
+}
+
+variable "extra_packages" {
+  description = "The additional packages to install"
+  // TODO: Add any other packages here you want to conditionally include,
+  // or update this default to [] if this isn't a version stream image.
+  default = [
+    "eck-operator",
+    // Other packages your image needs
+  ]
+}
+
+variable "extra_repositories" {
+  description = "The additional repositores to install from (e.g. extras)."
+  default     = ["https://packages.cgr.dev/extras"]
+}
+
+variable "extra_keyring" {
+  description = "The additional keys to use (e.g. extras)."
+  default     = ["https://packages.cgr.dev/extras/chainguard-extras.rsa.pub"]
+}
+
+module "accts" { source = "../../../tflib/accts" }
+
+output "config" {
+  value = jsonencode({
+    contents = {
+      packages     = var.extra_packages
+      repositories = var.extra_repositories
+      keyring      = var.extra_keyring
+    }
+    accounts = module.accts.block
+    entrypoint = {
+      command = "/elastic-operator"
+    }
+    cmd = "manager"
+  })
+}

images/eck-operator/main.tf

@@ -0,0 +1,51 @@
+terraform {
+  required_providers {
+    oci = { source = "chainguard-dev/oci" }
+  }
+}
+
+variable "target_repository" {
+  description = "The docker repo into which the image and attestations should be published."
+}
+
+locals {
+  components = toset(["eck-operator"])
+}
+
+module "config" {
+  for_each       = local.components
+  source         = "./config"
+  extra_packages = [each.key, "${each.key}-compat"]
+}
+
+module "eck-operator" {
+  for_each          = local.components
+  source            = "../../tflib/publisher"
+  name              = basename(path.module)
+  target_repository = var.target_repository
+  config            = module.config[each.key].config
+
+  build-dev    = true
+  main_package = each.key
+}
+
+module "test" {
+  for_each = local.components
+  source   = "./tests"
+  digest   = module.eck-operator[each.key].image_ref
+}
+
+resource "oci_tag" "latest" {
+  for_each   = local.components
+  depends_on = [module.test]
+  digest_ref = module.eck-operator[each.key].image_ref
+  tag        = "latest"
+}
+
+resource "oci_tag" "latest-dev" {
+  for_each   = local.components
+  depends_on = [module.test]
+  digest_ref = module.eck-operator[each.key].dev_ref
+  tag        = "latest-dev"
+}
+

images/eck-operator/metadata.yaml

@@ -0,0 +1,14 @@
+name: eck-operator
+image: cgr.dev/chainguard/eck-operator
+logo: https://storage.googleapis.com/chainguard-academy/logos/eck-operator.svg
+endoflife: ""
+console_summary: ""
+short_description: Elastic Cloud on Kubernetes
+compatibility_notes: ""
+readme_file: README.md
+upstream_url:  https://github.com/elastic/cloud-on-k8s
+keywords:
+- eck
+- operator
+- elastic
+- kubernetes

images/eck-operator/tests/full-test.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+
+set -o errexit -o nounset -o errtrace -o pipefail -x
+
+# deploy the Elasticsearch instance
+
+cat <<EOF | kubectl apply -f -
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: quickstart
+spec:
+  version: 8.13.3
+  nodeSets:
+  - name: default
+    count: 1
+    config:
+      node.store.allow_mmap: false
+EOF
+
+# wait a couple of seconds for the Elasticsearch instance to be created
+sleep 30
+
+# wait for the Elasticsearch instance to be ready
+kubectl wait --for=condition=ready pod --selector elasticsearch.k8s.elastic.co/cluster-name=quickstart --timeout=5m
+
+# get credentials
+PASSWORD=$(kubectl get secret quickstart-es-elastic-user -o go-template='{{.data.elastic | base64decode}}')
+
+# port forward
+kubectl port-forward service/quickstart-es-http 9200:9200 &
+
+# wait for port forward to be ready
+max_retries=10
+count=0
+echo "Waiting for Elasticsearch to start on port 9200..."
+while ! curl -s -k https://localhost:9200 > /dev/null; do
+    count=$((count+1))
+    if [ "$count" -ge "$max_retries" ]; then
+        echo "Failed to connect to Elasticsearch on port 9200 after $max_retries attempts."
+        exit 1
+    fi
+    sleep 1
+    echo -n "."
+done
+
+# Store the expected JSON object in a variable
+expected_json='
+{
+  "name" : "quickstart-es-default-0",
+  "cluster_name" : "quickstart",
+  "tagline" : "You Know, for Search"
+}
+'
+
+# Use cURL and jq to fetch and format the JSON output, selecting only the specified fields
+curl_output=$(curl -u "elastic:$PASSWORD" -k "https://localhost:9200" | jq '{name, cluster_name, tagline}')
+
+# Compare the output with the expected JSON object
+if [ "$expected_json" = "$curl_output" ]; then
+  echo "The output matches the expected JSON."
+else
+  echo "The output does not match the expected JSON."
+fi

images/eck-operator/tests/main.tf

@@ -0,0 +1,70 @@
+terraform {
+  required_providers {
+    oci       = { source = "chainguard-dev/oci" }
+    imagetest = { source = "chainguard-dev/imagetest" }
+  }
+}
+
+variable "digest" {
+  description = "The image digest to run tests over."
+}
+
+data "oci_string" "ref" { input = var.digest }
+
+data "imagetest_inventory" "this" {}
+
+resource "imagetest_harness_k3s" "this" {
+  name      = "eck-operator"
+  inventory = data.imagetest_inventory.this
+
+  sandbox = {
+    mounts = [
+      {
+        source      = path.module
+        destination = "/tests"
+      }
+    ]
+  }
+}
+
+module "helm" {
+  source = "../../../tflib/imagetest/helm"
+
+  name = "eck-operator"
+
+  repo  = "https://helm.elastic.co"
+  chart = "eck-operator"
+
+  values = {
+    image = {
+      repository = data.oci_string.ref.registry_repo
+      tag        = data.oci_string.ref.pseudo_tag
+    }
+  }
+}
+
+resource "imagetest_feature" "basic" {
+  name        = "Basic"
+  description = "Basic Helm install for bank-vaults"
+  harness     = imagetest_harness_k3s.this
+
+  steps = [
+    {
+      name = "Add Elastic Helm repo"
+      cmd  = <<EOm
+        apk add --no-cache curl jq nmap
+      EOm
+    },
+    {
+      name = "Helm install"
+      cmd  = module.helm.install_cmd
+    },
+    {
+      name    = "Run full test"
+      workdir = "/tests"
+      cmd     = <<EOm
+        ./full-test.sh
+      EOm
+    }
+  ]
+}