diff --git a/helm-operator/openj9-jitserver-operator/README.md b/helm-operator/openj9-jitserver-operator/README.md new file mode 100644 index 0000000..353ebe0 --- /dev/null +++ b/helm-operator/openj9-jitserver-operator/README.md @@ -0,0 +1,109 @@ +# JITServer Operator + +## Installation and deployment + +### Requirements +- `kubectl` installed +- A running kubernetes cluster + +### Installation +You can install the JITServer Operator into a Kubernetes cluster via `kubectl` commands. + +- Deploy the operator: + + ``` + kubectl apply -f https://raw.githubusercontent.com/eclipse-openj9/openj9-utils/master/helm-operator/openj9-jitserver-operator/deploy.yaml + ``` + +- Verify the operator is running: + + ``` + kubectl get deployment -n jitserver-operator-system | grep jitserver-operator + + jitserver-operator-controller-manager 1/1 1 1 11s + ``` + + ``` + kubectl get pods -n jitserver-operator-system | grep jitserver-operator + + jitserver-operator-controller-manager-7dc5df6d68-g62kr 2/2 Running 0 48s + ``` + +- Deploy the Custom Resource: + + ``` + kubectl apply -f https://raw.githubusercontent.com/eclipse-openj9/openj9-utils/master/helm-operator/openj9-jitserver-operator/charts_v1alpha1_openj9jitserverchart.yaml + ``` + +- Verify the Custom Resource is running: + + ``` + kubectl get deployment | grep openj9jitserverchart + + openj9jitserverchart-sample-openj9-jitserver-chart 1/1 1 1 13s + ``` + + ``` + kubectl get pods | grep openj9jitserverchart + + openj9jitserverchart-sample-openj9-jitserver-chart-5d5696fcz626 1/1 Running 0 54s + ``` + +- Issue a sample query to the Custom Resource: + + ``` + export POD_NAME=$(kubectl get pod --namespace default -o jsonpath="{..metadata.name}" | grep openj9jitserverchart-sample-openj9-jitserver-chart) + kubectl exec $POD_NAME -i -t -- java -version + + openjdk version "1.8.0_322" + IBM Semeru Runtime Open Edition (build 1.8.0_322-b06) + Eclipse OpenJ9 VM (build openj9-0.30.0, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20220128_306 (JIT enabled, AOT enabled) + OpenJ9 - 9dccbe076 + OMR - dac962a28 + JCL - c1d9a7af7c based on jdk8u322-b06) + ``` + +- Deploy JITServer with a specific Java version: + + To change the Java version for JITServer, you need to first download the JITServer Custom Resource YAML file. + ``` + curl -O https://raw.githubusercontent.com/eclipse-openj9/openj9-utils/master/helm-operator/openj9-jitserver-operator/charts_v1alpha1_openj9jitserverchart.yaml + ``` + + Now, change `spec.image.tag` in `charts_v1alpha1_openj9jitserverchart.yaml` to the appropriate Java version docker image tag. + + Then deploy the JITServer Custom Resource. + ``` + kubectl apply -f charts_v1alpha1_openj9jitserverchart.yaml + ``` + +- Deploy two different JITServer deployments: + + Download the JITServer Custom Resource YAML file. + ``` + curl -O https://raw.githubusercontent.com/eclipse-openj9/openj9-utils/master/helm-operator/openj9-jitserver-operator/charts_v1alpha1_openj9jitserverchart.yaml + ``` + + Create a copy of the JITServer Custom Resource YAML file with a different name. + ``` + cp charts_v1alpha1_openj9jitserverchart.yaml charts_v1alpha1_openj9jitserverchart_1.yaml + ``` + + Now, change `spec.image.tag` in `charts_v1alpha1_openj9jitserverchart.yaml` and `charts_v1alpha1_openj9jitserverchart_1.yaml` to the appropriate Java version docker image tag. + + Then deploy the JITServer Custom Resources. + ``` + kubectl apply -f charts_v1alpha1_openj9jitserverchart.yaml charts_v1alpha1_openj9jitserverchart_1.yaml + ``` + +### Uninstallation +- Clean up the Custom Resource: + ``` + kubectl delete -f charts_v1alpha1_openj9jitserverchart.yaml + ``` + +- Delete the operator: + ``` + kubectl delete -f deploy.yaml + ``` + diff --git a/helm-operator/openj9-jitserver-operator/charts_v1alpha1_openj9jitserverchart.yaml b/helm-operator/openj9-jitserver-operator/charts_v1alpha1_openj9jitserverchart.yaml new file mode 100644 index 0000000..0f07192 --- /dev/null +++ b/helm-operator/openj9-jitserver-operator/charts_v1alpha1_openj9jitserverchart.yaml @@ -0,0 +1,77 @@ +############################################################################### +# Copyright (c) 2020, 2022 IBM Corp. and others +# +# This program and the accompanying materials are made available under +# the terms of the Eclipse Public License 2.0 which accompanies this +# distribution and is available at https://www.eclipse.org/legal/epl-2.0/ +# or the Apache License, Version 2.0 which accompanies this distribution and +# is available at https://www.apache.org/licenses/LICENSE-2.0. +# +# This Source Code may also be made available under the following +# Secondary Licenses when the conditions for such availability set +# forth in the Eclipse Public License, v. 2.0 are satisfied: GNU +# General Public License, version 2 with the GNU Classpath +# Exception [1] and GNU General Public License, version 2 with the +# OpenJDK Assembly Exception [2]. +# +# [1] https://www.gnu.org/software/classpath/license.html +# [2] http://openjdk.java.net/legal/assembly-exception.html +# +# SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 OR LicenseRef-GPL-2.0 WITH Assembly-exception +############################################################################### + +apiVersion: charts.openj9jitserver/v1alpha1 +kind: Openj9JitserverChart +metadata: + name: openj9jitserver +spec: + # Default values copied from /helm-charts/openj9-jitserver-chart/values.yaml + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + env: + - name: OPENJ9_JAVA_OPTIONS + value: "" + fullnameOverride: "" + image: + pullPolicy: IfNotPresent + repository: ibm-semeru-runtimes + tag: open-8u322-b06-jre + imagePullSecrets: [] + nameOverride: "" + nodeSelector: {} + podSecurityContext: {} + replicaCount: 1 + resources: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 1001 + service: + port: 38400 + sessionAffinity: ClientIP + type: ClusterIP + serviceAccount: + annotations: {} + create: true + name: null + tolerations: [] diff --git a/helm-operator/openj9-jitserver-operator/create-your-own-jitserver-operator.md b/helm-operator/openj9-jitserver-operator/create-your-own-jitserver-operator.md new file mode 100644 index 0000000..a59a405 --- /dev/null +++ b/helm-operator/openj9-jitserver-operator/create-your-own-jitserver-operator.md @@ -0,0 +1,88 @@ +# Create your own JITServer Operator + +### Requirements +- `operator-sdk` +- `kubectl` +- `helm` +- A running kubernetes cluster + +### Steps + +- Add OpenJ9 JITServer helm chart repository to the Helm client: + + ``` + helm repo add openj9 https://raw.githubusercontent.com/eclipse/openj9-utils/master/helm-chart/ + helm repo update + helm search repo openj9-jitserver-chart + ``` + +- Use the CLI to create a new Helm-based jitserver-operator project: + + ``` + mkdir jitserver-operator + cd jitserver-operator + operator-sdk init --plugins helm --helm-chart openj9/openj9-jitserver-chart --domain openj9jitserver + ``` + +- Build and push your operator’s image: + + ``` + make docker-build docker-push IMG="/jitserver-operator:v0.0.1" + ``` + +- Run the operator as a Deployment inside the cluster: + + ``` + make deploy IMG="/jitserver-operator:v0.0.1" + ``` + +- Verify the operator is running: + + ``` + kubectl get deployment -n jitserver-operator-system | grep jitserver-operator + + jitserver-operator-controller-manager 1/1 1 1 11s + ``` + + ``` + kubectl get pods -n jitserver-operator-system | grep jitserver-operator + + jitserver-operator-controller-manager-7dc5df6d68-g62kr 2/2 Running 0 48s + ``` + +- Update the sample JITServer Custom Resource manifest at `config/samples/charts_v1alpha1_openj9jitserverchart.yaml` to set your desired values. + +- Create a JITServer Custom Resource: + + ``` + kubectl apply -f config/samples/charts_v1alpha1_openj9jitserverchart.yaml + ``` + +- Ensure that the JITServer operator creates the deployment for the Custom Resource: + + ``` + kubectl get deployment | grep openj9jitserverchart + + openj9jitserverchart-sample-openj9-jitserver-chart 1/1 1 1 13s + ``` + + ``` + kubectl get pods | grep openj9jitserverchart + + openj9jitserverchart-sample-openj9-jitserver-chart-5d5696fcz626 1/1 Running 0 54s + ``` + +- Issue a sample query to the Custom Resource: + + ``` + export POD_NAME=$(kubectl get pod --namespace default -o jsonpath="{..metadata.name}" | grep openj9jitserverchart-sample-openj9-jitserver-chart) + kubectl exec $POD_NAME -i -t -- java -version + + openjdk version "1.8.0_322" + IBM Semeru Runtime Open Edition (build 1.8.0_322-b06) + Eclipse OpenJ9 VM (build openj9-0.30.0, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20220128_306 (JIT enabled, AOT enabled) + OpenJ9 - 9dccbe076 + OMR - dac962a28 + JCL - c1d9a7af7c based on jdk8u322-b06) + ``` + diff --git a/helm-operator/openj9-jitserver-operator/deploy.yaml b/helm-operator/openj9-jitserver-operator/deploy.yaml new file mode 100644 index 0000000..c5b0fa1 --- /dev/null +++ b/helm-operator/openj9-jitserver-operator/deploy.yaml @@ -0,0 +1,327 @@ +############################################################################### +# Copyright (c) 2020, 2022 IBM Corp. and others +# +# This program and the accompanying materials are made available under +# the terms of the Eclipse Public License 2.0 which accompanies this +# distribution and is available at https://www.eclipse.org/legal/epl-2.0/ +# or the Apache License, Version 2.0 which accompanies this distribution and +# is available at https://www.apache.org/licenses/LICENSE-2.0. +# +# This Source Code may also be made available under the following +# Secondary Licenses when the conditions for such availability set +# forth in the Eclipse Public License, v. 2.0 are satisfied: GNU +# General Public License, version 2 with the GNU Classpath +# Exception [1] and GNU General Public License, version 2 with the +# OpenJDK Assembly Exception [2]. +# +# [1] https://www.gnu.org/software/classpath/license.html +# [2] http://openjdk.java.net/legal/assembly-exception.html +# +# SPDX-License-Identifier: EPL-2.0 OR Apache-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 OR LicenseRef-GPL-2.0 WITH Assembly-exception +############################################################################### + +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: jitserver-operator-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: openj9jitservercharts.charts.openj9jitserver +spec: + group: charts.openj9jitserver + names: + kind: Openj9JitserverChart + listKind: Openj9JitserverChartList + plural: openj9jitservercharts + singular: openj9jitserverchart + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Openj9JitserverChart is the Schema for the openj9jitservercharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Openj9JitserverChart + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of Openj9JitserverChart + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitserver-operator-controller-manager + namespace: jitserver-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitserver-operator-leader-election-role + namespace: jitserver-operator-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: jitserver-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create +- apiGroups: + - charts.openj9jitserver + resources: + - openj9jitservercharts + - openj9jitservercharts/status + - openj9jitservercharts/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: jitserver-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: jitserver-operator-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitserver-operator-leader-election-rolebinding + namespace: jitserver-operator-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitserver-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: jitserver-operator-controller-manager + namespace: jitserver-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: jitserver-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jitserver-operator-manager-role +subjects: +- kind: ServiceAccount + name: jitserver-operator-controller-manager + namespace: jitserver-operator-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: jitserver-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jitserver-operator-proxy-role +subjects: +- kind: ServiceAccount + name: jitserver-operator-controller-manager + namespace: jitserver-operator-system +--- +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + + leaderElection: + leaderElect: true + resourceName: 811c9dc5.openj9jitserver +kind: ConfigMap +metadata: + name: jitserver-operator-manager-config + namespace: jitserver-operator-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: jitserver-operator-controller-manager-metrics-service + namespace: jitserver-operator-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: jitserver-operator-controller-manager + namespace: jitserver-operator-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --leader-election-id=jitserver-operator + image: rouagarw/jitserver-operator:v0.0.1 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 60Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: jitserver-operator-controller-manager + terminationGracePeriodSeconds: 10