From 4128e35e5a0a145e6f51cd9b0a08889acdf01028 Mon Sep 17 00:00:00 2001
From: Mritunjay Kumar Sharma <mritunjay.sharma@chainguard.dev>
Date: Fri, 11 Aug 2023 23:55:58 +0530
Subject: [PATCH] Image: adds cassandra (#1164)

* attempt to add cassandra

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* cassandra fixes

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* testing with new chanegs

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* using cassandra -f

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* adding workdir

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* fixes in tests

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* removes bash

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* adds k8s manifest and tests

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* terraform fmts

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* fixes template file

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* uses kubectl manifest

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* uses stateful_set resource and makes k8s provider to root main tf

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* testing with k8s provider in tests/main.tf

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* refactors namespace and services

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* removes readiness probe

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

* minor refactors

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>

---------

Signed-off-by: Mritunjay <mritunjay.sharma@chainguard.dev>
---
 README.md                                 |   1 +
 images/cassandra/README.md                |  14 ++
 images/cassandra/configs/latest.apko.yaml |  50 ++++++
 images/cassandra/image.yaml               |   3 +
 images/cassandra/main.tf                  |  54 ++++++
 images/cassandra/tests/main.tf            | 197 ++++++++++++++++++++++
 main.tf                                   |   5 +
 7 files changed, 324 insertions(+)
 create mode 100644 images/cassandra/README.md
 create mode 100644 images/cassandra/configs/latest.apko.yaml
 create mode 100644 images/cassandra/image.yaml
 create mode 100644 images/cassandra/main.tf
 create mode 100644 images/cassandra/tests/main.tf

diff --git a/README.md b/README.md
index bd44483b36..79e7418b66 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,7 @@
 | [busybox](./images/busybox) | `cgr.dev/chainguard/busybox` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/busybox.build.status.latest.alpine.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/busybox:latest.alpine) |
 | [cadvisor](./images/cadvisor) | `cgr.dev/chainguard/cadvisor` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cadvisor.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cadvisor:latest) |
 | [calico](./images/calico) | `cgr.dev/chainguard/calico` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/calico.build.status.latest.node.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/calico:latest.node) |
+| [cassandra](./images/cassandra) | `cgr.dev/chainguard/cassandra` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cassandra.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cassandra:latest) |
 | [cc-dynamic](./images/cc-dynamic) | `cgr.dev/chainguard/cc-dynamic` | deprecated | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cc-dynamic.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cc-dynamic:latest) |
 | [cedar](./images/cedar) | `cgr.dev/chainguard/cedar` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cedar.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cedar:latest) |
 | [cert-manager](./images/cert-manager) | `cgr.dev/chainguard/cert-manager` | stable | [![](https://storage.googleapis.com/chainguard-images-build-outputs/badges/cert-manager.build.status.latest.svg)](https://registry-ui.chainguard.app/?image=cgr.dev/chainguard/cert-manager:latest) |
diff --git a/images/cassandra/README.md b/images/cassandra/README.md
new file mode 100644
index 0000000000..7e766defd3
--- /dev/null
+++ b/images/cassandra/README.md
@@ -0,0 +1,14 @@
+<!--monopod:start-->
+# cassandra
+| | |
+| - | - |
+| **Status** | stable |
+| **OCI Reference** | `cgr.dev/chainguard/cassandra` |
+
+
+* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/cassandra/overview/)
+* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags.
+*[Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.*
+
+---
+<!--monopod:end-->
diff --git a/images/cassandra/configs/latest.apko.yaml b/images/cassandra/configs/latest.apko.yaml
new file mode 100644
index 0000000000..7fb6cc1883
--- /dev/null
+++ b/images/cassandra/configs/latest.apko.yaml
@@ -0,0 +1,50 @@
+contents:
+  packages:
+    - cassandra
+    - python3
+    - busybox
+    - cassandra-compat
+    - bash
+accounts:
+  groups:
+    - groupname: cassandra
+      gid: 999
+  users:
+    - username: cassandra
+      uid: 999
+  run-as: 999
+
+work-dir: /
+
+entrypoint:
+  command: cassandra -f
+environment: 
+  LANG: en_US.UTF-8
+  CASSANDRA_HOME: /opt/cassandra
+  PATH: /usr/sbin:/sbin:/usr/bin:/bin:/opt/cassandra/bin/
+
+paths:
+  - path: /var/lib/cassandra
+    type: directory
+    permissions: 0o777
+    uid: 999
+    gid: 999
+    recursive: true
+  - path: /opt/cassandra
+    type: directory
+    permissions: 0o777
+    uid: 999
+    gid: 999
+    recursive: true
+  - path: /var/lib/cassandra
+    type: directory
+    permissions: 0o777
+    uid: 999
+    gid: 999
+  - path: /var/log/cassandra
+    type: directory
+    permissions: 0o777
+    uid: 999
+    gid: 999
+    recursive: true
+
diff --git a/images/cassandra/image.yaml b/images/cassandra/image.yaml
new file mode 100644
index 0000000000..b286ab5206
--- /dev/null
+++ b/images/cassandra/image.yaml
@@ -0,0 +1,3 @@
+versions:
+  - apko:
+      config: configs/latest.apko.yaml
diff --git a/images/cassandra/main.tf b/images/cassandra/main.tf
new file mode 100644
index 0000000000..d05e46bc44
--- /dev/null
+++ b/images/cassandra/main.tf
@@ -0,0 +1,54 @@
+terraform {
+  required_providers {
+    apko = { source = "chainguard-dev/apko" }
+  }
+}
+
+variable "target_repository" {
+  description = "The docker repo into which the image and attestations should be published."
+}
+
+module "latest" {
+  source = "../../tflib/publisher"
+
+  name = basename(path.module)
+
+  target_repository = var.target_repository
+  config            = file("${path.module}/configs/latest.apko.yaml")
+}
+
+module "dev" { source = "../../tflib/dev-subvariant" }
+
+module "latest-dev" {
+  source = "../../tflib/publisher"
+
+  name = basename(path.module)
+
+  target_repository = var.target_repository
+  # Make the dev variant an explicit extension of the
+  # locked original.
+  config         = jsonencode(module.latest.config)
+  extra_packages = module.dev.extra_packages
+}
+
+module "version-tags" {
+  source  = "../../tflib/version-tags"
+  package = "cassandra"
+  config  = module.latest.config
+}
+
+module "test-latest" {
+  source = "./tests"
+  digest = module.latest.image_ref
+}
+
+module "tagger" {
+  source = "../../tflib/tagger"
+
+  depends_on = [module.test-latest]
+
+  tags = merge(
+    { for t in toset(concat(["latest"], module.version-tags.tag_list)) : t => module.latest.image_ref },
+    { for t in toset(concat(["latest"], module.version-tags.tag_list)) : "${t}-dev" => module.latest-dev.image_ref },
+  )
+}
diff --git a/images/cassandra/tests/main.tf b/images/cassandra/tests/main.tf
new file mode 100644
index 0000000000..8fa2249b88
--- /dev/null
+++ b/images/cassandra/tests/main.tf
@@ -0,0 +1,197 @@
+terraform {
+  required_providers {
+    oci = { source = "chainguard-dev/oci" }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.11.0"
+    }
+  }
+}
+
+variable "digest" {
+  description = "The image digest to run tests over."
+}
+
+data "oci_string" "ref" { input = var.digest }
+
+resource "kubernetes_namespace" "cassandra" {
+  metadata {
+    name = "cassandra"
+  }
+}
+
+resource "kubernetes_service" "cassandra" {
+  metadata {
+    name      = "cassandra"
+    namespace = "cassandra"
+
+    labels = {
+      app = "cassandra"
+    }
+  }
+
+  spec {
+    port {
+      port = 9042
+    }
+
+    selector = {
+      app = "cassandra"
+    }
+
+    cluster_ip = "None"
+  }
+}
+
+resource "kubernetes_stateful_set" "cassandra" {
+  metadata {
+    name      = "cassandra"
+    namespace = kubernetes_namespace.cassandra.metadata[0].name
+
+    labels = {
+      app = "cassandra"
+    }
+  }
+
+  spec {
+    replicas = 1
+
+    selector {
+      match_labels = {
+        app = "cassandra"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = "cassandra"
+        }
+      }
+
+      spec {
+        container {
+          name  = "cassandra"
+          image = "${data.oci_string.ref.registry_repo}:${data.oci_string.ref.pseudo_tag}"
+
+          port {
+            name           = "intra-node"
+            container_port = 7000
+          }
+
+          port {
+            name           = "tls-intra-node"
+            container_port = 7001
+          }
+
+          port {
+            name           = "jmx"
+            container_port = 7199
+          }
+
+          port {
+            name           = "cql"
+            container_port = 9042
+          }
+
+          env {
+            name  = "MAX_HEAP_SIZE"
+            value = "512M"
+          }
+
+          env {
+            name  = "HEAP_NEWSIZE"
+            value = "100M"
+          }
+
+          env {
+            name  = "CASSANDRA_SEEDS"
+            value = "cassandra-0.cassandra.default.svc.cluster.local"
+          }
+
+          env {
+            name  = "CASSANDRA_CLUSTER_NAME"
+            value = "K8Demo"
+          }
+
+          env {
+            name  = "CASSANDRA_DC"
+            value = "DC1-K8Demo"
+          }
+
+          env {
+            name  = "CASSANDRA_RACK"
+            value = "Rack1-K8Demo"
+          }
+
+          env {
+            name = "POD_IP"
+
+            value_from {
+              field_ref {
+                field_path = "status.podIP"
+              }
+            }
+          }
+
+          resources {
+            limits = {
+              cpu = "500m"
+
+              memory = "1Gi"
+            }
+
+            requests = {
+              cpu = "500m"
+
+              memory = "1Gi"
+            }
+          }
+
+          volume_mount {
+            name       = "cassandra-data"
+            mount_path = "/cassandra_data"
+          }
+
+          lifecycle {
+            pre_stop {
+              exec {
+                command = ["/bin/sh", "-c", "nodetool drain"]
+              }
+            }
+          }
+
+          image_pull_policy = "Always"
+
+          security_context {
+            capabilities {
+              add = ["IPC_LOCK"]
+            }
+          }
+        }
+
+        termination_grace_period_seconds = 1800
+      }
+    }
+
+    volume_claim_template {
+      metadata {
+        name = "cassandra-data"
+      }
+
+      spec {
+        access_modes = ["ReadWriteOnce"]
+
+        resources {
+          requests = {
+            storage = "1Gi"
+          }
+        }
+
+        storage_class_name = "standard"
+      }
+    }
+
+    service_name = kubernetes_service.cassandra.metadata[0].name
+  }
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 4dd159167c..9eea597c5f 100644
--- a/main.tf
+++ b/main.tf
@@ -133,6 +133,11 @@ module "calico" {
   target_repository = "${var.target_repository}/calico"
 }
 
+module "cassandra" {
+  source            = "./images/cassandra"
+  target_repository = "${var.target_repository}/cassandra"
+}
+
 module "cc-dynamic" {
   source            = "./images/cc-dynamic"
   target_repository = "${var.target_repository}/cc-dynamic"