From 50b29a028e1fff80a62bd8f51e72b8224557dc3a Mon Sep 17 00:00:00 2001 From: David Courtey Date: Thu, 24 Aug 2023 14:35:14 +0200 Subject: [PATCH 1/3] feature(charts): adding basic helm chart to deploy the dailyclean application --- charts/dailyclean/.helmignore | 23 +++++ charts/dailyclean/Chart.yaml | 5 ++ charts/dailyclean/templates/_helpers.tpl | 49 +++++++++++ charts/dailyclean/templates/deployment.yaml | 52 ++++++++++++ charts/dailyclean/templates/ingress.yaml | 30 +++++++ charts/dailyclean/templates/route.yaml | 24 ++++++ charts/dailyclean/templates/service.yaml | 15 ++++ .../dailyclean/templates/serviceaccount.yaml | 83 +++++++++++++++++++ .../templates/tests/test-connection.yaml | 15 ++++ charts/dailyclean/values.yaml | 54 ++++++++++++ 10 files changed, 350 insertions(+) create mode 100644 charts/dailyclean/.helmignore create mode 100644 charts/dailyclean/Chart.yaml create mode 100644 charts/dailyclean/templates/_helpers.tpl create mode 100644 charts/dailyclean/templates/deployment.yaml create mode 100644 charts/dailyclean/templates/ingress.yaml create mode 100644 charts/dailyclean/templates/route.yaml create mode 100644 charts/dailyclean/templates/service.yaml create mode 100644 charts/dailyclean/templates/serviceaccount.yaml create mode 100644 charts/dailyclean/templates/tests/test-connection.yaml create mode 100644 charts/dailyclean/values.yaml diff --git a/charts/dailyclean/.helmignore b/charts/dailyclean/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/dailyclean/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/dailyclean/Chart.yaml b/charts/dailyclean/Chart.yaml new file mode 100644 index 0000000..3833ba2 --- /dev/null +++ b/charts/dailyclean/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: dailyclean +description: A Helm chart to deploy the dailyclean application +type: application +version: 0.0.1 \ No newline at end of file diff --git a/charts/dailyclean/templates/_helpers.tpl b/charts/dailyclean/templates/_helpers.tpl new file mode 100644 index 0000000..7df0bee --- /dev/null +++ b/charts/dailyclean/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "dailyclean.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "dailyclean.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dailyclean.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "dailyclean.labels" -}} +helm.sh/chart: {{ include "dailyclean.chart" . }} +{{ include "dailyclean.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "dailyclean.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dailyclean.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/charts/dailyclean/templates/deployment.yaml b/charts/dailyclean/templates/deployment.yaml new file mode 100644 index 0000000..5f11e95 --- /dev/null +++ b/charts/dailyclean/templates/deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "dailyclean.fullname" . }} + labels: + axa.com/dailyclean: 'false' + {{- include "dailyclean.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "dailyclean.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "dailyclean.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "dailyclean.fullname" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: SERVICE_JOB_IMAGENAME + value: {{ .Values.image.serviceJobImageName }} + - name: SERVICE_JOB_SERVICEACCOUNTNAME + value: {{ include "dailyclean.fullname" . }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} \ No newline at end of file diff --git a/charts/dailyclean/templates/ingress.yaml b/charts/dailyclean/templates/ingress.yaml new file mode 100644 index 0000000..e7de1a8 --- /dev/null +++ b/charts/dailyclean/templates/ingress.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "dailyclean.fullname" . }} + labels: + {{- include "dailyclean.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.host | quote }} + secretName: {{ .Values.ingress.tls.secretName }} +{{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ include "dailyclean.fullname" . }} + port: + number: {{ .Values.service.port }} +{{- end -}} \ No newline at end of file diff --git a/charts/dailyclean/templates/route.yaml b/charts/dailyclean/templates/route.yaml new file mode 100644 index 0000000..02ce361 --- /dev/null +++ b/charts/dailyclean/templates/route.yaml @@ -0,0 +1,24 @@ +{{- if .Values.route.enabled -}} +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: {{ include "dailyclean.fullname" . }} + labels: + {{- include "dailyclean.labels" . | nindent 4 }} + router: {{ .Values.route.router }} + {{- with .Values.route.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + host: {{ .Values.route.host }} + to: + kind: Service + name: {{ include "dailyclean.fullname" . }} + port: + targetPort: {{ .Values.service.port }} + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + wildcardPolicy: None +{{- end }} diff --git a/charts/dailyclean/templates/service.yaml b/charts/dailyclean/templates/service.yaml new file mode 100644 index 0000000..ac31da0 --- /dev/null +++ b/charts/dailyclean/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "dailyclean.fullname" . }} + labels: + {{- include "dailyclean.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "dailyclean.selectorLabels" . | nindent 4 }} diff --git a/charts/dailyclean/templates/serviceaccount.yaml b/charts/dailyclean/templates/serviceaccount.yaml new file mode 100644 index 0000000..f35db95 --- /dev/null +++ b/charts/dailyclean/templates/serviceaccount.yaml @@ -0,0 +1,83 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "dailyclean.fullname" . }} + labels: + {{- include "dailyclean.labels" . | nindent 4 }} +rules: + - verbs: + - create + apiGroups: + - '' + resources: + - pods/exec + - verbs: + - get + - list + - watch + apiGroups: + - '' + resources: + - pods + - verbs: + - get + - list + - watch + apiGroups: + - metrics.k8s.io + resources: + - pods + - verbs: + - get + - list + - watch + - patch + apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + - verbs: + - get + - list + - watch + apiGroups: + - apps + resources: + - statefulsets + - verbs: + - get + - create + - patch + - update + - delete + - list + - watch + apiGroups: + - batch + resources: + - jobs + - cronjobs +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "dailyclean.fullname" . }} + labels: + {{- include "dailyclean.labels" . | nindent 4 }} +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "dailyclean.fullname" . }} + labels: + {{- include "dailyclean.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "dailyclean.fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "dailyclean.fullname" . }} \ No newline at end of file diff --git a/charts/dailyclean/templates/tests/test-connection.yaml b/charts/dailyclean/templates/tests/test-connection.yaml new file mode 100644 index 0000000..8a42dcd --- /dev/null +++ b/charts/dailyclean/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "dailyclean.fullname" . }}-test-connection" + labels: + {{- include "dailyclean.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "dailyclean.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/dailyclean/values.yaml b/charts/dailyclean/values.yaml new file mode 100644 index 0000000..ae282c0 --- /dev/null +++ b/charts/dailyclean/values.yaml @@ -0,0 +1,54 @@ +# Default values for dailyclean. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: axaguildev/dailyclean-api + tag: "latest" + pullPolicy: IfNotPresent + serviceJobImageName: "axaguildev/dailyclean-job:latest" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +route: + enabled: false + router: "internal" + annotations: {} + host: chart-example.local + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + host: chart-example.local + tls: + enabled: false + secretName: chart-example-tls + +resources: + limits: + memory: "96Mi" + cpu: "50m" + requests: + memory: "96Mi" + cpu: "10m" \ No newline at end of file From b1cc276985dc86df3a48503099d9b833f01edf22 Mon Sep 17 00:00:00 2001 From: David Courtey Date: Thu, 24 Aug 2023 14:36:28 +0200 Subject: [PATCH 2/3] feature(charts): adding the GitHub action workflows to automatically release the helm charts using helm/chart-releaser-action --- .github/workflows/release-chart.yml | 31 +++++++++++++++++++++++++++++ README.md | 11 ++++++++++ 2 files changed, 42 insertions(+) create mode 100644 .github/workflows/release-chart.yml diff --git a/.github/workflows/release-chart.yml b/.github/workflows/release-chart.yml new file mode 100644 index 0000000..1075d30 --- /dev/null +++ b/.github/workflows/release-chart.yml @@ -0,0 +1,31 @@ +name: Release Charts + +on: + push: + branches: [ main ] + +jobs: + release: + # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions + # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3 + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.5.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/README.md b/README.md index d038b65..74fbd71 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,17 @@ Now, open your favorite browser and enter the url of dailyclean-api service : ht Enjoy dailyclean !!!! +## Deploy using Helm + +Add the helm repository, update and install the chart: +```bash +helm repo add dailyclean https://axafrance.github.io/dailyclean/ +helm repo update +helm install dailyclean dailyclean/dailyclean +``` + +Check the [values.yaml](./charts/dailyclean/values.yaml) file to see the available configuration options. + ## How Does It Work - Daily clean use native kubernetes API, it works with any kubernetes projects. From 713886c2fbb6b6f41cffadd2f44130ffd5e23958 Mon Sep 17 00:00:00 2001 From: David Courtey Date: Tue, 29 Aug 2023 00:21:21 +0200 Subject: [PATCH 3/3] fix(charts): adding missing patch permission for statefulsets --- charts/dailyclean/templates/serviceaccount.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/dailyclean/templates/serviceaccount.yaml b/charts/dailyclean/templates/serviceaccount.yaml index f35db95..81f82dd 100644 --- a/charts/dailyclean/templates/serviceaccount.yaml +++ b/charts/dailyclean/templates/serviceaccount.yaml @@ -42,6 +42,7 @@ rules: - get - list - watch + - patch apiGroups: - apps resources: