diff --git a/charts/version-checker/.helmignore b/charts/version-checker/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/charts/version-checker/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/version-checker/Chart.yaml b/charts/version-checker/Chart.yaml new file mode 100644 index 0000000..3629584 --- /dev/null +++ b/charts/version-checker/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: "v0.2.0" +version: 0.2.0 +description: A Helm chart for version-checker +home: https://github.com/joshvanl/verison-checker +name: version-checker \ No newline at end of file diff --git a/charts/version-checker/README.md b/charts/version-checker/README.md new file mode 100644 index 0000000..f1f80d0 --- /dev/null +++ b/charts/version-checker/README.md @@ -0,0 +1,42 @@ +version-checker +=============== +A Helm chart for version-checker + +Current chart version is `0.2.0` + +Source code can be found [here](https://github.com/joshvanl/verison-checker) + + + +## Chart Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| acr.passwordKey | string | `nil` | Provide the secret key containing the ACR Password. | +| acr.refreshTokenKey | string | `nil` | Provide the secret key containing the ACR Refresh Token. | +| acr.usernameKey | string | `nil` | Provide the secret key containing the ACR Username | +| affinity | object | `{}` | Adding any affinity for your deployment. | +| docker.passwordKey | string | `nil` | Provide the secret key containing the Docker Password. | +| docker.tokenKey | string | `nil` | Provide the secret key containing the Docker Token. | +| docker.usernameKey | string | `nil` | Provide the secret key containing the Docker Username | +| ecr.accessKeyIDKey | string | `nil` | Provide the secret key containing the ECR Access Key | +| ecr.secretAccessKey | string | `nil` | Provide the secret key containing the ECR Secret Access Key | +| ecr.sessionTokenKey | string | `nil` | Provide the secret key containing the ECR Session Token | +| gcr.tokenKey | string | `nil` | Provide the secret key containing the GCR Token. | +| image.pullPolicy | string | `"IfNotPresent"` | Pull Policy to use within Cluster. | +| image.repository | string | `"quay.io/jetstack/version-checker"` | Image repository to use. | +| image.tag | string | `"v0.2.0"` | Image tag to use. | +| nodeSelector | object | `{}` | Adding a Node selector for your deployment. | +| quay.tokenKey | string | `nil` | Provide the secret key containing the Quay Token. | +| replicaCount | int | `1` | Amount of replicas to run. | +| resources | object | `{}` | define custom resources to use for your deployment. | +| secretName | string | `""` | Provide the name of the secret that contains all tokens, password and/or usernames. | +| selfhosted.registries | object | `{}` | Provide a list containing the needed info for selfhosted registries. | +| service.port | int | `8080` | Define which port to for your service. | +| serviceMonitor.additionalLabels | object | `{}` | Adding any additional labels to the service monitor. | +| serviceMonitor.enabled | bool | `false` | Deploy a Prometheus Service Monitor along with the exporter. | +| tolerations | list | `[]` | Adding any tolerations to your deployment. | +| versionChecker.imageCacheTimeout | string | `"30m"` | Specify the time version checker needs to refresh image versions. | +| versionChecker.logLevel | string | `"info"` | Specify the log level. | +| versionChecker.metricsServingAddress | string | `"0.0.0.0:8080"` | Specify the listening address and port for serving metrics. | +| versionChecker.testAllContainers | bool | `true` | Specify if all containers need to be checked or use annotation. | diff --git a/charts/version-checker/templates/_helpers.tpl b/charts/version-checker/templates/_helpers.tpl new file mode 100644 index 0000000..6ce5a80 --- /dev/null +++ b/charts/version-checker/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "version-checker.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "version-checker.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "version-checker.labels" -}} +app.kubernetes.io/name: {{ include "version-checker.name" . }} +helm.sh/chart: {{ include "version-checker.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Required claims serialized to CLI argument +*/}} +{{- define "requiredClaims" -}} +{{- if .Values.oidc.requiredClaims -}} +{{- $local := (list) -}} +{{- range $k, $v := .Values.oidc.requiredClaims -}} +{{- $local = (printf "%s=%s" $k $v | append $local) -}} +{{- end -}} +{{ join "," $local }} +{{- end -}} +{{- end -}} diff --git a/charts/version-checker/templates/clusterrole.yaml b/charts/version-checker/templates/clusterrole.yaml new file mode 100644 index 0000000..c9d54df --- /dev/null +++ b/charts/version-checker/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: +{{ include "version-checker.labels" . | indent 4 }} + name: {{ include "version-checker.name" . }} +rules: +- apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" + - "list" + - "watch" diff --git a/charts/version-checker/templates/clusterrolebinding.yaml b/charts/version-checker/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..c919b3e --- /dev/null +++ b/charts/version-checker/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: +{{ include "version-checker.labels" . | indent 4 }} + name: {{ include "version-checker.name" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "version-checker.name" . }} +subjects: +- kind: ServiceAccount + name: {{ include "version-checker.name" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/version-checker/templates/deployment.yaml b/charts/version-checker/templates/deployment.yaml new file mode 100644 index 0000000..d2bbe70 --- /dev/null +++ b/charts/version-checker/templates/deployment.yaml @@ -0,0 +1,166 @@ +{{ $chartname := include "version-checker.name" . }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $chartname }} + labels: +{{ include "version-checker.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ $chartname }} + template: + metadata: + labels: + app: {{ $chartname }} + annotations: + prometheus.io/path: "/metrics" + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + enable.version-checker.io/{{ $chartname }}: "true" + spec: + serviceAccountName: {{ $chartname }} + containers: + - name: {{ $chartname }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 8080 + command: ["version-checker"] + args: + - "--image-cache-timeout={{.Values.versionChecker.imageCacheTimeout}}" + - "--log-level={{.Values.versionChecker.logLevel}}" + - "--metrics-serving-address={{.Values.versionChecker.metricsServingAddress}}" + - "--test-all-containers={{.Values.versionChecker.testAllContainers}}" + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + + # ACR + {{- if .Values.acr.refreshKey }} + - name: VERSION_CHECKER_ACR_REFRESH_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.acr.refreshKey }} + {{- end }} + {{- if .Values.acr.usernameKey }} + - name: VERSION_CHECKER_ACR_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.acr.usernameKey }} + {{- end }} + {{- if .Values.acr.passwordKey }} + - name: VERSION_CHECKER_ACR_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.acr.passwordKey }} + {{- end }} + + # Docker + {{- if .Values.docker.tokenKey }} + - name: VERSION_CHECKER_DOCKER_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.docker.tokenKey }} + {{- end }} + {{- if .Values.docker.usernameKey }} + - name: VERSION_CHECKER_DOCKER_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.docker.usernameKey }} + {{- end }} + {{- if .Values.docker.passwordKey }} + - name: VERSION_CHECKER_DOCKER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.docker.passwordKey }} + {{- end }} + + # ECR + {{- if .Values.ecr.accessKeyIDKey }} + - name: VERSION_CHECKER_ECR_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.ecr.accessKeyIDKey }} + {{- end }} + {{- if .Values.ecr.secretAccessKey }} + - name: VERSION_CHECKER_ECR_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.ecr.secretAccessKey }} + {{- end }} + {{- if .Values.ecr.sessionTokenKey }} + - name: VERSION_CHECKER_ECR_SESSION_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.ecr.sessionTokenKey }} + {{- end }} + + # GCR + {{- if .Values.gcr.tokenKey }} + - name: VERSION_CHECKER_GCR_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.gcr.tokenKey }} + {{- end }} + + # Quay + {{- if .Values.quay.tokenKey }} + - name: VERSION_CHECKER_QUAY_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ .Values.quay.tokenKey }} + {{- end }} + + # Selfhosted + {{range $index, $element := .Values.selfhosted.registries }} + {{- if $element.host }} + - name: VERSION_CHECKER_SELFHOSTED_HOST_{{ $element.name }} + value: {{ $element.host }} + {{- end }} + {{- if $element.username }} + - name: VERSION_CHECKER_SELFHOSTED_USERNAME_{{ $element.name }} + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ $element.usernameKey }} + {{- end }} + {{- if $element.password }} + - name: VERSION_CHECKER_SELFHOSTED_PASSWORD_{{ $element.name }} + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ $element.passwordKey }} + {{- end }} + {{- if $element.token }} + - name: VERSION_CHECKER_SELFHOSTED_TOKEN_{{ $element.name }} + valueFrom: + secretKeyRef: + name: {{ .Values.secretName }} + key: {{ $element.tokenKey }} + {{- end }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/version-checker/templates/service.yaml b/charts/version-checker/templates/service.yaml new file mode 100644 index 0000000..b763826 --- /dev/null +++ b/charts/version-checker/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "version-checker.name" . }} + labels: + app: {{ include "version-checker.name" . }} +{{ include "version-checker.labels" . | indent 4 }} +spec: + ports: + - port: {{ .Values.service.port }} + targetPort: 8080 + protocol: TCP + name: web + selector: + app: {{ include "version-checker.name" . }} diff --git a/charts/version-checker/templates/serviceaccount.yaml b/charts/version-checker/templates/serviceaccount.yaml new file mode 100644 index 0000000..3bf56d0 --- /dev/null +++ b/charts/version-checker/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: +{{ include "version-checker.labels" . | indent 4 }} + name: {{ include "version-checker.name" . }} diff --git a/charts/version-checker/templates/servicemonitor.yaml b/charts/version-checker/templates/servicemonitor.yaml new file mode 100644 index 0000000..d256c7f --- /dev/null +++ b/charts/version-checker/templates/servicemonitor.yaml @@ -0,0 +1,18 @@ +{{- if or .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "version-checker.name" . }} + labels: + app: {{ include "version-checker.name" . }} + {{- if .Values.serviceMonitor.additionalLabels }} +{{- .Values.serviceMonitor.additionalLabels | toYaml | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ include "version-checker.name" . }} + endpoints: + - port: web + path: /metrics +{{- end }} diff --git a/charts/version-checker/values.yaml b/charts/version-checker/values.yaml new file mode 100644 index 0000000..b15e8c5 --- /dev/null +++ b/charts/version-checker/values.yaml @@ -0,0 +1,102 @@ +# Default values for version-checker. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# replicaCount -- Amount of replicas to run. +replicaCount: 1 + +image: + # image.repository -- Image repository to use. + repository: quay.io/jetstack/version-checker + # image.tag -- Image tag to use. + tag: v0.2.0 + # image.pullPolicy -- Pull Policy to use within Cluster. + pullPolicy: IfNotPresent + +service: + # service.port -- Define which port to for your service. + port: 8080 + +versionChecker: + # versionChecker.imageCacheTimeout -- Specify the time version checker needs to refresh image versions. + imageCacheTimeout: 30m + # versionChecker.logLevel -- Specify the log level. + logLevel: info # debug, info, warn, error, fatal, panic + # versionChecker.metricsServingAddress -- Specify the listening address and port for serving metrics. + metricsServingAddress: 0.0.0.0:8080 + # versionChecker.testAllContainers -- Specify if all containers need to be checked or use annotation. + testAllContainers: true # don't require the enable.version-checker.io annotation + +# secretName -- Provide the name of the secret that contains all tokens, password and/or usernames. +secretName: "" + +acr: + # acr.usernameKey -- Provide the secret key containing the ACR Username + usernameKey: + # acr.passwordKey -- Provide the secret key containing the ACR Password. + passwordKey: + # acr.refreshTokenKey -- Provide the secret key containing the ACR Refresh Token. + refreshTokenKey: + +docker: + # docker.usernameKey -- Provide the secret key containing the Docker Username + usernameKey: + # docker.passwordKey -- Provide the secret key containing the Docker Password. + passwordKey: + # docker.tokenKey -- Provide the secret key containing the Docker Token. + tokenKey: + +ecr: + # ecr.accessKeyIDKey -- Provide the secret key containing the ECR Access Key + accessKeyIDKey: + # ecr.secretAccessKey -- Provide the secret key containing the ECR Secret Access Key + secretAccessKey: + # ecr.sessionTokenKey -- Provide the secret key containing the ECR Session Token + sessionTokenKey: + +gcr: + # gcr.tokenKey -- Provide the secret key containing the GCR Token. + tokenKey: + +quay: + # quay.tokenKey -- Provide the secret key containing the Quay Token. + tokenKey: + +selfhosted: + # selfhosted.registries -- Provide a list containing the needed info for selfhosted registries. + registries: {} + #- name: REGISTRY + # host: http://registry:5000 + # usernameKey: + # passwordKey: + # tokenKey: + #- name: EXAMPLE + # host: https://artifactory.example.com + # username: foo + # password: bar + # token: + +# resources -- define custom resources to use for your deployment. +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + # + +# nodeSelector -- Adding a Node selector for your deployment. +nodeSelector: {} + +# tolerations -- Adding any tolerations to your deployment. +tolerations: [] + +# affinity -- Adding any affinity for your deployment. +affinity: {} + +serviceMonitor: + # serviceMonitor.enabled -- Deploy a Prometheus Service Monitor along with the exporter. + enabled: false + # serviceMonitor.additionalLabels -- Adding any additional labels to the service monitor. + additionalLabels: {} \ No newline at end of file