Add GA helm chart release workflow

Signed-off-by: Jeremy Ho <[email protected]>
bcgov · Nov 10, 2023 · bffbc79 · bffbc79
1 parent 23a3bfb
commit bffbc79
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 37 deletions.
diff --git a/.github/workflows/charts-release.yaml b/.github/workflows/charts-release.yaml
@@ -0,0 +1,27 @@
+name: Release Charts
+
+on:
+  push:
+    paths:
+      - 'charts/**'
+    branches:
+      - master
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/charts/cdogs/README.md b/charts/cdogs/README.md
@@ -29,60 +29,60 @@ Kubernetes: `>= 1.13.0`
 | autoscaling.maxReplicas | int | `16` |  |
 | autoscaling.minReplicas | int | `2` |  |
 | autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
-| awsSecretOverride.password | string | `nil` |  |
-| awsSecretOverride.username | string | `nil` |  |
+| awsSecretOverride.password | string | `nil` | AWS Kinesis password - used by fluent-bit |
+| awsSecretOverride.username | string | `nil` | AWS Kinesis username - used by fluent-bit |
 | config.configMap | object | `{"CACHE_DIR":"/var/lib/file-cache/data","CACHE_SIZE":"2GB","CONVERTER_FACTORY_TIMEOUT":"60000","KC_PUBLICKEY":null,"KC_REALM":null,"KC_SERVERURL":null,"SERVER_BODYLIMIT":"100mb","SERVER_LOGLEVEL":"http","SERVER_PORT":"3000","START_CARBONE":"true","UPLOAD_FIELD_NAME":"template","UPLOAD_FILE_COUNT":"1","UPLOAD_FILE_SIZE":"25MB"}` | These values will be wholesale added to the configmap as is; refer to the cdogs documentation for what each of these values mean and whether you need them defined. Ensure that all values are represented explicitly as strings, as non-string values will not translate over as expected into container environment variables. For configuration keys named `*_ENABLED`, either leave them commented/undefined, or set them to string value "true". |
 | config.enabled | bool | `false` |  |
 | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false |
 | failurePolicy | string | `"Retry"` |  |
-| fluentBit.config.aws.defaultRegion | string | `"ca-central-1"` |  |
-| fluentBit.config.aws.kinesisStream | string | `"nress-prod-iit-logs"` |  |
-| fluentBit.config.aws.roleArn | string | `nil` |  |
-| fluentBit.config.logHostname | string | `"fluentd-csst.apps.silver.devops.gov.bc.ca"` |  |
-| fluentBit.config.namespace | string | `nil` |  |
-| fluentBit.config.product | string | `"cdogs"` |  |
-| fluentBit.enabled | bool | `false` |  |
-| fluentBit.image.name | string | `"fluent-bit"` |  |
-| fluentBit.image.repository | string | `"docker.io/fluent"` |  |
-| fluentBit.image.tag | string | `"2.1.10"` |  |
-| fluentBit.resources.limits.cpu | string | `"100m"` |  |
-| fluentBit.resources.limits.memory | string | `"64Mi"` |  |
-| fluentBit.resources.requests.cpu | string | `"10m"` |  |
-| fluentBit.resources.requests.memory | string | `"16Mi"` |  |
+| fluentBit.config.aws.defaultRegion | string | `"ca-central-1"` | AWS Kinesis default region |
+| fluentBit.config.aws.kinesisStream | string | `"nress-prod-iit-logs"` | AWS Kinesis stream name |
+| fluentBit.config.aws.roleArn | string | `nil` | AWS Kinesis role ARN |
+| fluentBit.config.logHostname | string | `"fluentd-csst.apps.silver.devops.gov.bc.ca"` | Fluentd logging hostname endpoint |
+| fluentBit.config.namespace | string | `nil` | The openshift/k8s namespace identifier |
+| fluentBit.config.product | string | `"cdogs"` | The application/product name identifier |
+| fluentBit.enabled | bool | `false` | Specifies whether the fluent-bit logging sidecar should be enabled |
+| fluentBit.image.name | string | `"fluent-bit"` | Default image name |
+| fluentBit.image.repository | string | `"docker.io/fluent"` | Default image repository |
+| fluentBit.image.tag | string | `"2.1.10"` | Default image tag |
+| fluentBit.resources.limits.cpu | string | `"100m"` | Limit Peak CPU (in millicores ex. 1000m) |
+| fluentBit.resources.limits.memory | string | `"64Mi"` | Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi) |
+| fluentBit.resources.requests.cpu | string | `"10m"` | Requested CPU (in millicores ex. 500m) |
+| fluentBit.resources.requests.memory | string | `"16Mi"` | Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi) |
 | fluentBit.route.metrics.path | string | `"/"` |  |
-| fluentBit.service.httpPlugin.name | string | `"http-plugin"` |  |
-| fluentBit.service.httpPlugin.port | int | `80` |  |
-| fluentBit.service.metrics.name | string | `"metrics"` |  |
-| fluentBit.service.metrics.port | int | `2020` |  |
+| fluentBit.service.httpPlugin.name | string | `"http-plugin"` | HTTP Plugin service name |
+| fluentBit.service.httpPlugin.port | int | `80` | HTTP Plugin service port |
+| fluentBit.service.metrics.name | string | `"metrics"` | Metrics service name |
+| fluentBit.service.metrics.port | int | `2020` | Metrics service port |
 | fullnameOverride | string | `nil` | String to fully override fullname |
-| image.pullPolicy | string | `"IfNotPresent"` |  |
-| image.repository | string | `"docker.io/bcgovimages"` |  |
-| image.tag | string | `nil` |  |
+| image.pullPolicy | string | `"IfNotPresent"` | Default image pull policy |
+| image.repository | string | `"docker.io/bcgovimages"` | Default image repository |
+| image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` | Specify docker-registry secret names as an array |
-| keycloakSecretOverride.password | string | `nil` |  |
-| keycloakSecretOverride.username | string | `nil` |  |
+| keycloakSecretOverride.password | string | `nil` | Keycloak password |
+| keycloakSecretOverride.username | string | `nil` | Keycloak username |
 | nameOverride | string | `nil` | String to partially override fullname |
 | networkPolicy.enabled | bool | `true` | Specifies whether a network policy should be created |
 | persistentVolumeClaim.enabled | bool | `true` | Specifies whether a persistent volume claim should be created |
-| persistentVolumeClaim.storageClassName | string | `"netapp-file-standard"` |  |
-| persistentVolumeClaim.storageSize | string | `"2G"` |  |
+| persistentVolumeClaim.storageClassName | string | `"netapp-file-standard"` | Default storage class type |
+| persistentVolumeClaim.storageSize | string | `"2G"` | PVC Storage size (use M or G, not Mi or Gi) |
 | podAnnotations | object | `{}` | Annotations for cdogs pods |
-| podSecurityContext | object | `{}` |  |
+| podSecurityContext | object | `{}` | Privilege and access control settings |
 | replicaCount | int | `2` |  |
-| resources.limits.cpu | string | `"1000m"` |  |
-| resources.limits.memory | string | `"1Gi"` |  |
-| resources.requests.cpu | string | `"50m"` |  |
-| resources.requests.memory | string | `"256Mi"` |  |
+| resources.limits.cpu | string | `"1000m"` | Limit Peak CPU (in millicores ex. 1000m) |
+| resources.limits.memory | string | `"1Gi"` | Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi) |
+| resources.requests.cpu | string | `"50m"` | Requested CPU (in millicores ex. 500m) |
+| resources.requests.memory | string | `"256Mi"` | Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi) |
 | route.annotations | object | `{"haproxy.router.openshift.io/timeout":"60s"}` | Annotations to add to the route |
 | route.enabled | bool | `true` | Specifies whether a route should be created |
 | route.host | string | `"chart-example.local"` |  |
 | route.tls.insecureEdgeTerminationPolicy | string | `"Redirect"` |  |
 | route.tls.termination | string | `"edge"` |  |
 | route.wildcardPolicy | string | `"None"` |  |
-| securityContext | object | `{}` |  |
-| service.port | int | `3000` |  |
-| service.portName | string | `"http"` |  |
-| service.type | string | `"ClusterIP"` |  |
+| securityContext | object | `{}` | Privilege and access control settings |
+| service.port | int | `3000` | Service port |
+| service.portName | string | `"http"` | Service port name |
+| service.type | string | `"ClusterIP"` | Service type |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.enabled | bool | `false` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |

diff --git a/charts/cdogs/values.yaml b/charts/cdogs/values.yaml
@@ -5,9 +5,11 @@
 replicaCount: 2
 
 image:
+  # -- Default image repository
   repository: docker.io/bcgovimages
+  # -- Default image pull policy
   pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
+  # -- Overrides the image tag whose default is the chart appVersion.
   tag: ~
 
 # -- Specify docker-registry secret names as an array
@@ -23,10 +25,12 @@ failurePolicy: Retry
 # -- Annotations for cdogs pods
 podAnnotations: {}
 
+# -- Privilege and access control settings
 podSecurityContext:
   {}
   # fsGroup: 2000
 
+# -- Privilege and access control settings
 securityContext:
   {}
   # capabilities:
@@ -75,8 +79,11 @@ networkPolicy:
   enabled: true
 
 service:
+  # -- Service type
   type: ClusterIP
+  # -- Service port
   port: 3000
+  # -- Service port name
   portName: http
 
 route:
@@ -100,16 +107,22 @@ resources:
   # resources, such as Minikube. If you do want to specify resources, uncomment the following
   # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
   limits:
+    # -- Limit Peak CPU (in millicores ex. 1000m)
     cpu: 1000m
+    # -- Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi)
     memory: 1Gi
   requests:
+    # -- Requested CPU (in millicores ex. 500m)
     cpu: 50m
+    # -- Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi)
     memory: 256Mi
 
 persistentVolumeClaim:
   # -- Specifies whether a persistent volume claim should be created
   enabled: true
+  # -- Default storage class type
   storageClassName: netapp-file-standard
+  # -- PVC Storage size (use M or G, not Mi or Gi)
   storageSize: 2G
 
 config:
@@ -147,27 +160,41 @@ config:
 
 # Modify the following variables if you need to acquire secret values from a custom-named resource
 awsSecretOverride:
+  # -- AWS Kinesis username - used by fluent-bit
   username: ~
+  # -- AWS Kinesis password - used by fluent-bit
   password: ~
 keycloakSecretOverride:
+  # -- Keycloak username
   username: ~
+  # -- Keycloak password
   password: ~
 
 fluentBit:
+  # -- Specifies whether the fluent-bit logging sidecar should be enabled
   enabled: false
 
   config:
     aws:
+      # -- AWS Kinesis default region
       defaultRegion: ca-central-1
+      # -- AWS Kinesis stream name
       kinesisStream: nress-prod-iit-logs
+      # -- AWS Kinesis role ARN
       roleArn: ~
+    # -- Fluentd logging hostname endpoint
     logHostname: fluentd-csst.apps.silver.devops.gov.bc.ca
+    # -- The openshift/k8s namespace identifier
     namespace: ~
+    # -- The application/product name identifier
     product: cdogs
 
   image:
+    # -- Default image name
     name: fluent-bit
+    # -- Default image repository
     repository: docker.io/fluent
+    # -- Default image tag
     tag: "2.1.10"
 
   resources:
@@ -176,10 +203,14 @@ fluentBit:
     # resources, such as Minikube. If you do want to specify resources, uncomment the following
     # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
     limits:
+      # -- Limit Peak CPU (in millicores ex. 1000m)
       cpu: 100m
+      # -- Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi)
       memory: 64Mi
     requests:
+      # -- Requested CPU (in millicores ex. 500m)
       cpu: 10m
+      # -- Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi)
       memory: 16Mi
 
   route:
@@ -188,8 +219,12 @@ fluentBit:
 
   service:
     httpPlugin:
+      # -- HTTP Plugin service name
       name: http-plugin
+      # -- HTTP Plugin service port
       port: 80
     metrics:
+      # -- Metrics service name
       name: metrics
+      # -- Metrics service port
       port: 2020