From 2438d1599d1734c0397526bb25de14c9b35cf633 Mon Sep 17 00:00:00 2001 From: Stephane Segning Lambou Date: Tue, 13 Aug 2024 22:46:36 +0100 Subject: [PATCH] chore: helm charts --- .github/workflows/release.yml | 15 ++++- helm/templates/NOTES.txt | 8 +-- helm/templates/_annotations.tpl | 15 +++++ helm/templates/_helpers.tpl | 62 ------------------- helm/templates/deployment.yaml | 75 +++++++++++------------ helm/templates/hpa.yaml | 9 ++- helm/templates/ingress.yaml | 70 +++++++-------------- helm/templates/service.yaml | 17 +++-- helm/templates/serviceaccount.yaml | 9 ++- helm/templates/tests/test-connection.yaml | 10 +-- helm/values.yaml | 63 +++++++++++++++---- 11 files changed, 167 insertions(+), 186 deletions(-) create mode 100644 helm/templates/_annotations.tpl delete mode 100644 helm/templates/_helpers.tpl diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7de7b48..8c40e47 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -50,11 +50,14 @@ jobs: run: cross build --release --target ${{ matrix.target }} working-directory: wazuh-cert-oauth2-client + - name: Rename resource + run: mv wazuh-cert-oauth2-client/target/${{ matrix.target }}/release/wazuh-cert-oauth2-client wazuh-cert-oauth2-client-${{ matrix.target }} + - name: Upload Build Artifacts uses: actions/upload-artifact@v4 with: name: wazuh-cert-oauth2-client-${{ matrix.target }} - path: wazuh-cert-oauth2-client/target/${{ matrix.target }}/release/wazuh-cert-oauth2-client* + path: wazuh-cert-oauth2-client-${{ matrix.target }} build-macos: name: Build CLI for macOS @@ -94,11 +97,14 @@ jobs: run: cargo build --release --target ${{ matrix.target }} working-directory: wazuh-cert-oauth2-client + - name: Rename resource + run: mv wazuh-cert-oauth2-client/target/${{ matrix.target }}/release/wazuh-cert-oauth2-client wazuh-cert-oauth2-client-${{ matrix.target }} + - name: Upload Build Artifacts uses: actions/upload-artifact@v4 with: name: wazuh-cert-oauth2-client-${{ matrix.target }} - path: wazuh-cert-oauth2-client/target/${{ matrix.target }}/release/wazuh-cert-oauth2-client* + path: wazuh-cert-oauth2-client-${{ matrix.target }} build-windows: name: Build CLI for Windows @@ -138,11 +144,14 @@ jobs: run: cargo build --release --target ${{ matrix.target }} working-directory: wazuh-cert-oauth2-client + - name: Rename resource + run: mv wazuh-cert-oauth2-client/target/${{ matrix.target }}/release/wazuh-cert-oauth2-client.exe wazuh-cert-oauth2-client-${{ matrix.target }}.exe + - name: Upload Build Artifacts uses: actions/upload-artifact@v4 with: name: wazuh-cert-oauth2-client-${{ matrix.target }} - path: wazuh-cert-oauth2-client/target/${{ matrix.target }}/release/wazuh-cert-oauth2-client* + path: wazuh-cert-oauth2-client-${{ matrix.target }}.exe release: name: Release diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index 1ed6004..14f19fc 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -6,16 +6,16 @@ {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "wazuh-cert-oauth2.fullname" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "wazuh-cert-oauth2.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "wazuh-cert-oauth2.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wazuh-cert-oauth2.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.fullname" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT diff --git a/helm/templates/_annotations.tpl b/helm/templates/_annotations.tpl new file mode 100644 index 0000000..d223212 --- /dev/null +++ b/helm/templates/_annotations.tpl @@ -0,0 +1,15 @@ +{{/* +Common annoations +*/}} +{{- define "common.annotations.standard" -}} + {{- $result := dict -}} + {{- if and (hasKey . "customAnnotations") (hasKey . "context") -}} + {{- $result = (include "common.tplvalues.merge" (dict "values" (list .customAnnotations .context.Values.commonAnnotations) "context" .context)) -}} + {{- else if and $.Values $.Values.commonAnnotations -}} + {{- $result = include "common.tplvalues.render" (dict "value" $.Values.commonAnnotations "context" $) -}} + {{- end -}} + + {{- if gt (len $result) 2 -}} + {{ $result }} + {{- end -}} +{{- end -}} diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl deleted file mode 100644 index 47c59a0..0000000 --- a/helm/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "wazuh-cert-oauth2.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "wazuh-cert-oauth2.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "wazuh-cert-oauth2.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "wazuh-cert-oauth2.labels" -}} -helm.sh/chart: {{ include "wazuh-cert-oauth2.chart" . }} -{{ include "wazuh-cert-oauth2.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "wazuh-cert-oauth2.selectorLabels" -}} -app.kubernetes.io/name: {{ include "wazuh-cert-oauth2.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "wazuh-cert-oauth2.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "wazuh-cert-oauth2.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index f5368ec..a5808ce 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -1,72 +1,71 @@ +{{ with .Values }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "wazuh-cert-oauth2.fullname" . }} + name: {{ include "common.names.fullname" $ }} + namespace: {{ include "common.names.namespace" $ }} labels: - {{- include "wazuh-cert-oauth2.labels" . | nindent 4 }} + {{- include "common.labels.standard" ( dict "customLabels" .commonLabels "context" $ ) | nindent 4 }} + annotations: + {{- include "common.annotations.standard" ( dict "customAnnotations" .commonAnnotations "context" $ ) | nindent 4 }} spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} + {{- if not .autoscaling.enabled }} + replicas: {{ .replicaCount }} {{- end }} selector: matchLabels: - {{- include "wazuh-cert-oauth2.selectorLabels" . | nindent 6 }} + {{ include "common.labels.matchLabels" ( dict "customLabels" .podLabels "context" $ ) | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} + {{- with .podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "wazuh-cert-oauth2.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} + {{ include "common.labels.standard" ( dict "customLabels" .podLabels "context" $ ) | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "wazuh-cert-oauth2.serviceAccountName" . }} + serviceAccountName: {{ include "common.names.fullname" $ }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml .podSecurityContext | nindent 8 }} containers: - - name: {{ .Chart.Name }} + - name: {{ include "common.names.name" $ }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- toYaml .securityContext | nindent 12 }} + {{ $imageTpl := include "common.images.image" (dict "imageRoot" .image "global" $.Values.global) }} + image: {{ include "common.tplvalues.render" (dict "value" $imageTpl "context" $) | quote }} + {{ with .resources -}} resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} + {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} {{- end }} - {{- with .Values.env }} + {{ with .volumeMounts -}} + volumeMounts: {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}} + {{- end }} + {{ with .ports -}} + ports: {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}} + {{- end }} + {{ with .env -}} env: - {{- toYaml . | nindent 12 }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}} + {{- end }} + {{ with .envFrom -}} + envFrom: + {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12}} {{- end }} - {{- with .Values.volumes }} + {{- with .volumes }} volumes: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.nodeSelector }} + {{- with .nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} + +{{ end }} \ No newline at end of file diff --git a/helm/templates/hpa.yaml b/helm/templates/hpa.yaml index ba2867d..a02e871 100644 --- a/helm/templates/hpa.yaml +++ b/helm/templates/hpa.yaml @@ -2,14 +2,17 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ include "wazuh-cert-oauth2.fullname" . }} + name: {{ include "common.names.fullname" $ }} + namespace: {{ include "common.names.namespace" $ }} + annotations: + {{- include "common.annotations.standard" ( dict "customAnnotations" (merge dict $.Values.commonIngressAnnotations .annotations) "context" $ ) | nindent 4 }} labels: - {{- include "wazuh-cert-oauth2.labels" . | nindent 4 }} + {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "wazuh-cert-oauth2.fullname" . }} + name: {{ include "common.names.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml index d7f5121..d42ebd9 100644 --- a/helm/templates/ingress.yaml +++ b/helm/templates/ingress.yaml @@ -1,61 +1,33 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "wazuh-cert-oauth2.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if and (.Values.ingress.enabled) (eq .Values.service.type "ClusterIP") }} +{{- with .Values.ingress -}} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} kind: Ingress metadata: - name: {{ $fullName }} - labels: - {{- include "wazuh-cert-oauth2.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + name: {{ include "common.names.fullname" $ }} + namespace: {{ include "common.names.namespace" $ }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- include "common.annotations.standard" ( dict "customAnnotations" (merge dict $.Values.commonIngressAnnotations .annotations) "context" $ ) | nindent 4 }} + labels: + {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} + {{ with .className -}} + ingressClassName: {{ . }} {{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ include "common.tplvalues.render" (dict "value" .host "context" $) }} http: paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} + - path: / + pathType: Prefix backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: - name: {{ $fullName }} + name: {{ include "common.names.fullname" $ }} port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} + number: {{ include "common.tplvalues.render" (dict "value" $.Values.service.port "context" $) }} + {{ with .tls }} + tls: + - hosts: + - {{ include "common.tplvalues.render" (dict "value" .host "context" $) }} + {{ end }} +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml index cc28ecc..fe178e4 100644 --- a/helm/templates/service.yaml +++ b/helm/templates/service.yaml @@ -1,15 +1,22 @@ +{{ with .Values.service }} apiVersion: v1 kind: Service metadata: - name: {{ include "wazuh-cert-oauth2.fullname" . }} + name: {{ include "common.names.fullname" $ }} + namespace: {{ include "common.names.namespace" $ }} labels: - {{- include "wazuh-cert-oauth2.labels" . | nindent 4 }} + {{- include "common.labels.standard" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} + annotations: + {{- include "common.annotations.standard" ( dict "customAnnotations" .additionalAnnotations "context" $ ) | nindent 4 }} spec: - type: {{ .Values.service.type }} + {{ with .type }} + type: {{ include "common.tplvalues.render" (dict "value" . "context" $) }} + {{ end }} ports: - - port: {{ .Values.service.port }} + - port: {{ include "common.tplvalues.render" (dict "value" .port "context" $) }} targetPort: http protocol: TCP name: http selector: - {{- include "wazuh-cert-oauth2.selectorLabels" . | nindent 4 }} + {{- include "common.labels.matchLabels" ( dict "customLabels" .additionalLabels "context" $ ) | nindent 4 }} +{{ end }} \ No newline at end of file diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml index 73a8b85..6446204 100644 --- a/helm/templates/serviceaccount.yaml +++ b/helm/templates/serviceaccount.yaml @@ -2,12 +2,11 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "wazuh-cert-oauth2.serviceAccountName" . }} + name: {{ include "common.names.fullname" $ }} + namespace: {{ include "common.names.namespace" $ }} labels: - {{- include "wazuh-cert-oauth2.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} + {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + {{- include "common.annotations.standard" ( dict "customAnnotations" .Values.commonAnnotations "context" $ ) | nindent 4 }} automountServiceAccountToken: {{ .Values.serviceAccount.automount }} {{- end }} diff --git a/helm/templates/tests/test-connection.yaml b/helm/templates/tests/test-connection.yaml index 471196c..47abdc9 100644 --- a/helm/templates/tests/test-connection.yaml +++ b/helm/templates/tests/test-connection.yaml @@ -1,15 +1,17 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "wazuh-cert-oauth2.fullname" . }}-test-connection" + name: "{{ include "common.names.fullname" $ }}-test-connection" + namespace: {{ include "common.names.namespace" $ }} labels: - {{- include "wazuh-cert-oauth2.labels" . | nindent 4 }} + {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} annotations: + {{- include "common.annotations.standard" ( dict "customAnnotations" .additionalAnnotations "context" $ ) | nindent 4 }} "helm.sh/hook": test spec: containers: - name: wget image: busybox - command: ['wget'] - args: ['{{ include "wazuh-cert-oauth2.fullname" . }}:{{ .Values.service.port }}'] + command: [ 'wget' ] + args: [ '{{ include "common.names.fullname" $ }}:{{ .Values.service.port }}' ] restartPolicy: Never diff --git a/helm/values.yaml b/helm/values.yaml index c4d7c40..70e9df2 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,15 +4,41 @@ replicaCount: 1 +## +## image: - repository: ghcr.io/adorsys-gis/wazuh-cert-oauth2 + ## + ## + registry: ghcr.io + ## + ## + repository: adorsys-gis/wazuh-cert-oauth2d + tag: 'latest' + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [ ] + +## Common annotations +commonAnnotations: { } + +## Common labels +commonLabels: { } + +ports: + - name: http + containerPort: '{{ .Values.service.port }}' + protocol: TCP serviceAccount: # Specifies whether a service account should be created @@ -40,7 +66,20 @@ securityContext: {} # runAsUser: 1000 service: + ## + ## type: ClusterIP + ## + ## + additionalLabels: { } + ## + ## + additionalAnnotations: { } + ## + ## + loadBalancerClass: "" + ## + ## port: 8000 ingress: @@ -49,12 +88,8 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] + host: chart-example.local + tls: true # - secretName: chart-example-tls # hosts: # - chart-example.local @@ -112,6 +147,8 @@ env: - name: ROOT_CA_KEY_PATH value: "/usr/share/wazuh-cert-oauth2/certs/root-ca-key.pem" +envFrom: [] + nodeSelector: {} tolerations: []