Compare commits
10 Commits
42a80492ad
...
0.5.1
| Author | SHA1 | Date | |
|---|---|---|---|
c9f4c7eeb4
|
|||
|
e602d9f045
|
|||
|
1bbfd49265
|
|||
|
93c81fddb9
|
|||
|
964f7e9c5d
|
|||
|
4f80520c7e
|
|||
|
c850e79d2a
|
|||
|
eafcf8ba09
|
|||
|
6342d7be31
|
|||
|
1975611101
|
25
.drone.yml
25
.drone.yml
@@ -5,17 +5,18 @@ name: default
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- push
|
||||
- push
|
||||
- tag
|
||||
|
||||
steps:
|
||||
- name: release
|
||||
image: cr.grachevko.ru/drone/helm:RELEASE.2023-03-01T13-46-55Z
|
||||
settings:
|
||||
username:
|
||||
from_secret: HELM_REPO_USERNAME
|
||||
password:
|
||||
from_secret: HELM_REPO_PASSWORD
|
||||
when:
|
||||
branch:
|
||||
- master
|
||||
- rc
|
||||
- name: release
|
||||
image: cr.grachevko.ru/drone/helm:24
|
||||
settings:
|
||||
tag: ${DRONE_TAG}
|
||||
username:
|
||||
from_secret: HELM_REPO_USERNAME
|
||||
password:
|
||||
from_secret: HELM_REPO_PASSWORD
|
||||
when:
|
||||
event:
|
||||
- tag
|
||||
|
||||
52
.github/workflows/main.yaml
vendored
52
.github/workflows/main.yaml
vendored
@@ -8,15 +8,15 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Install Helm
|
||||
run: |
|
||||
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
|
||||
helm plugin install https://github.com/hayorov/helm-gcs
|
||||
- name: Lint chart
|
||||
run: |
|
||||
helm lint .
|
||||
- name: Install Helm
|
||||
run: |
|
||||
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
|
||||
helm plugin install https://github.com/hayorov/helm-gcs
|
||||
- name: Lint chart
|
||||
run: |
|
||||
helm lint .
|
||||
|
||||
release:
|
||||
needs: lint
|
||||
@@ -24,22 +24,22 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Install Helm
|
||||
run: |
|
||||
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
|
||||
helm plugin install https://github.com/hayorov/helm-gcs
|
||||
- name: Dump GCloud auth key
|
||||
run: |
|
||||
cat <<'EOF' > gcloud_auth_key.json
|
||||
${{ secrets.GCLOUD_AUTH_KEY }}
|
||||
EOF
|
||||
- name: Release chart
|
||||
env:
|
||||
GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcloud_auth_key.json
|
||||
run: |
|
||||
helm repo add hahow gs://hahow-helm-charts
|
||||
helm repo update
|
||||
PACKAGE_FILE_PATH=$(helm package . | sed 's/^Successfully packaged chart and saved it to: //')
|
||||
helm gcs push $(basename ${PACKAGE_FILE_PATH}) hahow --public
|
||||
- name: Install Helm
|
||||
run: |
|
||||
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
|
||||
helm plugin install https://github.com/hayorov/helm-gcs
|
||||
- name: Dump GCloud auth key
|
||||
run: |
|
||||
cat <<'EOF' > gcloud_auth_key.json
|
||||
${{ secrets.GCLOUD_AUTH_KEY }}
|
||||
EOF
|
||||
- name: Release chart
|
||||
env:
|
||||
GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcloud_auth_key.json
|
||||
run: |
|
||||
helm repo add hahow gs://hahow-helm-charts
|
||||
helm repo update
|
||||
PACKAGE_FILE_PATH=$(helm package . | sed 's/^Successfully packaged chart and saved it to: //')
|
||||
helm gcs push $(basename ${PACKAGE_FILE_PATH}) hahow --public
|
||||
|
||||
16
README.md
16
README.md
@@ -5,7 +5,7 @@
|
||||
The following command allows you to download and install all the charts from our repository:
|
||||
|
||||
```shell
|
||||
$ helm repo add hahow https://harbor.grachevko.ru/chartrepo/helm
|
||||
$ helm repo add hahow oci://cr.grachevko.ru/helm/chart
|
||||
```
|
||||
|
||||
### Adding Dependency
|
||||
@@ -16,10 +16,11 @@ To use the library chart, `common` should be listed in `dependencies` field in y
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 0.4.1
|
||||
repository: https://harbor.grachevko.ru/chartrepo/helm
|
||||
repository: oci://cr.grachevko.ru/helm/chart
|
||||
```
|
||||
|
||||
Once you have defined dependencies, you should run the following command to download this chart into your `charts/` directory:
|
||||
Once you have defined dependencies, you should run the following command to download this chart into your `charts/`
|
||||
directory:
|
||||
|
||||
```shell
|
||||
$ helm dep build
|
||||
@@ -61,13 +62,15 @@ helm.sh/chart: foo-1.2.3-beta.55_1234
|
||||
|
||||
### `common.fullname`
|
||||
|
||||
The `common.fullname` template generates a name suitable for the `name:` field in Kubernetes metadata. It is used like this:
|
||||
The `common.fullname` template generates a name suitable for the `name:` field in Kubernetes metadata. It is used like
|
||||
this:
|
||||
|
||||
```yaml
|
||||
name: { { include "common.fullname" . } }
|
||||
```
|
||||
|
||||
This prints the value of `{{ .Release.Name }}-{{ .Chart.Name }}` by default, but can be overridden with `.Values. fullnameOverride`:
|
||||
This prints the value of `{{ .Release.Name }}-{{ .Chart.Name }}` by default, but can be overridden
|
||||
with `.Values. fullnameOverride`:
|
||||
|
||||
```yaml
|
||||
fullnameOverride: some-name
|
||||
@@ -142,7 +145,8 @@ metadata:
|
||||
name: release-name-mychart
|
||||
```
|
||||
|
||||
Most of the common templates that define a resource type (e.g. `common.configMap` or `common.cronJob`) use this to generate the metadata, which means they inherit the same `labels` and `name` fields.
|
||||
Most of the common templates that define a resource type (e.g. `common.configMap` or `common.cronJob`) use this to
|
||||
generate the metadata, which means they inherit the same `labels` and `name` fields.
|
||||
|
||||
### `common.name`
|
||||
|
||||
|
||||
@@ -25,4 +25,4 @@ appVersion: 1.16.0
|
||||
dependencies:
|
||||
- name: common
|
||||
version: "^0"
|
||||
repository: "https://harbor.grachevko.ru/chartrepo/helm"
|
||||
repository: oci://cr.grachevko.ru/helm/chart
|
||||
|
||||
@@ -24,47 +24,52 @@ spec:
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.image.pullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
securityContext:
|
||||
- name: {{ .Chart.Name }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: {{ include "common.fullname" . }}
|
||||
{{- if .Values.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ .Values.extraEnvVarsSecret }}
|
||||
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
envFrom:
|
||||
{{- if .Values.existingConfigmap }}
|
||||
- configMapRef:
|
||||
name: {{ .Values.existingConfigmap }}
|
||||
{{- else }}
|
||||
- secretRef:
|
||||
name: {{ include "common.fullname" . }}
|
||||
- configMapRef:
|
||||
name: {{ include "common.fullname" . }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 5678
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
failureThreshold: 30
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
{{- if .Values.existingSecret }}
|
||||
- secretRef:
|
||||
name: {{ .Values.existingSecret }}
|
||||
{{- else }}
|
||||
- secretRef:
|
||||
name: {{ include "common.fullname" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.extraEnvVarsSecret }}
|
||||
- secretRef:
|
||||
name: {{ .Values.extraEnvVarsSecret }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 5678
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: http
|
||||
failureThreshold: 30
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
|
||||
@@ -16,26 +16,26 @@ spec:
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
- host: {{ .host | quote }}
|
||||
http:
|
||||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path }}
|
||||
pathType: {{ default "ImplementationSpecific" .pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
- path: {{ .path }}
|
||||
pathType: {{ default "ImplementationSpecific" .pathType }}
|
||||
backend:
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
number: {{ $svcPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -7,9 +7,9 @@ metadata:
|
||||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: {{ .Values.service.port }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
{{- include "common.selectorLabels" . | nindent 4 }}
|
||||
|
||||
@@ -8,8 +8,8 @@ metadata:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
containers:
|
||||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
|
||||
- name: wget
|
||||
image: busybox
|
||||
command: ['wget']
|
||||
args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
|
||||
restartPolicy: Never
|
||||
|
||||
@@ -12,9 +12,9 @@ extraEnvVarsSecret:
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: nginx
|
||||
pullPolicy: IfNotPresent
|
||||
pullSecrets: []
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: ""
|
||||
|
||||
@@ -50,6 +50,11 @@ service:
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
## @param ingress.ingressClassName IngressClass that will be used to implement the Ingress (Kubernetes 1.18+)
|
||||
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster.
|
||||
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
||||
##
|
||||
ingressClassName: ""
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
|
||||
@@ -87,7 +87,7 @@ The order in which this function returns a secret password:
|
||||
{{- $password := "" }}
|
||||
{{- $subchart := "" }}
|
||||
{{- $chartName := default "" .chartName }}
|
||||
{{- $passwordLength := default 10 .length }}
|
||||
{{- $passwordLength := default 32 .length }}
|
||||
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
|
||||
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
|
||||
{{- $secretData := (lookup "v1" "Secret" (include "common.namespace" .context) .secret).data }}
|
||||
@@ -115,6 +115,8 @@ The order in which this function returns a secret password:
|
||||
{{- $password = randAscii $passwordLength }}
|
||||
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
|
||||
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
|
||||
{{- else if .hex }}
|
||||
{{- $password = include "common.secrets.randHex" $passwordLength | b64enc | quote }}
|
||||
{{- else }}
|
||||
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
|
||||
{{- end }}
|
||||
@@ -122,6 +124,23 @@ The order in which this function returns a secret password:
|
||||
{{- printf "%s" $password -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /*
|
||||
Returns given number of random Hex characters.
|
||||
- randNumeric 4 | atoi generates a random number in [0, 10^4)
|
||||
This is a range evenly divisble by 16, but even if off by one,
|
||||
that last partial interval offsetting randomness is only 1 part in 625.
|
||||
- mod N 16 maps to the range 0-15
|
||||
- printf "%x" represents a single number 0-15 as a single hex character
|
||||
*/}}
|
||||
{{- define "common.secrets.randHex" -}}
|
||||
{{- $result := "" }}
|
||||
{{- range $i := until . }}
|
||||
{{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }}
|
||||
{{- $result = print $result $rand_hex_char }}
|
||||
{{- end }}
|
||||
{{- $result }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Reuses the value from an existing secret, otherwise sets its value to a default value.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user