feat: add charts

panteparak · Jul 27, 2024 · aac8591 · aac8591
1 parent b897824
commit aac8591
Show file tree

Hide file tree

Showing 27 changed files with 1,152 additions and 2 deletions.
diff --git a/charts/gateway-manifest b/charts/gateway-manifest
diff --git a/charts/gateway-manifest/.helmignore b/charts/gateway-manifest/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/gateway-manifest/Chart.yaml b/charts/gateway-manifest/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: gateway-operator
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"
diff --git a/charts/gateway-manifest/templates/NOTES.txt b/charts/gateway-manifest/templates/NOTES.txt
@@ -0,0 +1 @@
+
diff --git a/charts/gateway-manifest/templates/_helpers.tpl b/charts/gateway-manifest/templates/_helpers.tpl
@@ -0,0 +1,3 @@
+{{- define "namespace" -}}
+{{- default .Release.Namespace .Values.namespace -}}
+{{- end }}
diff --git a/charts/gateway-manifest/templates/certificates.yml b/charts/gateway-manifest/templates/certificates.yml
@@ -0,0 +1,33 @@
+{{- if and (.Values.gateway.enabled) (.Values.gateway.tlsCertificate.enabled) -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ .Release.Name | trimSuffix "-" }}-certificate
+  namespace: {{ include "namespace" . }}
+spec:
+  secretName: {{ .Release.Name | trimSuffix "-" }}-letsencrypt-tls
+  duration: 2160h # 90d
+  renewBefore: 480h # 20d
+  subject:
+    organizations:
+    - TeparakDev
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    {{- with .Values.gateway.tlsCertificate.privateKey }}
+    size: {{ .size | default 4096 }}
+    {{- end }}
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+    {{- range .Values.urls }}
+    - {{ . | quote }}
+    - {{ printf "*.%s" . | quote }}
+    {{- end }}
+  issuerRef:
+    name: {{ .Values.gateway.tlsCertificate.issuerName }}
+    kind: ClusterIssuer
+    group: cert-manager.io
+{{- end }}
diff --git a/charts/gateway-manifest/templates/gateway.yml b/charts/gateway-manifest/templates/gateway.yml
@@ -0,0 +1,31 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ .Release.Name | trimSuffix "-" }}-gw
+spec:
+  selector:
+    {{ toYaml .Values.gateway.selector }}
+  servers:
+    - hosts:
+        {{- range .Values.urls }}
+        - {{ . | quote}}
+        - {{ printf "*.%s" . | quote }}
+        {{- end }}
+      port:
+        name: http
+        number: 80
+        protocol: HTTP
+      tls:
+        httpsRedirect: true
+    - hosts:
+        {{- range .Values.urls }}
+        - {{ . | quote }}
+        - {{ printf "*.%s" . | quote }}
+        {{- end }}
+      port:
+        name: https
+        number: 443
+        protocol: HTTPS
+      tls:
+        credentialName: {{ .Release.Name | trimSuffix "-" }}-letsencrypt-tls
+        mode: SIMPLE
diff --git a/charts/gateway-manifest/templates/patch-namespace.yml b/charts/gateway-manifest/templates/patch-namespace.yml
@@ -0,0 +1,69 @@
+{{- $patchIstio := "" }}
+{{- $workOrderName := printf "patch-istio-injection" -}}
+{{- $serviceAccountName := printf "%s-sa-%s" $workOrderName .Release.Name -}}
+{{- if .Values.gateway.enabled }}
+{{- $patchIstio = "enabled" }}
+{{- else}}
+{{- $patchIstio = "disabled" }}
+{{- end }}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: {{ $serviceAccountName }}
+  namespace: {{ include "namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ $workOrderName }}-role-{{ .Release.Name }}
+  namespace: {{ include "namespace" . }}
+rules:
+- apiGroups: [""]
+  resources:
+    - "namespaces"
+  resourceNames: 
+    - {{ include "namespace" . }}
+  verbs:
+    - "get"
+    - "patch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ $workOrderName }}-role-binding-{{ .Release.Name }}
+  namespace: {{ include "namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ $workOrderName }}-role-{{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ $serviceAccountName }}
+  namespace: {{ include "namespace" . }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ $workOrderName }}-job-{{ .Release.Name }}
+  namespace: {{ include "namespace" . }}
+spec:
+  parallelism: 1
+  backoffLimit: 0
+  ttlSecondsAfterFinished: 3600
+  activeDeadlineSeconds: 120
+  template:
+    metadata:
+      annotations:
+        sidecar.istio.io/inject: "false"
+    spec:
+      serviceAccountName: {{ $serviceAccountName }}
+      restartPolicy: Never
+      containers:
+      - name: label-ns-{{ .Release.Name }}
+        image: panteparak/k8s-patcher:dev
+        imagePullPolicy: Always
+        command:
+        - "/bin/bash"
+        - "-c"
+        - "patch-namespace-istio-inject-{{ $patchIstio }}.sh"
+---
diff --git a/charts/gateway-manifest/values.yaml b/charts/gateway-manifest/values.yaml
@@ -0,0 +1,11 @@
+urls: []
+
+gateway:
+  enabled: true
+  selector:
+    istio: internal-ingress
+  tlsCertificate: 
+    enabled: true
+    issuerName: "teparak-dev-letsencrypt-acme-dns-ci"
+    privateKey:
+      size: 4096
diff --git a/charts/namespace-resource-manifest b/charts/namespace-resource-manifest
diff --git a/charts/namespace-resource-manifest/.gitignore b/charts/namespace-resource-manifest/.gitignore
@@ -0,0 +1,5 @@
+.DS_Store
+value*
+!values-examples.yaml
+!values.yaml
+
diff --git a/charts/namespace-resource-manifest/.helmignore b/charts/namespace-resource-manifest/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/namespace-resource-manifest/Chart.yaml b/charts/namespace-resource-manifest/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: k8s-create-namespace
+description: A Helm chart for Kubernetes Namespace Resources
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.2
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.0"
diff --git a/charts/namespace-resource-manifest/README.md b/charts/namespace-resource-manifest/README.md
@@ -0,0 +1,129 @@
+# Helm Chart for My Application
+
+This Helm chart deploys "My Application" on a Kubernetes cluster using the Helm package manager. The chart includes support for exposing HTTP and TCP services through an Istio Gateway, with options for custom domain names, CORS policies, and additional response headers. This documentation follows the Bitnami style, providing a straightforward and concise guide to configuring and deploying the chart.
+
+## Prerequisites
+
+- Kubernetes 1.12+
+- Helm 3.1.0
+- PV provisioner support in the underlying infrastructure (if persistence is required)
+- Istio 1.5+ (if you plan to use Istio gateway features)
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+helm install my-release path/to/chart
+```
+
+The command deploys "My Application" on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+helm delete my-release
+```
+
+This command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Parameters
+
+### Postgresql Parameters
+
+### Self Signed Certificate Parameters
+
+### Namespace Image Pull Secret Parameters
+
+### Automated CICD Parameters
+The following table lists the configurable parameters related to the CI/CD features of the chart and their default values.
+
+| Parameter                             | Description                                                            | Default |
+| ------------------------------------- | ---------------------------------------------------------------------- | ------- |
+| `cicd.enabled`                        | Enable CI/CD resources for automation processes                        | `false` |
+
+
+### Rook Ceph Object Storage
+The following table lists the configurable parameters of the Rook Ceph ObjectBucket chart and their default values.
+
+| Parameter                        | Description                                      | Default                |
+| -------------------------------- | ------------------------------------------------ | ---------------------- |
+| `global.organization`            | Organization label for bucket                    | `nil`                  |
+| `application.name`               | Application name label for bucket                | `nil`                  |
+| `application.environment`        | Application environment label for bucket         | `nil`                  |
+| `objectStorage[].name`           | Name of the storage bucket                       | `nil`                  |
+| `objectStorage[].additionalConfig`| Additional configuration for the storage bucket | `{}`                   |
+
+
+
+### Gateway Paramters
+
+The following table lists the configurable parameters of the "My Application" chart and their default values.
+
+| Parameter                                         | Description                                      | Default                                                 |
+|---------------------------------------------------|--------------------------------------------------|---------------------------------------------------------|
+| `gateway.enabled`                                 | Enable gateway                                   | `true`                                                  |
+| `gateway.exposeServices.enabled`                  | Enable exposing services through the gateway     | `true`                                                  |
+| `gateway.exposeServices.domains`                  | List of domains to be exposed                    | `[{"name": "https://example.com"}]`                     |
+| `gateway.namespace`                               | Gateway namespace (for Istio)                    | `istio-gateway`                                         |
+| `gateway.name`                                    | Gateway name                                     | `gateway-name`                                          |
+| `gateway.hstsMaxAge`                              | HSTS max age header for HTTPS                    | `86400`                                                 |
+| `gateway.corsPolicy`                              | CORS policy configuration                        | See values.yaml                                         |
+| `application.name`                                | Application name                                 | `my-application`                                        |
+| `application.environment`                         | Application environment                          | `production`                                            |
+| `global.organization`                             | Global organization name                         | `my-organization`                                       |
+
+---
+### Customizing the Chart Before Installing
+
+To edit the default configuration, use:
+
+```bash
+helm show values path/to/chart > values.yaml
+```
+
+Edit the `values.yaml` file, then install the chart with the changes:
+
+```bash
+helm install my-release path/to/chart -f values.yaml
+```
+
+## Configuration and Installation Details
+
+### Exposing Services
+
+This chart allows exposing HTTP and TCP services through an Istio Gateway. You can customize the exposed services by modifying the `gateway.exposeServices.domains` parameter. Each domain can expose multiple `httpServices` and `tcpServices`, with options for setting match prefixes, ports, and additional response headers.
+
+### CORS Policy
+
+You can configure a CORS policy for your services by setting the `gateway.corsPolicy` parameter. This allows you to specify allowed origins, headers, and whether credentials are supported.
+
+## Persistence
+
+"The Application" does not store data persistently. If your application requires persistence, you need to integrate an external database or storage solution.
+
+## Troubleshooting
+
+- **Issue**: I cannot access my service through the specified domain.
+
+  **Solution**: Ensure that the domain name is correctly configured in your DNS provider and that the Istio Gateway is properly set up to handle traffic for that domain.
+
+For more detailed troubleshooting, refer to the Helm and Istio documentation.
+
+## Upgrading
+
+To upgrade the chart deployment:
+
+```bash
+helm upgrade my-release path/to/chart -f values.yaml
+```
+
+Ensure you review the [Parameters](#parameters) section and adjust your `values.yaml` file accordingly to prevent unwanted changes or issues during the upgrade.
+
+---
+
+This documentation provides a basic overview of deploying and managing "My Application" using Helm. For more advanced configurations and features, refer to the Helm and Istio documentation.