Merge pull request #3 from pelotech/refactor-deployments

Refactor deployments

.github/workflows/publish-chart.yml

@@ -0,0 +1,30 @@
+name: publish-charts
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - charts/**
+      - '!**/*.md'
+  workflow_dispatch:
+jobs:
+  publish-charts:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build dependencies Helm - nidhogg
+        uses: WyriHaximus/github-action-helm3@v4
+        with:
+          exec: helm dependency build charts/nidhogg
+      - name: Chart | Push - nidhogg
+        uses: appany/[email protected]
+        with:
+          name: hidhogg
+          repository: pelotech/charts
+          tag: 0.1.0
+          registry: ghcr.io
+          registry_username: ${{ github.actor }}
+          registry_password: ${{ secrets.github_token }}

.pre-commit-config.yaml

@@ -3,9 +3,18 @@ repos:
   rev: v4.5.0
   hooks:
   - id: check-merge-conflict
-  - id: end-of-file-fixer
+#  - id: end-of-file-fixer
   - id: trailing-whitespace
   - id: forbid-submodules
+- repo: https://github.com/gruntwork-io/pre-commit
+  rev: v0.1.23
+  hooks:
+  - id: helmlint
+- repo: https://github.com/norwoodj/helm-docs
+  rev: v1.12.0
+  hooks:
+  - id: helm-docs-built
+    files: (README\.md\.gotmpl|(Chart|requirements|values)\.yaml)$
 - repo: https://github.com/adrienverge/yamllint
   rev: v1.35.1
   hooks:

.yamllint

@@ -3,3 +3,8 @@ extends: relaxed
 rules:
   line-length: disable
   commas: disable
+  indentation:
+    indent-sequences: whatever
+
+ignore: |
+  *templates/

charts/nidhogg/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/nidhogg/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: nidhogg
+description: A Helm chart for Kubernetes
+type: application
+version: 0.1.0
+appVersion: "v0.5.0"

charts/nidhogg/README.md

@@ -0,0 +1,35 @@
+# nidhogg
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.5.0](https://img.shields.io/badge/AppVersion-v0.5.0-informational?style=flat-square)
+
+A Helm chart for Kubernetes
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| configuration | object | `{"taintRemovalDelayInSeconds":5}` | Configuration for nidhogg |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"ghcr.io/pelotech/nidhogg"` |  |
+| image.tag | string | `""` |  |
+| imagePullSecrets | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `2` |  |
+| resources | object | `{}` |  |
+| securityContext | object | `{}` |  |
+| service.port | int | `443` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automount | bool | `true` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tolerations | list | `[]` |  |
+| volumeMounts | list | `[]` |  |
+| volumes | list | `[]` |  |
+

charts/nidhogg/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nidhogg.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "nidhogg.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nidhogg.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "nidhogg.labels" -}}
+helm.sh/chart: {{ include "nidhogg.chart" . }}
+{{ include "nidhogg.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "nidhogg.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "nidhogg.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "nidhogg.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "nidhogg.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/nidhogg/templates/configmap.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.configuration }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "nidhogg.fullname" . }}
+  labels:
+{{ include "nidhogg.labels" . | indent 4 }}
+data:
+  config.json: |
+{{ toJson .Values.configuration | indent 4 }}
+{{- end }}

charts/nidhogg/templates/rbac.yaml

@@ -0,0 +1,129 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "nidhogg.fullname" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/status
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - update
+      - patch
+  - apiGroups:
+      - admissionregistration.k8s.io
+    resources:
+      - mutatingwebhookconfigurations
+      - validatingwebhookconfigurations
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "nidhogg.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "nidhogg.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "nidhogg.serviceAccountName" . }}
+    namespace: {{ $.Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "nidhogg.fullname" . }}-leader-election
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs:
+      - create
+      - delete
+      - get
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "nidhogg.fullname" . }}-leader-election
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "nidhogg.fullname" . }}-leader-election
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "nidhogg.fullname" . }}
+    namespace: {{ $.Release.Namespace }}

charts/nidhogg/templates/secret.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "nidhogg.fullname" . }}

charts/nidhogg/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "nidhogg.fullname" . }}
+  labels:
+    {{- include "nidhogg.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "nidhogg.selectorLabels" . | nindent 4 }}

charts/nidhogg/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "nidhogg.serviceAccountName" . }}
+  labels:
+    {{- include "nidhogg.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}