diff --git a/.github/configs/cr.yaml b/.github/configs/cr.yaml new file mode 100644 index 00000000..81afaec4 --- /dev/null +++ b/.github/configs/cr.yaml @@ -0,0 +1,12 @@ +## Reference: https://github.com/helm/chart-releaser +index-path: "./index.yaml" + +# PGP signing +sign: true +key: garage-cf +# keyring: # Set via env variable CR_KEYRING +# passphrase-file: # Set via env variable CR_PASSPHRASE_FILE + +# Enable automatic generation of release notes using GitHubs release notes generator. +# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes +generate-release-notes: true diff --git a/.github/configs/ct-install.yaml b/.github/configs/ct-install.yaml new file mode 100644 index 00000000..e4f699c2 --- /dev/null +++ b/.github/configs/ct-install.yaml @@ -0,0 +1,12 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Install Stage +remote: origin +charts: +- script/helm/garage +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: true +validate-yaml: true +exclude-deprecated: true +excluded-charts: [] diff --git a/.github/configs/ct-lint.yaml b/.github/configs/ct-lint.yaml new file mode 100644 index 00000000..7f1adfd9 --- /dev/null +++ b/.github/configs/ct-lint.yaml @@ -0,0 +1,11 @@ +## Reference: https://github.com/helm/chart-testing/blob/master/doc/ct_lint-and-install.md +# Don't add the 'debug' attribute, otherwise the workflow won't work anymore +# Only Used for the CT Lint Stage +remote: origin +charts: +- script/helm/garage +validate-chart-schema: false +validate-maintainers: false +validate-yaml: true +exclude-deprecated: true +excluded-charts: [] diff --git a/.github/configs/kind-config.yaml b/.github/configs/kind-config.yaml new file mode 100644 index 00000000..f4bf78cb --- /dev/null +++ b/.github/configs/kind-config.yaml @@ -0,0 +1,7 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: + - role: control-plane + - role: worker + - role: worker + - role: worker diff --git a/.github/configs/lintconf.yaml b/.github/configs/lintconf.yaml new file mode 100644 index 00000000..dbefbcc6 --- /dev/null +++ b/.github/configs/lintconf.yaml @@ -0,0 +1,42 @@ +--- +rules: + braces: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + brackets: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + colons: + max-spaces-before: 0 + max-spaces-after: 1 + commas: + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: + require-starting-space: true + min-spaces-from-content: 1 + document-end: disable + document-start: disable # No --- to start a file + empty-lines: + max: 2 + max-start: 0 + max-end: 0 + hyphens: + max-spaces-after: 1 + indentation: + spaces: consistent + indent-sequences: whatever # - list indentation will handle both indentation and without + check-multi-line-strings: false + key-duplicates: enable + line-length: disable # Lines can be any length + new-line-at-end-of-file: enable + new-lines: + type: unix + trailing-spaces: enable + truthy: + level: warning diff --git a/.github/workflows/lint-and-test.yml b/.github/workflows/lint-and-test.yml new file mode 100644 index 00000000..7555e638 --- /dev/null +++ b/.github/workflows/lint-and-test.yml @@ -0,0 +1,58 @@ +## Reference: https://github.com/helm/chart-testing-action +name: Linting and Testing +on: + pull_request: + branches: + - 'codefresh-main' + +permissions: + contents: read + +jobs: + chart-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: v3.10.1 # Also update in publish.yaml + + - name: Set up python + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: 3.9 + + - name: Setup Chart Linting + id: lint + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + with: + # Note: Also update in scripts/lint.sh + version: v3.10.0 + + - name: Run chart-testing (lint) + run: ct lint --debug --config ./.github/configs/ct-lint.yaml --target-branch ${{ github.base_ref }} --lint-conf ./.github/configs/lintconf.yaml + + - name: Run docs-testing (helm-docs) + id: helm-docs + run: | + ./script/helm-docs.sh + if [[ $(git diff --stat) != '' ]]; then + echo -e '\033[0;31mDocumentation outdated!\033[0m ❌' + git diff --color + exit 1 + else + echo -e '\033[0;32mDocumentation up to date\033[0m ✔' + fi + + - name: Create kind cluster + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + with: + config: .github/configs/kind-config.yaml + + - name: Run chart-testing (install) + run: ct install --config ./.github/configs/ct-install.yaml --target-branch ${{ github.base_ref }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..f219e1e3 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,81 @@ +## Reference: https://github.com/helm/chart-releaser-action +name: Chart Publish +on: + push: + branches: + - codefresh-main + paths: + - "script/helm/garage/**" + +permissions: + contents: read + +jobs: + publish: + permissions: + contents: write # for helm/chart-releaser-action to push chart release and create a release + packages: write # to push OCI chart package to GitHub Registry + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: v3.10.1 # Also update in lint-and-test.yaml + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Package chart + run: | + rm -rf .cr-release-packages + mkdir .cr-release-packages + helm package script/helm/garage -u -d .cr-release-packages/ + + # The GitHub repository secret `PGP_PRIVATE_KEY` contains the private key + # in ASCII-armored format. To export a (new) key, run this command: + # `gpg --armor --export-secret-key ` + - name: Prepare PGP key + run: | + IFS="" + echo "$PGP_PRIVATE_KEY" | gpg --dearmor > $HOME/secring.gpg + echo "$PGP_PASSPHRASE" > $HOME/passphrase.txt + + # Tell chart-releaser-action where to find the key and its passphrase + echo "CR_KEYRING=$HOME/secring.gpg" >> "$GITHUB_ENV" + echo "CR_PASSPHRASE_FILE=$HOME/passphrase.txt" >> "$GITHUB_ENV" + env: + PGP_PRIVATE_KEY: "${{ secrets.PGP_PRIVATE_KEY }}" + PGP_PASSPHRASE: "${{ secrets.PGP_PASSPHRASE }}" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 - currently there is a bug on 1.6.0 version, can upgrade back when it'll be solved - https://github.com/helm/chart-releaser-action/issues/171 + with: + config: "./.github/configs/cr.yaml" + skip_packaging: true + charts_dir: script/helm + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Login to GHCR + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push chart to GHCR + run: | + shopt -s nullglob + for pkg in .cr-release-packages/*.tgz; do + if [ -z "${pkg:-}" ]; then + break + fi + helm push "${pkg}" oci://ghcr.io/${{ github.repository }} + done diff --git a/.gitignore b/.gitignore index ef7a56eb..78bd8f3f 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ /pki **/*.rs.bk *.swp -/.direnv \ No newline at end of file +/.direnv +values-dev.yaml diff --git a/script/helm-docs.sh b/script/helm-docs.sh new file mode 100755 index 00000000..050eda03 --- /dev/null +++ b/script/helm-docs.sh @@ -0,0 +1,12 @@ +#!/bin/bash +## Reference: https://github.com/norwoodj/helm-docs +set -eux +CHART_DIR="$(cd "$(dirname "$0")/helm/garage" && pwd)" +echo "$CHART_DIR" + +echo "Running Helm-Docs" +docker run \ + -v "$CHART_DIR:/helm-docs" \ + -u $(id -u) \ + --rm \ + jnorwood/helm-docs:v1.9.1 diff --git a/script/helm-lint.sh b/script/helm-lint.sh new file mode 100755 index 00000000..022e653d --- /dev/null +++ b/script/helm-lint.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# This script runs the chart-testing tool locally. It simulates the linting that is also done by the github action. Run this without any errors before pushing. +# Reference: https://github.com/helm/chart-testing +set -eux + +SRCROOT="$(cd "$(dirname "$0")/.." && pwd)" +echo $SRCROOT +echo -e "\n-- Linting all Helm Charts --\n" +docker run \ + -v "$SRCROOT:/workdir" \ + --entrypoint /bin/sh \ + quay.io/helmpack/chart-testing:v3.10.0 \ + -c cd /workdir \ + ct lint \ + --config .github/configs/ct-lint.yaml \ + --lint-conf .github/configs/lintconf.yaml \ + --debug diff --git a/script/helm/garage/Chart.yaml b/script/helm/garage/Chart.yaml index f3834fdc..2efeffc2 100644 --- a/script/helm/garage/Chart.yaml +++ b/script/helm/garage/Chart.yaml @@ -1,7 +1,9 @@ apiVersion: v2 name: garage description: S3-compatible object store for small self-hosted geo-distributed deployments - +maintainers: + - name: garagehq.deuxfleurs.fr + - name: codefresh.io # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -15,10 +17,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.0 +version: 0.5.0-cf.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v1.0.0" +appVersion: "v0.9.4" diff --git a/script/helm/garage/README.md b/script/helm/garage/README.md new file mode 100644 index 00000000..b954b423 --- /dev/null +++ b/script/helm/garage/README.md @@ -0,0 +1,101 @@ +# garage + +![Version: 0.5.0-cf.1](https://img.shields.io/badge/Version-0.5.0--cf.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.9.4](https://img.shields.io/badge/AppVersion-v0.9.4-informational?style=flat-square) + +S3-compatible object store for small self-hosted geo-distributed deployments + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| garagehq.deuxfleurs.fr | | | +| codefresh.io | | | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| argoWorkflowsConfigHook | object | `{"image":{"pullPolicy":"IfNotPresent","repository":"quay.io/codefresh/garage-argo-workflows-config-hook","tag":"2024.05.18-5def96f"}}` | Config hook for argo workflows | +| deployment.kind | string | `"StatefulSet"` | | +| deployment.replicaCount | int | `3` | | +| fullnameOverride | string | `""` | | +| garage."garage.toml" | string | `"metadata_dir = \"/mnt/meta\"\ndata_dir = \"/mnt/data\"\n\ndb_engine = \"{{ .Values.garage.dbEngine }}\"\n\nblock_size = {{ .Values.garage.blockSize }}\n\nreplication_mode = \"{{ .Values.garage.replicationMode }}\"\n\ncompression_level = {{ .Values.garage.compressionLevel }}\n\nrpc_bind_addr = \"{{ .Values.garage.rpcBindAddr }}\"\n# rpc_secret will be populated by the init container from a k8s secret object\nrpc_secret = \"__RPC_SECRET_REPLACE__\"\n\nbootstrap_peers = {{ .Values.garage.bootstrapPeers }}\n\n[kubernetes_discovery]\nnamespace = \"{{ .Release.Namespace }}\"\nservice_name = \"{{ include \"garage.fullname\" . }}\"\nskip_crd = {{ .Values.garage.kubernetesSkipCrd }}\n\n[s3_api]\ns3_region = \"{{ .Values.garage.s3.api.region }}\"\napi_bind_addr = \"[::]:3900\"\nroot_domain = \"{{ .Values.garage.s3.api.rootDomain }}\"\n\n[s3_web]\nbind_addr = \"[::]:3902\"\nroot_domain = \"{{ .Values.garage.s3.web.rootDomain }}\"\nindex = \"{{ .Values.garage.s3.web.index }}\"\n\n[admin]\napi_bind_addr = \"[::]:3903\"\n{{- if .Values.monitoring.tracing.sink }}\ntrace_sink = \"{{ .Values.monitoring.tracing.sink }}\"\n{{- end }}"` | | +| garage.blockSize | string | `"1048576"` | | +| garage.bootstrapPeers | list | `[]` | | +| garage.compressionLevel | string | `"1"` | | +| garage.dbEngine | string | `"lmdb"` | | +| garage.kubernetesSkipCrd | bool | `false` | | +| garage.replicationMode | string | `"3"` | | +| garage.rpcBindAddr | string | `"[::]:3901"` | | +| garage.rpcSecret | string | `""` | | +| garage.s3.api.region | string | `"garage"` | | +| garage.s3.api.rootDomain | string | `".s3.garage.tld"` | | +| garage.s3.web.index | string | `"index.html"` | | +| garage.s3.web.rootDomain | string | `".web.garage.tld"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"dxflrs/garage"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.s3.api.annotations | object | `{}` | | +| ingress.s3.api.enabled | bool | `false` | | +| ingress.s3.api.hosts[0].host | string | `"s3.garage.tld"` | | +| ingress.s3.api.hosts[0].paths[0].path | string | `"/"` | | +| ingress.s3.api.hosts[0].paths[0].pathType | string | `"Prefix"` | | +| ingress.s3.api.hosts[1].host | string | `"*.s3.garage.tld"` | | +| ingress.s3.api.hosts[1].paths[0].path | string | `"/"` | | +| ingress.s3.api.hosts[1].paths[0].pathType | string | `"Prefix"` | | +| ingress.s3.api.labels | object | `{}` | | +| ingress.s3.api.tls | list | `[]` | | +| ingress.s3.web.annotations | object | `{}` | | +| ingress.s3.web.enabled | bool | `false` | | +| ingress.s3.web.hosts[0].host | string | `"*.web.garage.tld"` | | +| ingress.s3.web.hosts[0].paths[0].path | string | `"/"` | | +| ingress.s3.web.hosts[0].paths[0].pathType | string | `"Prefix"` | | +| ingress.s3.web.hosts[1].host | string | `"mywebpage.example.com"` | | +| ingress.s3.web.hosts[1].paths[0].path | string | `"/"` | | +| ingress.s3.web.hosts[1].paths[0].pathType | string | `"Prefix"` | | +| ingress.s3.web.labels | object | `{}` | | +| ingress.s3.web.tls | list | `[]` | | +| initImage.pullPolicy | string | `"IfNotPresent"` | | +| initImage.repository | string | `"busybox"` | | +| initImage.tag | string | `"stable"` | | +| monitoring.metrics.enabled | bool | `false` | | +| monitoring.metrics.serviceMonitor.enabled | bool | `false` | | +| monitoring.metrics.serviceMonitor.interval | string | `"15s"` | | +| monitoring.metrics.serviceMonitor.labels | object | `{}` | | +| monitoring.metrics.serviceMonitor.path | string | `"/metrics"` | | +| monitoring.metrics.serviceMonitor.relabelings | list | `[]` | | +| monitoring.metrics.serviceMonitor.scheme | string | `"http"` | | +| monitoring.metrics.serviceMonitor.scrapeTimeout | string | `"10s"` | | +| monitoring.metrics.serviceMonitor.tlsConfig | object | `{}` | | +| monitoring.tracing.sink | string | `""` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| persistence.data.hostPath | string | `"/var/lib/garage/data"` | | +| persistence.data.size | string | `"100Mi"` | | +| persistence.data.storageClass | string | `""` | | +| persistence.enabled | bool | `true` | | +| persistence.meta.hostPath | string | `"/var/lib/garage/meta"` | | +| persistence.meta.size | string | `"100Mi"` | | +| persistence.meta.storageClass | string | `""` | | +| podAnnotations | object | `{}` | | +| podSecurityContext.fsGroup | int | `1000` | | +| podSecurityContext.runAsGroup | int | `1000` | | +| podSecurityContext.runAsNonRoot | bool | `true` | | +| podSecurityContext.runAsUser | int | `1000` | | +| resources | object | `{}` | | +| securityContext.capabilities.drop[0] | string | `"ALL"` | | +| securityContext.readOnlyRootFilesystem | bool | `true` | | +| service.s3.admin.port | int | `3903` | | +| service.s3.api.port | int | `3900` | | +| service.s3.web.port | int | `3902` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tests.awsCliImage | string | `"amazon/aws-cli:2.13.2"` | | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.9.1](https://github.com/norwoodj/helm-docs/releases/v1.9.1) diff --git a/script/helm/garage/templates/garage-admin.yaml b/script/helm/garage/templates/garage-admin.yaml new file mode 100644 index 00000000..d8b890ff --- /dev/null +++ b/script/helm/garage/templates/garage-admin.yaml @@ -0,0 +1,19 @@ +{{/* This service account is created as a way of providing an admin token to garage API, using automatic Kubernetes token generation mechanism for service accounts*/}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: garage-admin + labels: + {{- include "garage.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: garage-admin + annotations: + kubernetes.io/service-account.name: garage-admin +type: kubernetes.io/service-account-token diff --git a/script/helm/garage/templates/hooks/argo-workflows-config-hook-rbac.tpl b/script/helm/garage/templates/hooks/argo-workflows-config-hook-rbac.tpl new file mode 100644 index 00000000..16d2a70f --- /dev/null +++ b/script/helm/garage/templates/hooks/argo-workflows-config-hook-rbac.tpl @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + helm.sh/hook: post-install,post-upgrade + name: garage-argo-workflows-config-hook +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: garage-argo-workflows-config-hook + annotations: + helm.sh/hook: post-install,post-upgrade +rules: +- apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "watch", "update", "patch"] +- apiGroups: [""] + resources: ["secrets", "configmaps"] + verbs: ["get", "list", "watch", "create", "update", "delete","patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: garage-argo-workflows-config-hook +subjects: +- kind: ServiceAccount + name: garage-argo-workflows-config-hook + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: garage-argo-workflows-config-hook + apiGroup: rbac.authorization.k8s.io diff --git a/script/helm/garage/templates/hooks/argo-workflows-config-hook.tpl b/script/helm/garage/templates/hooks/argo-workflows-config-hook.tpl new file mode 100644 index 00000000..42988c30 --- /dev/null +++ b/script/helm/garage/templates/hooks/argo-workflows-config-hook.tpl @@ -0,0 +1,43 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: garage-argo-workflows-config-hook + annotations: + helm.sh/hook: post-install,post-upgrade +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + restartPolicy: Never + serviceAccountName: garage-argo-workflows-config-hook + containers: + - name: garage-argo-workflows-config-hook + image: {{ printf "%s:%s" .Values.argoWorkflowsConfigHook.image.repository .Values.argoWorkflowsConfigHook.image.tag }} + imagePullPolicy: {{ .Values.argoWorkflowsConfigHook.image.pullPolicy }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: GARAGE_ADMIN_TOKEN + valueFrom: + secretKeyRef: + name: garage-admin + key: token + - name: GARAGE_DEPLOYMENT_KIND + value: {{ .Values.deployment.kind }} + - name: GARAGE_WORKLOAD_NAME + value: {{ include "garage.fullname" . }} + - name: GARAGE_API_URL + value: {{ printf "http://%s:%s" (include "garage.fullname" .) (toString .Values.service.s3.admin.port) }} + - name: GARAGE_S3_API_URL + value: {{ printf "http://%s:%s" (include "garage.fullname" .) (toString .Values.service.s3.api.port) }} + {{- if .Values.persistence.enabled }} + - name: GARAGE_NODE_CAPACITY_BYTES_REQUESTS + value: {{ .Values.persistence.data.size }} + {{- end }} diff --git a/script/helm/garage/templates/service.yaml b/script/helm/garage/templates/service.yaml index 37218872..36458a20 100644 --- a/script/helm/garage/templates/service.yaml +++ b/script/helm/garage/templates/service.yaml @@ -15,6 +15,10 @@ spec: targetPort: 3902 protocol: TCP name: s3-web + - port: {{ .Values.service.s3.admin.port }} + targetPort: 3903 + protocol: TCP + name: s3-admin selector: {{- include "garage.selectorLabels" . | nindent 4 }} {{- if .Values.monitoring.metrics.enabled }} @@ -37,4 +41,4 @@ spec: name: metrics selector: {{- include "garage.selectorLabels" . | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/script/helm/garage/templates/test/test-workflows-bucket-access.yaml b/script/helm/garage/templates/test/test-workflows-bucket-access.yaml new file mode 100644 index 00000000..5326af91 --- /dev/null +++ b/script/helm/garage/templates/test/test-workflows-bucket-access.yaml @@ -0,0 +1,59 @@ +# Test bucket access with +apiVersion: batch/v1 +kind: Job +metadata: + name: test-workflows-bucket-access + annotations: + helm.sh/hook: "test" +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + restartPolicy: Never + serviceAccountName: garage-argo-workflows-config-hook + containers: + - name: garage-argo-workflows-config-hook + image: {{ .Values.tests.awsCliImage }} + command: [ "/bin/bash", "-c", "--" ] + args: + - | + # Check bucket existance + aws s3 --region garage --endpoint-url $GARAGE_S3_API_URL ls | grep argo-workflows + + if [[ $? != 0 ]]; then + echo "Bucket does not exist" + exit 1 + fi + + echo "test file" >> test.file + + # Test write + aws s3 --region garage --endpoint-url $GARAGE_S3_API_URL cp test.file s3://argo-workflows-default + + # Test read + aws s3 --region garage --endpoint-url $GARAGE_S3_API_URL cp s3://argo-workflows-default/test.file /tmp/read-from-s3.file + + cat /tmp/read-from-s3.file + imagePullPolicy: "Always" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: garage-argo-workflows-creds + key: accessKey + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: garage-argo-workflows-creds + key: secretKey + - name: GARAGE_S3_API_URL + value: {{ printf "http://%s:%s" (include "garage.fullname" .) (toString .Values.service.s3.api.port) }} diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml index 340c0054..71e0dd0f 100644 --- a/script/helm/garage/templates/workload.yaml +++ b/script/helm/garage/templates/workload.yaml @@ -56,6 +56,13 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: GARAGE_ADMIN_TOKEN + valueFrom: + secretKeyRef: + name: garage-admin + key: token + optional: false ports: - containerPort: 3900 name: s3-api @@ -123,7 +130,7 @@ spec: name: meta spec: accessModes: [ "ReadWriteOnce" ] - {{- if hasKey .Values.persistence.meta "storageClass" }} + {{- if .Values.persistence.meta.storageClass }} storageClassName: {{ .Values.persistence.meta.storageClass | quote }} {{- end }} resources: @@ -133,7 +140,7 @@ spec: name: data spec: accessModes: [ "ReadWriteOnce" ] - {{- if hasKey .Values.persistence.data "storageClass" }} + {{- if .Values.persistence.data.storageClass }} storageClassName: {{ .Values.persistence.data.storageClass | quote }} {{- end }} resources: diff --git a/script/helm/garage/values.yaml b/script/helm/garage/values.yaml index 56afa2b2..a78142f3 100644 --- a/script/helm/garage/values.yaml +++ b/script/helm/garage/values.yaml @@ -80,12 +80,12 @@ garage: persistence: enabled: true meta: - # storageClass: "fast-storage-class" + storageClass: "" size: 100Mi # used only for daemon sets hostPath: /var/lib/garage/meta data: - # storageClass: "slow-storage-class" + storageClass: "" size: 100Mi # used only for daemon sets hostPath: /var/lib/garage/data @@ -98,7 +98,7 @@ deployment: replicaCount: 3 image: - repository: dxflrs/amd64_garage + repository: dxflrs/garage # please prefer using the chart version and not this tag tag: "" pullPolicy: IfNotPresent @@ -148,6 +148,8 @@ service: port: 3900 web: port: 3902 + admin: + port: 3903 # NOTE: the admin API is excluded for now as it is not consistent across nodes ingress: @@ -186,14 +188,14 @@ ingress: # kubernetes.io/tls-acme: "true" labels: {} hosts: - - host: "*.web.garage.tld" # wildcard website access with bucket name prefix - paths: - - path: / - pathType: Prefix - - host: "mywebpage.example.com" # specific bucket access with FQDN bucket - paths: - - path: / - pathType: Prefix + - host: "*.web.garage.tld" # wildcard website access with bucket name prefix + paths: + - path: / + pathType: Prefix + - host: "mywebpage.example.com" # specific bucket access with FQDN bucket + paths: + - path: / + pathType: Prefix tls: [] # - secretName: my-garage-cluster-tls # hosts: @@ -232,3 +234,13 @@ monitoring: relabelings: [] tracing: sink: "" + +tests: + awsCliImage: "amazon/aws-cli:2.13.2" + +# -- Config hook for argo workflows +argoWorkflowsConfigHook: + image: + repository: quay.io/codefresh/garage-argo-workflows-config-hook + tag: 2024.05.18-5def96f + pullPolicy: IfNotPresent