Base helm chart (#17)

* release helm chart

Signed-off-by: Matt Siwiec <[email protected]>

* initial chart

Signed-off-by: Matt Siwiec <[email protected]>

* ignore vendor

Signed-off-by: Matt Siwiec <[email protected]>

* graceful shutdown

Signed-off-by: Matt Siwiec <[email protected]>

* devcontainer

Signed-off-by: Matt Siwiec <[email protected]>

* tweek

Signed-off-by: Matt Siwiec <[email protected]>

---------

Signed-off-by: Matt Siwiec <[email protected]>

.devcontainer/devcontainer.json

@@ -12,6 +12,7 @@
           "editor.defaultFormatter": "golang.go"
         },
         "go.buildTags": "testtools",
+        "go.formatTool": "goimports",
         "go.lintTool": "golangci-lint",
         "gopls": {
           "formatting.gofumpt": true,

.devcontainer/docker-compose.yml

@@ -17,3 +17,8 @@ services:
       - .env
     volumes:
       - ../..:/workspaces:cached
+    # Port forwarded for local development with emacs tramp
+    # ports:
+    #   - "127.0.0.1:2222:2222"
+    # Use "forwardPorts" in **devcontainer.json** to forward a port locally.
+    # (Adding the "ports" property to this file will not forward from a Codespace.)

.github/workflows/release.yml

@@ -5,6 +5,22 @@ on:
       - v**
 
 jobs:
+  helm:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Publish Helm charts
+        uses: stefanprodan/helm-gh-pages@master
+        with:
+          token: ${{ secrets.RELEASEBOT_PAT }}
+          charts_dir: chart
+          charts_url: "https://infratographer.github.io/charts"
+          repository: "charts"
+          app_version: ${{  github.ref_name }}
+          chart_version: ${{  github.ref_name }}
+          branch: gh-pages
+
   goreleaser:
     runs-on: ubuntu-latest
     permissions:

.gitignore

@@ -15,7 +15,7 @@
 *.out
 
 # Dependency directories (remove the comment below to include it)
-# vendor/
+vendor/
 
 # Go workspace file
 go.work

chart/node-resolver/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/node-resolver/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: common
+  repository: https://charts.bitnami.com/bitnami
+  version: 2.8.0
+- name: reloader
+  repository: https://stakater.github.io/stakater-charts
+  version: 1.0.36
+digest: sha256:4df54802aba59c111c7f374822b56a3a25d1952565d44090915aa0dd3a1174b5
+generated: "2023-08-17T23:08:51.052221406Z"

chart/node-resolver/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: node-resolver
+description: A Helm chart to deploy the Infratographer node-resolver api
+
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
+kubeVersion: ">=1.24"
+
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 2.8.0
+  - name: reloader
+    condition: reloader.enabled
+    version: "v1.0.36"
+    repository: "https://stakater.github.io/stakater-charts"

chart/node-resolver/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "node-resolver.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "node-resolver.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "node-resolver.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "node-resolver.labels" -}}
+helm.sh/chart: {{ include "node-resolver.chart" . }}
+{{ include "node-resolver.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "node-resolver.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "node-resolver.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "node-resolver.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "node-resolver.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

chart/node-resolver/templates/api-config.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.fullname" . }}-config
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+data:
+  NODERESOLVER_SERVER_LISTEN: ":{{ .Values.api.listenPort }}"
+  NODERESOLVER_SERVER_SHUTDOWN_GRACE_PERIOD: "{{ .Values.api.shutdownGracePeriod }}"
+{{- if .Values.api.tracing.enabled }}
+  NODERESOLVER_TRACING_ENABLED: "{{ .Values.api.tracing.enabled }}"
+  NODERESOLVER_TRACING_PROVIDER: "{{ .Values.api.tracing.provider }}"
+  NODERESOLVER_TRACING_ENVIRONMENT: "{{ .Values.api.tracing.environment }}"
+{{- if eq .Values.api.tracing.provider "jaeger" }}
+  NODERESOLVER_TRACING_JAEGER_ENDPOINT: "{{ .Values.api.tracing.jaeger.endpoint }}"
+  NODERESOLVER_TRACING_JAEGER_USER: "{{ .Values.api.tracing.jaeger.user }}"
+  NODERESOLVER_TRACING_JAEGER_PASSWORD: "{{ .Values.api.tracing.jaeger.password }}"
+{{- end }}
+{{- if eq .Values.api.tracing.provider "otlpgrpc" }}
+  NODERESOLVER_TRACING_OTLP_ENDPOINT: "{{ .Values.api.tracing.otlp.endpoint }}"
+  NODERESOLVER_TRACING_OTLP_INSECURE: "{{ .Values.api.tracing.otlp.insecure }}"
+  NODERESOLVER_TRACING_OTLP_CERTIFICATE: "{{ .Values.api.tracing.otlp.certificate }}"
+{{- end }}
+{{- end }}
+{{- with .Values.api.trustedProxies }}
+  NODERESOLVER_SERVER_TRUSTED_PROXIES: "{{ join " " . }}"
+{{- end }}

chart/node-resolver/templates/deployment.yaml

@@ -0,0 +1,87 @@
+---
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.api.extraLabels }}
+    {{- toYaml .Values.api.extraLabels | nindent 4 }}
+    {{- end }}
+    {{- if .Values.api.extraAnnotations }}
+  annotations:
+    {{- toYaml .Values.api.extraAnnotations | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: {{ .Values.api.replicas | default 1 }}
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+      {{- include "common.labels.standard" . | nindent 8 }}
+      {{- if .Values.api.extraLabels }}
+      {{- toYaml .Values.api.extraLabels | nindent 8 }}
+      {{- end }}
+      {{- if .Values.api.extraAnnotations }}
+      annotations:
+        {{- toYaml .Values.api.extraAnnotations | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- with .Values.api.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.api.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.api.podSecurityContext | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          env:
+          {{- if .Values.api.extraEnvVars }}
+          {{- range .Values.api.extraEnvVars }}
+            - name: {{ .name }}
+              value: {{ .value }}
+          {{- end }}
+          {{- end }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "common.names.fullname" . }}-config
+          {{- with .Values.api.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - serve
+          ports:
+            - name: http
+              containerPort: {{ .Values.api.listenPort | default "8080" }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /livez
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: http
+          volumeMounts:
+          resources:
+            {{- toYaml .Values.api.resources | nindent 12 }}
+      {{- with .Values.api.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.api.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.api.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:

chart/node-resolver/templates/ingress.yaml

@@ -0,0 +1,43 @@
+---
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "common.names.fullname" . -}}
+{{- if empty .Values.ingress.hosts }}
+{{- fail ".Values.ingress.hosts must contain at least one entry" }}
+{{- end }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+    {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  name: {{ $fullName }}-ingress
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host  | quote }}
+      http:
+        paths:
+          {{- range (.paths | default (list "/")) }}
+          - pathType: {{ $.Values.ingress.pathType | default "Prefix" | quote }}
+            path: {{ . | quote }}
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  name: http
+  {{- end }}
+  {{- end }}
+  {{- with .Values.ingress.tls }}
+  tls:
+    - hosts:
+        {{- range $.Values.ingress.hosts }}
+        - {{ .host  | quote }}
+        {{- end }}
+      secretName: {{ $fullName }}-api-tls
+  {{- end }}
+{{- end }}

chart/node-resolver/templates/service.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.service.annotations }}
+  annotations:
+    {{- toYaml .Values.service.annotations | nindent 4 }}
+  {{- end }}
+spec:
+  ports:
+    - name: http
+      port: {{ .Values.service.port }}
+      protocol: TCP
+      targetPort: {{ .Values.api.listenPort }}
+  selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+  sessionAffinity: {{ .Values.service.sessionAffinity }}
+  type: {{ .Values.service.type }}