Merge pull request #214 from joejulian/helm-charts-console

console: move chart from redpanda-data/console
redpanda-data · Dec 9, 2022 · 6fcfb27 · 6fcfb27
2 parents 2f30010 + d8d761a
commit 6fcfb27
Show file tree

Hide file tree

Showing 16 changed files with 926 additions and 1 deletion.
diff --git a/.github/workflows/pull_requests.yaml b/.github/workflows/pull_requests.yaml
@@ -54,10 +54,11 @@ jobs:
       - name: Set up chart-testing
         uses: helm/[email protected]
 
+      # we're excluding console from the install test until we have a way to test it with Redpanda
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
-          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }} --excluded-charts console)
           if [[ -n "$changed" ]]; then
             echo "::set-output name=changed::true"
           fi
@@ -82,3 +83,4 @@ jobs:
 
       - name: Run chart-testing (install)
         run: ct install --config .github/ct.yaml
+        if: steps.list-changed.outputs.changed == 'true'
diff --git a/charts/console/.helmignore b/charts/console/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/console/Chart.yaml b/charts/console/Chart.yaml
@@ -0,0 +1,47 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: console
+description: Helm chart to deploy Redpanda Console.
+
+maintainers:
+  - name: redpanda-data
+    url: https://github.com/orgs/redpanda-data/people
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+
+# Chart versions do not track appVersion
+version: 0.3.2
+
+# The app version is the version of the Chart application
+appVersion: v2.0.2
+
+icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg
+sources:
+  - https://github.com/redpanda-data/helm-charts
+annotations:
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/links: |
+    - name: Documentation
+      url: https://docs.redpanda.com
+    - name: "Helm (>= 3.6.0)"
+      url: https://helm.sh/docs/intro/install/
+  artifacthub.io/images: |
+    - name: redpanda
+      image: vectorized/console:v2.0.2
diff --git a/charts/console/README.md b/charts/console/README.md
@@ -0,0 +1,13 @@
+# Redpanda Console Helm Chart
+
+This Helm chart allows you to deploy Redpanda Console to your Redpanda cluster.
+You can install the chart by running the following commands:
+
+```shell
+helm repo add redpanda 'https://charts.redpanda.com/' 
+helm repo update
+helm install redpanda/console -f myvalues.yaml
+```
+
+Have a look at the [values.yaml](./values.yaml) file to see the available options.
+Additionally, there is an example configuration in the [examples](./examples) directory.
diff --git a/charts/console/examples/console-enterprise.yaml b/charts/console/examples/console-enterprise.yaml
@@ -0,0 +1,79 @@
+image:
+  tag: master-8fcce39
+
+resources:
+  limits:
+    cpu: 1
+    memory: 2Gi
+  requests:
+    cpu: 100m
+    memory: 512Mi
+
+console:
+  config:
+    kafka:
+      brokers:
+        - bootstrap.mybrokers.com:9092
+      clientId: redpanda-console
+      sasl:
+        enabled: true
+        mechanism: SCRAM-SHA-256
+        username: console
+        # password: set via Helm secret / Env variable
+      tls:
+        enabled: false
+    login:
+      google:
+        enabled: true
+        clientId: redacted.apps.googleusercontent.com
+        # clientSecret: set via Helm secret / Env variable
+        directory:
+          # serviceAccountFilepath: set via Helm secret / Env variable
+          targetPrincipal: [email protected]
+    enterprise:
+      rbac:
+        enabled: true
+        roleBindingsFilepath: /etc/console/configs/role-bindings.yaml
+  roleBindings:
+    - roleName: viewer
+      metadata:
+        # Metadata properties will be shown in the UI. You can omit it if you want to
+        name: Developers
+      subjects:
+        # You can specify all groups or users from different providers here which shall be bound to the same role
+        - kind: group
+          provider: Google
+          name: [email protected]
+        - kind: user
+          provider: Google
+          name: [email protected]
+    - roleName: admin
+      metadata:
+        name: Admin
+      subjects:
+        - kind: user
+          provider: Google
+          name: [email protected]
+
+secret:
+  create: true
+  kafka:
+    saslPassword: "redacted"
+  enterprise:
+    license: "redacted"
+  login:
+    google:
+      clientSecret: "redacted"
+      groupsServiceAccount: |
+        {
+          "type": "service_account",
+          "project_id": "redacted",
+          "private_key_id": "redacted",
+          "private_key": "-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----\n",
+          "client_email": "[email protected]",
+          "client_id": "redacted",
+          "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+          "token_uri": "https://oauth2.googleapis.com/token",
+          "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+          "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/redacted.iam.gserviceaccount.com"
+        }
diff --git a/charts/console/templates/NOTES.txt b/charts/console/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "console.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "console.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "console.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "console.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/charts/console/templates/_helpers.tpl b/charts/console/templates/_helpers.tpl
@@ -0,0 +1,93 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "console.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "console.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "console.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "console.labels" -}}
+helm.sh/chart: {{ include "console.chart" . }}
+{{ include "console.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "console.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "console.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "console.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "console.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Server Listen Port for Console's HTTP server.
+The port can be overriden in the provided config, but
+it defaults to 8080.
+*/}}
+{{- define "console.server.listenPort" -}}
+{{- if .Values.console.config.server -}}
+{{- .Values.console.config.server.listenPort | default 8080 }}
+{{- else -}}
+8080
+{{- end }}
+{{- end }}
+
+{{/*
+Some umbrella charts may use a global registry variable.
+In order to be compatible with this, we will watch for a global.imageRegistry
+variable or return the imageRegistry as specified via the values.
+*/}}
+{{- define "console.imageRegistry" -}}
+{{- $registryName := .Values.image.registry -}}
+{{- if .Values.global }}
+    {{- if .Values.global.imageRegistry }}
+        {{- printf "%s" .Values.global.imageRegistry -}}
+    {{- else -}}
+        {{- printf "%s" $registryName -}}
+    {{- end -}}
+{{- else -}}
+    {{- printf "%s" $registryName -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/console/templates/configmap.yaml b/charts/console/templates/configmap.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "console.fullname" . }}
+  labels:
+    {{- include "console.labels" . | nindent 4 }}
+data:
+  config.yaml: |
+    {{- tpl (toYaml .Values.console.config) $ | nindent 4 }}
+  {{- if .Values.console.roles }}
+  roles.yaml: |
+    roles:
+      {{- tpl (toYaml .Values.console.roles) $ | nindent 6 }}
+  {{- end }}
+
+  {{- if .Values.console.roleBindings }}
+  role-bindings.yaml: |
+    roleBindings:
+      {{- tpl (toYaml .Values.console.roleBindings) $ | nindent 6 }}
+  {{- end }}