From 13b075660dcd5cf4b263e24604fc6e6ca0c0cc6c Mon Sep 17 00:00:00 2001 From: Guilhem Lavaux Date: Wed, 20 Nov 2024 10:32:53 +0100 Subject: [PATCH] Loads of new features, including live updater --- Chart.yaml | 10 ++++++++++ templates/NOTES.txt | 17 ++++++++++++++++ templates/deployment.yaml | 42 ++++++++++++++++++++++++++++++++------- templates/ingress.yaml | 15 +++++++++----- templates/secrets.yaml | 34 +++++++++++++++++++++++++++++++ templates/service.yaml | 10 +++++++--- values.yaml | 22 ++++++++++++-------- 7 files changed, 127 insertions(+), 23 deletions(-) create mode 100644 templates/NOTES.txt create mode 100644 templates/secrets.yaml diff --git a/Chart.yaml b/Chart.yaml index ee37c95..d44720d 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -6,3 +6,13 @@ description: A basic Helm chart for Kubernetes type: application version: 0.1.0 appVersion: "1.0.0" + +dependencies: + - name: postgresql + version: 15.5.0 + repository: oci://registry-1.docker.io/bitnamicharts + condition: postgresql.enabled + - name: mysql + version: 11.1.19 + repository: oci://registry-1.docker.io/bitnamicharts + condition: mysql.enabled diff --git a/templates/NOTES.txt b/templates/NOTES.txt new file mode 100644 index 0000000..e8bae8c --- /dev/null +++ b/templates/NOTES.txt @@ -0,0 +1,17 @@ +{{- $releaseNamespace := {{ .Release.Namespace }} }} +{{- $secretName := {{ .Release.Name }}-webhook-secret }} +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +To get the webhook identification run: + + export WEBHOOK_SECRET=$(kubectl get secret --namespace {{ $releaseNamespace }} {{ $secretName }} -o jsonpath="{.data.WEBHOOK_SECRET}" | base64 -d) + export API_USERNAME=$(kubectl get secret --namespace {{ $releaseNamespace }} {{ $secretName }} -o jsonpath="{.data.API_USERNAME}" | base64 -d): {{ $apiUsername | b64enc }} + export API_PASSWORD=$(kubectl get secret --namespace {{ $releaseNamespace }} {{ $secretName }} -o jsonpath="{.data.API_PASSWORD}" | base64 -d): {{ $apiUsername | b64enc }} + +To build the authentication header: + + echo "Basic $(echo -n $API_USERNAME:$API_PASSWORD | base64)" \ No newline at end of file diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 280aaa7..285842e 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -14,6 +14,26 @@ spec: labels: {{- include "basic-app.selectorLabels" . | nindent 8 }} spec: + initContainers: + - name: git-cloner + image: "{{ .Values.updater.image.repository }}:{{ .Values.updater.image.tag }}" + imagePullPolicy: {{ .Values.updater.image.pullPolicy }} + volumeMounts: + - name: data + mountPath: "/web" + command: + - /bin/sh + - -ec + - | + cd /web + test -d .git && exit 0 + git clone ${GIT_URL} . + mkdir lib/config + git lfs install + git lfs pull + env: + - name: GIT_URL + value: "{{ .Values.updater.url }}" containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -21,9 +41,10 @@ spec: ports: - containerPort: 80 protocol: TCP + name: http-svc volumeMounts: - name: data - mountPath: /data + mountPath: /var/www/html env: {{- with .Values.env.plain }} {{- toYaml . | nindent 12 }} @@ -54,15 +75,21 @@ spec: optional: {{ .optional | default false }} {{- end }} - name: {{ .Chart.PullName }} - image: "{{ .Values.puller.image.repository }}:{{ .Values.puller.image.tag }}" - imagePullPolicy: {{ .Values.puller.image.pullPolicy }} + image: "{{ .Values.updater.image.repository }}:{{ .Values.updater.image.tag }}" + imagePullPolicy: {{ .Values.updater.image.pullPolicy }} ports: - - containerPort: 80 + - containerPort: 8000 protocol: TCP + name: webhook-svc volumeMounts: - name: data - mountPath: /data + mountPath: /web env: + - name: "DATA_DIR" + value: "/web" + {{- with .Values.updater.env.plain }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.env.plain }} {{- toYaml . | nindent 12 }} {{- end }} @@ -86,6 +113,8 @@ spec: name: {{ .name }} optional: {{ .optional | default false }} {{- end }} + - secretRef: + name: {{ .Release.Name }}-webhook-secret {{- range .Values.env.secretRefs }} - secretRef: name: {{ .name }} @@ -94,5 +123,4 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: {{ .Release.Name }}-pvc - + claimName: {{ .Release.Name }}-pvc \ No newline at end of file diff --git a/templates/ingress.yaml b/templates/ingress.yaml index be9bc40..6fed2fc 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -24,15 +24,20 @@ spec: - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ .path }} - pathType: {{ .pathType }} + - path: / + pathType: Prefix backend: service: name: {{ $.Release.Name }} port: - number: {{ $.Values.service.port }} - {{- end }} + number: 80 + - path: "/.webhook" + pathType: Prefix + backend: + service: + name: {{ $.Release.Name }} + port: + number: 8000 {{- end }} {{- end }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml new file mode 100644 index 0000000..43ed0d7 --- /dev/null +++ b/templates/secrets.yaml @@ -0,0 +1,34 @@ + + +{{- if and (not $webhook_secret) .Values.updater.webhook_secret }} +{{- $webhook_secret = .Values.updater.webhook_secret }} +{{- end }} +{{- if not $webhook_secret }} +{{- $webhook_secret = randAlphaNum 10 }} +{{- end }} + +{{- if and (not $apiUsername) .Values.updater.apiUsername }} +{{- $apiUsername = .Values.updater.apiUsername }} +{{- end }} +{{- if and (not $apiPassword) .Values.updater.apiPassword }} +{{- $apiPassword = .Values.updater.apiPassword }} +{{- end }} + +{{- if not $apiUsername}} +{{- $apiUsername = randAlphaNum 10 }} +{{- end }} +{{- if not $apiPassword}} +{{- $apiPassword = randAlphaNum 10 }} +{{- end }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-webhook-secret + namespace: {{ .Release.Namespace }} +type: Opaque +data: + WEBHOOK_SECRET: {{ $webhook_secret | b64enc }} + API_USERNAME: {{ $apiUsername | b64enc }} + API_PASSWORD: {{ $apiPassword | b64enc }} + SCRIPT_NAME: "/.webhook" \ No newline at end of file diff --git a/templates/service.yaml b/templates/service.yaml index 3782f5f..2f05db6 100644 --- a/templates/service.yaml +++ b/templates/service.yaml @@ -2,15 +2,19 @@ apiVersion: v1 kind: Service metadata: name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} labels: {{- include "basic-app.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} - targetPort: 80 + - port: 80 + targetPort: http-svc protocol: TCP name: http + - port: 8000 + targetPort: webhook-svc + protocol: TCP + name: webhook selector: {{- include "basic-app.selectorLabels" . | nindent 4 }} - diff --git a/values.yaml b/values.yaml index fc5b3ef..b95dd0c 100644 --- a/values.yaml +++ b/values.yaml @@ -5,15 +5,21 @@ image: pullPolicy: IfNotPresent tag: "latest" -puller: - image: - repository: nginx - pullPolicy: IfNotPresent - tag: "latest" +mysql: + enabled: false -service: - type: ClusterIP - port: 80 +postgresql: + enabled: false + +updater: + image: + repository: glvx/web-updater + pullPolicy: IfNotPresent + tag: "241120-1" + url: "" + webhook-secret: "" + apiUsername: "" + apiPassword: "" ingress: enabled: true