Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add templating option to helm chart #134

Merged
merged 5 commits into from
Jun 5, 2024
Merged

chore: add templating option to helm chart #134

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4468fe8
chore: add templating option to helm chart
vishal-chdhry May 27, 2024
2a1059b
feat: add install manifest without postgres
vishal-chdhry May 27, 2024
0ab3032
Merge branch 'main' into templating
vishal-chdhry Jun 3, 2024
5df5ab2
fix: codegen
vishal-chdhry Jun 4, 2024
c72b2a0
Merge branch 'main' into templating
realshuting Jun 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,25 @@ codegen-helm-docs: ## Generate helm docs
codegen-install-manifest: $(HELM) ## Create install manifest
@echo Generate latest install manifest... >&2
@$(HELM) template reports-server --namespace reports-server ./charts/reports-server/ \
--set templating.enabled=true \
| $(SED) -e '/^#.*/d' \
> ./config/install.yaml

codegen-install-manifest-inmemory: $(HELM) ## Create install manifest without postgres
@echo Generate latest install manifest... >&2
@$(HELM) template reports-server --namespace reports-server ./charts/reports-server/ \
--set config.debug=true \
--set postgresql.enabled=false \
--set templating.enabled=true \
| $(SED) -e '/^#.*/d' \
> ./config/install-inmemory.yaml

.PHONY: codegen
codegen: ## Rebuild all generated code and docs
codegen: codegen-helm-docs
codegen: codegen-openapi
codegen: codegen-install-manifest
codegen: codegen-install-manifest-inmemory

.PHONY: verify-codegen
verify-codegen: codegen ## Verify all generated code and docs are up to date
Expand Down Expand Up @@ -205,6 +216,16 @@ kind-install: $(HELM) kind-load ## Build image, load it in kind cluster and depl
--set image.repository=$(PACKAGE) \
--set image.tag=$(GIT_SHA)

.PHONY: kind-install-inmemory
kind-install-inmemory: $(HELM) kind-load ## Build image, load it in kind cluster and deploy helm chart
@echo Install chart... >&2
@$(HELM) upgrade --install reports-server --namespace reports-server --create-namespace --wait ./charts/reports-server \
--set image.registry=$(KO_REGISTRY) \
--set config.debug=true \
--set postgresql.enabled=false \
--set image.repository=$(PACKAGE) \
--set image.tag=$(GIT_SHA)

########
# HELP #
########
Expand Down
6 changes: 6 additions & 0 deletions charts/reports-server/templates/namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{{- if .Values.templating.enabled -}}
apiVersion: v1
kind: Namespace
metadata:
name: {{ $.Release.Namespace }}
{{- end -}}
5 changes: 5 additions & 0 deletions charts/reports-server/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
# -- Internal settings used with `helm template` to generate install manifest
# @ignored
templating:
enabled: false

postgresql:

# -- Deploy postgresql dependency chart
Expand Down
259 changes: 259 additions & 0 deletions config/install-inmemory.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,259 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: reports-server
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: reports-server
namespace: reports-server
labels:
helm.sh/chart: reports-server-0.1.0-alpha.1
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
app.kubernetes.io/version: "v0.1.0-alpha.1"
app.kubernetes.io/managed-by: Helm
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: reports-server
labels:
rbac.authorization.k8s.io/aggregate-to-admin: 'true'
rbac.authorization.k8s.io/aggregate-to-edit: 'true'
rbac.authorization.k8s.io/aggregate-to-view: 'true'
helm.sh/chart: reports-server-0.1.0-alpha.1
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
app.kubernetes.io/version: "v0.1.0-alpha.1"
app.kubernetes.io/managed-by: Helm
rules:
- apiGroups:
- reports.kyverno.io
resources:
- ephemeralreports
- clusterephemeralreports
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- deletecollection
- apiGroups:
- wgpolicyk8s.io
resources:
- policyreports
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- deletecollection
- apiGroups:
- ''
- events.k8s.io
resources:
- events
verbs:
- create
- patch
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: reports-server
labels:
helm.sh/chart: reports-server-0.1.0-alpha.1
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
app.kubernetes.io/version: "v0.1.0-alpha.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: reports-server
subjects:
- kind: ServiceAccount
name: reports-server
namespace: reports-server
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: reports-server
namespace: kube-system
labels:
helm.sh/chart: reports-server-0.1.0-alpha.1
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
app.kubernetes.io/version: "v0.1.0-alpha.1"
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: reports-server
namespace: reports-server
---
apiVersion: v1
kind: Service
metadata:
name: reports-server
namespace: reports-server
labels:
helm.sh/chart: reports-server-0.1.0-alpha.1
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
app.kubernetes.io/version: "v0.1.0-alpha.1"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reports-server
namespace: reports-server
labels:
helm.sh/chart: reports-server-0.1.0-alpha.1
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
app.kubernetes.io/version: "v0.1.0-alpha.1"
app.kubernetes.io/managed-by: Helm
spec:
strategy:
rollingUpdate:
maxUnavailable: 0
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
template:
metadata:
labels:
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
spec:
priorityClassName: system-cluster-critical
serviceAccountName: reports-server
securityContext:
fsGroup: 2000
containers:
- name: reports-server
args:
- --debug
- --cert-dir=/tmp
- --secure-port=4443
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: "ghcr.io/kyverno/reports-server:v0.1.0-alpha.1"
imagePullPolicy: IfNotPresent
ports:
- name: https
containerPort: 4443
protocol: TCP
volumeMounts:
- mountPath: /tmp
name: tmp-dir
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
limits: null
requests: null
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1alpha2.wgpolicyk8s.io
namespace: reports-server
labels:
helm.sh/chart: reports-server-0.1.0-alpha.1
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
app.kubernetes.io/version: "v0.1.0-alpha.1"
app.kubernetes.io/managed-by: Helm
kube-aggregator.kubernetes.io/automanaged: "false"
spec:
group: wgpolicyk8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: reports-server
namespace: reports-server
version: v1alpha2
versionPriority: 100
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1.reports.kyverno.io
namespace: reports-server
labels:
helm.sh/chart: reports-server-0.1.0-alpha.1
app.kubernetes.io/name: reports-server
app.kubernetes.io/instance: reports-server
app.kubernetes.io/version: "v0.1.0-alpha.1"
app.kubernetes.io/managed-by: Helm
kube-aggregator.kubernetes.io/automanaged: "false"
spec:
group: reports.kyverno.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: reports-server
namespace: reports-server
version: v1
versionPriority: 100
5 changes: 5 additions & 0 deletions config/install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: reports-server
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: reports-server-postgresql
Expand Down
Loading