diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..120c689 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..c28f3a2 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,34 @@ +name: Release Charts + +on: + push: + branches: + - main + +jobs: + release: + # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions + # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v4 + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/charts/part-db/.helmignore b/charts/part-db/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/part-db/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/part-db/Chart.yaml b/charts/part-db/Chart.yaml new file mode 100644 index 0000000..42f6e37 --- /dev/null +++ b/charts/part-db/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +description: Part-DB inventory management system. +engine: gotpl +maintainers: +- email: mail@jan-boehmer.de + name: Jan Böhmer +- email: jho4us@gmail.com + name: Andrey Ivanov +name: part-db +version: 0.0.1 diff --git a/charts/part-db/README.md b/charts/part-db/README.md new file mode 100644 index 0000000..5d32c14 --- /dev/null +++ b/charts/part-db/README.md @@ -0,0 +1,56 @@ +# Part-DB + +## TL;DR; + +```console +$ helm install part-db +``` + +## Introduction + +This chart bootstraps an part-db service deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + - Kubernetes 1.4+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release part-db +``` + +The command deploys ednme on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the part-db chart and their default values. + +Parameter | Description | Default +--- | --- | --- + +```console +$ helm install part-db --name my-release \ + --set controller.stats.enabled=true +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install part-db --name my-release -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/charts/part-db/templates/_helpers.tpl b/charts/part-db/templates/_helpers.tpl new file mode 100644 index 0000000..ef7fcfd --- /dev/null +++ b/charts/part-db/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "app.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "app.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "app.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "app.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "app.labels" -}} +app.kubernetes.io/name: {{ template "app.name" . }} +helm.sh/chart: {{ template "app.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "app.matchLabels" -}} +app.kubernetes.io/name: {{ template "app.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/part-db/templates/deployment.yaml b/charts/part-db/templates/deployment.yaml new file mode 100644 index 0000000..6b04f05 --- /dev/null +++ b/charts/part-db/templates/deployment.yaml @@ -0,0 +1,125 @@ +apiVersion: {{ template "app.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "app.fullname" . }} + labels: {{- include "app.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "app.matchLabels" . | nindent 6 }} + replicas: 1 + strategy: + rollingUpdate: + maxSurge: 1 # as an absolute number of replicas + maxUnavailable: 100% # as % of replicas + type: RollingUpdate + template: + metadata: + labels: {{- include "app.labels" . | nindent 8 }} + annotations: + spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ template "app.fullname" . }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: APP_ENV + value: "docker" + - name: DEFAULT_URI + value: "{{ required "Root URL value required" .Values.app.url }}" + - name: DB_USERNAME + value: {{ default "pdbadm" .Values.db.user | quote }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "app.fullname" . }} + key: db-password + - name: DB_DATABASE + value: {{ default "partdb" .Values.db.db | quote }} + - name: DB_TYPE + value: {{ default "sqlite" .Values.app.db_type | quote }} + - name: DATABASE_URL + value: "$(DB_TYPE)://$(DB_USERNAME):$(DB_PASSWORD)@{{ required "Database server host value required" .Values.db.host }}/$(DB_DATABASE)" + - name: DEFAULT_LANG + value: {{ default "en" .Values.app.lang | quote }} + - name: DEFAULT_TIMEZONE + value: {{ default "" .Values.app.tz | quote }} + - name: BASE_CURRENCY + value: {{ default "EUR" .Values.app.currency | quote }} + - name: ALLOW_ATTACHMENT_DOWNLOADS + value: "0" + - name: USE_GRAVATAR + value: "0" + - name: MAX_ATTACHMENT_FILE_SIZE + value: "100M" + - name: ENFORCE_CHANGE_COMMENTS_FOR + value: {{ default "" .Values.app.enforce_change_comments | quote }} + - name: CHECK_FOR_UPDATES + value: "0" + - name: HISTORY_SAVE_CHANGED_FIELDS + value: "true" + - name: HISTORY_SAVE_CHANGED_DATA + value: "true" + - name: HISTORY_SAVE_REMOVED_DATA + value: "true" + {{- if .Values.serviceLoadBalancerSourceRanges }} + - name: TRUSTED_PROXIES + value: {{ join "," .Values.serviceLoadBalancerSourceRanges | quote }} + {{- end }} + + + {{- if .Values.smtp }} + - name: SMTP_HOST + value: {{ default "" .Values.smtp.host | quote }} + - name: SMTP_PORT + value: {{ required "SMTP port value required" .Values.smtp.port | quote }} + {{- if .Values.smtp.user }} + - name: SMTP_USERNAME + value: {{ .Values.smtp.user | quote }} + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "app.fullname" . }} + key: smtp-password + - name: MAILER_DSN + value: "{{ required "SMTP protocol value required" .Values.smtp.protocol }}://$(SMTP_USERNAME):$(SMTP_PASSWORD)@$(SMTP_HOST):$(SMTP_PORT)" + {{- else }} + - name: MAILER_DSN + value: "{{ required "SMTP protocol value required" .Values.smtp.protocol }}://$(SMTP_HOST):$(SMTP_PORT)" + {{- end }} + {{- end }} + + {{- if .Values.extraVars }} +{{ toYaml .Values.extraVars | indent 8 }} + {{- end }} + ports: + - name: http + containerPort: 80 +# livenessProbe: +# httpGet: +# path: /healthz +# port: http +# initialDelaySeconds: 120 +# timeoutSeconds: 5 +# readinessProbe: +# httpGet: +# path: /healthz +# port: http +# initialDelaySeconds: 5 +# timeoutSeconds: 1 + volumeMounts: + - name: pub + mountPath: /var/www/html/uploads + subPath: uploads + - name: pub + mountPath: /var/www/html/public/media + subPath: public_media + volumes: + - name: pub + persistentVolumeClaim: + claimName: {{ template "app.fullname" . }} diff --git a/charts/part-db/templates/ingress.yaml b/charts/part-db/templates/ingress.yaml new file mode 100644 index 0000000..86f144f --- /dev/null +++ b/charts/part-db/templates/ingress.yaml @@ -0,0 +1,33 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ required "A valid .Values.networkPolicyApiVersion entry required!" .Values.networkPolicyApiVersion }} +kind: Ingress +metadata: +{{- if .Values.ingress.annotations }} + annotations: +{{ toYaml .Values.ingress.annotations | indent 4 }} +{{- end }} +{{- if .Values.ingress.labels }} + labels: +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} + name: {{ template "app.fullname" . }} +spec: +{{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} +{{- end }} + rules: + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + - path: / + backend: + service: + name: {{ template "app.fullname" . }} + port: + number: 80 + pathType: Prefix +{{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} +{{- end -}} +{{- end }} diff --git a/charts/part-db/templates/pvc.yaml b/charts/part-db/templates/pvc.yaml new file mode 100644 index 0000000..dadb3da --- /dev/null +++ b/charts/part-db/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if not .Values.persistence.existingClaim }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "app.fullname" . }} + labels: + app: {{ template "app.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/part-db/templates/secrets.yaml b/charts/part-db/templates/secrets.yaml new file mode 100644 index 0000000..bd07968 --- /dev/null +++ b/charts/part-db/templates/secrets.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "app.fullname" . }} + labels: + app: {{ template "app.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + {{ if .Values.db.password }} + db-password: {{ default "" .Values.db.password | b64enc | quote }} + {{ else }} + db-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} + {{ if .Values.smtp }} + smtp-password: {{ default "" .Values.smtp.password | b64enc | quote }} + {{ end }} diff --git a/charts/part-db/templates/svc.yaml b/charts/part-db/templates/svc.yaml new file mode 100644 index 0000000..aa35c4c --- /dev/null +++ b/charts/part-db/templates/svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "app.fullname" . }} + labels: {{- include "app.labels" . | nindent 4 }} +spec: + type: {{ .Values.serviceType }} + ports: + - name: http + port: 80 + targetPort: http + selector: {{- include "app.matchLabels" . | nindent 4 }} + {{ if eq .Values.serviceType "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.serviceLoadBalancerSourceRanges }} + {{ end }} diff --git a/charts/part-db/values.yaml b/charts/part-db/values.yaml new file mode 100644 index 0000000..7c3ad3b --- /dev/null +++ b/charts/part-db/values.yaml @@ -0,0 +1,76 @@ +image: + registry: docker.io + repository: jbtronics/part-db1 + tag: latest + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + ##pullSecrets: + ## - regsecret + +app: + url: + db_type: sqlite + lang: en + currency: EUR + tz: + enforce_change_comments: "part_edit,part_delete,datastructure_edit,datastructure_delete" + +## Environment variables, to pass to the entry point +## +# extraVars: +# - name: NAMI_DEBUG +# value: --log-level trace + +db: + user: pdbadm + password: ## generate in case of empty + db: partdb + host: + +## Kubernetes configuration +## minikube: NodePort +## ingress: ClusterIP +## elsewhere: LoadBalancer +## +serviceType: ClusterIP +## Control hosts connecting to "LoadBalancer" only +serviceLoadBalancerSourceRanges: + - 127.0.0.0/8,::1,10.0.0.0/8,192.168.0.0/16 + +ingress: + enabled: false + hostname: + annotations: + kubernetes.io/ingress.class: cilium + ingressClassName: cilium + labels: + pool: priv + tls: + - secretName: partdb.xxx.com + hosts: + - partdb.xxx.com + +## For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1' +## For Kubernetes v1.7, use 'networking.k8s.io/v1' +networkPolicyApiVersion: networking.k8s.io/v1 + +persistence: + accessMode: ReadWriteOnce + enabled: true + size: 32Gi + storageClassName: csi-rbd-sc + +#smtp: +# host: +# password: +# port: +# protocol: smtps +# user: +