public_git
/
ckotzbauer_helm-charts
mirror of https://github.com/ckotzbauer/helm-charts.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat: first version of chekr chart 

Signed-off-by: Christian Kotzbauer <christian.kotzbauer@gmail.com>
This commit is contained in:
Christian Kotzbauer 2021-10-08 19:04:41 +02:00
parent 253ef0dc76
commit 0f1f6f0991
13 changed files with 525 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
charts/chekr/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/chekr/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: chekr
description: A inspection utility for the maintenance of Kubernetes clusters.
type: application
version: 0.5.0
appVersion: 0.5.0

62
charts/chekr/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "chekr.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "chekr.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "chekr.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "chekr.labels" -}}
helm.sh/chart: {{ include "chekr.chart" . }}
{{ include "chekr.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "chekr.selectorLabels" -}}
app.kubernetes.io/name: {{ include "chekr.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "chekr.serviceAccountName" -}}
{{- if .Values.job.serviceAccount.create }}
{{- default (include "chekr.fullname" .) .Values.job.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.job.serviceAccount.name }}
{{- end }}
{{- end }}

45
charts/chekr/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,45 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "chekr.fullname" . }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "list"
- apiGroups:
- ""
resources:
- "pods"
- "persistentvolumeclaims"
verbs:
- "get"
- apiGroups:
- ""
resources:
- "pods/portforward"
verbs:
- "*"
- apiGroups:
- "apps"
resources:
- "replicasets"
- "deployments"
- "daemonsets"
- "statefulsets"
verbs:
- "get"
- apiGroups:
- "kyverno.io"
resources:
- "clusterpolicies"
verbs:
- "get"
- "create"
- "update"
- "patch"
- "delete"

14
charts/chekr/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "chekr.fullname" . }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "chekr.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "chekr.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

11
charts/chekr/templates/configmap.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if .Values.job.config }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "chekr.fullname" . }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
data:
chekr.yaml: |
{{ toYaml .Values.job.config | indent 4 }}
{{- end }}

79
charts/chekr/templates/cronjob.yaml Normal file
View File

@ -0,0 +1,79 @@
{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: batch/v1
{{- else -}}
apiVersion: batch/v1beta1
{{- end }}
kind: CronJob
metadata:
name: {{ include "chekr.fullname" . }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
spec:
schedule: {{ .Values.job.schedule | quote }}
jobTemplate:
spec:
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
labels:
{{- include "chekr.selectorLabels" . | nindent 12 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 12 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 12 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 14 }}
image: "{{ .Values.job.image.repository }}:{{ .Values.job.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.job.image.pullPolicy }}
command:
- /bin/sh
args:
- -c
- |
{{- range .Values.job.commands }}
chekr {{ .command }} --output-file /results/{{ .outputFile }}
{{- end }}
{{- with .Values.job.env }}
env:
{{- toYaml . | nindent 14 }}
{{- end }}
resources:
{{- toYaml .Values.job.resources | nindent 14 }}
volumeMounts:
- name: results
mountPath: /results
{{- if .Values.job.config }}
- name: config
mountPath: /.config/chekr
{{- end }}
volumes:
- name: results
persistentVolumeClaim:
claimName: {{ include "chekr.fullname" . }}
{{- if .Values.job.config }}
- name: config
configMap:
name: {{ include "chekr.fullname" . }}
{{- end }}
serviceAccountName: {{ include "chekr.serviceAccountName" . }}
{{- with .Values.job.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.job.affinity }}
affinity:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.job.tolerations }}
tolerations:
{{- toYaml . | nindent 12 }}
{{- end }}
restartPolicy: OnFailure

64
charts/chekr/templates/deployment.yaml Normal file
View File

@ -0,0 +1,64 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chekr.fullname" . }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "chekr.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "chekr.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.webserver.image.repository }}:{{ .Values.webserver.image.tag }}"
imagePullPolicy: {{ .Values.webserver.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
protocol: TCP
#livenessProbe:
# httpGet:
# path: /
# port: http
#readinessProbe:
# httpGet:
# path: /
# port: http
resources:
{{- toYaml .Values.webserver.resources | nindent 12 }}
volumeMounts:
- name: results
mountPath: /usr/share/nginx/html
volumes:
- name: results
persistentVolumeClaim:
claimName: {{ include "chekr.fullname" . }}
{{- with .Values.webserver.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webserver.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.webserver.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

61
charts/chekr/templates/ingress.yaml Normal file
View File

@ -0,0 +1,61 @@
{{- if .Values.webserver.ingress.enabled -}}
{{- $fullName := include "chekr.fullname" . -}}
{{- $svcPort := .Values.webserver.service.port -}}
{{- if and .Values.webserver.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.webserver.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.webserver.ingress.annotations "kubernetes.io/ingress.class" .Values.webserver.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
{{- with .Values.webserver.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.webserver.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.webserver.ingress.className }}
{{- end }}
{{- if .Values.webserver.ingress.tls }}
tls:
{{- range .Values.webserver.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.webserver.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

14
charts/chekr/templates/persistentvolumeclaim.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "chekr.fullname" . }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
spec:
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: {{ .Values.persistence.size }}
storageClassName: {{ .Values.persistence.storageClass | quote }}

15
charts/chekr/templates/service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "chekr.fullname" . }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
spec:
type: {{ .Values.webserver.service.type }}
ports:
- port: {{ .Values.webserver.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "chekr.selectorLabels" . | nindent 4 }}

12
charts/chekr/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if .Values.job.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "chekr.serviceAccountName" . }}
labels:
{{- include "chekr.labels" . | nindent 4 }}
{{- with .Values.job.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

119
charts/chekr/values.yaml Normal file
View File

@ -0,0 +1,119 @@
# Default values for chekr.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
podSecurityContext:
fsGroup: 101
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 101
# Storage to store and serve report files (mandatory).
persistence:
storageClass: "-" # Storage-Class to use. RWX capability is required.
size: 256Mi
webserver:
image:
repository: nginxinc/nginx-unprivileged
pullPolicy: IfNotPresent
tag: mainline-alpine
service:
type: ClusterIP
port: 8080
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
job:
image:
repository: ghcr.io/ckotzbauer/chekr
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
schedule: "0 22 * * *"
commands: []
# - command: "deprecation list -o html"
# outputFile: "deprecation.html"
# - command: "resources -n shop-app --limits-threshold 20 -o json"
# outputFile: "shop-app-resources.json"
config:
# prometheus-url: monitoring/k8s-prometheus:9090
# prometheus-user: prometheus
env: []
# - name: CHEKR_SELECTOR
# value: "app.kubernetes.io/name=myapp"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""