Add Redis, Prometheus, PostgreSQL, MinIO, Kratos charts (#22)

* Add Redis chart

* Add Prometheus chart

* Add PostgreSQL chart

* Add Drupal page

* Update outscale chart

* Add MinIO chart

* Add Kratos chart

README.md

@@ -19,6 +19,7 @@ Helm charts to ease the deployment of containers on Kubernetes clusters and get
   * [WordPress](charts/wordpress/README.md) 🗸
 * Authentication / Identity
   * [Keycloak](charts/keycloak/README.md) 🗸
+  * [Kratos](charts/kratos/README.md) 🗸
 * Cloud providers
   * [Azure Storage](charts/azure-storage/README.md) 🗸
   * [Outscale](charts/outscale/README.md)
@@ -27,9 +28,9 @@ Helm charts to ease the deployment of containers on Kubernetes clusters and get
   * [MariaDB](charts/mariadb/README.md) 🗸
   * [memcached](charts/memcached/README.md)
   * [MongoDB](charts/mongodb/README.md)
-  * [PostgreSQL](charts/postgresql/README.md)
+  * [PostgreSQL](charts/postgresql/README.md) 🗸
   * [RabbitMQ](charts/rabbitmq/README.md) 🗸
-  * [Redis](charts/redis/README.md)
+  * [Redis](charts/redis/README.md) 🗸
 * Learning Platforms
   * [HobbyFarm](charts/hobbyfarm/README.md) 🗸
 * Networking / Messaging
@@ -51,7 +52,7 @@ Helm charts to ease the deployment of containers on Kubernetes clusters and get
 * Observability
   * [Elastic Stack](charts/elastic-stack/README.md)
   * [OpenTelemetry Collector](charts/opentelemetry-collector/README.md) 🗸
-  * [Prometheus](charts/prometheus/README.md)
+  * [Prometheus](charts/prometheus/README.md) 🗸
   * [Grafana](charts/grafana/README.md)
 * Secrets
   * [Sealed Secrets](charts/sealed-secrets/README.md) 🗸
@@ -62,7 +63,7 @@ Helm charts to ease the deployment of containers on Kubernetes clusters and get
 * Storage
   * [Kasten K10](charts/kasten-k10/README.md) 🗸
   * [Longhorn](charts/longhorn/README.md) 🗸
-  * [MinIO](charts/minio/README.md)
+  * [MinIO](charts/minio/README.md) 🗸
   * [s3gw](charts/s3gw/README.md) 🗸
 * Supply Chain (Software Factory)
   * [ArgoCD](charts/argo-cd/README.md) 🗸

charts/drupal/README.md

@@ -0,0 +1,17 @@
+## Drupal
+
+### Stable repository for Drupal
+
+[stable/drupal](https://github.com/helm/charts/tree/master/stable/drupal) refers to [bitnami chart](https://bitnami.com/stack/drupal/helm).
+
+Install with the default values (+ mandatory fields that are required): `helm install d8cluster stable/drupal --set mariadb.rootUser.password=password,mariadb.db.password=secretpassword`.
+
+Wait for the pods to be created: `kubectl get pods`.
+
+You should be able to access your new Drupal installation through [drupal.local](http://drupal.local/) and log with username = "user" and password = `kubectl get secret --namespace default d8cluster-drupal -o jsonpath="{.data.drupal-password}" | base64 --decode`.
+
+If [drupal.local](http://drupal.local/) doesn't work, look at the services state and see if the public ip of the LoadBalancer is defined. If you're on MiniKube it may be undefined, in this case look at minikube services `minikube service d8cluster-drupal --url` and open the link in the URL.
+
+### Additional reading on Drupal
+
+- Article from Jeff Geerling on [Running Drupal in Kubernetes with Docker in production](https://www.jeffgeerling.com/blog/2019/running-drupal-kubernetes-docker-production) _April 12, 2019_

charts/kratos/CONTRIBUTING.md

@@ -0,0 +1,64 @@
+# Contribute
+
+## How to update the dependencies
+
+```bash
+# makes sure the repository has been added and refreshed
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo add ory https://k8s.ory.sh/helm/charts
+helm repo update
+
+# searches for the latest version
+helm search repo -l kratos --versions
+helm search repo -l postgresql --versions
+
+# manual: update version number in Chart.yaml
+
+# updates Chart.lock
+helm dependency update
+```
+
+## How to check the manifest code quality
+
+```bash
+# checks code style
+helm lint
+
+# checks the Kubernetes objects generated from the chart
+helm template kratos . -f values.yaml --namespace kratos \
+  --set kratos.kratos.config.dsn=postgres://foo:bar@pg-sqlproxy-gcloud-sqlproxy:5432/db \
+  > temp.yaml
+```
+
+## How to deploy the chart from the sources
+
+### Example with NGINX Ingress Controller
+
+```bash
+# gets Ingress Controller external IP
+NGINX_PUBLIC_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].ip}'`
+
+# installs on a cluster
+helm upgrade --install kratos . -f values.yaml --create-namespace \
+  --set kratos.kratos.config.dsn=postgres://postgres:secretpassword@kratos-postgresql:5432/kratos \
+  --set-file kratos.kratos.identitySchemas.'identity\.default\.schema\.json'=examples/kratos/email-password/identity.schema.json \
+  --set kratos.kratos.automigration.enabled=true \
+  --set kratos.ingress.admin.enabled=true \
+  --set kratos.ingress.admin.className=nginx \
+  --set kratos.ingress.admin.annotations.'cert-manager\.io/cluster-issuer'=letsencrypt-prod \
+  --set kratos.ingress.admin.hosts[0].host=kratos-admin.${NGINX_PUBLIC_IP}.sslip.io \
+  --set kratos.ingress.admin.tls[0].secretName=kratos-admin-tls \
+  --set kratos.ingress.admin.tls[0].hosts[0]=kratos-admin.${NGINX_PUBLIC_IP}.sslip.io \
+  --set kratos.ingress.public.enabled=true \
+  --set kratos.ingress.public.className=nginx \
+  --set kratos.ingress.public.annotations.'cert-manager\.io/cluster-issuer'=letsencrypt-prod \
+  --set kratos.ingress.public.hosts[0].host=kratos.${NGINX_PUBLIC_IP}.sslip.io \
+  --set kratos.ingress.public.tls[0].secretName=kratos-tls \
+  --set kratos.ingress.public.tls[0].hosts[0]=kratos.${NGINX_PUBLIC_IP}.sslip.io \
+  --set postgresql.dependency.enabled=true \
+  --set postgresql.global.postgresql.auth.postgresPassword=secretpassword \
+  --namespace kratos \
+  --debug
+
+# manual: open http://kratos.${NGINX_PUBLIC_IP}.sslip.io/ (log in with admin/pasWd8char)
+```

charts/kratos/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: kratos
+  repository: https://k8s.ory.sh/helm/charts
+  version: 0.33.4
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.6.0
+digest: sha256:cf4c7369ecaf6bfb8c2d35ae11f60c7b9b3cb692f4b357b19b4beb66f8edb00d
+generated: "2023-07-03T11:39:45.082206693+02:00"

charts/kratos/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: kratos
+description: Helm chart for managing Kratos
+type: application
+version: "0.1.0"
+appVersion: "v0.13.0"
+dependencies:
+  # ref. https://k8s.ory.sh/helm/kratos.html
+  - name: kratos
+    version: 0.33.4   # appVersion: v0.13.0
+    repository: https://k8s.ory.sh/helm/charts
+    condition: kratos.dependency.enabled
+  # ref. https://github.com/bitnami/charts/blob/main/bitnami/postgresql
+  - name: postgresql
+    version: 12.6.0   # appVersion: 15.3.0
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.dependency.enabled
+maintainers:
+  - name: devpro
+    email: bertrand@devpro.fr
+home: https://github.com/devpro/helm-charts/tree/main/charts/kratos

charts/kratos/README.md

@@ -0,0 +1,30 @@
+# Helm chart for Kratos
+
+This Helm chart will install [Kratos](https://www.ory.sh/kratos/) ([code](https://github.com/ory/kratos), [docs](https://www.ory.sh/docs/kratos/ory-kratos-intro)) on a Kubernetes cluster.
+It is based on [the official Helm chart](https://k8s.ory.sh/helm/kratos.html) ([code](https://github.com/ory/k8s/tree/master/helm/charts/kratos)).
+
+## Usage
+
+```bash
+# if not already done, adds devpro repository in helm
+helm repo add devpro https://devpro.github.io/helm-charts
+helm repo update
+
+# installs the chart with default parameters
+helm upgrade --install kratos devpro/kratos --create-namespace --namespace kratos
+
+# cleans up
+helm uninstall kratos -n kratos
+kubectl delete ns kratos
+```
+
+## Configuration
+
+Setting up the authentication flow can be tricky. Here are some links with information that could help you.
+
+* [Quickstart](https://www.ory.sh/docs/kratos/quickstart)
+* [Kratos Helm chart hack values](https://github.com/ory/k8s/blob/master/hacks/values/kratos.yaml)
+
+## Going further
+
+Look at [Contibuting](CONTRIBUTING.md) page.

charts/kratos/examples/kratos/email-password/identity.schema.json

@@ -0,0 +1,49 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "E-Mail",
+          "minLength": 3,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              }
+            },
+            "verification": {
+              "via": "email"
+            },
+            "recovery": {
+              "via": "email"
+            }
+          }
+        },
+        "name": {
+          "type": "object",
+          "properties": {
+            "first": {
+              "title": "First Name",
+              "type": "string"
+            },
+            "last": {
+              "title": "Last Name",
+              "type": "string"
+            }
+          }
+        }
+      },
+      "required": [
+        "email"
+      ],
+      "additionalProperties": false
+    }
+  }
+}

charts/kratos/values.yaml

@@ -0,0 +1,20 @@
+# https://github.com/ory/k8s/blob/master/helm/charts/kratos/values.yaml
+kratos:
+  kratos:
+    config:
+      identity:
+        default_schema_id: default
+        schemas:
+          - id: default
+            url: file:///etc/config/identity.default.schema.json
+
+# https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
+postgresql:
+  dependency:
+    enabled: false
+  primary:
+    initdb:
+      scripts:
+        # creates the database (ref. https://artifacthub.io/packages/helm/bitnami/postgresql#initialize-a-fresh-instance)
+        init.sql: |
+          CREATE DATABASE kratos;

charts/minio/CONTRIBUTING.md

@@ -0,0 +1,71 @@
+# Contribute
+
+## How to update the dependencies
+
+```bash
+# makes sure the repository has been added and refreshed
+helm repo add minio https://charts.min.io/
+helm repo update
+
+# searches for the latest version
+helm search repo -l minio --versions
+
+# manual: update version number in Chart.yaml
+
+# updates Chart.lock
+helm dependency update
+```
+
+## How to check the manifest before deployment
+
+```bash
+# checks code style
+helm lint
+
+# checks the Kubernetes objects generated from the chart
+helm template minio . -f values.yaml \
+  --namespace minio > temp.yaml
+```
+
+## How to deploy the chart from the sources
+
+```bash
+# installs on a cluster
+helm upgrade --install minio . -f values.yaml --create-namespace \
+  --set minio.resources.requests.memory=512Mi \
+  --set minio.replicas=1 --set minio.mode=standalone \
+  --set minio.persistence.enabled=false \
+  --set minio.rootUser=admin,minio.rootPassword=pasWd8char \
+  --namespace minio \
+  # --debug
+```
+
+## How to access the console
+
+### Example with NGINX Ingress Controller and a default storage class defined
+
+ℹ MinIO Server comes with an embedded web based object browser
+
+```bash
+# gets Ingress Controller external IP
+NGINX_PUBLIC_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].ip}'`
+
+# installs on a cluster
+helm upgrade --install minio . -f values.yaml --create-namespace \
+  --set minio.resources.requests.memory=512Mi \
+  --set minio.replicas=1 \
+  --set minio.mode=standalone \
+  --set minio.persistence.enabled=true,minio.persistence.size=10Gi \
+  --set minio.rootUser=admin,minio.rootPassword=pasWd8char \
+  --set minio.ingress.enabled=true,minio.ingress.ingressClassName=nginx,minio.ingress.annotations.'cert-manager\.io/cluster-issuer'=letsencrypt-prod \
+  --set minio.ingress.hosts[0]=minio.${NGINX_PUBLIC_IP}.sslip.io \
+  --set minio.ingress.tls[0].secretName=minio-tls \
+  --set minio.ingress.tls[0].hosts[0]=minio.${NGINX_PUBLIC_IP}.sslip.io \
+  --set minio.consoleIngress.enabled=true,minio.consoleIngress.ingressClassName=nginx,minio.consoleIngress.annotations.'cert-manager\.io/cluster-issuer'=letsencrypt-prod \
+  --set minio.consoleIngress.hosts[0]=minio-console.${NGINX_PUBLIC_IP}.sslip.io \
+  --set minio.consoleIngress.tls[0].secretName=minio-console-tls \
+  --set minio.consoleIngress.tls[0].hosts[0]=minio-console.${NGINX_PUBLIC_IP}.sslip.io \
+  --namespace minio
+
+# manual: open http://minio-console.${NGINX_PUBLIC_IP}.sslip.io/ (log in with admin/pasWd8char)
+```

charts/minio/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: minio
+  repository: https://charts.min.io
+  version: 5.0.9
+digest: sha256:f93e3182ead43eb99cfb2e9caabfd9af08a106c8d4276feaae91ade0149b0ed4
+generated: "2023-07-03T08:56:29.967777315+02:00"

charts/minio/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: minio
+description: Helm chart for managing MinIO
+type: application
+version: "0.1.0"
+appVersion: "RELEASE.2023-04-28T18-11-17Z"
+dependencies:
+  - name: minio
+    version: 5.0.9  # appVersion: RELEASE.2023-04-28T18-11-17Z
+    repository: https://charts.min.io
+maintainers:
+  - name: devpro
+    email: bertrand@devpro.fr
+home: https://github.com/devpro/helm-charts/tree/main/charts/minio

charts/minio/README.md

@@ -1,3 +1,23 @@
-# MinIO
+# Helm chart for MinIO
 
-[min.io](https://min.io/)
+This Helm chart will install [min.io](https://min.io/) ([code](https://github.com/minio/minio)) on a Kubernetes cluster.
+It is based on [the official Helm chart](https://github.com/minio/minio/tree/master/helm/minio).
+
+## Quick start
+
+```bash
+# if not already done, adds devpro repository in helm
+helm repo add devpro https://devpro.github.io/helm-charts
+helm repo update
+
+# installs the chart with default parameters
+helm upgrade --install minio devpro/minio --create-namespace --namespace minio
+
+# cleans up
+helm uninstall minio -n minio
+kubectl delete ns minio
+```
+
+## Going further
+
+Look at [Contibuting](CONTRIBUTING.md) page.

charts/minio/values.yaml

@@ -0,0 +1,13 @@
+# https://github.com/minio/minio/blob/master/helm/minio/values.yaml
+minio: {}
+  # resources:
+  #   requests:
+  #     memory:
+  # replicas:
+  # mode:
+  # persistence:
+  #   enabled:
+  # # access key length should be at least 3 character long
+  # rootUser:
+  # # secret key length should be at least 8 character long
+  # rootPassword:

charts/outscale/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: osc-cloud-controller-manager
+  repository: oci://registry-1.docker.io/outscalehelm
+  version: 0.2.0
+- name: osc-bsu-csi-driver
+  repository: oci://registry-1.docker.io/outscalehelm
+  version: 1.2.1
+digest: sha256:8cba9c83f5b8dd659c59f05a6354a98c46d5db48a7bb59148a0b557acfbe139c
+generated: "2023-06-26T17:15:01.698505202+02:00"