dust off helm chart (#37)

mittwald · Mar 19, 2020 · 1b65d9f · 1b65d9f
2 parents 68b787a + cf26980
commit 1b65d9f
Show file tree

Hide file tree

Showing 9 changed files with 166 additions and 77 deletions.
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -2,7 +2,6 @@ before:
   hooks:
     - go vet ./...
     - go test ./...
-    - go build
 builds:
   -
     env:
@@ -21,7 +20,7 @@ builds:
 checksum:
   name_template: 'checksums.txt'
 snapshot:
-  name_template: "{{ .Env.TRAVIS_BRANCH }}-next"
+  name_template: "{{ .Tag }}-next"
 changelog:
   sort: asc
   filters:
@@ -34,8 +33,9 @@ dockers:
     image_templates:
     - quay.io/mittwald/kubernetes-replicator:latest
     - quay.io/mittwald/kubernetes-replicator:stable
-    - quay.io/mittwald/kubernetes-replicator:{{ .Env.TRAVIS_BRANCH }}
-    - quay.io/mittwald/kubernetes-replicator:{{ .Env.TRAVIS_BRANCH }}-go{{ .Env.GO_VERSION }}
+    - quay.io/mittwald/kubernetes-replicator:v{{ .Major }}
+    - quay.io/mittwald/kubernetes-replicator:v{{ .Major }}.{{ .Minor }}
+    - quay.io/mittwald/kubernetes-replicator:{{ .Tag }}
     binaries:
       - kubernetes-replicator
     goos: linux
@@ -46,8 +46,9 @@ dockers:
     image_templates:
     - quay.io/mittwald/kubernetes-replicator-arm64:latest
     - quay.io/mittwald/kubernetes-replicator-arm64:stable
-    - quay.io/mittwald/kubernetes-replicator-arm64:{{ .Env.TRAVIS_BRANCH }}
-    - quay.io/mittwald/kubernetes-replicator-arm64:{{ .Env.TRAVIS_BRANCH }}-go{{ .Env.GO_VERSION }}
+    - quay.io/mittwald/kubernetes-replicator-arm64:v{{ .Major }}
+    - quay.io/mittwald/kubernetes-replicator-arm64:v{{ .Major }}.{{ .Minor }}
+    - quay.io/mittwald/kubernetes-replicator-arm64:{{ .Tag }}
     binaries:
       - kubernetes-replicator
     goos: linux
@@ -58,8 +59,9 @@ dockers:
     image_templates:
     - quay.io/mittwald/kubernetes-replicator-armv5:latest
     - quay.io/mittwald/kubernetes-replicator-armv5:stable
-    - quay.io/mittwald/kubernetes-replicator-armv5:{{ .Env.TRAVIS_BRANCH }}
-    - quay.io/mittwald/kubernetes-replicator-armv5:{{ .Env.TRAVIS_BRANCH }}-go{{ .Env.GO_VERSION }}
+    - quay.io/mittwald/kubernetes-replicator-armv5:v{{ .Major }}
+    - quay.io/mittwald/kubernetes-replicator-armv5:v{{ .Major }}.{{ .Minor }}
+    - quay.io/mittwald/kubernetes-replicator-armv5:{{ .Tag }}
     binaries:
       - kubernetes-replicator
     goos: linux
@@ -70,8 +72,9 @@ dockers:
     image_templates:
     - quay.io/mittwald/kubernetes-replicator-armv6:latest
     - quay.io/mittwald/kubernetes-replicator-armv6:stable
-    - quay.io/mittwald/kubernetes-replicator-armv6:{{ .Env.TRAVIS_BRANCH }}
-    - quay.io/mittwald/kubernetes-replicator-armv6:{{ .Env.TRAVIS_BRANCH }}-go{{ .Env.GO_VERSION }}
+    - quay.io/mittwald/kubernetes-replicator-armv6:v{{ .Major }}
+    - quay.io/mittwald/kubernetes-replicator-armv6:v{{ .Major }}.{{ .Minor }}
+    - quay.io/mittwald/kubernetes-replicator-armv6:{{ .Tag }}
     binaries:
       - kubernetes-replicator
     goos: linux
@@ -82,8 +85,9 @@ dockers:
     image_templates:
     - quay.io/mittwald/kubernetes-replicator-armv7:latest
     - quay.io/mittwald/kubernetes-replicator-armv7:stable
-    - quay.io/mittwald/kubernetes-replicator-armv7:{{ .Env.TRAVIS_BRANCH }}
-    - quay.io/mittwald/kubernetes-replicator-armv7:{{ .Env.TRAVIS_BRANCH }}-go{{ .Env.GO_VERSION }}
+    - quay.io/mittwald/kubernetes-replicator-armv7:v{{ .Major }}
+    - quay.io/mittwald/kubernetes-replicator-armv7:v{{ .Major }}.{{ .Minor }}
+    - quay.io/mittwald/kubernetes-replicator-armv7:{{ .Tag }}
     binaries:
       - kubernetes-replicator
     goos: linux

diff --git a/.travis.yml b/.travis.yml
@@ -1,5 +1,9 @@
 language: go
 
+dist: bionic
+
+os: linux
+
 go:
   - '1.12'
 
@@ -14,16 +18,24 @@ env:
     - GO111MODULE=on
     - CGO_ENABLED=0
     - GO_VERSION=1.12
-    - secure: "VNMhL0rwbAaiTV3YrERYSN57/EsMbtp6QET0cN0O4LSWlt0SRDBIeKXnL+Ex3Q7BMY+++DPovW4jZcIVnKyKvH5oGCgJ9Ilj6/Vk9GRKuyu5X+XQi4CuY9f70fz5gCb5ESpeLP9LD12Q6tsNrfRVO+zJiqyvjkZJYZAeTOZmL8szoJIDK83foRmVvwGdTQEK6Pq5fnaNXePcDqgywApDu9QMrab6HcoxZ/TZ99sJP7OEZTQIitdjfTQkol8bx34KT9NUvtd1nvMdcXAWaKyraFr4hJJEYIyB9b3rTtHemKQUhaQm3lrvuy0ns8wqNVyGV9u9qSPdtrL0rqdllw3xm3s5Azg7F+cnVBLyUebG/t5QpAipPeknkRKaicbAyjEZJUIrSLyVma1KQo82btmX/CeFlfS2tyNq9OtOfHouYxdrry8FtMH2DlUkFjHpry5E+FYBldUYDh6HGLYpXuk5JJkx5Td3DL2cqJHpYi6OjcENNESsFkg2ONGW6X3fu7khIkpBrnLMeWwGKlnwn2SVuvcfB/mBKK93Rknm2RdJGEYuOazidRjxRvl9y1oEwerx0SaQH5/uI/QwPN0ksVEiXVXD/C/Djp6nBptxnJdXPBl5gqZsSQ2Qd9JVN2B1oXb1wgHBcIO8ikmuKG8/32IJpFeOCSnkYVEjKSVqQ1MtQhs="
+    - HELM_VERSION=v3.1.2
+
+install:
+  - wget https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O /tmp/helm.tar.gz
+  - tar xzf /tmp/helm.tar.gz -C /tmp --strip-components=1
+  - chmod +x /tmp/helm
+
 script:
+  - /tmp/helm template ./deploy/helm-chart/kubernetes-replicator/.
+  - /tmp/helm lint ./deploy/helm-chart/kubernetes-replicator/
   - curl -sL https://git.io/goreleaser | bash -s -- --snapshot --skip-publish --rm-dist
 
 before_deploy:
-  - if [[ -n "${DOCKER_LOGIN_USERNAME}" ]] && [[ -n "${DOCKER_LOGIN_PASSWORD}" ]] && [[ -n "${DOCKER_LOGIN_URL}" ]]; then docker login -u "${DOCKER_LOGIN_USERNAME}" -p "${DOCKER_LOGIN_PASSWORD}" "${DOCKER_LOGIN_URL}"; fi
+  - docker login -u "${DOCKER_LOGIN_USERNAME}" -p "${DOCKER_LOGIN_PASSWORD}" "${DOCKER_LOGIN_URL}"
   - export FULL_IMAGE="${DOCKER_LOGIN_URL}/mittwald/kubernetes-replicator"
 deploy:
   - provider: script
-    skip_cleanup: true
+    cleanup: false
     script: >-
       curl -sL https://git.io/goreleaser | bash -s -- --snapshot --skip-publish --rm-dist &&
       docker push "${FULL_IMAGE}:latest" &&
@@ -36,8 +48,23 @@ deploy:
       branch: master
       condition: $TRAVIS_OS_NAME = linux
   - provider: script
-    skip_cleanup: true
-    script: curl -sL https://git.io/goreleaser | bash -s -- --rm-dist
+    cleanup: false
+    script: >-
+      curl -sL https://git.io/goreleaser | bash -s -- --rm-dist &&
+      git config --global user.name "Mittwald Machine" &&
+      git config --global user.email "opensource@mittwald.de" &&
+      git remote add publisher https://mittwald-machine:${GITHUB_TOKEN}@github.com/mittwald/kubernetes-replicator.git &&
+      git reset --hard origin/master &&
+      git checkout master &&
+      git pull &&
+      sed -i "s#appVersion:.*#appVersion: ${TRAVIS_TAG}#g" ./deploy/helm-chart/kubernetes-replicator/Chart.yaml &&
+      git add ./deploy/helm-chart/kubernetes-replicator/Chart.yaml &&
+      git commit -m "Bump appVersion to '${TRAVIS_TAG}'" &&
+      git pull --rebase publisher master &&
+      git push publisher master &&
+      curl -X POST 'https://api.github.com/repos/mittwald/helm-charts/dispatches'
+      -u mittwald-machine:${GITHUB_TOKEN}
+      -d '{"event_type": "updateCharts"}'
     on:
       tags: true
       condition: $TRAVIS_OS_NAME = linux
diff --git a/README.md b/README.md
@@ -19,9 +19,19 @@ secrets and config maps available in multiple namespaces.
 
 ### Using Helm
 
-```shellsession
-$ helm upgrade --install kubernetes-replicator ./deploy/helm-chart/kubernetes-replicator
-```
+1. [Add the Mittwald-Charts Repo](https://github.com/mittwald/helm-charts/blob/master/README.md#usage):
+    ```shellsession
+    $ helm repo add mittwald https://helm.mittwald.de
+    "mittwald" has been added to your repositories
+
+    $ helm repo update
+    Hang tight while we grab the latest from your chart repositories...
+    ...Successfully got an update from the "mittwald" chart repository
+    Update Complete. ⎈ Happy Helming!⎈
+    ```
+
+2. Upgrade or install `kubernetes-replicator`
+    `helm upgrade --install kubernetes-replicator mittwald/kubernetes-replicator`
 
 ### Manual
 

diff --git a/deploy/helm-chart/kubernetes-replicator/Chart.yaml b/deploy/helm-chart/kubernetes-replicator/Chart.yaml
@@ -1,6 +1,13 @@
+# apiVersion will be set to v2 as soon as Github Workflows supports Helmv2 Charts
+# https://github.com/mittwald/helm-charts/blob/master/README.md#limitations
 apiVersion: v1
-appVersion: "1.0.0-alpha1"
-description: Controller for replicating secrets+configmaps across namespaces
 name: kubernetes-replicator
-version: 0.1.0
-url: https://github.com/mittwald/kubernetes-replicator
+description: Controller for replicating secrets+configmaps across namespaces
+
+# type will be set to soon as Github Workflows supports Helmv2 Charts
+# https://github.com/mittwald/helm-charts/blob/master/README.md#limitations
+#type: application
+
+version: 0.2.0
+
+appVersion: v2.2.2
diff --git a/deploy/helm-chart/kubernetes-replicator/templates/NOTES.txt b/deploy/helm-chart/kubernetes-replicator/templates/NOTES.txt
diff --git a/deploy/helm-chart/kubernetes-replicator/templates/_helpers.tpl b/deploy/helm-chart/kubernetes-replicator/templates/_helpers.tpl
@@ -30,3 +30,34 @@ Create chart name and version as used by the chart label.
 {{- define "kubernetes-replicator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubernetes-replicator.labels" -}}
+helm.sh/chart: {{ include "kubernetes-replicator.chart" . }}
+{{ include "kubernetes-replicator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubernetes-replicator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubernetes-replicator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubernetes-replicator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "kubernetes-replicator.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/deploy/helm-chart/kubernetes-replicator/templates/deployment.yaml b/deploy/helm-chart/kubernetes-replicator/templates/deployment.yaml
@@ -3,40 +3,44 @@ kind: Deployment
 metadata:
   name: {{ include "kubernetes-replicator.fullname" . }}
   labels:
-    app.kubernetes.io/name: {{ include "kubernetes-replicator.name" . }}
-    helm.sh/chart: {{ include "kubernetes-replicator.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- include "kubernetes-replicator.labels" . | nindent 4 }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "kubernetes-replicator.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- include "kubernetes-replicator.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: {{ include "kubernetes-replicator.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- include "kubernetes-replicator.selectorLabels" . | nindent 8 }}
     spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "kubernetes-replicator.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: health
               containerPort: 9102
-          readinessProbe:
+              protocol: TCP
+          livenessProbe:
             httpGet:
               path: /healthz
               port: health
-          livenessProbe:
+          readinessProbe:
             httpGet:
               path: /healthz
               port: health
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-      serviceAccountName: {{ include "kubernetes-replicator.fullname" . }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/deploy/helm-chart/kubernetes-replicator/templates/rbac.yaml b/deploy/helm-chart/kubernetes-replicator/templates/rbac.yaml
@@ -1,44 +1,41 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kubernetes-replicator.serviceAccountName" . }}
+  labels:
+    {{- include "kubernetes-replicator.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+---
 kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "kubernetes-replicator.fullname" . }}
   labels:
-    app.kubernetes.io/name: {{ include "kubernetes-replicator.name" . }}
-    helm.sh/chart: {{ include "kubernetes-replicator.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- include "kubernetes-replicator.labels" . | nindent 4 }}
 rules:
-- apiGroups: [""] # "" indicates the core API group
-  resources: ["secrets", "configmaps"]
-  verbs: ["get", "watch", "list", "update", "patch"]
-- apiGroups: ["rbac.authorization.k8s.io"]
-  resources: ["roles", "rolebindings"]
-  verbs: ["get", "watch", "list", "update", "patch"]
+  - apiGroups: [""] # "" indicates the core API group
+    resources: ["secrets", "configmaps"]
+    verbs: ["get", "watch", "list", "update", "patch"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["roles", "rolebindings"]
+    verbs: ["get", "watch", "list", "update", "patch"]
 ---
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "kubernetes-replicator.fullname" . }}
   labels:
-    app.kubernetes.io/name: {{ include "kubernetes-replicator.name" . }}
-    helm.sh/chart: {{ include "kubernetes-replicator.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- include "kubernetes-replicator.labels" . | nindent 4 }}
 roleRef:
   kind: ClusterRole
   name: {{ include "kubernetes-replicator.fullname" . }}
   apiGroup: rbac.authorization.k8s.io
 subjects:
   - kind: ServiceAccount
     name: {{ include "kubernetes-replicator.fullname" . }}
-    namespace: {{ .Release.Namespace }}
----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
-  name: {{ include "kubernetes-replicator.fullname" . }}
-  labels:
-    app.kubernetes.io/name: {{ include "kubernetes-replicator.name" . }}
-    helm.sh/chart: {{ include "kubernetes-replicator.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    namespace: {{ .Release.Namespace | quote }}
+{{- end -}}
diff --git a/deploy/helm-chart/kubernetes-replicator/values.yaml b/deploy/helm-chart/kubernetes-replicator/values.yaml
@@ -1,26 +1,35 @@
-# Default values for kubernetes-replicator.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
 image:
   repository: quay.io/mittwald/kubernetes-replicator
-  tag: stable
-  pullPolicy: IfNotPresent
+  #tag: stable # if no tag is given, the chart's appVersion is used
+  pullPolicy: Always
 
+imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+serviceAccount:
+  create: true
+  annotations: {}
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
 resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
   # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
+  #   cpu: 100m
+  #   memory: 128Mi
   # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
+  #   cpu: 100m
+  #   memory: 128Mi
 
 nodeSelector: {}