Skip to content
This repository has been archived by the owner on Mar 5, 2024. It is now read-only.

self host helm chart #232

Closed
wants to merge 1 commit into from
Closed

self host helm chart #232

wants to merge 1 commit into from

Conversation

Joseph-Irving
Copy link
Contributor

@Joseph-Irving Joseph-Irving commented Mar 15, 2019
edited
Loading

In relation to #230
To make it easier for people to contribute to the kiam helm chart we can keep the definition here and self host the repo.
I've just set up an s3 bucket to use for this purpose. https://s3-eu-west-1.amazonaws.com/kiam-helm/charts

@codecov
Copy link

codecov bot commented Mar 15, 2019

Codecov Report

Merging #232 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff          @@
##           master   #232   +/-   ##
=====================================
  Coverage      42%    42%           
=====================================
  Files          25     25           
  Lines         900    900           
=====================================
  Hits          378    378           
  Misses        486    486           
  Partials       36     36

@Joseph-Irving
Copy link
Contributor Author

so it seems that it does not like being hosted in s3

helm repo add kiam  https://s3-eu-west-1.amazonaws.com/kiam-helm/charts
helm fetch kiam/kiam
Error: Get s3://kiam-helm/charts/kiam-2.1.0.tgz: unsupported protocol scheme "s3"

Strangely it works if you do a full path

helm fetch https://s3-eu-west-1.amazonaws.com/kiam-helm/charts/kiam-2.1.0.tgz

@Joseph-Irving
Copy link
Contributor Author

so that is because inside index.yaml you get

urls:
    - s3://kiam-helm/charts/kiam-2.1.0.tgz

@Joseph-Irving
Copy link
Contributor Author

seems like there is a PR on helm-s3 to fix this hypnoglow/helm-s3#70 but it's not been merged, the alternative is to use github pages but that will require more work to implement

danmx
danmx suggested changes Mar 18, 2019
View reviewed changes
helm/kiam/templates/agent-daemonset.yaml
{{- end }}
- name: xtables
hostPath:
path: /run/xtables.lock
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add type: FileOrCreate to match https://github.com/uswitch/kiam/blob/master/deploy/agent.yaml#L32 and address helm/charts#9261

helm/kiam/templates/agent-daemonset.yaml
- name: {{ template "kiam.name" . }}-{{ .Values.agent.name }}
{{- if .Values.agent.host.iptables }}
securityContext:
privileged: true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please only add NET_ADMIN capability to match https://github.com/uswitch/kiam/blob/master/deploy/agent.yaml#L37 and improve security of the agent

helm/kiam/templates/server-daemonset.yaml
- name: tls
secret:
{{- if .Values.server.tlsSecret }}
secretName: {{ .Values.server.tlsSecret }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding optional: false, it should prevent creation of the container when the secret is not mounted.

helm/kiam/templates/server-daemonset.yaml
{{- if .Values.server.tlsSecret }}
secretName: {{ .Values.server.tlsSecret }}
{{else}}
secretName: {{ template "kiam.fullname" . }}-server
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding optional: false, it should prevent creation of the container when the secret is not mounted.

helm/kiam/templates/agent-daemonset.yaml
- name: tls
secret:
{{- if .Values.agent.tlsSecret }}
secretName: {{ .Values.agent.tlsSecret }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding optional: false, it should prevent creation of the container when the secret is not mounted.

helm/kiam/templates/agent-daemonset.yaml
{{- if .Values.agent.tlsSecret }}
secretName: {{ .Values.agent.tlsSecret }}
{{else}}
secretName: {{ template "kiam.fullname" . }}-agent
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding optional: false, it should prevent creation of the container when the secret is not mounted.

@danmx danmx mentioned this pull request Mar 18, 2019
Merged
@ewbankkit
Copy link

ewbankkit commented Mar 19, 2019
edited
Loading

I'm happy to be replaced in the maintainers list in Chart.yaml.
Even though we're big users of kiam (and Helm) I have a myriad of other competing claims on my time 😄.

@danmx
Copy link

danmx commented Mar 25, 2019

@Joseph-Irving would you mind if I contribute my suggestions to your branch?

@Joseph-Irving
Copy link
Contributor Author

@danmx, sorry not really looked at this as the self hosting does not currently work. I'd rather get the hosting working first and then look at adding your suggestions.

@danmx
Copy link

danmx commented Apr 22, 2019

seems like there is a PR on helm-s3 to fix this hypnoglow/helm-s3#70 but it's not been merged, the alternative is to use github pages but that will require more work to implement

It seems that project is not maintained anymore

@danmx
Copy link

danmx commented Apr 22, 2019

why not use helm package to create an archive and directly upload it to S3?

@ewbankkit ewbankkit mentioned this pull request May 17, 2019
Closed
@Joseph-Irving Joseph-Irving deleted the helm branch March 16, 2020 15:31
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@danmx danmx danmx requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Joseph-Irving @ewbankkit @danmx