Merge pull request #1 from HenrikDK/heimdall

Heimdall
HenrikDK · Apr 22, 2024 · 8a96f78 · 8a96f78
2 parents 15b101a + a5975a6
commit 8a96f78
Show file tree

Hide file tree

Showing 9 changed files with 403 additions and 0 deletions.
diff --git a/charts/heimdall-dashboard/.helmignore b/charts/heimdall-dashboard/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/heimdall-dashboard/Chart.yaml b/charts/heimdall-dashboard/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: heimdall-dashboard
+appVersion: "0.1.0"
+version: 0.1.0
+description: Heimdall kubernetes dashboard for limited access.
+type: application
diff --git a/charts/heimdall-dashboard/templates/_helpers.tpl b/charts/heimdall-dashboard/templates/_helpers.tpl
@@ -0,0 +1,58 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "heimdall.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "heimdall.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "heimdall.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Controller labels.
+*/}}
+{{- define "heimdall.labels" -}}
+helm.sh/chart: {{ include "heimdall.chart" . }}
+{{ include "heimdall.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Controller Selector labels.
+*/}}
+{{- define "heimdall.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "heimdall.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use.
+*/}}
+{{- define "heimdall.serviceAccountName" -}}
+{{- default (include "heimdall.fullname" .) .Values.serviceAccount.name }}
+{{- end }}
diff --git a/charts/heimdall-dashboard/templates/rbac.yaml b/charts/heimdall-dashboard/templates/rbac.yaml
@@ -0,0 +1,75 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "heimdall.fullname" . }}
+rules:
+- apiGroups:
+  - "*"
+  resources:
+  - events
+  - namespaces
+  - namespaces/status
+  - nodes
+  - pods
+  - pods/log
+  - pods/status
+  - poddisruptionbudgets  
+  - services
+  - services/proxy
+  - deployments
+  - deployments/scale
+  - daemonsets
+  - replicasets
+  - replicasets/scale
+  - replicationcontrollers
+  - replicationcontrollers/scale
+  - replicationcontrollers/status
+  - statefulsets
+  - horizontalpodautoscalers
+  - cronjobs
+  - jobs
+  - ingresses
+  - bindings
+  verbs:
+  - get
+  - list
+  - watch
+  - proxy
+- nonResourceURLs:
+  - "*"
+  verbs:
+  - get
+  - list
+  - watch
+{{- if .Values.dashboard.canRestartPods }}
+- apiGroups:
+  - "*"
+  resources:
+  - pods
+  verbs:
+  - delete
+{{- end }}
+{{- if .Values.dashboard.canScalePods }}
+- apiGroups:
+  - "*"
+  resources:
+  - deployments/scale
+  - replicasets/scale
+  - replicationcontrollers/scale
+  verbs:
+  - put
+  - patch
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "heimdall.serviceAccountName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "heimdall.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "heimdall.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/heimdall-dashboard/templates/serviceaccount.yaml b/charts/heimdall-dashboard/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "heimdall.serviceAccountName" . }}
+  labels:
+    {{- include "heimdall.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
diff --git a/charts/heimdall-dashboard/templates/ui-deployment.yaml b/charts/heimdall-dashboard/templates/ui-deployment.yaml
@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "heimdall.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "heimdall.labels" . | nindent 4 }}
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "heimdall.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.podLabels }}
+      labels:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+        {{- include "heimdall.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "heimdall.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "heimdall.fullname" . }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: {{ .Values.image.url }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          env:
+            {{- if .Values.dashboard.metricsSecretName }}
+            - name: metrics_user
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.dashboard.metricsSecretName }}
+                  key: username
+                  optional: False
+            - name: metrics_password
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.dashboard.metricsSecretName }}
+                  key: password
+                  optional: false
+            {{- end }}
+            - name: metrics
+              value: {{ .Values.dashboard.metrics | quote }}
+            - name: metrics_type
+              value: {{ .Values.dashboard.metricsType | quote }}
+            - name: filters
+              value: {{ .Values.dashboard.namespaceFilters | quote }}
+            - name: can_restart_pods
+              value: {{ .Values.dashboard.canRestartPods | quote }}
+            - name: can_scale_pods
+              value: {{ .Values.dashboard.canScalePods | quote }}
+            - name: cluster_metrics_service
+              value: {{ .Values.dashboard.clusterMetricsService | quote }}
+            - name: cluster_metrics_namespace
+              value: {{ .Values.dashboard.clusterMetricsNamespace | quote }}
+            - name: cluster_metrics_port
+              value: {{ .Values.dashboard.clusterMetricsPort | quote }}
+            - name: external_metrics_url
+              value: {{ .Values.dashboard.externalMetricsUrl | quote }}
+            - name: external_metrics_headers
+              value: {{ .Values.dashboard.externalMetricsHeaders | quote }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/heimdall-dashboard/templates/ui-ingress.yaml b/charts/heimdall-dashboard/templates/ui-ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "heimdall.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.ingressAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingressClassName }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress }}
+      secretName: {{ include "heimdall.fullname" . }}
+  rules:
+    - host: {{ .Values.ingress }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ include "heimdall.fullname" . }}
+                port:
+                  number: 8080
diff --git a/charts/heimdall-dashboard/templates/ui-service.yaml b/charts/heimdall-dashboard/templates/ui-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "heimdall.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "heimdall.labels" . | nindent 4 }}
+spec:
+  type: "ClusterIP"
+  ports:
+    - port: 8080
+      targetPort: 4654
+      name: http
+  selector:
+    {{- include "heimdall.selectorLabels" . | nindent 4 }}