Skip to content

Commit

Permalink
feat(helm): init helm chart
Browse files Browse the repository at this point in the history
Signed-off-by: PINCHON Benjamin <[email protected]>
  • Loading branch information
mydoomfr committed Oct 29, 2024
1 parent b077bfa commit 35367df
Show file tree
Hide file tree
Showing 29 changed files with 2,016 additions and 15 deletions.
7 changes: 7 additions & 0 deletions .github/ci/ct.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
remote: origin
target-branch: main
validate-maintainers: false
check-version-increment: false
chart-dirs:
- charts
helm-extra-args: "--timeout=5m"
93 changes: 93 additions & 0 deletions .github/workflows/helm.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
name: Helm Chart

on:
push:
branches:
- main
- release-*
paths:
- charts/powerdns-operator/Chart.yaml

workflow_dispatch: {}

permissions:
contents: read

jobs:
lint-and-test:
name: Lint and Test
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0

- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: 3.x

- name: Set up Helm Chart Testing
uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1

- name: Set up Artifact Hub
run: |
curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5 /tmp/ah.tar.gz" | shasum --check
sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
- name: Lint chart
run: |
ct lint --config .github/ci/ct.yaml
ah lint --path charts/powerdns-operator
- name: Install chart unittest
run: |
helm env
helm plugin install https://github.com/helm-unittest/helm-unittest
- name: Run unitests
run: make helm-test

release:
name: Release
runs-on: ubuntu-latest

permissions:
contents: write

steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Set up Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0

- name: Run chart-releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
if: |
github.ref == 'refs/heads/main' ||
startsWith(github.ref, 'refs/heads/release-')
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }}
CR_SKIP_EXISTING: true
with:
charts_dir: charts
49 changes: 34 additions & 15 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,8 +1,22 @@
# Image URL to use all building/pushing image targets
IMG ?= controller:latest

## Tool Versions
KUSTOMIZE_VERSION ?= v5.4.3
CONTROLLER_TOOLS_VERSION ?= v0.16.2
ENVTEST_VERSION ?= release-0.19
GOLANGCI_LINT_VERSION ?= v1.61.0

# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.31.0

# Helm
HELM_UNITTEST_VERSION = 3.16.1-0.6.2
HELM_DOCS_VERSION = v1.14.2
HELM_DIR ?= charts/powerdns-operator

OUTPUT_DIR ?= bin

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
GOBIN=$(shell go env GOPATH)/bin
Expand Down Expand Up @@ -67,7 +81,7 @@ help: ## Display this help.

##@ Conformance
.PHONY: reviewable
reviewable: generate manifests lint ## Ensure a PR is ready for review.
reviewable: generate manifests helm-docs lint ## Ensure a PR is ready for review.
@go mod tidy

.PHONY: check-diff
Expand All @@ -81,6 +95,7 @@ check-diff: reviewable ## Ensure branch is clean.
.PHONY: manifests
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=charts/powerdns-operator/crds

.PHONY: generate
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
Expand Down Expand Up @@ -189,16 +204,26 @@ undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.
$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -


##@ Packaging
HELMIFY ?= $(LOCALBIN)/helmify
##@ Helm
helm-docs:
@cd $(HELM_DIR); \
docker run --rm -v $(shell pwd)/$(HELM_DIR):/helm-docs -u $(shell id -u) jnorwood/helm-docs:$(HELM_DOCS_VERSION)

.PHONY: helmify
helmify: $(HELMIFY) ## Download helmify locally if necessary.
$(HELMIFY): $(LOCALBIN)
test -s $(LOCALBIN)/helmify || GOBIN=$(LOCALBIN) go install github.com/arttor/helmify/cmd/helmify@latest
HELM_VERSION ?= $(shell helm show chart $(HELM_DIR) | grep '^version:' | sed 's/version: //g')

helm: manifests kustomize helmify
$(KUSTOMIZE) build config/default | $(HELMIFY) -crd-dir -image-pull-secrets
helm-build:
@$(INFO) helm package
@helm package $(HELM_DIR) --dependency-update --destination $(OUTPUT_DIR)/chart
@mv $(OUTPUT_DIR)/chart/powerdns-operator-$(HELM_VERSION).tgz $(OUTPUT_DIR)/chart/powerdns-operator.tgz
@$(OK) helm package

helm-test:
@cd $(HELM_DIR); \
docker run --rm -ti -v $(shell pwd)/$(HELM_DIR):/apps -u $(shell id -u) helmunittest/helm-unittest:$(HELM_UNITTEST_VERSION) .

helm-test-update:
@cd $(HELM_DIR); \
docker run --rm -ti -v $(shell pwd)/$(HELM_DIR):/apps -u $(shell id -u) helmunittest/helm-unittest:$(HELM_UNITTEST_VERSION) -u .

##@ Dependencies

Expand All @@ -214,12 +239,6 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION)
ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION)
GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)

## Tool Versions
KUSTOMIZE_VERSION ?= v5.4.3
CONTROLLER_TOOLS_VERSION ?= v0.16.2
ENVTEST_VERSION ?= release-0.19
GOLANGCI_LINT_VERSION ?= v1.61.0

.PHONY: kustomize
kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
$(KUSTOMIZE): $(LOCALBIN)
Expand Down
30 changes: 30 additions & 0 deletions charts/powerdns-operator/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

# CRD Readme.md
templates/crds/README.md

tests/
README.md.gotmpl
.helmignore
36 changes: 36 additions & 0 deletions charts/powerdns-operator/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
apiVersion: v2
name: powerdns-operator
description: Manage PowerDNS resources with Kubernetes
type: application
version: 0.1.0
appVersion: 0.1.0
kubeVersion: '>= 1.21.0-0'
keywords:
- powerdns-operator
- powerdns
- dns
home: https://orange-opensource.github.io/PowerDNS-Operator
icon: https://github.com/Orange-OpenSource/PowerDNS-Operator/blob/main/docs/assets/favicon.png?raw=true
maintainers:
- name: antrema
- name: mydoomfr
sources:
- https://github.com/Orange-OpenSource/PowerDNS-Operator
annotations:
artifacthub.io/crds: |
- kind: Zone
version: v1alpha1
name: zone.dns.cav.enablers.ob
displayName: Zone
description: |
A Zone is a collection of records that are managed together. Zones can
be used to represent a domain, a subdomain, or a set of records that are
managed together.
- kind: RRset
version: v1alpha1
name: rrset.dns.cav.enablers.ob
displayName: RRset
description: |
An RRset is a collection of records that share the same name and type.
RRsets can be used to represent a collection of records that are managed
together.
105 changes: 105 additions & 0 deletions charts/powerdns-operator/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
# PowerDNS Operator

[//]: # (README.md generated by gotmpl. DO NOT EDIT.)

![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)

Manage PowerDNS resources with Kubernetes

## TL;DR
```bash
helm repo add orange-opensource https://orange-opensource.github.io/PowerDNS-Operator
helm install powerdns-operator orange-opensource/powerdns-operator
```

## Installing the Chart
To install the chart with the release name `powerdns-operator`:
```bash
helm install powerdns-operator orange-opensource/powerdns-operator
```

## Uninstalling the Chart
To uninstall the `powerdns-operator` deployment:
```bash
helm uninstall powerdns-operator
```
The command removes all the Kubernetes components associated with the chart and deletes the release.

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| annotations | object | `{}` | Annotations to add to the controller deployment. |
| commonLabels | object | `{}` | |
| credentials.data.PDNS_API_KEY | string | `"secret"` | Specifies the PowerDNS API key used to authenticate |
| credentials.data.PDNS_API_URL | string | `"http://powerdns.powerdns.svc:8081"` | Specifies the PowerDNS API URL PDNS_API_URL: "https://powerdns.example.local:8081" |
| credentials.data.PDNS_API_VHOST | string | `"localhost"` | Specifies the PowerDNS VHOST |
| credentials.existingSecret | string | `""` | Specifies whether to use an existing secret. |
| credentials.name | string | `""` | Specifies the secret name to create if `existingSecret` is empty. |
| dnsConfig | object | `{}` | Specifies `dnsOptions` to deployment |
| dnsPolicy | string | `"ClusterFirst"` | Specifies `dnsPolicy` to deployment |
| fullnameOverride | string | `""` | |
| global.affinity | object | `{}` | |
| global.compatibility.openshift.adaptSecurityContext | string | `"auto"` | Manages the securityContext properties to make them compatible with OpenShift. Possible values: auto - Apply configurations if it is detected that OpenShift is the target platform. force - Always apply configurations. disabled - No modification applied. |
| global.nodeSelector | object | `{}` | |
| global.tolerations | list | `[]` | |
| global.topologySpreadConstraints | list | `[]` | |
| hostNetwork | bool | `false` | Run the controller on the host network |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"ghcr.io/orange-opensource/powerdns-operator"` | |
| image.tag | string | `""` | |
| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| labels | object | `{}` | Extra Labels to add to the controller deployment. |
| livenessProbe.httpGet.path | string | `"/healthz"` | |
| livenessProbe.httpGet.port | int | `8081` | |
| livenessProbe.initialDelaySeconds | int | `15` | |
| livenessProbe.periodSeconds | int | `20` | |
| metrics.service.annotations | object | `{}` | |
| metrics.service.enabled | bool | `true` | |
| metrics.service.ipFamilies | list | `[]` | Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. |
| metrics.service.ipFamilyPolicy | string | `""` | Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) |
| metrics.service.port | int | `8080` | |
| metrics.serviceMonitor.additionalLabels | object | `{}` | |
| metrics.serviceMonitor.annotations | object | `{}` | |
| metrics.serviceMonitor.enabled | bool | `true` | |
| metrics.serviceMonitor.labels | object | `{}` | |
| metrics.serviceMonitor.metricRelabelings | list | `[]` | |
| metrics.serviceMonitor.namespace | string | `""` | |
| metrics.serviceMonitor.relabelings | list | `[]` | |
| metrics.serviceMonitor.scheme | string | `"http"` | |
| metrics.serviceMonitor.scrapeInterval | string | `"15s"` | |
| metrics.serviceMonitor.scrapeTimeout | string | `"10s"` | |
| metrics.serviceMonitor.tlsConfig | object | `{}` | |
| nameOverride | string | `""` | |
| namespaceOverride | string | `""` | |
| nodeSelector | object | `{}` | |
| podAnnotations | object | `{}` | Extra annotations to add to the pod. |
| podLabels | object | `{}` | Extra labels to add to the pod. |
| podSecurityContext.enabled | bool | `true` | |
| podSecurityContext.runAsNonRoot | bool | `true` | |
| priorityClassName | string | `""` | Pod priority class name. |
| rbac.create | bool | `true` | |
| readinessProbe.httpGet.path | string | `"/readyz"` | |
| readinessProbe.httpGet.port | int | `8081` | |
| readinessProbe.initialDelaySeconds | int | `5` | |
| readinessProbe.periodSeconds | int | `10` | |
| replicaCount | int | `1` | |
| resources.limits.cpu | string | `"500m"` | |
| resources.limits.memory | string | `"128Mi"` | |
| resources.requests.cpu | string | `"10m"` | |
| resources.requests.memory | string | `"64Mi"` | |
| securityContext.allowPrivilegeEscalation | bool | `false` | |
| securityContext.capabilities.drop[0] | string | `"ALL"` | |
| securityContext.enabled | bool | `true` | |
| securityContext.readOnlyRootFilesystem | bool | `true` | |
| securityContext.runAsNonRoot | bool | `true` | |
| securityContext.runAsUser | int | `1000` | |
| securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
| serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
| terminationGracePeriodSeconds | int | `10` | |
| tolerations | list | `[]` | |
| topologySpreadConstraints | list | `[]` | |
30 changes: 30 additions & 0 deletions charts/powerdns-operator/README.md.gotmpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{{- $chartRepo := "https://orange-opensource.github.io/PowerDNS-Operator" -}}
{{- $org := "orange-opensource" -}}
# PowerDNS Operator

[//]: # (README.md generated by gotmpl. DO NOT EDIT.)

{{ template "chart.typeBadge" . }}{{ template "chart.versionBadge" . }}

{{ template "chart.description" . }}

## TL;DR
```bash
helm repo add {{ $org }} {{ $chartRepo }}
helm install powerdns-operator {{ $org }}/{{ template "chart.name" . }}
```

## Installing the Chart
To install the chart with the release name `{{ template "chart.name" . }}`:
```bash
helm install {{ template "chart.name" . }} {{ $org }}/{{ template "chart.name" . }}
```

## Uninstalling the Chart
To uninstall the `{{ template "chart.name" . }}` deployment:
```bash
helm uninstall {{ template "chart.name" . }}
```
The command removes all the Kubernetes components associated with the chart and deletes the release.

{{ template "chart.valuesSection" . }}
Loading

0 comments on commit 35367df

Please sign in to comment.