diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 97d550a..0ad9072 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -46,3 +46,7 @@ updates: patterns: ['golangci/*'] release: patterns: ['softprops/*'] + azure: + patterns: ['azure/*'] + helm: + patterns: ['helm/*'] diff --git a/.github/values.yml b/.github/values.yml new file mode 100644 index 0000000..f5b30e4 --- /dev/null +++ b/.github/values.yml @@ -0,0 +1,10 @@ +autoscaling: + enabled: true + +ingress: + enabled: true + hosts: + - host: example.com + paths: + - path: / + pathType: ImplementationSpecific diff --git a/.github/workflows/helm-chart.yml b/.github/workflows/helm-chart.yml new file mode 100644 index 0000000..4bbaccb --- /dev/null +++ b/.github/workflows/helm-chart.yml @@ -0,0 +1,46 @@ +name: Helm chart + +on: + push: + branches: [ main ] + paths: + - 'chart/**' + pull_request: + branches: [ main ] + paths: + - 'chart/**' + +jobs: + lint: + name: Run linter + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Helm + uses: azure/setup-helm@v4 + + - name: Lint + run: helm lint chart + + validation: + name: Validate manifests + runs-on: ubuntu-latest + strategy: + matrix: + version: ['1.29.8', '1.30.4', '1.31.0'] + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Helm + uses: azure/setup-helm@v4 + + - name: Install plugin + run: helm plugin install https://github.com/jtyr/kubeconform-helm + + - name: Validate + run: helm kubeconform --summary -f .github/values.yml chart diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a3058cf..a7ac999 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -96,17 +96,13 @@ jobs: uses: docker/metadata-action@v5 with: images: | - ghcr.io/chialab/print2pdf + ghcr.io/chialab/print2pdf-go/${{ matrix.module }} tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} - flavor: | - suffix=-${{ matrix.module }} - latest=false - name: Login to GitHub Packages - if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: registry: ghcr.io @@ -122,3 +118,31 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + release-chart: + name: Package and release Helm chart + if: ${{ startsWith(github.ref_name, 'v') }} + runs-on: ubuntu-latest + timeout-minutes: 5 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Login to GitHub Packages + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Helm + uses: azure/setup-helm@v4 + + - name: Package chart + run: helm package chart + + - name: Publish chart + run: | + version="$(grep 'version:' ./chart/Chart.yaml | tail -n1 | awk '{ print $2 }')" + helm push "print2pdf-go-${version}.tgz" oci://ghcr.io/chialab/helm-charts diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index fc79e38..c7b7024 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -4,13 +4,11 @@ on: push: branches: [ main ] paths: - - '**.tf' - - '**.tfpl' + - 'terraform/**' pull_request: branches: [ main ] paths: - - '**.tf' - - '**.tfpl' + - 'terraform/**' jobs: format: diff --git a/README.md b/README.md index 342693b..284553d 100644 --- a/README.md +++ b/README.md @@ -72,12 +72,12 @@ for the available tags. The `plain` image can be used like this: ```shell -docker run --rm -it -p '3000:3000' -e 'BUCKET=mybucket' ghcr.io/chialab/print2pdf:0.1-plain +docker run --rm -it -p '3000:3000' -e 'BUCKET=mybucket' ghcr.io/chialab/print2pdf-go/plain:0.1 ``` The `lambda` image can be used locally like this: ```shell -docker run --rm -it -p '8080:8080' -e 'BUCKET=mybucket' --entrypoint '/usr/local/bin/aws-lambda-rie' ghcr.io/chialab/print2pdf:0.1-lambda "/app/print2pdf" +docker run --rm -it -p '8080:8080' -e 'BUCKET=mybucket' --entrypoint '/usr/local/bin/aws-lambda-rie' ghcr.io/chialab/print2pdf-go/lambda:0.1 "/app/print2pdf" ``` The image is based on [lambda/provided](https://gallery.ecr.aws/lambda/provided), so it comes with [Lambda RIE](https://github.com/aws/aws-lambda-runtime-interface-emulator/) @@ -87,7 +87,9 @@ for more informations on how to deploy Lambda functions using container images. Since it is expected to be run behind an API Gateway, to be used locally the request body for the `/print` endpoint must be converted to a JSON string and used as value of a `body` parameter. Also, the actual endpoint to call is `http://localhost:8080/2015-03-31/functions/function/invocations`. -A Terraform module is also provided in the `terraform` directory for convenience, it can be used to setup the AWS infrastructure +### Terraform module + +A Terraform module is provided in the `terraform` directory for convenience, it can be used to setup the AWS infrastructure needed to deploy the image as a Lambda function: ```terraform module "lambda" { @@ -95,3 +97,14 @@ module "lambda" { ... } ``` + +**NOTE:** you will need to build and push the Docker image to the created ECR repository before creating the Lambda function. + +### Helm chart + +An Helm chart is provided in the `chart` directory for deploying the `plain` application in Kubernetes, and is distributed using GitHub's OCI container registry. + +The chart repo URL is `oci://ghcr.io/chialab/helm-charts/print2pdf-go`. Usage example: +```shell +helm install example-release oci://ghcr.io/chialab/helm-charts/print2pdf-go --namespace example-ns --values example.yml --version ~0.1.0 +``` diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 0000000..c06c95a --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: print2pdf-go +description: A Helm chart for deploying Print2PDF +type: application +sources: + - https://github.com/chialab/print2pdf-go +maintainers: + - name: Chialab +version: 0.1.0 +appVersion: "0.1.9" diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt new file mode 100644 index 0000000..6f40ce8 --- /dev/null +++ b/chart/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "print2pdf.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "print2pdf.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "print2pdf.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "print2pdf.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl new file mode 100644 index 0000000..4ebaa3e --- /dev/null +++ b/chart/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "print2pdf.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "print2pdf.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "print2pdf.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "print2pdf.labels" -}} +helm.sh/chart: {{ include "print2pdf.chart" . }} +{{ include "print2pdf.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "print2pdf.selectorLabels" -}} +app.kubernetes.io/name: {{ include "print2pdf.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "print2pdf.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "print2pdf.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml new file mode 100644 index 0000000..a34d8e2 --- /dev/null +++ b/chart/templates/deployment.yaml @@ -0,0 +1,91 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "print2pdf.fullname" . }} + labels: + {{- include "print2pdf.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "print2pdf.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "print2pdf.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "print2pdf.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.containerPort }} + protocol: TCP + {{- with .Values.podEnvironment }} + env: + {{- range $key, $env := . }} + - name: {{ $key | quote }} + {{- if $env.value }} + value: {{ $env.value | quote }} + {{- else }} + valueFrom: + {{- if $env.configMap }} + configMapKeyRef: + name: {{ $env.configMap.name | quote }} + key: {{ $env.configMap.key | quote }} + optional: {{ $env.configMap.optional | default false }} + {{- end }} + {{- if $env.secret }} + secretKeyRef: + name: {{ $env.secret.name | quote }} + key: {{ $env.secret.key | quote }} + optional: {{ $env.secret.optional | default false }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/chart/templates/hpa.yaml b/chart/templates/hpa.yaml new file mode 100644 index 0000000..89ca117 --- /dev/null +++ b/chart/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "print2pdf.fullname" . }} + labels: + {{- include "print2pdf.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "print2pdf.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml new file mode 100644 index 0000000..5b81c97 --- /dev/null +++ b/chart/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "print2pdf.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "print2pdf.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + name: http + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml new file mode 100644 index 0000000..416d6c5 --- /dev/null +++ b/chart/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "print2pdf.fullname" . }} + labels: + {{- include "print2pdf.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "print2pdf.selectorLabels" . | nindent 4 }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..562b781 --- /dev/null +++ b/chart/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "print2pdf.serviceAccountName" . }} + labels: + {{- include "print2pdf.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 0000000..9e1dc0f --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,121 @@ +# Default values for chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + registry: ghcr.io + repository: chialab/print2pdf-go/plain + tag: "" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +podEnvironment: {} +# PORT: +# value: 3000 +# CORS_ALLOWED_HOSTS: +# configMap: +# name: "print2pdf-config-map" +# key: "allowedHosts" +# optional: true +# BUCKET: +# secret: +# name: 'print2pdf-secret' +# key: 'bucketName' + +service: + type: ClusterIP + port: 80 + containerPort: 3000 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: [] + # - host: print2pdf-example.local + # paths: + # - path: / + # pathType: ImplementationSpecific + tls: [] + # - secretName: print2pdf-example-tls + # hosts: + # - print2pdf-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: /status + port: http +readinessProbe: + httpGet: + path: /status + port: http + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {}