-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
- Loading branch information
1 parent
e7c7313
commit 216f3a6
Showing
23 changed files
with
884 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
name: Helm - lint | ||
on: | ||
push: | ||
branches: | ||
- "!release" | ||
paths: | ||
- "charts/**" | ||
pull_request: | ||
paths: | ||
- "charts/**" | ||
|
||
concurrency: | ||
group: ${{ github.workflow }} | ||
cancel-in-progress: false | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
|
||
jobs: | ||
helm-lint: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 10 | ||
defaults: | ||
run: | ||
working-directory: charts | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Setup Helm | ||
uses: azure/setup-helm@v4.2.0 | ||
- name: Update helm dependencies | ||
run: helm dependency update diode | ||
- name: Run helm lint | ||
run: helm lint diode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
name: Helm - release | ||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: [ release ] | ||
paths: | ||
- "charts/**" | ||
|
||
concurrency: | ||
group: ${{ github.workflow }} | ||
cancel-in-progress: false | ||
|
||
permissions: | ||
contents: write | ||
|
||
jobs: | ||
helm-release: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 10 | ||
defaults: | ||
run: | ||
working-directory: charts | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Configure Git | ||
run: | | ||
git config user.name "$GITHUB_ACTOR" | ||
git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | ||
- name: Setup Helm | ||
uses: azure/setup-helm@v4.2.0 | ||
- name: Update helm dependencies | ||
run: | | ||
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx | ||
helm repo add jetstack https://charts.jetstack.io | ||
helm repo add bitnami https://charts.bitnami.com/bitnami | ||
- name: Run chart-releaser | ||
uses: helm/chart-releaser-action@v1.6.0 | ||
env: | ||
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | ||
CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Name }}-{{ .Version }} | ||
CR_INDEX_PATH: charts/index.yaml | ||
CR_PAGES_INDEX_PATH: charts/index.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Patterns to ignore when building packages. | ||
# This supports shell glob matching, relative path matching, and | ||
# negation (prefixed with !). Only one pattern per line. | ||
.DS_Store | ||
# Common VCS dirs | ||
.git/ | ||
.gitignore | ||
.bzr/ | ||
.bzrignore | ||
.hg/ | ||
.hgignore | ||
.svn/ | ||
# Common backup files | ||
*.swp | ||
*.bak | ||
*.tmp | ||
*.orig | ||
*~ | ||
# Various IDEs | ||
.project | ||
.idea/ | ||
*.tmproj | ||
.vscode/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
dependencies: | ||
- name: ingress-nginx | ||
repository: https://kubernetes.github.io/ingress-nginx | ||
version: 4.11.2 | ||
- name: cert-manager | ||
repository: https://charts.jetstack.io | ||
version: v1.16.1 | ||
- name: redis | ||
repository: oci://registry-1.docker.io/bitnamicharts | ||
version: 20.1.4 | ||
digest: sha256:f89ee5fc93ebfc48d7566073c20cbe8ab7b632e73f2fbd860b84d1b7a01ecf48 | ||
generated: "2024-10-14T19:29:43.398885+01:00" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
apiVersion: v2 | ||
name: diode | ||
description: A Helm chart for Diode | ||
type: application | ||
version: 0.1.0 | ||
appVersion: "0.6.0" | ||
home: https://github.com/netboxlabs/diode | ||
sources: | ||
- https://github.com/netboxlabs/diode | ||
maintainers: | ||
- name: NetBox Labs | ||
email: support@netboxlabs.com | ||
url: https://github.com/netboxlabs | ||
dependencies: | ||
- name: ingress-nginx | ||
version: 4.11.2 | ||
repository: https://kubernetes.github.io/ingress-nginx | ||
condition: ingress-nginx.enabled | ||
- name: cert-manager | ||
version: 1.16.1 | ||
repository: https://charts.jetstack.io | ||
condition: cert-manager.enabled | ||
- name: redis | ||
version: 20.1.4 | ||
repository: oci://registry-1.docker.io/bitnamicharts | ||
condition: redis.enabled |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
# diode | ||
|
||
A Helm chart for Diode | ||
|
||
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) | ||
|
||
## Installing the Chart | ||
|
||
Install custom resource definitions for cert-manager (if enabled): | ||
|
||
```console | ||
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.crds.yaml | ||
``` | ||
|
||
Create namespaces for ingress-nginx and cert-manager: | ||
|
||
```console | ||
kubectl create namespace diode-ingress | ||
kubectl create namespace diode-cert-manager | ||
``` | ||
|
||
Install the chart with the release name `my-release`: | ||
|
||
```console | ||
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx | ||
helm repo add jetstack https://charts.jetstack.io | ||
helm repo add bitnami https://charts.bitnami.com/bitnami | ||
helm repo add diode https://netboxlabs.github.io/diode/charts | ||
helm install my-release diode/diode --namespace my-namespace --create-namespace | ||
``` | ||
|
||
## Requirements | ||
|
||
| Repository | Name | Version | | ||
|------------|------|---------| | ||
| https://charts.jetstack.io | cert-manager | 1.16.1 | | ||
| https://kubernetes.github.io/ingress-nginx | ingress-nginx | 4.11.2 | | ||
| oci://registry-1.docker.io/bitnamicharts | redis | 20.1.4 | | ||
|
||
## Values | ||
|
||
| Key | Type | Default | Description | | ||
|-----|------|---------|-------------| | ||
| cert-manager | object | `{"enabled":false,"namespace":"diode-cert-manager"}` | ref: https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml | | ||
| cert-manager.enabled | bool | `false` | cert-manager enabled | | ||
| cert-manager.namespace | string | `"diode-cert-manager"` | cert-manager namespace | | ||
| certIssuer.email | string | `""` | email address for ACME registration | | ||
| certIssuer.enabled | bool | `false` | enable certificate issuer creation | | ||
| certIssuer.kind | string | `"Issuer"` | issuer kind (Issuer or ClusterIssuer) ref: https://cert-manager.io/docs/configuration/acme/ | | ||
| certIssuer.name | string | `""` | issuer name | | ||
| certIssuer.prod | bool | `false` | determines whether to use Let's Encrypt production or staging environment | | ||
| certIssuer.solvers | list | `[{"http01":{"ingress":{"ingressClassName":"nginx"}}}]` | solvers for the issuer | | ||
| diodeIngester.affinity | object | `{}` | custom affinity rules for the pod | | ||
| diodeIngester.config.reconcilerGrpcHost | string | `"diode-reconciler"` | diode-reconciler gRPC host | | ||
| diodeIngester.config.reconcilerGrpcPort | int | `8081` | diode-reconciler gRPC port | | ||
| diodeIngester.config.sentryDsn | string | `""` | sentry DSN | | ||
| diodeIngester.containerPort | int | `8081` | port to listen on | | ||
| diodeIngester.existingSecret | string | `""` | existing secret for diode-ingester | | ||
| diodeIngester.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | | ||
| diodeIngester.image.repository | string | `"netboxlabs/diode-ingester"` | image repository | | ||
| diodeIngester.image.securityContext | object | `{}` | security context for the container | | ||
| diodeIngester.image.tag | string | `"v0.6.0"` | image tag | | ||
| diodeIngester.nodeSelector | object | `{}` | node selector for the pod | | ||
| diodeIngester.podAnnotations | object | `{}` | additional pod annotations | | ||
| diodeIngester.podLabels | object | `{}` | additional pod labels | | ||
| diodeIngester.podSecurityContext | object | `{}` | additional pod security context | | ||
| diodeIngester.replicas | int | `1` | number of replicas | | ||
| diodeIngester.resources | object | `{}` | resources to allocate for the container | | ||
| diodeIngester.secrets.ingesterToReconcilerAPIKey | string | `""` | API key for authentication between diode-ingester and diode-reconciler | | ||
| diodeIngester.secrets.redisPassword | string | `""` | redis password, must match the password in the redis chart or external redis | | ||
| diodeIngester.serviceAccount.create | bool | `true` | create service account | | ||
| diodeIngester.serviceAccount.name | string | `"diode-ingester"` | service account name | | ||
| diodeIngester.serviceName | string | `"diode-ingester"` | service name | | ||
| diodeIngester.tolerations | list | `[]` | tolerations to use with node taints | | ||
| diodeReconciler.affinity | object | `{}` | custom affinity rules for the pod | | ||
| diodeReconciler.config.loggingLevel | string | `"DEBUG"` | logging level | | ||
| diodeReconciler.config.migrationEnabled | bool | `true` | migration enabled | | ||
| diodeReconciler.config.netboxDiodePluginAPIBaseURL | string | `"https://<NETBOX_BASE_URL>/api/plugins/diode"` | NetBox plugin API base URL | | ||
| diodeReconciler.config.netboxDiodePluginSkipTLSVerify | bool | `false` | NetBox plugin skip TLS verify | | ||
| diodeReconciler.config.sentryDsn | string | `""` | sentry DSN | | ||
| diodeReconciler.containerPort | int | `8081` | port to listen on | | ||
| diodeReconciler.existingSecret | string | `""` | existing secret for diode-ingester | | ||
| diodeReconciler.image.pullPolicy | string | `"IfNotPresent"` | image pull policy | | ||
| diodeReconciler.image.repository | string | `"netboxlabs/diode-reconciler"` | image repository | | ||
| diodeReconciler.image.securityContext | object | `{}` | security context for the container | | ||
| diodeReconciler.image.tag | string | `"v0.6.0"` | image tag | | ||
| diodeReconciler.nodeSelector | object | `{}` | node selector for the pod | | ||
| diodeReconciler.podAnnotations | object | `{}` | additional pod annotations | | ||
| diodeReconciler.podLabels | object | `{}` | additional pod labels | | ||
| diodeReconciler.podSecurityContext | object | `{}` | additional pod security context | | ||
| diodeReconciler.replicas | int | `1` | number of replicas | | ||
| diodeReconciler.resources | object | `{}` | | | ||
| diodeReconciler.secrets.diodeAPIKey | string | `""` | API key for authentication of diode ingestion requests | | ||
| diodeReconciler.secrets.diodeToNetboxAPIKey | string | `""` | API key for authentication between diode and NetBox API | | ||
| diodeReconciler.secrets.ingesterToReconcilerAPIKey | string | `""` | API key for authentication between diode-ingester and diode-reconciler | | ||
| diodeReconciler.secrets.netboxToDiodeAPIKey | string | `""` | API key for authentication between NetBox API and diode | | ||
| diodeReconciler.secrets.redisPassword | string | `""` | redis password, must match the password in the redis chart or external redis | | ||
| diodeReconciler.serviceAccount.create | bool | `true` | create service account | | ||
| diodeReconciler.serviceAccount.name | string | `"diode-reconciler"` | service account name | | ||
| diodeReconciler.serviceName | string | `"diode-reconciler"` | service name | | ||
| diodeReconciler.tolerations | list | `[]` | tolerations to use with node taints | | ||
| externalRedis.host | string | `""` | external redis host | | ||
| externalRedis.port | int | `6379` | external redis port | | ||
| ingress-nginx | object | `{"controller":{"allowSnippetAnnotations":true},"enabled":true,"hostname":"","ingressClass":"nginx","namespaceOverride":"diode-ingress"}` | ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml | | ||
| ingress-nginx.controller.allowSnippetAnnotations | bool | `true` | allow snippet annotations | | ||
| ingress-nginx.enabled | bool | `true` | ingress-nginx enabled | | ||
| ingress-nginx.hostname | string | `""` | hostname | | ||
| ingress-nginx.ingressClass | string | `"nginx"` | ingress class | | ||
| ingress-nginx.namespaceOverride | string | `"diode-ingress"` | override ingress-nginx namespace | | ||
| redis | object | `{"auth":{"existingSecret":"diode-ingester-secret","existingSecretPasswordKey":"REDIS_PASSWORD"},"commonConfiguration":"appendonly yes\nsave 60 1\nloadmodule /opt/redis-stack/lib/rejson.so\nloadmodule /opt/redis-stack/lib/redisearch.so","enabled":true,"image":{"pullPolicy":"IfNotPresent","repository":"redis/redis-stack-server","tag":"latest"},"replica":{"replicaCount":1}}` | ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml | | ||
| redis.auth.existingSecret | string | `"diode-ingester-secret"` | existing secret for redis password, either diodeIngester.existingSecret, diode-ingester-secret (created from diodeIngester.secrets) or your custom secret | | ||
| redis.auth.existingSecretPasswordKey | string | `"REDIS_PASSWORD"` | existing secret key for redis password | | ||
| redis.commonConfiguration | string | `"appendonly yes\nsave 60 1\nloadmodule /opt/redis-stack/lib/rejson.so\nloadmodule /opt/redis-stack/lib/redisearch.so"` | redis configuration | | ||
| redis.enabled | bool | `true` | redis enabled | | ||
| redis.image.pullPolicy | string | `"IfNotPresent"` | redis image pull policy | | ||
| redis.image.repository | string | `"redis/redis-stack-server"` | redis image repository | | ||
| redis.image.tag | string | `"latest"` | redis image tag | | ||
| redis.replica.replicaCount | int | `1` | number of redis replicas | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
{{ template "chart.header" . }} | ||
{{ template "chart.description" . }} | ||
|
||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} | ||
|
||
## Installing the Chart | ||
|
||
{{- define "cert-manager-version" }} | ||
{{- range .Dependencies }} | ||
{{- if eq .Name "cert-manager" }} | ||
{{- .Version }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
|
||
Install custom resource definitions for cert-manager (if enabled): | ||
|
||
```console | ||
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v{{ template "cert-manager-version" . }}/cert-manager.crds.yaml | ||
``` | ||
|
||
Create namespaces for ingress-nginx and cert-manager: | ||
|
||
```console | ||
kubectl create namespace diode-ingress | ||
kubectl create namespace diode-cert-manager | ||
``` | ||
|
||
Install the chart with the release name `my-release`: | ||
|
||
```console | ||
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx | ||
helm repo add jetstack https://charts.jetstack.io | ||
helm repo add bitnami https://charts.bitnami.com/bitnami | ||
helm repo add diode https://netboxlabs.github.io/diode/charts | ||
helm install my-release diode/{{ template "chart.name" . }} --namespace my-namespace --create-namespace | ||
``` | ||
|
||
{{ template "chart.requirementsSection" . }} | ||
|
||
{{ template "chart.valuesSection" . }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
CHART NAME: {{ .Chart.Name }} | ||
CHART VERSION: {{ .Chart.Version }} | ||
APP VERSION: {{ .Chart.AppVersion }} | ||
DESCRIPTION: {{ .Chart.Description }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{{/* | ||
Define redis host | ||
*/}} | ||
{{- define "diode.redis.host" -}} | ||
{{- if .Values.redis.enabled -}} | ||
{{- printf "%s-redis-master.%s.svc.cluster.local" .Release.Name .Release.Namespace -}} | ||
{{- else -}} | ||
{{- .Values.externalRedis.host -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Define redis port | ||
*/}} | ||
{{- define "diode.redis.port" -}} | ||
{{- if .Values.redis.enabled -}} | ||
{{- .Values.redis.master.containerPorts.redis -}} | ||
{{- else -}} | ||
{{- .Values.externalRedis.port -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Define diode-ingester-secret | ||
*/}} | ||
{{- define "diode-ingester.secret" -}} | ||
{{- if .Values.diodeIngester.existingSecret -}} | ||
{{- .Values.diodeIngester.existingSecret -}} | ||
{{- else -}} | ||
{{- printf "%s-secret" .Values.diodeIngester.serviceName -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Define diode-reconciler-secret | ||
*/}} | ||
{{- define "diode-reconciler.secret" -}} | ||
{{- if .Values.diodeReconciler.existingSecret -}} | ||
{{- .Values.diodeReconciler.existingSecret -}} | ||
{{- else -}} | ||
{{- printf "%s-secret" .Values.diodeReconciler.serviceName -}} | ||
{{- end -}} | ||
{{- end -}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: {{ .Values.diodeIngester.serviceName }}-config | ||
namespace: {{ .Release.Namespace }} | ||
data: | ||
RECONCILER_GRPC_HOST: {{ .Values.diodeIngester.config.reconcilerGrpcHost | quote }} | ||
RECONCILER_GRPC_PORT: {{ .Values.diodeIngester.config.reconcilerGrpcPort | quote }} | ||
REDIS_HOST: {{ include "diode.redis.host" . | quote }} | ||
REDIS_PORT: {{ include "diode.redis.port" . | quote }} | ||
SENTRY_DSN: {{ .Values.diodeIngester.config.sentryDsn | quote }} |
Oops, something went wrong.