Skip to content

Commit

Permalink
feat: diode helm chart (#184)
Browse files Browse the repository at this point in the history
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
  • Loading branch information
mfiedorowicz authored Oct 15, 2024
1 parent e7c7313 commit 216f3a6
Show file tree
Hide file tree
Showing 23 changed files with 884 additions and 8 deletions.
14 changes: 6 additions & 8 deletions .github/pull_request_labeler.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,14 +74,6 @@ diode-server:
- 'diode-server/*'
- 'diode-server/**/*'

diode-distributor:
- changed-files:
- any-glob-to-any-file:
- 'diode-server/cmd/distributor/*'
- 'diode-server/cmd/distributor/**/*'
- 'diode-server/distributor/*'
- 'diode-server/distributor/**/*'

diode-ingester:
- changed-files:
- any-glob-to-any-file:
Expand All @@ -97,3 +89,9 @@ diode-reconciler:
- 'diode-server/cmd/reconciler/**/*'
- 'diode-server/reconciler/*'
- 'diode-server/reconciler/**/*'

diode-chart:
- changed-files:
- any-glob-to-any-file:
- 'charts/*'
- 'charts/**/*'
35 changes: 35 additions & 0 deletions .github/workflows/helm-lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Helm - lint
on:
push:
branches:
- "!release"
paths:
- "charts/**"
pull_request:
paths:
- "charts/**"

concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false

permissions:
contents: write
pull-requests: write

jobs:
helm-lint:
runs-on: ubuntu-latest
timeout-minutes: 10
defaults:
run:
working-directory: charts
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Helm
uses: azure/setup-helm@v4.2.0
- name: Update helm dependencies
run: helm dependency update diode
- name: Run helm lint
run: helm lint diode
45 changes: 45 additions & 0 deletions .github/workflows/helm-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
name: Helm - release
on:
workflow_dispatch:
push:
branches: [ release ]
paths:
- "charts/**"

concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false

permissions:
contents: write

jobs:
helm-release:
runs-on: ubuntu-latest
timeout-minutes: 10
defaults:
run:
working-directory: charts
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Setup Helm
uses: azure/setup-helm@v4.2.0
- name: Update helm dependencies
run: |
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add jetstack https://charts.jetstack.io
helm repo add bitnami https://charts.bitnami.com/bitnami
- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.6.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Name }}-{{ .Version }}
CR_INDEX_PATH: charts/index.yaml
CR_PAGES_INDEX_PATH: charts/index.yaml
23 changes: 23 additions & 0 deletions charts/diode/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
12 changes: 12 additions & 0 deletions charts/diode/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
dependencies:
- name: ingress-nginx
repository: https://kubernetes.github.io/ingress-nginx
version: 4.11.2
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.16.1
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 20.1.4
digest: sha256:f89ee5fc93ebfc48d7566073c20cbe8ab7b632e73f2fbd860b84d1b7a01ecf48
generated: "2024-10-14T19:29:43.398885+01:00"
26 changes: 26 additions & 0 deletions charts/diode/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
apiVersion: v2
name: diode
description: A Helm chart for Diode
type: application
version: 0.1.0
appVersion: "0.6.0"
home: https://github.com/netboxlabs/diode
sources:
- https://github.com/netboxlabs/diode
maintainers:
- name: NetBox Labs
email: support@netboxlabs.com
url: https://github.com/netboxlabs
dependencies:
- name: ingress-nginx
version: 4.11.2
repository: https://kubernetes.github.io/ingress-nginx
condition: ingress-nginx.enabled
- name: cert-manager
version: 1.16.1
repository: https://charts.jetstack.io
condition: cert-manager.enabled
- name: redis
version: 20.1.4
repository: oci://registry-1.docker.io/bitnamicharts
condition: redis.enabled
118 changes: 118 additions & 0 deletions charts/diode/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
# diode

A Helm chart for Diode

![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)

## Installing the Chart

Install custom resource definitions for cert-manager (if enabled):

```console
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.crds.yaml
```

Create namespaces for ingress-nginx and cert-manager:

```console
kubectl create namespace diode-ingress
kubectl create namespace diode-cert-manager
```

Install the chart with the release name `my-release`:

```console
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add jetstack https://charts.jetstack.io
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add diode https://netboxlabs.github.io/diode/charts
helm install my-release diode/diode --namespace my-namespace --create-namespace
```

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| https://charts.jetstack.io | cert-manager | 1.16.1 |
| https://kubernetes.github.io/ingress-nginx | ingress-nginx | 4.11.2 |
| oci://registry-1.docker.io/bitnamicharts | redis | 20.1.4 |

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| cert-manager | object | `{"enabled":false,"namespace":"diode-cert-manager"}` | ref: https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml |
| cert-manager.enabled | bool | `false` | cert-manager enabled |
| cert-manager.namespace | string | `"diode-cert-manager"` | cert-manager namespace |
| certIssuer.email | string | `""` | email address for ACME registration |
| certIssuer.enabled | bool | `false` | enable certificate issuer creation |
| certIssuer.kind | string | `"Issuer"` | issuer kind (Issuer or ClusterIssuer) ref: https://cert-manager.io/docs/configuration/acme/ |
| certIssuer.name | string | `""` | issuer name |
| certIssuer.prod | bool | `false` | determines whether to use Let's Encrypt production or staging environment |
| certIssuer.solvers | list | `[{"http01":{"ingress":{"ingressClassName":"nginx"}}}]` | solvers for the issuer |
| diodeIngester.affinity | object | `{}` | custom affinity rules for the pod |
| diodeIngester.config.reconcilerGrpcHost | string | `"diode-reconciler"` | diode-reconciler gRPC host |
| diodeIngester.config.reconcilerGrpcPort | int | `8081` | diode-reconciler gRPC port |
| diodeIngester.config.sentryDsn | string | `""` | sentry DSN |
| diodeIngester.containerPort | int | `8081` | port to listen on |
| diodeIngester.existingSecret | string | `""` | existing secret for diode-ingester |
| diodeIngester.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
| diodeIngester.image.repository | string | `"netboxlabs/diode-ingester"` | image repository |
| diodeIngester.image.securityContext | object | `{}` | security context for the container |
| diodeIngester.image.tag | string | `"v0.6.0"` | image tag |
| diodeIngester.nodeSelector | object | `{}` | node selector for the pod |
| diodeIngester.podAnnotations | object | `{}` | additional pod annotations |
| diodeIngester.podLabels | object | `{}` | additional pod labels |
| diodeIngester.podSecurityContext | object | `{}` | additional pod security context |
| diodeIngester.replicas | int | `1` | number of replicas |
| diodeIngester.resources | object | `{}` | resources to allocate for the container |
| diodeIngester.secrets.ingesterToReconcilerAPIKey | string | `""` | API key for authentication between diode-ingester and diode-reconciler |
| diodeIngester.secrets.redisPassword | string | `""` | redis password, must match the password in the redis chart or external redis |
| diodeIngester.serviceAccount.create | bool | `true` | create service account |
| diodeIngester.serviceAccount.name | string | `"diode-ingester"` | service account name |
| diodeIngester.serviceName | string | `"diode-ingester"` | service name |
| diodeIngester.tolerations | list | `[]` | tolerations to use with node taints |
| diodeReconciler.affinity | object | `{}` | custom affinity rules for the pod |
| diodeReconciler.config.loggingLevel | string | `"DEBUG"` | logging level |
| diodeReconciler.config.migrationEnabled | bool | `true` | migration enabled |
| diodeReconciler.config.netboxDiodePluginAPIBaseURL | string | `"https://<NETBOX_BASE_URL>/api/plugins/diode"` | NetBox plugin API base URL |
| diodeReconciler.config.netboxDiodePluginSkipTLSVerify | bool | `false` | NetBox plugin skip TLS verify |
| diodeReconciler.config.sentryDsn | string | `""` | sentry DSN |
| diodeReconciler.containerPort | int | `8081` | port to listen on |
| diodeReconciler.existingSecret | string | `""` | existing secret for diode-ingester |
| diodeReconciler.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
| diodeReconciler.image.repository | string | `"netboxlabs/diode-reconciler"` | image repository |
| diodeReconciler.image.securityContext | object | `{}` | security context for the container |
| diodeReconciler.image.tag | string | `"v0.6.0"` | image tag |
| diodeReconciler.nodeSelector | object | `{}` | node selector for the pod |
| diodeReconciler.podAnnotations | object | `{}` | additional pod annotations |
| diodeReconciler.podLabels | object | `{}` | additional pod labels |
| diodeReconciler.podSecurityContext | object | `{}` | additional pod security context |
| diodeReconciler.replicas | int | `1` | number of replicas |
| diodeReconciler.resources | object | `{}` | |
| diodeReconciler.secrets.diodeAPIKey | string | `""` | API key for authentication of diode ingestion requests |
| diodeReconciler.secrets.diodeToNetboxAPIKey | string | `""` | API key for authentication between diode and NetBox API |
| diodeReconciler.secrets.ingesterToReconcilerAPIKey | string | `""` | API key for authentication between diode-ingester and diode-reconciler |
| diodeReconciler.secrets.netboxToDiodeAPIKey | string | `""` | API key for authentication between NetBox API and diode |
| diodeReconciler.secrets.redisPassword | string | `""` | redis password, must match the password in the redis chart or external redis |
| diodeReconciler.serviceAccount.create | bool | `true` | create service account |
| diodeReconciler.serviceAccount.name | string | `"diode-reconciler"` | service account name |
| diodeReconciler.serviceName | string | `"diode-reconciler"` | service name |
| diodeReconciler.tolerations | list | `[]` | tolerations to use with node taints |
| externalRedis.host | string | `""` | external redis host |
| externalRedis.port | int | `6379` | external redis port |
| ingress-nginx | object | `{"controller":{"allowSnippetAnnotations":true},"enabled":true,"hostname":"","ingressClass":"nginx","namespaceOverride":"diode-ingress"}` | ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml |
| ingress-nginx.controller.allowSnippetAnnotations | bool | `true` | allow snippet annotations |
| ingress-nginx.enabled | bool | `true` | ingress-nginx enabled |
| ingress-nginx.hostname | string | `""` | hostname |
| ingress-nginx.ingressClass | string | `"nginx"` | ingress class |
| ingress-nginx.namespaceOverride | string | `"diode-ingress"` | override ingress-nginx namespace |
| redis | object | `{"auth":{"existingSecret":"diode-ingester-secret","existingSecretPasswordKey":"REDIS_PASSWORD"},"commonConfiguration":"appendonly yes\nsave 60 1\nloadmodule /opt/redis-stack/lib/rejson.so\nloadmodule /opt/redis-stack/lib/redisearch.so","enabled":true,"image":{"pullPolicy":"IfNotPresent","repository":"redis/redis-stack-server","tag":"latest"},"replica":{"replicaCount":1}}` | ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml |
| redis.auth.existingSecret | string | `"diode-ingester-secret"` | existing secret for redis password, either diodeIngester.existingSecret, diode-ingester-secret (created from diodeIngester.secrets) or your custom secret |
| redis.auth.existingSecretPasswordKey | string | `"REDIS_PASSWORD"` | existing secret key for redis password |
| redis.commonConfiguration | string | `"appendonly yes\nsave 60 1\nloadmodule /opt/redis-stack/lib/rejson.so\nloadmodule /opt/redis-stack/lib/redisearch.so"` | redis configuration |
| redis.enabled | bool | `true` | redis enabled |
| redis.image.pullPolicy | string | `"IfNotPresent"` | redis image pull policy |
| redis.image.repository | string | `"redis/redis-stack-server"` | redis image repository |
| redis.image.tag | string | `"latest"` | redis image tag |
| redis.replica.replicaCount | int | `1` | number of redis replicas |
41 changes: 41 additions & 0 deletions charts/diode/README.md.gotmpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{{ template "chart.header" . }}
{{ template "chart.description" . }}

{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}

## Installing the Chart

{{- define "cert-manager-version" }}
{{- range .Dependencies }}
{{- if eq .Name "cert-manager" }}
{{- .Version }}
{{- end }}
{{- end }}
{{- end }}

Install custom resource definitions for cert-manager (if enabled):

```console
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v{{ template "cert-manager-version" . }}/cert-manager.crds.yaml
```

Create namespaces for ingress-nginx and cert-manager:

```console
kubectl create namespace diode-ingress
kubectl create namespace diode-cert-manager
```

Install the chart with the release name `my-release`:

```console
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add jetstack https://charts.jetstack.io
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add diode https://netboxlabs.github.io/diode/charts
helm install my-release diode/{{ template "chart.name" . }} --namespace my-namespace --create-namespace
```

{{ template "chart.requirementsSection" . }}

{{ template "chart.valuesSection" . }}
4 changes: 4 additions & 0 deletions charts/diode/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
DESCRIPTION: {{ .Chart.Description }}
43 changes: 43 additions & 0 deletions charts/diode/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
{{/*
Define redis host
*/}}
{{- define "diode.redis.host" -}}
{{- if .Values.redis.enabled -}}
{{- printf "%s-redis-master.%s.svc.cluster.local" .Release.Name .Release.Namespace -}}
{{- else -}}
{{- .Values.externalRedis.host -}}
{{- end -}}
{{- end -}}

{{/*
Define redis port
*/}}
{{- define "diode.redis.port" -}}
{{- if .Values.redis.enabled -}}
{{- .Values.redis.master.containerPorts.redis -}}
{{- else -}}
{{- .Values.externalRedis.port -}}
{{- end -}}
{{- end -}}

{{/*
Define diode-ingester-secret
*/}}
{{- define "diode-ingester.secret" -}}
{{- if .Values.diodeIngester.existingSecret -}}
{{- .Values.diodeIngester.existingSecret -}}
{{- else -}}
{{- printf "%s-secret" .Values.diodeIngester.serviceName -}}
{{- end -}}
{{- end -}}

{{/*
Define diode-reconciler-secret
*/}}
{{- define "diode-reconciler.secret" -}}
{{- if .Values.diodeReconciler.existingSecret -}}
{{- .Values.diodeReconciler.existingSecret -}}
{{- else -}}
{{- printf "%s-secret" .Values.diodeReconciler.serviceName -}}
{{- end -}}
{{- end -}}
11 changes: 11 additions & 0 deletions charts/diode/templates/diode-ingester-configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.diodeIngester.serviceName }}-config
namespace: {{ .Release.Namespace }}
data:
RECONCILER_GRPC_HOST: {{ .Values.diodeIngester.config.reconcilerGrpcHost | quote }}
RECONCILER_GRPC_PORT: {{ .Values.diodeIngester.config.reconcilerGrpcPort | quote }}
REDIS_HOST: {{ include "diode.redis.host" . | quote }}
REDIS_PORT: {{ include "diode.redis.port" . | quote }}
SENTRY_DSN: {{ .Values.diodeIngester.config.sentryDsn | quote }}
Loading

0 comments on commit 216f3a6

Please sign in to comment.