From 5e0107127071a0c1e3d128a6d1d43a1aadd31bf8 Mon Sep 17 00:00:00 2001 From: Daniel Lundin Date: Wed, 23 May 2018 12:41:56 +0200 Subject: [PATCH 1/3] Add helm chart for deployment --- chart/nsync/.helmignore | 21 ++++++++++ chart/nsync/Chart.yaml | 5 +++ chart/nsync/templates/NOTES.txt | 1 + chart/nsync/templates/_helpers.tpl | 32 ++++++++++++++++ chart/nsync/templates/deployment.yaml | 55 +++++++++++++++++++++++++++ chart/nsync/values.yaml | 28 ++++++++++++++ 6 files changed, 142 insertions(+) create mode 100644 chart/nsync/.helmignore create mode 100644 chart/nsync/Chart.yaml create mode 100644 chart/nsync/templates/NOTES.txt create mode 100644 chart/nsync/templates/_helpers.tpl create mode 100644 chart/nsync/templates/deployment.yaml create mode 100644 chart/nsync/values.yaml diff --git a/chart/nsync/.helmignore b/chart/nsync/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/chart/nsync/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/chart/nsync/Chart.yaml b/chart/nsync/Chart.yaml new file mode 100644 index 0000000..54605ac --- /dev/null +++ b/chart/nsync/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "0.0.8" +description: A Helm chart for Kubernetes +name: nsync +version: 0.0.8 diff --git a/chart/nsync/templates/NOTES.txt b/chart/nsync/templates/NOTES.txt new file mode 100644 index 0000000..1998298 --- /dev/null +++ b/chart/nsync/templates/NOTES.txt @@ -0,0 +1 @@ +For further instructions, please see https://github.com/verloop/nsync/blob/master/README.md diff --git a/chart/nsync/templates/_helpers.tpl b/chart/nsync/templates/_helpers.tpl new file mode 100644 index 0000000..17a250b --- /dev/null +++ b/chart/nsync/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "nsync.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nsync.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nsync.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/chart/nsync/templates/deployment.yaml b/chart/nsync/templates/deployment.yaml new file mode 100644 index 0000000..aabb329 --- /dev/null +++ b/chart/nsync/templates/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "nsync.fullname" . }} + labels: + app: {{ template "nsync.name" . }} + chart: {{ template "nsync.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "nsync.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "nsync.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/chart/nsync/values.yaml b/chart/nsync/values.yaml new file mode 100644 index 0000000..7fa9421 --- /dev/null +++ b/chart/nsync/values.yaml @@ -0,0 +1,28 @@ +# Default values for nsync. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: verloopio/nsync + tag: 0.0.8 + pullPolicy: IfNotPresent + +annotations: {} + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 77967fcb14340acfe8a57a6a7ad9872b08270aef Mon Sep 17 00:00:00 2001 From: Daniel Lundin Date: Wed, 23 May 2018 16:40:21 +0200 Subject: [PATCH 2/3] helm: Remove unused ports --- chart/nsync/templates/deployment.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/chart/nsync/templates/deployment.yaml b/chart/nsync/templates/deployment.yaml index aabb329..02cdc81 100644 --- a/chart/nsync/templates/deployment.yaml +++ b/chart/nsync/templates/deployment.yaml @@ -27,18 +27,6 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 80 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} From 5c514ab5267752b83ddea499ed41b2dd3384b904 Mon Sep 17 00:00:00 2001 From: Daniel Lundin Date: Fri, 25 May 2018 09:48:22 +0200 Subject: [PATCH 3/3] Add RBAC templates --- chart/nsync/templates/_helpers.tpl | 11 +++++++ chart/nsync/templates/deployment.yaml | 1 + chart/nsync/templates/rbac.yaml | 37 +++++++++++++++++++++++ chart/nsync/templates/serviceaccount.yaml | 13 ++++++++ chart/nsync/values.yaml | 11 +++++++ 5 files changed, 73 insertions(+) create mode 100644 chart/nsync/templates/rbac.yaml create mode 100644 chart/nsync/templates/serviceaccount.yaml diff --git a/chart/nsync/templates/_helpers.tpl b/chart/nsync/templates/_helpers.tpl index 17a250b..80af6f9 100644 --- a/chart/nsync/templates/_helpers.tpl +++ b/chart/nsync/templates/_helpers.tpl @@ -30,3 +30,14 @@ Create chart name and version as used by the chart label. {{- define "nsync.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nsync.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "nsync.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/chart/nsync/templates/deployment.yaml b/chart/nsync/templates/deployment.yaml index 02cdc81..4d0734f 100644 --- a/chart/nsync/templates/deployment.yaml +++ b/chart/nsync/templates/deployment.yaml @@ -23,6 +23,7 @@ spec: app: {{ template "nsync.name" . }} release: {{ .Release.Name }} spec: + serviceAccountName: {{ template "nsync.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/chart/nsync/templates/rbac.yaml b/chart/nsync/templates/rbac.yaml new file mode 100644 index 0000000..7f91eb9 --- /dev/null +++ b/chart/nsync/templates/rbac.yaml @@ -0,0 +1,37 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ template "nsync.fullname" . }} + labels: + app: {{ template "nsync.name" . }} + chart: {{ template "nsync.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["create", "get", "watch", "list", "update", "patch"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ template "nsync.fullname" . }} + labels: + app: {{ template "nsync.name" . }} + chart: {{ template "nsync.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "nsync.fullname" . }} +subjects: + - name: {{ template "nsync.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + kind: ServiceAccount +{{- end -}} + diff --git a/chart/nsync/templates/serviceaccount.yaml b/chart/nsync/templates/serviceaccount.yaml new file mode 100644 index 0000000..43533d6 --- /dev/null +++ b/chart/nsync/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "nsync.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "nsync.name" . }} + chart: {{ template "nsync.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} + diff --git a/chart/nsync/values.yaml b/chart/nsync/values.yaml index 7fa9421..212b96e 100644 --- a/chart/nsync/values.yaml +++ b/chart/nsync/values.yaml @@ -26,3 +26,14 @@ nodeSelector: {} tolerations: [] affinity: {} + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: