Initial chart version

Update deployment-web.yaml Delete templates/secret-external-twilio.yaml Update values.yaml Update values.yaml Update values.yaml Delete templates/secret-external-email.yaml Delete templates/secret-external-postgres.yaml Update values.yaml Update values.yaml Update secret-external-postgres.yaml Update deployment-web.yaml Update deployment-web.yaml Update deployment-web.yaml Update deployment-web.yaml Update deployment-web.yaml Update deployment-web.yaml Update deployment-web.yaml Update secret-external-email.yaml Update secret-external-email.yaml Update deployment-web.yaml Update values.yaml Update values.yaml Create secret-external-twilio.yaml Update values.yaml Create secret-external-email.yaml Update values.yaml Update values.yaml Update helm-lint.yaml Create helm-lint.yaml Update deployment-web.yaml Update values.yaml Update deployment-web.yaml Update deployment-web.yaml Update values.yaml Update deployment-web.yaml Update values.yaml Update deployment-web.yaml Update values.yaml Update values.yaml Update service-web.yaml Update deployment-web.yaml Update deployment-web.yaml Update deployment-web.yaml Update service-web.yaml Update values.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update ingress-web.yaml Update values.yaml Update README.md Update ingress-web.yaml Create initContainer for db chore: initial chart Initial commit
PixeloTeam · Jun 7, 2024 · 0f2c38b · 0f2c38b
commit 0f2c38b
Show file tree

Hide file tree

Showing 12 changed files with 487 additions and 0 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto
diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml
@@ -0,0 +1,37 @@
+name: Test Push
+
+on:
+  push:
+    branches:
+      - "main"
+
+jobs:
+  Read_HelmCharts:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - id: read_projects
+        run: |
+          echo "helm_charts=$(find . -type f -name "Chart.yaml" | xargs dirname | jq --compact-output --raw-input --slurp 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
+    outputs:
+      helm_charts: ${{ steps.read_projects.outputs.helm_charts }}
+
+  Helm_lint:
+    needs: Read_HelmCharts
+    strategy:
+      matrix:
+        projects: ${{fromJson(needs.Read_HelmCharts.outputs.helm_charts)}}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository code
+        uses: actions/checkout@v3
+
+      - name: Setup Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.9.0
+
+      - name: "Helm Lint ${{ matrix.projects }}"
+        run: |
+          helm lint ${{ matrix.projects }}
+        shell: bash
diff --git a/Chart.yaml b/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: chiefonboarding
+description: A Helm chart for ChiefOnboarding application
+version: 0.1.0
+appVersion: "latest"
diff --git a/README.md b/README.md
@@ -0,0 +1,83 @@
+# ChiefOnboarding helm chart
+
+This Helm chart deploys the ChiefOnboarding application along with a PostgreSQL database. Chiefonboarding is an application for automating onboardings and provisioning accounts by creating pipelines. The users can interact with the app through a Slack bot. Project website: https://chiefonboarding.com/
+
+## Prerequisites
+
+- Kubernetes 1.12+
+- Helm 3.0+
+
+## Installation
+
+To install the chart with the release name `my-release`:
+
+```sh
+helm install my-release chiefonboarding-0.1.0.tgz
+```
+
+The command deploys ChiefOnboarding on the Kubernetes cluster with the default configuration. The values.yaml file can be customized to override the default settings.
+
+## Uninstallation
+To uninstall/delete the my-release deployment:
+
+```sh
+helm uninstall my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+The following table lists the configurable parameters of the Helm chart and their default values.
+
+| Parameter                         | Description                                                   | Default                         |
+|-----------------------------------|---------------------------------------------------------------|---------------------------------|
+| `replicaCount`                    | Number of replicas for both web and db deployments            | `1`                             |
+| `image.web.repository`            | Web application Docker image repository                       | `chiefonboarding/chiefonboarding` |
+| `image.web.tag`                   | Web application Docker image tag                              | `latest`                        |
+| `image.web.pullPolicy`            | Web application Docker image pull policy                      | `IfNotPresent`                  |
+| `image.db.repository`             | Database Docker image repository                              | `postgres`                      |
+| `image.db.tag`                    | Database Docker image tag                                     | `latest`                        |
+| `image.db.pullPolicy`             | Database Docker image pull policy                             | `IfNotPresent`                  |
+| `service.web.type`                | Web service type                                              | `ClusterIP`                     |
+| `service.web.port`                | Web service port                                              | `8000`                          |
+| `service.db.type`                 | Database service type                                         | `ClusterIP`                     |
+| `service.db.port`                 | Database service port                                         | `5432`                          |
+| `ingress.enabled`                 | Enable ingress for web component                              | `true`                          |
+| `ingress.className`               | Ingress class name                                            | `""`                            |
+| `ingress.annotations`             | Annotations for the ingress                                   | `{}`                            |
+| `ingress.hosts`                   | Hosts configuration for ingress                               | `[{ host: localhost, paths: [{ path: /, pathType: ImplementationSpecific }] }]` |
+| `ingress.tls`                     | TLS configuration for ingress                                 | `[]`                            |
+| `postgresql.internal.enabled`     | Enable internal PostgreSQL deployment                         | `true`                          |
+| `postgresql.internal.postgresDatabase` | PostgreSQL database name                                | `chiefonboarding`               |
+| `postgresql.internal.postgresUser`| PostgreSQL username                                           | `postgres`                      |
+| `postgresql.internal.postgresPassword` | PostgreSQL password                                      | `securepassword123`             |
+| `postgresql.external.enabled`     | Enable external PostgreSQL service                            | `false`                         |
+| `postgresql.external.host`        | External PostgreSQL host                                      | `""`                            |
+| `postgresql.external.port`        | External PostgreSQL port                                      | `5432`                          |
+| `postgresql.external.secretName`  | Secret name for external PostgreSQL credentials               | `external-postgres-secret`      |
+| `postgresql.external.secretUserKey` | Secret key for PostgreSQL username                         | `postgres-username`             |
+| `postgresql.external.secretPasswordKey` | Secret key for PostgreSQL password                    | `postgres-password`             |
+| `secretKey`                       | Secret key for the web application                            | `somethingsupersecret`          |
+| `persistence.enabled`             | Enable persistence for PostgreSQL data                        | `true`                          |
+| `persistence.accessMode`          | Access mode for persistence                                   | `ReadWriteOnce`                 |
+| `persistence.size`                | Size of the persistence volume                                | `10Gi`                          |
+
+
+```sh
+helm install my-release --set secretKey=mysecretkey chiefonboarding-0.1.0.tgz
+```
+Alternatively, you can create a values.yaml file with the desired configuration and use it during installation:
+
+```sh
+helm install my-release -f values.yaml chiefonboarding-0.1.0.tgz
+```
+
+## Persistence
+The PostgreSQL database uses a PersistentVolumeClaim to store data. If persistence is enabled, ensure that the storage class you are using supports dynamic provisioning or create the PersistentVolume manually.
+
+## Ingress
+To enable ingress, set ingress.enabled to true. You can customize the ingress configuration using the values.yaml file.
+
+## Notes
+Adjust the values.yaml file according to your environment and requirements.
+Ensure that your Kubernetes cluster has access to the Docker images specified in the values.yaml file.
diff --git a/templates/deployment-db.yaml b/templates/deployment-db.yaml
@@ -0,0 +1,60 @@
+{{- if .Values.postgresql.internal.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: db
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: db
+  template:
+    metadata:
+      labels:
+        app: db
+    spec:
+      initContainers:
+        - name: init-pgdata
+          image: busybox
+          command: ["sh", "-c", "rm -rf /var/lib/postgresql/data/lost+found"]
+          volumeMounts:
+            - name: pgdata
+              mountPath: /var/lib/postgresql/data
+      containers:
+        - name: db
+          image: "{{ .Values.image.db.repository }}:{{ .Values.image.db.tag }}"
+          imagePullPolicy: {{ .Values.image.db.pullPolicy }}
+          env:
+            - name: POSTGRES_DB
+              value: {{ .Values.postgresql.postgresDatabase }}
+          {{- if .Values.postgresql.credentials.externalSecret.enabled }}
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.credentials.externalSecret.secretName }}
+                  key: {{ .Values.postgresql.credentials.externalSecret.secretUserKey }}
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.credentials.externalSecret.secretName }}
+                  key: {{ .Values.postgresql.credentials.externalSecret.secretPasswordKey }}
+          {{- else }}
+            - name: POSTGRES_USER
+              value: {{ .Values.postgresql.credentials.postgresUser }}
+            - name: POSTGRES_PASSWORD
+              value: {{ .Values.postgresql.credentials.postgresPassword }}
+          {{- end }}
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - name: pgdata
+              mountPath: /var/lib/postgresql/data
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/usr/lib/postgresql/16/bin/pg_ctl", "stop", "-D", "/var/lib/postgresql/data", "-w", "-t", "60", "-m", "fast"]
+      volumes:
+        - name: pgdata
+          persistentVolumeClaim:
+            claimName: pgdata-pvc
+{{- end }}
diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml
@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: web
+  template:
+    metadata:
+      labels:
+        app: web
+    spec:
+      containers:
+        - name: web
+          image: "{{ .Values.image.web.repository }}:{{ .Values.image.web.tag }}"
+          imagePullPolicy: {{ .Values.image.web.pullPolicy }}
+          env:
+            - name: ALLOWED_HOSTS
+              value: {{ .Values.settings.allowedHost }}
+            - name: SECRET_KEY
+              value: {{ .Values.settings.secretKey }}
+            {{- if .Values.settings.apiAccess }}
+            - name: API_ACCESS
+              value: "True"
+            {{- end }}
+            - name: BASE_URL
+              value: {{ .Values.settings.baseUrl }}
+            - name: DATABASE_URL
+              {{- if .Values.postgresql.credentials.externalSecret.enabled }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.credentials.externalSecret.secretName }}
+                  key: {{ .Values.postgresql.credentials.externalSecret.secretUriKey }}
+              {{- else }}
+              value: postgres://{{ .Values.postgresql.credentials.postgresUser }}:{{ .Values.postgresql.credentials.postgresPassword }}@db:5432/{{ .Values.postgresql.postgresDatabase }}
+              {{- end }}
+            {{- if .Values.settings.email.enabled }}
+            - name: EMAIL_HOST
+              value: {{ .Values.settings.email.emailHost }}
+            - name: EMAIL_PORT
+              value: "{{ .Values.settings.email.emailPort }}"
+            - name: EMAIL_USE_TLS
+              value: "True"
+            - name: EMAIL_USE_SSL
+              value: "False"
+            {{- end }}
+            {{- if .Values.settings.email.externalSecret.enabled }}
+            - name: EMAIL_HOST_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.settings.email.externalSecret.emailSecretName }}
+                  key: {{ .Values.settings.email.externalSecret.emailSecretUserKey }}
+            - name: EMAIL_HOST_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.settings.email.externalSecret.emailSecretName }}
+                  key: {{ .Values.settings.email.externalSecret.emailSecretPasswordKey }}
+            {{- else }}
+            - name: EMAIL_HOST_USER
+              value: {{ .Values.settings.email.emailUser }}
+            - name: EMAIL_HOST_PASSWORD
+              value: {{ .Values.settings.email.emailPassword }}
+            {{- end }}
+          ports:
+            - containerPort: 8000
+
diff --git a/templates/ingress-web.yaml b/templates/ingress-web.yaml
@@ -0,0 +1,37 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: web-ingress
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ . }}
+            pathType: Prefix
+            backend:
+              service:
+                name: web
+                port:
+                  number: {{ $.Values.service.web.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/templates/pvc-db.yaml b/templates/pvc-db.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.postgresql.internal.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pgdata-pvc
+spec:
+  accessModes:
+    - {{ .Values.postgresql.internal.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.postgresql.internal.persistence.size }}
+{{- end }}
diff --git a/templates/service-db.yaml b/templates/service-db.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.postgresql.internal.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: db
+spec:
+  type: {{ .Values.service.db.type }}
+  ports:
+    - port: 5432
+      targetPort: 5432
+  selector:
+    app: db
+{{- end }}
diff --git a/templates/service-web.yaml b/templates/service-web.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: web
+spec:
+  type: {{ .Values.service.web.type }}
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000
+  selector:
+    app: web
+
diff --git a/values.example.yaml b/values.example.yaml
@@ -0,0 +1,55 @@
+replicaCount: 2
+
+image:
+  web:
+    repository: chiefonboarding/chiefonboarding
+    tag: latest
+    pullPolicy: IfNotPresent
+  db:
+    repository: postgres
+    tag: latest
+    pullPolicy: IfNotPresent
+
+service:
+  web:
+    type: NodePort
+    port: 8000
+  db:
+    type: ClusterIP
+    port: 5432
+
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+  hosts:
+    - host: chiefonboarding.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - secretName: chiefonboarding-tls
+      hosts:
+        - chiefonboarding.local
+
+postgresql:
+  internal:
+    enabled: true
+    postgresDatabase: chiefonboarding
+    postgresUser: postgres
+    postgresPassword: securepassword123
+  external:
+    enabled: false
+    host: ""
+    port: 5432
+    secretName: external-postgres-secret
+    secretUserKey: postgres-username
+    secretPasswordKey: postgres-password
+
+secretKey: somethingsupersecret
+
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 10Gi