From b07137ec153380569af5150077c611ca2b3513ea Mon Sep 17 00:00:00 2001 From: "Sergey A. Osokin" Date: Wed, 29 Nov 2023 17:46:20 -0500 Subject: [PATCH] Add Helm Charts --- charts/nlk/.helmignore | 2 + charts/nlk/Chart.yaml | 16 +++ charts/nlk/templates/_helpers.tpl | 110 ++++++++++++++++ charts/nlk/templates/clusterrole.yaml | 19 +++ charts/nlk/templates/clusterrolebinding.yaml | 15 +++ charts/nlk/templates/nlk-configmap.yaml | 13 ++ charts/nlk/templates/nlk-deployment.yaml | 44 +++++++ charts/nlk/templates/nlk-secret.yaml | 8 ++ charts/nlk/templates/nlk-serviceaccount.yaml | 7 ++ charts/nlk/values.yaml | 126 +++++++++++++++++++ 10 files changed, 360 insertions(+) create mode 100644 charts/nlk/.helmignore create mode 100644 charts/nlk/Chart.yaml create mode 100644 charts/nlk/templates/_helpers.tpl create mode 100644 charts/nlk/templates/clusterrole.yaml create mode 100644 charts/nlk/templates/clusterrolebinding.yaml create mode 100644 charts/nlk/templates/nlk-configmap.yaml create mode 100644 charts/nlk/templates/nlk-deployment.yaml create mode 100644 charts/nlk/templates/nlk-secret.yaml create mode 100644 charts/nlk/templates/nlk-serviceaccount.yaml create mode 100644 charts/nlk/values.yaml diff --git a/charts/nlk/.helmignore b/charts/nlk/.helmignore new file mode 100644 index 00000000..5c131e5f --- /dev/null +++ b/charts/nlk/.helmignore @@ -0,0 +1,2 @@ +# Patterns to ignore when building packages. +.png diff --git a/charts/nlk/Chart.yaml b/charts/nlk/Chart.yaml new file mode 100644 index 00000000..218fbd0c --- /dev/null +++ b/charts/nlk/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +appVersion: 0.1.0 +description: NGINX LoadBalancer for Kubernetes +name: nginx-loadbalancer-kubernetes +home: https://github.com/nginxinc/nginx-loadbalancer-kubernetes +icon: https://raw.githubusercontent.com/nginxinc/nginx-loadbalancer-kubernetes/main/nlk-logo.svg +keywords: +- nginx +- loadbalancer +- ingress +kubeVersion: '>= 1.22.0-0' +maintainers: + name: "@ciroque" + name: "@chrisakker" +type: application +version: 0.0.1 diff --git a/charts/nlk/templates/_helpers.tpl b/charts/nlk/templates/_helpers.tpl new file mode 100644 index 00000000..60fa7eec --- /dev/null +++ b/charts/nlk/templates/_helpers.tpl @@ -0,0 +1,110 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "nlk.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nlk.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create a default fully qualified nlk name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "nlk.nlk.fullname" -}} +{{- printf "%s-%s" (include "nlk.fullname" .) .Values.nlk.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified nlk service name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "nlk.nlk.service.name" -}} +{{- default (include "nlk.nlk.fullname" .) .Values.serviceNameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nlk.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "nlk.labels" -}} +helm.sh/chart: {{ include "nlk.chart" . }} +{{ include "nlk.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "nlk.selectorLabels" -}} +{{- if .Values.nlk.selectorLabels -}} +{{ toYaml .Values.nlk.selectorLabels }} +{{- else -}} +app.kubernetes.io/name: {{ include "nlk.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} + +{{/* +Expand the name of the configmap. +*/}} +{{- define "nlk.configName" -}} +{{- if .Values.nlk.customConfigMap -}} +{{ .Values.nlk.customConfigMap }} +{{- else -}} +{{- default (include "nlk.fullname" .) .Values.nlk.config.name -}} +{{- end -}} +{{- end -}} + +{{/* +Expand service account name. +*/}} +{{- define "nlk.serviceAccountName" -}} +{{- default (include "nlk.fullname" .) .Values.nlk.serviceAccount.name -}} +{{- end -}} + +{{- define "nlk.tag" -}} +{{- default .Chart.AppVersion .Values.nlk.image.tag -}} +{{- end -}} + +{{/* +Expand image name. +*/}} +{{- define "nlk.image" -}} +{{- if .Values.nlk.image.digest -}} +{{- printf "%s@%s" .Values.nlk.image.repository .Values.nlk.image.digest -}} +{{- else -}} +{{- printf "%s:%s" .Values.nlk.image.repository (include "nlk.tag" .) -}} +{{- end -}} +{{- end -}} + +{{- define "nlk.prometheus.serviceName" -}} +{{- printf "%s-%s" (include "nlk.fullname" .) "prometheus-service" -}} +{{- end -}} diff --git a/charts/nlk/templates/clusterrole.yaml b/charts/nlk/templates/clusterrole.yaml new file mode 100644 index 00000000..4d03a4ac --- /dev/null +++ b/charts/nlk/templates/clusterrole.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: resource-get-watch-list + namespace: nlk +rules: + - apiGroups: + - "" + resources: + - configmaps + - nodes + - secrets + - services + verbs: + - get + - list + - watch +{{- end }} diff --git a/charts/nlk/templates/clusterrolebinding.yaml b/charts/nlk/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..b989dfea --- /dev/null +++ b/charts/nlk/templates/clusterrolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "nginx-loadbalancer-kubernetes:resource-get-watch-list" + namespace: nlk +subjects: +- kind: ServiceAccount + name: {{ .Values.nlk.serviceAccount.name }} + namespace: nlk +roleRef: + kind: ClusterRole + name: resource-get-watch-list + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/nlk/templates/nlk-configmap.yaml b/charts/nlk/templates/nlk-configmap.yaml new file mode 100644 index 00000000..8d595732 --- /dev/null +++ b/charts/nlk/templates/nlk-configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nlk-config + namespace: nlk +data: +{{- if .Values.nlk.config.entries.hosts }} + nginx-hosts: "{{ .Values.nlk.config.entries.hosts }}" +{{- end }} + tls-mode: "{{ .Values.nlk.defaultTLS.tls-mode }}" + ca-certificate: "{{ .Values.nlk.defaultTLS.ca-certificate }}" + client-certificate: "{{ .Values.nlk.defaultTLS.client-certificate }}" + log-level: "{{ .Values.nlk.logLevel }}" diff --git a/charts/nlk/templates/nlk-deployment.yaml b/charts/nlk/templates/nlk-deployment.yaml new file mode 100644 index 00000000..105bd699 --- /dev/null +++ b/charts/nlk/templates/nlk-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-nlk + namespace: nlk + labels: + app: nlk +spec: + replicas: {{ .Values.nlk.replicaCount }} + selector: + matchLabels: + app: nlk + template: + metadata: + labels: + app: nlk + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.nlk.image.repository }}:{{ .Values.nlk.image.tag }}" + imagePullPolicy: {{ .Values.nlk.image.pullPolicy }} + ports: +{{- range $key, $value := .Values.nlk.containerPort }} + - name: {{ $key }} + containerPort: {{ $value }} + protocol: TCP +{{- end }} +{{- if .Values.nlk.liveStatus.enable }} + livenessProbe: + httpGet: + path: /livez + port: {{ .Values.nlk.liveStatus.port }} + initialDelaySeconds: {{ .Values.nlk.liveStatus.initialDelaySeconds }} + periodSeconds: {{ .Values.nlk.readyStatus.periodSeconds }} +{{- end }} +{{- if .Values.nlk.readyStatus.enable }} + readinessProbe: + httpGet: + path: /readyz + port: {{ .Values.nlk.readyStatus.port }} + initialDelaySeconds: {{ .Values.nlk.readyStatus.initialDelaySeconds }} + periodSeconds: {{ .Values.nlk.readyStatus.periodSeconds }} +{{- end }} + serviceAccountName: {{ .Values.nlk.serviceAccount.name }} diff --git a/charts/nlk/templates/nlk-secret.yaml b/charts/nlk/templates/nlk-secret.yaml new file mode 100644 index 00000000..e3cae1bc --- /dev/null +++ b/charts/nlk/templates/nlk-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: nginx-loadbalancer-kubernetes-secret + namespace: nlk + annotations: + kubernetes.io/service-account.name: {{ .Values.nlk.serviceAccount.name }} +type: kubernetes.io/service-account-token diff --git a/charts/nlk/templates/nlk-serviceaccount.yaml b/charts/nlk/templates/nlk-serviceaccount.yaml new file mode 100644 index 00000000..a9d3560c --- /dev/null +++ b/charts/nlk/templates/nlk-serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-loadbalancer-kubernetes + namespace: nlk +{{- end }} diff --git a/charts/nlk/values.yaml b/charts/nlk/values.yaml new file mode 100644 index 00000000..b8a74dd7 --- /dev/null +++ b/charts/nlk/values.yaml @@ -0,0 +1,126 @@ +nlk: + name: nginx-loadbalancer-kubernetes + + kind: deployment + + replicaCount: 1 + + image: + repository: ghcr.io/nginxinc/nginx-loadbalancer-kubernetes + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: latest + + imagePullSecrets: [] + nameOverride: "" + fullnameOverride: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: nginx-loadbalancer-kubernetes + + podAnnotations: {} + podLabels: {} + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + port: 80 + + ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: + requests: + cpu: 100m + memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + # Additional volumes on the output Deployment definition. + volumes: [] + # - name: foo + # secret: + # secretName: mysecret + # optional: false + + # Additional volumeMounts on the output Deployment definition. + volumeMounts: [] + # - name: foo + # mountPath: "/etc/foo" + # readOnly: true + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + config: + entries: + hosts: + "http://10.1.1.4:9000/api,http://10.1.1.5:9000/api" + + defaultTLS: + tls-mode: "no-tls" + ca-certificate: "" + client-certificate: "" + + logLevel: "warn" + + containerPort: + http: 51031 + + liveStatus: + enable: true + port: 51031 + initialDelaySeconds: 5 + periodSeconds: 2 + + readyStatus: + enable: true + port: 51031 + initialDelaySeconds: 5 + periodSeconds: 2 + +rbac: + ## Configures RBAC. + create: true