From 41212baebf2dd3da6ce8d8c861af009b990a9513 Mon Sep 17 00:00:00 2001 From: heidmann Date: Mon, 24 Feb 2025 21:06:30 +0100 Subject: [PATCH 01/16] code formatting & linter Signed-off-by: heidmann --- helmchart/geohealthcheck/.editorconfig | 12 ++++++++++++ helmchart/geohealthcheck/.yamllint | 8 ++++++++ 2 files changed, 20 insertions(+) create mode 100644 helmchart/geohealthcheck/.editorconfig create mode 100644 helmchart/geohealthcheck/.yamllint diff --git a/helmchart/geohealthcheck/.editorconfig b/helmchart/geohealthcheck/.editorconfig new file mode 100644 index 00000000..8f5d8087 --- /dev/null +++ b/helmchart/geohealthcheck/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = false +insert_final_newline = true diff --git a/helmchart/geohealthcheck/.yamllint b/helmchart/geohealthcheck/.yamllint new file mode 100644 index 00000000..1c3c68ca --- /dev/null +++ b/helmchart/geohealthcheck/.yamllint @@ -0,0 +1,8 @@ +--- +extends: 'default' +ignore: [] +rules: + quoted-strings: + quote-type: 'single' + required: true + ignore: [] From 90885dc764cba97abd0d2fb992910c4f655063a6 Mon Sep 17 00:00:00 2001 From: heidmann Date: Mon, 24 Feb 2025 21:06:44 +0100 Subject: [PATCH 02/16] initial version Helmchart Signed-off-by: heidmann --- helmchart/geohealthcheck/.helmignore | 23 ++ helmchart/geohealthcheck/Chart.yaml | 7 + helmchart/geohealthcheck/README.md | 57 +++++ .../geohealthcheck/environment-variables.txt | 27 +++ helmchart/geohealthcheck/templates/NOTES.txt | 22 ++ .../geohealthcheck/templates/_helpers.tpl | 69 ++++++ .../geohealthcheck/templates/cm-ca-certs.yaml | 11 + .../templates/cm-secrets-variables.yaml | 11 + .../templates/cm-variables.yaml | 31 +++ .../geohealthcheck/templates/deployment.yaml | 93 ++++++++ .../geohealthcheck/templates/ingress.yaml | 44 ++++ .../geohealthcheck/templates/service.yaml | 16 ++ .../templates/serviceaccount.yaml | 14 ++ helmchart/geohealthcheck/values.yaml | 208 ++++++++++++++++++ 14 files changed, 633 insertions(+) create mode 100644 helmchart/geohealthcheck/.helmignore create mode 100644 helmchart/geohealthcheck/Chart.yaml create mode 100644 helmchart/geohealthcheck/README.md create mode 100644 helmchart/geohealthcheck/environment-variables.txt create mode 100644 helmchart/geohealthcheck/templates/NOTES.txt create mode 100644 helmchart/geohealthcheck/templates/_helpers.tpl create mode 100644 helmchart/geohealthcheck/templates/cm-ca-certs.yaml create mode 100644 helmchart/geohealthcheck/templates/cm-secrets-variables.yaml create mode 100644 helmchart/geohealthcheck/templates/cm-variables.yaml create mode 100644 helmchart/geohealthcheck/templates/deployment.yaml create mode 100644 helmchart/geohealthcheck/templates/ingress.yaml create mode 100644 helmchart/geohealthcheck/templates/service.yaml create mode 100644 helmchart/geohealthcheck/templates/serviceaccount.yaml create mode 100644 helmchart/geohealthcheck/values.yaml diff --git a/helmchart/geohealthcheck/.helmignore b/helmchart/geohealthcheck/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helmchart/geohealthcheck/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helmchart/geohealthcheck/Chart.yaml b/helmchart/geohealthcheck/Chart.yaml new file mode 100644 index 00000000..33a92fe1 --- /dev/null +++ b/helmchart/geohealthcheck/Chart.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: 'v2' +name: 'geohealthcheck' +description: 'A Helm chart for GeoHealthCheck' +type: 'application' +version: '0.1.0' +appVersion: '0.9.0' diff --git a/helmchart/geohealthcheck/README.md b/helmchart/geohealthcheck/README.md new file mode 100644 index 00000000..85eee783 --- /dev/null +++ b/helmchart/geohealthcheck/README.md @@ -0,0 +1,57 @@ +# geohealthcheck + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) + +A Helm chart for GeoHealthCheck + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| fullnameOverride | string | `""` | | +| geohealthcheck.additionalConfigMaps | list | `[]` | additional configmaps additionalConfigMaps: - 'foo' - 'bar' | +| geohealthcheck.additionalEnv | object | `{}` | additional env variables additionalEnv: name1: 'value1' name2: 'value2' | +| geohealthcheck.additionalEnvSecrets | list | `[]` | additional envSecrets additionalEnvSecrets: - 'foo' - 'bar' | +| geohealthcheck.auth.secret | string | `"changeme"` | secret key to set when enabling authentication | +| geohealthcheck.minimalRunFrequencyMins | int | `10` | minimal run frequency for Resource that can be set in web UI | +| geohealthcheck.notifications | string | `"False"` | turn on email and webhook notifications | +| geohealthcheck.notificationsVerbosity | string | `"True"` | receive additional email notifications than just Failing and Fixed (default True) | +| geohealthcheck.probeHttpTimeoutSecs | int | `30` | stop waiting for the first byte of a Probe response after the given number of seconds | +| geohealthcheck.retentionDays | int | `30` | the number of days to keep Run history | +| geohealthcheck.selfRegister | string | `"False"` | allow registrations from users on the website | +| geohealthcheck.wwwLinkExceptionCheck | string | `"False"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"geopython/geohealthcheck"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| livenessProbe.httpGet.path | string | `"/"` | | +| livenessProbe.httpGet.port | string | `"http"` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| readinessProbe.httpGet.path | string | `"/"` | | +| readinessProbe.httpGet.port | string | `"http"` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automount | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | +| volumeMounts | list | `[]` | | +| volumes | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helmchart/geohealthcheck/environment-variables.txt b/helmchart/geohealthcheck/environment-variables.txt new file mode 100644 index 00000000..0062c127 --- /dev/null +++ b/helmchart/geohealthcheck/environment-variables.txt @@ -0,0 +1,27 @@ +DEBUG = False +SQLALCHEMY_ECHO = False +SQLALCHEMY_TRACK_MODIFICATIONS = False +SQLALCHEMY_ENGINE_OPTION_PRE_PING = False +SQLALCHEMY_DATABASE_URI = 'sqlite:///data.db' +# Alternative configuration for PostgreSQL database +# SQLALCHEMY_DATABASE_URI = 'postgresql://user:password@host:port/database' + +# Replace None with 'your secret key string' in quotes +GHC_WWW_LINK_EXCEPTION_CHECK = False +GHC_LARGE_XML = False +GHC_ADMIN_EMAIL = 'you@example.com' +GHC_NOTIFICATIONS_EMAIL = ['you2@example.com'] +GHC_SITE_TITLE = 'GeoHealthCheck Demonstration' +GHC_SITE_URL = 'http://host' +GHC_RUNNER_IN_WEBAPP = True +GHC_REQUIRE_WEBAPP_AUTH = False +GHC_BASIC_AUTH_DISABLED = False +GHC_VERIFY_SSL = True +# 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL +GHC_LOG_LEVEL = 30 +GHC_LOG_FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' + +# Some GetCaps docs are huge. This allows +# caching them for N seconds. Set to -1 to +# disable caching. +GHC_METADATA_CACHE_SECS = 900 diff --git a/helmchart/geohealthcheck/templates/NOTES.txt b/helmchart/geohealthcheck/templates/NOTES.txt new file mode 100644 index 00000000..6d34af6d --- /dev/null +++ b/helmchart/geohealthcheck/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "geohealthcheck.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "geohealthcheck.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "geohealthcheck.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "geohealthcheck.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helmchart/geohealthcheck/templates/_helpers.tpl b/helmchart/geohealthcheck/templates/_helpers.tpl new file mode 100644 index 00000000..e0b04d6a --- /dev/null +++ b/helmchart/geohealthcheck/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "geohealthcheck.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "geohealthcheck.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "geohealthcheck.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "geohealthcheck.labels" -}} +helm.sh/chart: {{ include "geohealthcheck.chart" . | squote }} +{{ include "geohealthcheck.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | squote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service | squote }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "geohealthcheck.selectorLabels" -}} +app.kubernetes.io/name: {{ include "geohealthcheck.name" . | squote }} +app.kubernetes.io/instance: {{ .Release.Name | squote }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "geohealthcheck.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "geohealthcheck.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Set the port to expose +*/}} +{{- define "geohealthcheck.containerPort" -}} +{{- "80" }} +{{- end }} diff --git a/helmchart/geohealthcheck/templates/cm-ca-certs.yaml b/helmchart/geohealthcheck/templates/cm-ca-certs.yaml new file mode 100644 index 00000000..878a2b25 --- /dev/null +++ b/helmchart/geohealthcheck/templates/cm-ca-certs.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-certificates" (include "geohealthcheck.fullname" .) | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +data: + my-ca.crt: | + -----BEGIN CERTIFICATE----- + MIID... (your certificate content here) + -----END CERTIFICATE----- diff --git a/helmchart/geohealthcheck/templates/cm-secrets-variables.yaml b/helmchart/geohealthcheck/templates/cm-secrets-variables.yaml new file mode 100644 index 00000000..ee5500e9 --- /dev/null +++ b/helmchart/geohealthcheck/templates/cm-secrets-variables.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: 'v1' +kind: 'Secret' +metadata: + name: {{ printf "%s-secrets" (include "geohealthcheck.fullname" .) | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +type: 'Opaque' +data: + SECRET_KEY: {{ .Values.geohealthcheck.auth.secret | squote }} + GHC_SMTP_PASSWORD: {{ .Values.geohealthcheck.smtpPassword | squote }} diff --git a/helmchart/geohealthcheck/templates/cm-variables.yaml b/helmchart/geohealthcheck/templates/cm-variables.yaml new file mode 100644 index 00000000..770a3a04 --- /dev/null +++ b/helmchart/geohealthcheck/templates/cm-variables.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-variables" (include "geohealthcheck.fullname" .) | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +data: + GHC_RETENTION_DAYS: {{ .Values.geohealthcheck.retentionDays | squote }} + GHC_PROBE_HTTP_TIMEOUT_SECS: {{ .Values.geohealthcheck.probeHttpTimeoutSecs | squote }} + GHC_MINIMAL_RUN_FREQUENCY_MINS: {{ .Values.geohealthcheck.minimalRunFrequencyMins | squote }} + GHC_SELF_REGISTER: {{ .Values.geohealthcheck.selfRegister | squote }} + GHC_NOTIFICATIONS: {{ .Values.geohealthcheck.notifications | squote }} + GHC_NOTIFICATIONS_VERBOSITY: {{ .Values.geohealthcheck.notificationsVerbosity | squote }} + GHC_WWW_LINK_EXCEPTION_CHECK: {{ .Values.geohealthcheck.wwwLinkExceptionCheck | squote }} + GHC_LARGE_XML: {{ .Values.geohealthcheck.largeXml | squote }} + GHC_ADMIN_EMAIL: {{ .Values.geohealthcheck.adminEmail | squote }} + GHC_NOTIFICATIONS_EMAIL: {{- " " -}}{{- .Values.geohealthcheck.notificationsEmail | toJson | squote }} + GHC_SITE_TITLE: {{ .Values.geohealthcheck.siteTitle | squote }} + GHC_SITE_URL: {{ .Values.geohealthcheck.siteUrl | squote }} + GHC_RUNNER_IN_WEBAPP: {{ .Values.geohealthcheck.runnerInWebapp | squote }} + GHC_REQUIRE_WEBAPP_AUTH: {{ .Values.geohealthcheck.requireWebappAuth | squote }} + GHC_BASIC_AUTH_DISABLED: {{ .Values.geohealthcheck.basicAuthDisabled | squote }} + GHC_VERIFY_SSL: {{ .Values.geohealthcheck.verifySsl | squote }} + GHC_LOG_LEVEL: {{ .Values.geohealthcheck.logLevel | squote }} + GHC_METADATA_CACHE_SECS: {{ .Values.geohealthcheck.metadataCacheSecs | squote }} + GHC_SMTP_SERVER: {{ .Values.geohealthcheck.smtpServer | squote }} + GHC_SMTP_PORT: {{ .Values.geohealthcheck.smtpPort | squote }} + GHC_SMTP_TLS: {{ .Values.geohealthcheck.smtpUseTls | squote }} + GHC_SMTP_SSL: 'False' + GHC_SMTP_USERNAME: {{ .Values.geohealthcheck.smtpUsername | squote }} diff --git a/helmchart/geohealthcheck/templates/deployment.yaml b/helmchart/geohealthcheck/templates/deployment.yaml new file mode 100644 index 00000000..a7ab9f91 --- /dev/null +++ b/helmchart/geohealthcheck/templates/deployment.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: 'apps/v1' +kind: 'Deployment' +metadata: + name: {{ include "geohealthcheck.fullname" . | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "geohealthcheck.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "geohealthcheck.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "geohealthcheck.serviceAccountName" . | squote }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: update-ca-certificates + image: '{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' + command: ['sh', '-c', 'cp /custom-ca/my-ca.crt /usr/local/share/ca-certificates/ && update-ca-certificates'] + volumeMounts: + - name: custom-ca-cert + mountPath: /custom-ca + containers: + - name: {{ .Chart.Name | squote }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: '{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' + imagePullPolicy: {{ .Values.image.pullPolicy | squote }} + ports: + - name: 'http' + containerPort: {{ include "geohealthcheck.containerPort" . }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.geohealthcheck.additionalEnv }} + env: + {{- range $key, $value := .Values.geohealthcheck.additionalEnv }} + - name: {{ $key | squote }} + value: {{ $value | squote }} + {{- end }} + {{- end }} + envFrom: + - secretRef: + name: {{ printf "%s-secrets" (include "geohealthcheck.fullname" .) | squote }} + {{- range .Values.geohealthcheck.additionalEnvSecrets }} + - secretRef: + name: {{ . | squote }} + {{- end }} + - configMapRef: + name: {{ printf "%s-variables" (include "geohealthcheck.fullname" .) | squote }} + {{- range .Values.geohealthcheck.additionalConfigMaps }} + - configMapRef: + name: {{ . | squote }} + {{- end }} diff --git a/helmchart/geohealthcheck/templates/ingress.yaml b/helmchart/geohealthcheck/templates/ingress.yaml new file mode 100644 index 00000000..f09335fe --- /dev/null +++ b/helmchart/geohealthcheck/templates/ingress.yaml @@ -0,0 +1,44 @@ +--- +{{- if .Values.ingress.enabled -}} +apiVersion: 'networking.k8s.io/v1' +kind: 'Ingress' +metadata: + name: {{ include "geohealthcheck.fullname" . }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- with .Values.ingress.className }} + ingressClassName: {{ . | squote }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | squote }} + {{- end }} + secretName: {{ .secretName | squote }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | squote }} + http: + paths: + {{- range .paths }} + - path: {{ .path | squote }} + {{- with .pathType }} + pathType: {{ . | squote }} + {{- end }} + backend: + service: + name: {{ include "geohealthcheck.fullname" $ }} + port: + number: {{ $.Values.service.port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helmchart/geohealthcheck/templates/service.yaml b/helmchart/geohealthcheck/templates/service.yaml new file mode 100644 index 00000000..8fd54859 --- /dev/null +++ b/helmchart/geohealthcheck/templates/service.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: 'v1' +kind: 'Service' +metadata: + name: {{ include "geohealthcheck.fullname" . | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type | squote }} + ports: + - port: {{ include "geohealthcheck.containerPort" . }} + targetPort: 'http' + protocol: 'TCP' + name: 'http' + selector: + {{- include "geohealthcheck.selectorLabels" . | nindent 4 }} diff --git a/helmchart/geohealthcheck/templates/serviceaccount.yaml b/helmchart/geohealthcheck/templates/serviceaccount.yaml new file mode 100644 index 00000000..cf28b8bc --- /dev/null +++ b/helmchart/geohealthcheck/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +{{- if .Values.serviceAccount.create -}} +apiVersion: 'v1' +kind: 'ServiceAccount' +metadata: + name: {{ include "geohealthcheck.serviceAccountName" . | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount | squote }} +{{- end }} diff --git a/helmchart/geohealthcheck/values.yaml b/helmchart/geohealthcheck/values.yaml new file mode 100644 index 00000000..76e6e233 --- /dev/null +++ b/helmchart/geohealthcheck/values.yaml @@ -0,0 +1,208 @@ +--- +# This sets the container image more information can be found here: +# https://kubernetes.io/docs/concepts/containers/images/ +image: + repository: 'geopython/geohealthcheck' + pullPolicy: 'IfNotPresent' + # Overrides the image tag whose default is the chart appVersion. + tag: '' + +# This is for the secretes for pulling an image from a private repository more +# information can be found here: +# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# This is to override the chart name. +nameOverride: '' +fullnameOverride: '' + +# This section builds out the service account more information can be found +# here: https://kubernetes.io/docs/concepts/security/service-accounts/ +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname + # template + name: '' + +# This is for setting Kubernetes Annotations to a Pod. +# For more information checkout: +# yamllint disable-line rule:line-length +# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} + +# This is for setting Kubernetes Labels to a Pod. +# For more information checkout: +# https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} + +podSecurityContext: {} +# fsGroup: 2000 + +securityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 + +geohealthcheck: + # -- additional env variables + # additionalEnv: + # name1: 'value1' + # name2: 'value2' + additionalEnv: {} + # -- additional configmaps + # additionalConfigMaps: + # - 'foo' + # - 'bar' + additionalConfigMaps: [] + # -- additional envSecrets + # additionalEnvSecrets: + # - 'foo' + # - 'bar' + additionalEnvSecrets: [] + auth: + # -- secret key to set when enabling authentication + secret: 'changeme' + # -- the number of days to keep Run history + retentionDays: 30 + # -- stop waiting for the first byte of a Probe response after the given + # number of seconds + probeHttpTimeoutSecs: 30 + # -- minimal run frequency for Resource that can be set in web UI + minimalRunFrequencyMins: 10 + # -- allow registrations from users on the website + selfRegister: 'False' + # -- turn on email and webhook notifications + notifications: 'False' + # -- receive additional email notifications than just Failing and Fixed + # (default True) + notificationsVerbosity: 'True' + # -- turn on checking for OGC Exceptions in WWW:LINK Resource responses + # (default False) + wwwLinkExceptionCheck: 'False' + # -- allows GeoHealthCheck to receive large XML files from the servers under + # test (default False). Note: setting this to True might pose a security risk + largeXml: 'False' + # -- email address of administrator / contact- notification emails will come + # from this address + adminEmail: 'you@example.com' + # -- list of email addresses that notifications should come to. Use a + # different address to GHC_ADMIN_EMAIL if you have trouble receiving + # notification emails. Also, you can set separate notification emails t + # specific resources. Failing resource will send notification to emails from + # GHC_NOTIFICATIONS_EMAIL value and emails configured for that specific + # resource altogether. + # notificationsEmail: + # - 'you2@example.com' + # - 'you3@example.com' + notificationsEmail: [] + # -- title used for installation / deployment + siteTitle: 'GeoHealthCheck Demonstration' + # -- full URL of the installation / deployment + siteUrl: 'http://host' + # -- should the GHC Runner Daemon be run in webapp (default: True) + runnerInWebapp: 'True' + # -- require authentication (login or Basic Auth) to access GHC webapp and + # APIs (default: False) + requireWebappAuth: 'False' + # -- disable Basic Authentication to access GHC webapp and APIs + # (default: False), + basicAuthDisabled: 'False' + # -- perform SSL verification for Probe HTTPS requests (default: True) + verifySsl: 'True' + # -- logging level: 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL + # (default: 30, WARNING) + logLevel: '30' + # -- metadata, “Capabilities Docs”, cache expiry time, default 900 secs, -1 + # to disable + metadataCacheSecs: '900' + # SMTP configuration + # -- SMTP server name or IP + smtpServer: + # -- SMTP port + smtpPort: + # -- whether or not to use StartTLS with SMTP + smtpUseTls: + # -- SMTP server name or IP + smtpUsername: + # -- SMTP server name or IP + smtpPassword: +# This is for setting up a service more information can be found here: +# https://kubernetes.io/docs/concepts/services-networking/service/ +service: + # This sets the service type more information can be found here: + # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: 'ClusterIP' + +# This block is for setting up the ingress for more information can be found +# here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + # -- enable/disable ingress + enabled: false + # -- ingress class name + className: '' + # -- annotations for the ingress + # annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + annotations: {} + hosts: + - host: 'chart-example.local' + paths: + - path: '/' + pathType: 'ImplementationSpecific' + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} +# We usually recommend not to specify default resources and to leave this as +# a conscious choice for the user. This also increases chances charts run on +# environments with little resources, such as Minikube. If you do want to +# specify resources, uncomment the following lines, adjust them as necessary, +# and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +# This is to setup the liveness and readiness probes more information can be +# found here: +# https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +livenessProbe: + httpGet: + path: '/' + port: 'http' +readinessProbe: + httpGet: + path: '/' + port: 'http' + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 834128e4bb07ba6a29ff3a53c0fb68e0c69aee48 Mon Sep 17 00:00:00 2001 From: heidmann Date: Mon, 24 Feb 2025 21:43:09 +0100 Subject: [PATCH 03/16] first attempt to add custom certificates Signed-off-by: heidmann --- helmchart/geohealthcheck/templates/cm-ca-certs.yaml | 9 +++++---- helmchart/geohealthcheck/templates/deployment.yaml | 12 +++++++++--- helmchart/geohealthcheck/values.yaml | 10 ++++++++++ 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/helmchart/geohealthcheck/templates/cm-ca-certs.yaml b/helmchart/geohealthcheck/templates/cm-ca-certs.yaml index 878a2b25..ff7840af 100644 --- a/helmchart/geohealthcheck/templates/cm-ca-certs.yaml +++ b/helmchart/geohealthcheck/templates/cm-ca-certs.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: @@ -5,7 +6,7 @@ metadata: labels: {{- include "geohealthcheck.labels" . | nindent 4 }} data: - my-ca.crt: | - -----BEGIN CERTIFICATE----- - MIID... (your certificate content here) - -----END CERTIFICATE----- + {{- range $filename, $certificate := .Values.additionalCertificates }} + {{ $filename -}}: >- + {{- $certificate | nindent 4 }} + {{- end -}} diff --git a/helmchart/geohealthcheck/templates/deployment.yaml b/helmchart/geohealthcheck/templates/deployment.yaml index a7ab9f91..b21f3c2c 100644 --- a/helmchart/geohealthcheck/templates/deployment.yaml +++ b/helmchart/geohealthcheck/templates/deployment.yaml @@ -31,7 +31,7 @@ spec: initContainers: - name: update-ca-certificates image: '{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' - command: ['sh', '-c', 'cp /custom-ca/my-ca.crt /usr/local/share/ca-certificates/ && update-ca-certificates'] + command: ['sh', '-c', 'cp /custom-ca/* /usr/local/share/ca-certificates/ && update-ca-certificates'] volumeMounts: - name: custom-ca-cert mountPath: /custom-ca @@ -51,12 +51,18 @@ spec: {{- toYaml .Values.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} volumeMounts: + # TODO: loop through certs + - name: custom-ca-cert + mountPath: /etc/ssl/certs/my-ca.crt + {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.volumes }} volumes: + - name: custom-ca-cert + configMap: + name: custom-ca-cert + {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} diff --git a/helmchart/geohealthcheck/values.yaml b/helmchart/geohealthcheck/values.yaml index 76e6e233..c8052ca6 100644 --- a/helmchart/geohealthcheck/values.yaml +++ b/helmchart/geohealthcheck/values.yaml @@ -141,6 +141,16 @@ service: # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: 'ClusterIP' +additionalCertificates: + cert1.crt: | + -----BEGIN CERTIFICATE----- + MIID... (your certificate content here) + -----END CERTIFICATE----- + cert2.crt: | + -----BEGIN CERTIFICATE----- + MIID... (your certificate content here) + -----END CERTIFICATE----- + # This block is for setting up the ingress for more information can be found # here: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: From f356c3b656bdaed2065d5df92f4d0fd43d901671 Mon Sep 17 00:00:00 2001 From: heidmann Date: Tue, 25 Feb 2025 10:52:07 +0100 Subject: [PATCH 04/16] current state of things Signed-off-by: heidmann --- helmchart/geohealthcheck/my-values.yaml | 101 ++++++++++++++++++ .../templates/cm-secrets-variables.yaml | 7 +- .../geohealthcheck/templates/deployment.yaml | 49 +++++---- .../geohealthcheck/templates/ingress.yaml | 2 +- .../templates/networkpolicies.yaml | 39 +++++++ .../templates/serviceaccount.yaml | 2 +- helmchart/geohealthcheck/values.yaml | 27 +++-- 7 files changed, 192 insertions(+), 35 deletions(-) create mode 100644 helmchart/geohealthcheck/my-values.yaml create mode 100644 helmchart/geohealthcheck/templates/networkpolicies.yaml diff --git a/helmchart/geohealthcheck/my-values.yaml b/helmchart/geohealthcheck/my-values.yaml new file mode 100644 index 00000000..905d9537 --- /dev/null +++ b/helmchart/geohealthcheck/my-values.yaml @@ -0,0 +1,101 @@ +--- +image: + repository: 'registry.disy.net/docker-proxy/geopython/geohealthcheck' +additionalCertificates: + intermediate.crt: | + -----BEGIN CERTIFICATE----- + MIIFzDCCA7SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwejEYMBYGA1UEAwwPSGVp + ZG1hbm4tUm9vdENBMQswCQYDVQQGEwJERTELMAkGA1UECAwCSEgxEDAOBgNVBAcM + B0hhbWJ1cmcxETAPBgNVBAoMCEhlaWRtYW5uMR8wHQYJKoZIhvcNAQkBFhBjYUBo + ZWlkbWFubi5pbmZvMB4XDTI0MTIzMDExMjQzMVoXDTM0MTIyODExMjQzMVowcDEL + MAkGA1UEBhMCREUxCzAJBgNVBAgMAkhIMREwDwYDVQQKDAhIZWlkbWFubjEgMB4G + A1UEAwwXSGVpZG1hbm4tSW50ZXJtZWRpYXRlQ0ExHzAdBgkqhkiG9w0BCQEWEGNh + QGhlaWRtYW5uLmluZm8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDb + QQ4DfXSeZc/XVHfQ6EghPQ12PYShvQk6hgZkhkkmBicb8c9POslSYpkkK/Q8pC+5 + XjIFF7yMR5FGxbZEtkIqFu9gHI6Sxm1FJptKhJSiPRy2MHhSjSImyG3GVXG+ZGRh + 7P3wbZIqtoK70BrrdkrJTzoWU0qDhYQgCBlCpO88m1e0Qox/6UqnuhGgHcdwJPJS + zqUHqdsTGHxQo2hlHGm5CFTsTe37aUlQ9+627riVqK8ArhUXCCx3j4tyfkPBSxnV + uHyyndfeIMR1J2ofv5oiSTY148Dgkr7YyUFwfgO8H8onPs8SfCDL6hfoAGRHreeH + tC/4hHj9NYhnX3km1PvqMQWHAcPveswFnTpQ/ZaBibaSeC8i+JtT9iKW1V6JQgD7 + Fim7nart6JgCytcxg8Cll7nNfqRwlkBNiedSU9i8FEEHy/YFmKj4D15YLluYTZCd + G2SEP2JEDGEqzTbmdxFsLKm59VI9FFTtcKKRgRlIoF7PoHc9brUoRu20MjaGSpZO + CwqLIdQv7yQv7z6ebfKxViCyIpsZESPHbKZ7Zyh9IYNa8BxlAvbEQnkVjBrplDdQ + yWlOJac5j+bCr4VJpIOicd7jek9g2W8TlxzMGjkHFSDMnMPFJS64NduZYdqT/ASp + aNcbzOGpmALIZTXJszBI3400mBEXBe0YoA6LGgUDUQIDAQABo2YwZDAdBgNVHQ4E + FgQUu8smU9eJDo4w+fPXw7942P0aux4wHwYDVR0jBBgwFoAUqQvWT3pd78gQnAhu + /t5hth1uVn4wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJ + KoZIhvcNAQELBQADggIBAJQ+tACyevmB+uheXX1rZa6k0JkWij8oX5mlk+O6sSCu + toZ3iP3MdYuxAMaSOjU1+04ZRqUkn15QQ4gmyyqQ6ojdDqPHfploypNtTMh/HrYr + E/x4zqM0PCx1LUpkbbwe8eL/5CibdMCWsapxRNY6LBgsG6m9pOSIScv0SYRkAfTQ + dM5u67BLV23c7EkVv10WHfqKnOGnkHCaFDPXZXjPfl7KsjxwbNKK4bRQrgu9Wpzg + h0tRmEu1969fjj7AEGoxomiUdTLwcQu9f/OeJmqrlwoaYdq/rtInt+a+fi6HylX8 + XHIsr71UsneUu5eOos1lNdzzKjNsMa/pI1vgoKY/83u68/mwjfyL45FIq8Aq8VS/ + 6uncn6EEqtyElqPxDkfRr3H0DEwXjiwU6No2/Gre1BKvK3/KuF/A8CWDpgSrsYEv + bAjZaQo0uCYydc8NrDykN36K5IVlEaGseLOnXdi8oOAWf/pzMck8EasfIPjVPhU8 + Q+biOQC9dejBGxmWxrcpAbl/thes16v5iA7sls5VyLY7dn5P39BPMgRSssPBErAL + v+9x6+IKnNPZV8U4KuOSQZVIZe/fmumO4vKisE+LsIG4S7C3+tgIk9cr+KTITvUT + /CYKPJhWrMKoNUgIBZs1MhbEW1zj7bDb7V3sv/8yTomxobWy4B7NlvWK4dBFDqOJ + -----END CERTIFICATE----- + root.crt: | + -----BEGIN CERTIFICATE----- + MIIF5TCCA82gAwIBAgIUPLeDukjBOWKP3yfOT4X8WFx/qmQwDQYJKoZIhvcNAQEL + BQAwejEYMBYGA1UEAwwPSGVpZG1hbm4tUm9vdENBMQswCQYDVQQGEwJERTELMAkG + A1UECAwCSEgxEDAOBgNVBAcMB0hhbWJ1cmcxETAPBgNVBAoMCEhlaWRtYW5uMR8w + HQYJKoZIhvcNAQkBFhBjYUBoZWlkbWFubi5pbmZvMB4XDTI0MTIzMDExMjA1NVoX + DTQ0MTIyNTExMjA1NVowejEYMBYGA1UEAwwPSGVpZG1hbm4tUm9vdENBMQswCQYD + VQQGEwJERTELMAkGA1UECAwCSEgxEDAOBgNVBAcMB0hhbWJ1cmcxETAPBgNVBAoM + CEhlaWRtYW5uMR8wHQYJKoZIhvcNAQkBFhBjYUBoZWlkbWFubi5pbmZvMIICIjAN + BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5e3IwLY5mdPp2DjFLu1HTVaN6bdz + FP6oBshDHsnIWWRfijO0XMtzuefKKmoMl+o7Tbw9JJsMWBnZdYQ0mrWAc1P9tbkd + 2IouNDsGfnb8/92DaR7YtCNZjuF2bJUdt4jsvOXfaPFIEx50M6oICg1UvXGgbD1U + Q8nk7/aCyTSaqbNQuxIQckftMK/t7/M/ZX4srW0Lf0aFgDs50YW1Eer3DfgE8FpM + 1z4yp/mZTcrLzvXhKCUo8LsEpNPeTpkshVBjdQReJnEcGIvk5aCPNF43IueM+qDg + eYedsQnWeLz8Sg0SPQ7awcoSDwcOcaKUFqs4YpWbDwoBbvhSc4Uq+d2wgNJgNcJJ + 3eZaqqRylw+I3D47is1IHPb0jP5SWi6HKdGHQJwYTKdAqL+6XohnB/DWrHFvvFJa + 6GLaExk+CYTZcmQh6cY6p3HvhEG5pmkNPLyoHxBwtpU/bLeeZ99J469mTtPACxPM + srxpCSmmMxopmBvYokzWIxg5etwshb/YDzeWP3UIipaiCftN1dhhKLjMNMtv2/7p + vsDNY/2Kqs+4pZUQP0UsJHvVo3sskkDbyO8kjSxkM8gvNL4FO1v14ihlYFqQyPE4 + iPAvAcIeAsJXl8A0rYmL5xz0XTjA9FDt6f4Duu9vmbHJBr7wIuUBcIDWLtYC4k2+ + 9JFpz/wF6qSR1w8CAwEAAaNjMGEwHQYDVR0OBBYEFKkL1k96Xe/IEJwIbv7eYbYd + blZ+MB8GA1UdIwQYMBaAFKkL1k96Xe/IEJwIbv7eYbYdblZ+MA8GA1UdEwEB/wQF + MAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCDC5IcejVj + K3n7/YNmVZ0JSNSmOwLbOFxBIrI7DuW/suqUTuGVMkcndCsK4iOsI2rs97Z7397N + Gnmz/EyfjDx/9R+QvEcgFpgT9mhFt+kDcUWZ52l0DqBmqUVqPHgc5um+FjNNrxfT + OI6ZPPE5QWRPU6duUGmOMIN1m0stj/j03bfP5ovFamqStceV6NL9LlVXj1gaSt+y + jtVddZiqDMoW/7XEe2nDQsEK4iMww3JaWf/ZZ6ufp8EU26McBuDwuzEqAyNpQARf + p73Qr0yCzs3qzpkTp5ze2pODAECC4DzQUNxv7bktOvGAhfryIGemLbm7f2EfuZOg + tUvrhTggqb4qLPqvEaA7clVUG3MpWEeewmLOHn/KA46BogEJy3LonJDJlsMJR9Q1 + 74qFdNmZtOJrH63j7re54MR6RHIYGSHUUofSGSwwUsXToyLTVc1XLU6MPjiN+5Ul + ocQETLAV51oSzoKPCcTWJv+E7XeVb7EPJU8rhZHzdxuGTcRG+ocj9p9h34JZUfKP + xby4V9Tk61eHATs7fqs/GDwme/Oyd5Bxi2SEjm13c8ftD/R1qn6NKwNwU4m/Qj5u + cwwCeaMVOEIFnRRVAoarZaC6cvYRg+P4uC+EkBYCJT4PcSPVuMpMTBmEybNSzynN + JgeVtaEOfwvvFzswuGlIUvmO4B96AFXymQ== + -----END CERTIFICATE----- +resources: + limits: + cpu: '500m' + memory: '1Gi' + requests: + cpu: '500m' + memory: '1Gi' +initContainer: + repository: 'registry.disy.net/docker-proxy/library/ubuntu' + resources: + limits: + cpu: '500m' + memory: '1Gi' + requests: + cpu: '500m' + memory: '1Gi' + +ingress: + enabled: true + hosts: + - host: 'geohealthcheck.whale-test2.disy.io' + paths: + - path: '/' + pathType: 'ImplementationSpecific' + tls: + - secretName: 'tls-cluster' + hosts: + - 'geohealthcheck.whale-test2.disy.io' diff --git a/helmchart/geohealthcheck/templates/cm-secrets-variables.yaml b/helmchart/geohealthcheck/templates/cm-secrets-variables.yaml index ee5500e9..75d3e58e 100644 --- a/helmchart/geohealthcheck/templates/cm-secrets-variables.yaml +++ b/helmchart/geohealthcheck/templates/cm-secrets-variables.yaml @@ -7,5 +7,8 @@ metadata: {{- include "geohealthcheck.labels" . | nindent 4 }} type: 'Opaque' data: - SECRET_KEY: {{ .Values.geohealthcheck.auth.secret | squote }} - GHC_SMTP_PASSWORD: {{ .Values.geohealthcheck.smtpPassword | squote }} + SECRET_KEY: {{ .Values.geohealthcheck.auth.secret | b64enc | squote }} + {{- if .Values.geohealthcheck.smtpPassword }} + GHC_SMTP_PASSWORD: {{ .Values.geohealthcheck.smtpPassword | b64enc | squote }} + {{- end }} + SQLALCHEMY_DATABASE_URI: {{ .Values.geohealthcheck.databaseUri | b64enc | squote }} diff --git a/helmchart/geohealthcheck/templates/deployment.yaml b/helmchart/geohealthcheck/templates/deployment.yaml index b21f3c2c..bf5087e0 100644 --- a/helmchart/geohealthcheck/templates/deployment.yaml +++ b/helmchart/geohealthcheck/templates/deployment.yaml @@ -30,11 +30,15 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - name: update-ca-certificates - image: '{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}' - command: ['sh', '-c', 'cp /custom-ca/* /usr/local/share/ca-certificates/ && update-ca-certificates'] + image: '{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}' + command: ['sh', '-c', 'apt-get update && apt-get install -y ca-certificates && update-ca-certificates'] + resources: + {{- toYaml .Values.initContainer.resources | nindent 12 }} volumeMounts: - - name: custom-ca-cert - mountPath: /custom-ca + - name: 'custom-ca-cert' + mountPath: '/usr/local/share/ca-certificates' + - name: 'ca-bundle' + mountPath: '/etc/ssl/certs' containers: - name: {{ .Chart.Name | squote }} securityContext: @@ -51,17 +55,33 @@ spec: {{- toYaml .Values.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} + envFrom: + - secretRef: + name: {{ printf "%s-secrets" (include "geohealthcheck.fullname" .) | squote }} + {{- range .Values.geohealthcheck.additionalEnvSecrets }} + - secretRef: + name: {{ . | squote }} + {{- end }} + - configMapRef: + name: {{ printf "%s-variables" (include "geohealthcheck.fullname" .) | squote }} + {{- range .Values.geohealthcheck.additionalConfigMaps }} + - configMapRef: + name: {{ . | squote }} + {{- end }} volumeMounts: - # TODO: loop through certs - - name: custom-ca-cert - mountPath: /etc/ssl/certs/my-ca.crt + - name: 'custom-ca-cert' + mountPath: '/usr/local/share/ca-certificates' + - name: 'ca-bundle' + mountPath: '/etc/ssl/certs' {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} volumes: - name: custom-ca-cert configMap: - name: custom-ca-cert + name: {{ printf "%s-certificates" (include "geohealthcheck.fullname" .) | squote }} + - name: ca-bundle + emptyDir: {} {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} @@ -84,16 +104,3 @@ spec: value: {{ $value | squote }} {{- end }} {{- end }} - envFrom: - - secretRef: - name: {{ printf "%s-secrets" (include "geohealthcheck.fullname" .) | squote }} - {{- range .Values.geohealthcheck.additionalEnvSecrets }} - - secretRef: - name: {{ . | squote }} - {{- end }} - - configMapRef: - name: {{ printf "%s-variables" (include "geohealthcheck.fullname" .) | squote }} - {{- range .Values.geohealthcheck.additionalConfigMaps }} - - configMapRef: - name: {{ . | squote }} - {{- end }} diff --git a/helmchart/geohealthcheck/templates/ingress.yaml b/helmchart/geohealthcheck/templates/ingress.yaml index f09335fe..8da61c3a 100644 --- a/helmchart/geohealthcheck/templates/ingress.yaml +++ b/helmchart/geohealthcheck/templates/ingress.yaml @@ -38,7 +38,7 @@ spec: service: name: {{ include "geohealthcheck.fullname" $ }} port: - number: {{ $.Values.service.port }} + name: 'http' {{- end }} {{- end }} {{- end }} diff --git a/helmchart/geohealthcheck/templates/networkpolicies.yaml b/helmchart/geohealthcheck/templates/networkpolicies.yaml new file mode 100644 index 00000000..0844e5e5 --- /dev/null +++ b/helmchart/geohealthcheck/templates/networkpolicies.yaml @@ -0,0 +1,39 @@ +--- +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "geohealthcheck.fullname" . }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "geohealthcheck.labels" . | nindent 6 }} + policyTypes: + - 'Ingress' + - Egress + ingress: + - from: + - namespaceSelector: {} + ports: + - protocol: 'TCP' + port: {{ include "geohealthcheck.containerPort" . }} + - from: + - ipBlock: + cidr: 0.0.0.0/0 + ports: + - protocol: 'TCP' + port: {{ include "geohealthcheck.containerPort" . }} + egress: + - to: + - namespaceSelector: {} + ports: + - port: 53 + protocol: 'UDP' + {{- if .Values.networkPolicy.egressEnabled }} + - to: + - ipBlock: + cidr: 0.0.0.0/0 + {{- end }} +{{- end }} diff --git a/helmchart/geohealthcheck/templates/serviceaccount.yaml b/helmchart/geohealthcheck/templates/serviceaccount.yaml index cf28b8bc..cc91d2b5 100644 --- a/helmchart/geohealthcheck/templates/serviceaccount.yaml +++ b/helmchart/geohealthcheck/templates/serviceaccount.yaml @@ -10,5 +10,5 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount | squote }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} {{- end }} diff --git a/helmchart/geohealthcheck/values.yaml b/helmchart/geohealthcheck/values.yaml index c8052ca6..afec67a0 100644 --- a/helmchart/geohealthcheck/values.yaml +++ b/helmchart/geohealthcheck/values.yaml @@ -51,6 +51,12 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +initContainer: + resources: {} + repository: 'library/ubuntu' + pullPolicy: 'IfNotPresent' + tag: 'jammy' + geohealthcheck: # -- additional env variables # additionalEnv: @@ -67,6 +73,11 @@ geohealthcheck: # - 'foo' # - 'bar' additionalEnvSecrets: [] + # -- database connection string for SQL-Alchemy + # valid examples are: + # SQLite: 'sqlite:///data.db' + # PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' + databaseUri: 'sqlite:///data.db' auth: # -- secret key to set when enabling authentication secret: 'changeme' @@ -141,16 +152,8 @@ service: # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: 'ClusterIP' -additionalCertificates: - cert1.crt: | - -----BEGIN CERTIFICATE----- - MIID... (your certificate content here) - -----END CERTIFICATE----- - cert2.crt: | - -----BEGIN CERTIFICATE----- - MIID... (your certificate content here) - -----END CERTIFICATE----- - +additionalCertificates: {} + # This block is for setting up the ingress for more information can be found # here: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: @@ -216,3 +219,7 @@ nodeSelector: {} tolerations: [] affinity: {} + +networkPolicy: + enabled: true + egressEnabled: true From a8d830a11d54e30580f4bf2df316e5b2c97a8c55 Mon Sep 17 00:00:00 2001 From: heidmann Date: Tue, 25 Feb 2025 11:33:09 +0100 Subject: [PATCH 05/16] working chart Signed-off-by: heidmann --- helmchart/geohealthcheck/my-values.yaml | 101 ------------------ .../geohealthcheck/templates/cm-ca-certs.yaml | 2 +- .../geohealthcheck/templates/deployment.yaml | 2 +- 3 files changed, 2 insertions(+), 103 deletions(-) delete mode 100644 helmchart/geohealthcheck/my-values.yaml diff --git a/helmchart/geohealthcheck/my-values.yaml b/helmchart/geohealthcheck/my-values.yaml deleted file mode 100644 index 905d9537..00000000 --- a/helmchart/geohealthcheck/my-values.yaml +++ /dev/null @@ -1,101 +0,0 @@ ---- -image: - repository: 'registry.disy.net/docker-proxy/geopython/geohealthcheck' -additionalCertificates: - intermediate.crt: | - -----BEGIN CERTIFICATE----- - MIIFzDCCA7SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwejEYMBYGA1UEAwwPSGVp - ZG1hbm4tUm9vdENBMQswCQYDVQQGEwJERTELMAkGA1UECAwCSEgxEDAOBgNVBAcM - B0hhbWJ1cmcxETAPBgNVBAoMCEhlaWRtYW5uMR8wHQYJKoZIhvcNAQkBFhBjYUBo - ZWlkbWFubi5pbmZvMB4XDTI0MTIzMDExMjQzMVoXDTM0MTIyODExMjQzMVowcDEL - MAkGA1UEBhMCREUxCzAJBgNVBAgMAkhIMREwDwYDVQQKDAhIZWlkbWFubjEgMB4G - A1UEAwwXSGVpZG1hbm4tSW50ZXJtZWRpYXRlQ0ExHzAdBgkqhkiG9w0BCQEWEGNh - QGhlaWRtYW5uLmluZm8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDb - QQ4DfXSeZc/XVHfQ6EghPQ12PYShvQk6hgZkhkkmBicb8c9POslSYpkkK/Q8pC+5 - XjIFF7yMR5FGxbZEtkIqFu9gHI6Sxm1FJptKhJSiPRy2MHhSjSImyG3GVXG+ZGRh - 7P3wbZIqtoK70BrrdkrJTzoWU0qDhYQgCBlCpO88m1e0Qox/6UqnuhGgHcdwJPJS - zqUHqdsTGHxQo2hlHGm5CFTsTe37aUlQ9+627riVqK8ArhUXCCx3j4tyfkPBSxnV - uHyyndfeIMR1J2ofv5oiSTY148Dgkr7YyUFwfgO8H8onPs8SfCDL6hfoAGRHreeH - tC/4hHj9NYhnX3km1PvqMQWHAcPveswFnTpQ/ZaBibaSeC8i+JtT9iKW1V6JQgD7 - Fim7nart6JgCytcxg8Cll7nNfqRwlkBNiedSU9i8FEEHy/YFmKj4D15YLluYTZCd - G2SEP2JEDGEqzTbmdxFsLKm59VI9FFTtcKKRgRlIoF7PoHc9brUoRu20MjaGSpZO - CwqLIdQv7yQv7z6ebfKxViCyIpsZESPHbKZ7Zyh9IYNa8BxlAvbEQnkVjBrplDdQ - yWlOJac5j+bCr4VJpIOicd7jek9g2W8TlxzMGjkHFSDMnMPFJS64NduZYdqT/ASp - aNcbzOGpmALIZTXJszBI3400mBEXBe0YoA6LGgUDUQIDAQABo2YwZDAdBgNVHQ4E - FgQUu8smU9eJDo4w+fPXw7942P0aux4wHwYDVR0jBBgwFoAUqQvWT3pd78gQnAhu - /t5hth1uVn4wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJ - KoZIhvcNAQELBQADggIBAJQ+tACyevmB+uheXX1rZa6k0JkWij8oX5mlk+O6sSCu - toZ3iP3MdYuxAMaSOjU1+04ZRqUkn15QQ4gmyyqQ6ojdDqPHfploypNtTMh/HrYr - E/x4zqM0PCx1LUpkbbwe8eL/5CibdMCWsapxRNY6LBgsG6m9pOSIScv0SYRkAfTQ - dM5u67BLV23c7EkVv10WHfqKnOGnkHCaFDPXZXjPfl7KsjxwbNKK4bRQrgu9Wpzg - h0tRmEu1969fjj7AEGoxomiUdTLwcQu9f/OeJmqrlwoaYdq/rtInt+a+fi6HylX8 - XHIsr71UsneUu5eOos1lNdzzKjNsMa/pI1vgoKY/83u68/mwjfyL45FIq8Aq8VS/ - 6uncn6EEqtyElqPxDkfRr3H0DEwXjiwU6No2/Gre1BKvK3/KuF/A8CWDpgSrsYEv - bAjZaQo0uCYydc8NrDykN36K5IVlEaGseLOnXdi8oOAWf/pzMck8EasfIPjVPhU8 - Q+biOQC9dejBGxmWxrcpAbl/thes16v5iA7sls5VyLY7dn5P39BPMgRSssPBErAL - v+9x6+IKnNPZV8U4KuOSQZVIZe/fmumO4vKisE+LsIG4S7C3+tgIk9cr+KTITvUT - /CYKPJhWrMKoNUgIBZs1MhbEW1zj7bDb7V3sv/8yTomxobWy4B7NlvWK4dBFDqOJ - -----END CERTIFICATE----- - root.crt: | - -----BEGIN CERTIFICATE----- - MIIF5TCCA82gAwIBAgIUPLeDukjBOWKP3yfOT4X8WFx/qmQwDQYJKoZIhvcNAQEL - BQAwejEYMBYGA1UEAwwPSGVpZG1hbm4tUm9vdENBMQswCQYDVQQGEwJERTELMAkG - A1UECAwCSEgxEDAOBgNVBAcMB0hhbWJ1cmcxETAPBgNVBAoMCEhlaWRtYW5uMR8w - HQYJKoZIhvcNAQkBFhBjYUBoZWlkbWFubi5pbmZvMB4XDTI0MTIzMDExMjA1NVoX - DTQ0MTIyNTExMjA1NVowejEYMBYGA1UEAwwPSGVpZG1hbm4tUm9vdENBMQswCQYD - VQQGEwJERTELMAkGA1UECAwCSEgxEDAOBgNVBAcMB0hhbWJ1cmcxETAPBgNVBAoM - CEhlaWRtYW5uMR8wHQYJKoZIhvcNAQkBFhBjYUBoZWlkbWFubi5pbmZvMIICIjAN - BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5e3IwLY5mdPp2DjFLu1HTVaN6bdz - FP6oBshDHsnIWWRfijO0XMtzuefKKmoMl+o7Tbw9JJsMWBnZdYQ0mrWAc1P9tbkd - 2IouNDsGfnb8/92DaR7YtCNZjuF2bJUdt4jsvOXfaPFIEx50M6oICg1UvXGgbD1U - Q8nk7/aCyTSaqbNQuxIQckftMK/t7/M/ZX4srW0Lf0aFgDs50YW1Eer3DfgE8FpM - 1z4yp/mZTcrLzvXhKCUo8LsEpNPeTpkshVBjdQReJnEcGIvk5aCPNF43IueM+qDg - eYedsQnWeLz8Sg0SPQ7awcoSDwcOcaKUFqs4YpWbDwoBbvhSc4Uq+d2wgNJgNcJJ - 3eZaqqRylw+I3D47is1IHPb0jP5SWi6HKdGHQJwYTKdAqL+6XohnB/DWrHFvvFJa - 6GLaExk+CYTZcmQh6cY6p3HvhEG5pmkNPLyoHxBwtpU/bLeeZ99J469mTtPACxPM - srxpCSmmMxopmBvYokzWIxg5etwshb/YDzeWP3UIipaiCftN1dhhKLjMNMtv2/7p - vsDNY/2Kqs+4pZUQP0UsJHvVo3sskkDbyO8kjSxkM8gvNL4FO1v14ihlYFqQyPE4 - iPAvAcIeAsJXl8A0rYmL5xz0XTjA9FDt6f4Duu9vmbHJBr7wIuUBcIDWLtYC4k2+ - 9JFpz/wF6qSR1w8CAwEAAaNjMGEwHQYDVR0OBBYEFKkL1k96Xe/IEJwIbv7eYbYd - blZ+MB8GA1UdIwQYMBaAFKkL1k96Xe/IEJwIbv7eYbYdblZ+MA8GA1UdEwEB/wQF - MAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCDC5IcejVj - K3n7/YNmVZ0JSNSmOwLbOFxBIrI7DuW/suqUTuGVMkcndCsK4iOsI2rs97Z7397N - Gnmz/EyfjDx/9R+QvEcgFpgT9mhFt+kDcUWZ52l0DqBmqUVqPHgc5um+FjNNrxfT - OI6ZPPE5QWRPU6duUGmOMIN1m0stj/j03bfP5ovFamqStceV6NL9LlVXj1gaSt+y - jtVddZiqDMoW/7XEe2nDQsEK4iMww3JaWf/ZZ6ufp8EU26McBuDwuzEqAyNpQARf - p73Qr0yCzs3qzpkTp5ze2pODAECC4DzQUNxv7bktOvGAhfryIGemLbm7f2EfuZOg - tUvrhTggqb4qLPqvEaA7clVUG3MpWEeewmLOHn/KA46BogEJy3LonJDJlsMJR9Q1 - 74qFdNmZtOJrH63j7re54MR6RHIYGSHUUofSGSwwUsXToyLTVc1XLU6MPjiN+5Ul - ocQETLAV51oSzoKPCcTWJv+E7XeVb7EPJU8rhZHzdxuGTcRG+ocj9p9h34JZUfKP - xby4V9Tk61eHATs7fqs/GDwme/Oyd5Bxi2SEjm13c8ftD/R1qn6NKwNwU4m/Qj5u - cwwCeaMVOEIFnRRVAoarZaC6cvYRg+P4uC+EkBYCJT4PcSPVuMpMTBmEybNSzynN - JgeVtaEOfwvvFzswuGlIUvmO4B96AFXymQ== - -----END CERTIFICATE----- -resources: - limits: - cpu: '500m' - memory: '1Gi' - requests: - cpu: '500m' - memory: '1Gi' -initContainer: - repository: 'registry.disy.net/docker-proxy/library/ubuntu' - resources: - limits: - cpu: '500m' - memory: '1Gi' - requests: - cpu: '500m' - memory: '1Gi' - -ingress: - enabled: true - hosts: - - host: 'geohealthcheck.whale-test2.disy.io' - paths: - - path: '/' - pathType: 'ImplementationSpecific' - tls: - - secretName: 'tls-cluster' - hosts: - - 'geohealthcheck.whale-test2.disy.io' diff --git a/helmchart/geohealthcheck/templates/cm-ca-certs.yaml b/helmchart/geohealthcheck/templates/cm-ca-certs.yaml index ff7840af..46fa03bf 100644 --- a/helmchart/geohealthcheck/templates/cm-ca-certs.yaml +++ b/helmchart/geohealthcheck/templates/cm-ca-certs.yaml @@ -7,6 +7,6 @@ metadata: {{- include "geohealthcheck.labels" . | nindent 4 }} data: {{- range $filename, $certificate := .Values.additionalCertificates }} - {{ $filename -}}: >- + {{ $filename -}}: | {{- $certificate | nindent 4 }} {{- end -}} diff --git a/helmchart/geohealthcheck/templates/deployment.yaml b/helmchart/geohealthcheck/templates/deployment.yaml index bf5087e0..ee4d1cc8 100644 --- a/helmchart/geohealthcheck/templates/deployment.yaml +++ b/helmchart/geohealthcheck/templates/deployment.yaml @@ -31,7 +31,7 @@ spec: initContainers: - name: update-ca-certificates image: '{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}' - command: ['sh', '-c', 'apt-get update && apt-get install -y ca-certificates && update-ca-certificates'] + command: ['sh', '-c', 'apt-get update && apt-get install -y ca-certificates && update-ca-certificates -v'] resources: {{- toYaml .Values.initContainer.resources | nindent 12 }} volumeMounts: From 6f7f8624d7b07be7889d1b4283a0113fc942b691 Mon Sep 17 00:00:00 2001 From: heidmann Date: Tue, 25 Feb 2025 12:03:36 +0100 Subject: [PATCH 06/16] add documentation to the values Signed-off-by: heidmann --- helmchart/geohealthcheck/README.md | 74 ++++++++++++++++++---------- helmchart/geohealthcheck/values.yaml | 63 ++++++++++++++--------- 2 files changed, 86 insertions(+), 51 deletions(-) diff --git a/helmchart/geohealthcheck/README.md b/helmchart/geohealthcheck/README.md index 85eee783..123b7c41 100644 --- a/helmchart/geohealthcheck/README.md +++ b/helmchart/geohealthcheck/README.md @@ -8,50 +8,70 @@ A Helm chart for GeoHealthCheck | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalCertificates | object | `{}` | | | affinity | object | `{}` | | -| fullnameOverride | string | `""` | | +| fullnameOverride | string | `""` | This is to override the release name. | | geohealthcheck.additionalConfigMaps | list | `[]` | additional configmaps additionalConfigMaps: - 'foo' - 'bar' | | geohealthcheck.additionalEnv | object | `{}` | additional env variables additionalEnv: name1: 'value1' name2: 'value2' | | geohealthcheck.additionalEnvSecrets | list | `[]` | additional envSecrets additionalEnvSecrets: - 'foo' - 'bar' | +| geohealthcheck.adminEmail | string | `"you@example.com"` | email address of administrator / contact- notification emails will come from this address | | geohealthcheck.auth.secret | string | `"changeme"` | secret key to set when enabling authentication | +| geohealthcheck.basicAuthDisabled | string | `"False"` | disable Basic Authentication to access GHC webapp and APIs (default: False), | +| geohealthcheck.databaseUri | string | `"sqlite:///data.db"` | database connection string for SQL-Alchemy valid examples are: SQLite: 'sqlite:///data.db' PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' | +| geohealthcheck.largeXml | string | `"False"` | allows GeoHealthCheck to receive large XML files from the servers under test (default False). Note: setting this to True might pose a security risk | +| geohealthcheck.logLevel | string | `"30"` | logging level: 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL (default: 30, WARNING) | +| geohealthcheck.metadataCacheSecs | string | `"900"` | metadata, “Capabilities Docs”, cache expiry time, default 900 secs, -1 to disable | | geohealthcheck.minimalRunFrequencyMins | int | `10` | minimal run frequency for Resource that can be set in web UI | | geohealthcheck.notifications | string | `"False"` | turn on email and webhook notifications | +| geohealthcheck.notificationsEmail | list | `[]` | list of email addresses that notifications should come to. Use a different address to GHC_ADMIN_EMAIL if you have trouble receiving notification emails. Also, you can set separate notification emails t specific resources. Failing resource will send notification to emails from GHC_NOTIFICATIONS_EMAIL value and emails configured for that specific resource altogether. notificationsEmail: - 'you2@example.com' - 'you3@example.com' | | geohealthcheck.notificationsVerbosity | string | `"True"` | receive additional email notifications than just Failing and Fixed (default True) | | geohealthcheck.probeHttpTimeoutSecs | int | `30` | stop waiting for the first byte of a Probe response after the given number of seconds | +| geohealthcheck.requireWebappAuth | string | `"False"` | require authentication (login or Basic Auth) to access GHC webapp and APIs (default: False) | | geohealthcheck.retentionDays | int | `30` | the number of days to keep Run history | +| geohealthcheck.runnerInWebapp | string | `"True"` | should the GHC Runner Daemon be run in webapp (default: True) | | geohealthcheck.selfRegister | string | `"False"` | allow registrations from users on the website | -| geohealthcheck.wwwLinkExceptionCheck | string | `"False"` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"geopython/geohealthcheck"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| livenessProbe.httpGet.path | string | `"/"` | | -| livenessProbe.httpGet.port | string | `"http"` | | -| nameOverride | string | `""` | | +| geohealthcheck.siteTitle | string | `"GeoHealthCheck Demonstration"` | title used for installation / deployment | +| geohealthcheck.siteUrl | string | `"http://host"` | full URL of the installation / deployment | +| geohealthcheck.smtpPassword | string | `nil` | SMTP server name or IP | +| geohealthcheck.smtpPort | string | `nil` | SMTP port | +| geohealthcheck.smtpServer | string | `nil` | SMTP server name or IP | +| geohealthcheck.smtpUseTls | string | `nil` | whether or not to use StartTLS with SMTP | +| geohealthcheck.smtpUsername | string | `nil` | SMTP server name or IP | +| geohealthcheck.verifySsl | string | `"True"` | perform SSL verification for Probe HTTPS requests (default: True) | +| geohealthcheck.wwwLinkExceptionCheck | string | `"False"` | turn on checking for OGC Exceptions in WWW:LINK Resource responses (default False) | +| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | +| image.repository | string | `"geopython/geohealthcheck"` | image for GeoHealthCheck | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | +| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ | +| ingress.annotations | object | `{}` | annotations for the ingress annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" | +| ingress.className | string | `""` | ingress class name | +| ingress.enabled | bool | `false` | enable/disable ingress | +| initContainer.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image of the init container | +| initContainer.repository | string | `"library/ubuntu"` | image for the init container | +| initContainer.resources | object | `{}` | resource definitions for the init container | +| initContainer.tag | string | `"jammy"` | tag for the init container | +| livenessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ | +| nameOverride | string | `""` | This is to override the chart name. | +| networkPolicy.egressEnabled | bool | `true` | allow/deny external connections. This should be enabled if you want to monitor resources outside of this namespace | +| networkPolicy.enabled | bool | `true` | Enable/disable network policy generation | | nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podLabels | object | `{}` | | +| podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: yamllint disable-line rule:line-length https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | +| podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | | podSecurityContext | object | `{}` | | | readinessProbe.httpGet.path | string | `"/"` | | | readinessProbe.httpGet.port | string | `"http"` | | -| resources | object | `{}` | | +| resources | object | `{}` | resources for the main container We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi | | securityContext | object | `{}` | | -| service.port | int | `80` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | +| service | object | `{"type":"ClusterIP"}` | This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ | +| service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | | -| volumeMounts | list | `[]` | | -| volumes | list | `[]` | | +| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true | +| volumes | list | `[]` | Additional volumes on the output Deployment definition. volumes: - name: foo secret: secretName: mysecret optional: false | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/helmchart/geohealthcheck/values.yaml b/helmchart/geohealthcheck/values.yaml index afec67a0..f4b84695 100644 --- a/helmchart/geohealthcheck/values.yaml +++ b/helmchart/geohealthcheck/values.yaml @@ -2,40 +2,43 @@ # This sets the container image more information can be found here: # https://kubernetes.io/docs/concepts/containers/images/ image: + # -- image for GeoHealthCheck repository: 'geopython/geohealthcheck' + # -- Pull policy for the image pullPolicy: 'IfNotPresent' - # Overrides the image tag whose default is the chart appVersion. + # -- Overrides the image tag whose default is the chart appVersion. tag: '' -# This is for the secretes for pulling an image from a private repository more +# -- This is for the secretes for pulling an image from a private repository more # information can be found here: # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] -# This is to override the chart name. +# -- This is to override the chart name. nameOverride: '' +# -- This is to override the release name. fullnameOverride: '' # This section builds out the service account more information can be found # here: https://kubernetes.io/docs/concepts/security/service-accounts/ serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Automatically mount a ServiceAccount's API credentials? + # -- Automatically mount a ServiceAccount's API credentials? automount: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname # template name: '' -# This is for setting Kubernetes Annotations to a Pod. +# -- This is for setting Kubernetes Annotations to a Pod. # For more information checkout: # yamllint disable-line rule:line-length # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} -# This is for setting Kubernetes Labels to a Pod. +# -- This is for setting Kubernetes Labels to a Pod. # For more information checkout: # https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ podLabels: {} @@ -51,11 +54,16 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +# Definitions for the init container initContainer: + # -- resource definitions for the init container resources: {} + # -- image for the init container repository: 'library/ubuntu' - pullPolicy: 'IfNotPresent' + # -- tag for the init container tag: 'jammy' + # -- Pull policy for the image of the init container + pullPolicy: 'IfNotPresent' geohealthcheck: # -- additional env variables @@ -145,16 +153,16 @@ geohealthcheck: smtpUsername: # -- SMTP server name or IP smtpPassword: -# This is for setting up a service more information can be found here: +# -- This is for setting up a service more information can be found here: # https://kubernetes.io/docs/concepts/services-networking/service/ service: - # This sets the service type more information can be found here: + # -- This sets the service type more information can be found here: # https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: 'ClusterIP' additionalCertificates: {} -# This block is for setting up the ingress for more information can be found +# -- This block is for setting up the ingress for more information can be found # here: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: # -- enable/disable ingress @@ -176,7 +184,7 @@ ingress: # hosts: # - chart-example.local -resources: {} +# -- resources for the main container # We usually recommend not to specify default resources and to leave this as # a conscious choice for the user. This also increases chances charts run on # environments with little resources, such as Minikube. If you do want to @@ -188,8 +196,9 @@ resources: {} # requests: # cpu: 100m # memory: 128Mi +resources: {} -# This is to setup the liveness and readiness probes more information can be +# -- This is to setup the liveness and readiness probes more information can be # found here: # https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ livenessProbe: @@ -201,18 +210,20 @@ readinessProbe: path: '/' port: 'http' -# Additional volumes on the output Deployment definition. +# -- Additional volumes on the output Deployment definition. +# volumes: +# - name: foo +# secret: +# secretName: mysecret +# optional: false volumes: [] -# - name: foo -# secret: -# secretName: mysecret -# optional: false -# Additional volumeMounts on the output Deployment definition. +# -- Additional volumeMounts on the output Deployment definition. +# volumeMounts: +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true volumeMounts: [] -# - name: foo -# mountPath: "/etc/foo" -# readOnly: true nodeSelector: {} @@ -220,6 +231,10 @@ tolerations: [] affinity: {} +# Network Policy definition networkPolicy: + # -- Enable/disable network policy generation enabled: true + # -- allow/deny external connections. This should be enabled if you want to monitor resources + # outside of this namespace egressEnabled: true From b89921559f6513c55baa9daf1ebfd530640668cf Mon Sep 17 00:00:00 2001 From: heidmann Date: Tue, 25 Feb 2025 13:17:40 +0100 Subject: [PATCH 07/16] add persistenmce for SQLite database Signed-off-by: heidmann --- helmchart/geohealthcheck/README.md | 5 ++++- .../geohealthcheck/templates/deployment.yaml | 5 +++++ helmchart/geohealthcheck/templates/pvc.yaml | 18 ++++++++++++++++++ helmchart/geohealthcheck/values.yaml | 10 +++++++++- 4 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 helmchart/geohealthcheck/templates/pvc.yaml diff --git a/helmchart/geohealthcheck/README.md b/helmchart/geohealthcheck/README.md index 123b7c41..b5dedc01 100644 --- a/helmchart/geohealthcheck/README.md +++ b/helmchart/geohealthcheck/README.md @@ -17,7 +17,7 @@ A Helm chart for GeoHealthCheck | geohealthcheck.adminEmail | string | `"you@example.com"` | email address of administrator / contact- notification emails will come from this address | | geohealthcheck.auth.secret | string | `"changeme"` | secret key to set when enabling authentication | | geohealthcheck.basicAuthDisabled | string | `"False"` | disable Basic Authentication to access GHC webapp and APIs (default: False), | -| geohealthcheck.databaseUri | string | `"sqlite:///data.db"` | database connection string for SQL-Alchemy valid examples are: SQLite: 'sqlite:///data.db' PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' | +| geohealthcheck.databaseUri | string | `"sqlite:////data/data.db"` | database connection string for SQL-Alchemy valid examples are: SQLite: 'sqlite:///data.db' PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' | | geohealthcheck.largeXml | string | `"False"` | allows GeoHealthCheck to receive large XML files from the servers under test (default False). Note: setting this to True might pose a security risk | | geohealthcheck.logLevel | string | `"30"` | logging level: 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL (default: 30, WARNING) | | geohealthcheck.metadataCacheSecs | string | `"900"` | metadata, “Capabilities Docs”, cache expiry time, default 900 secs, -1 to disable | @@ -56,6 +56,9 @@ A Helm chart for GeoHealthCheck | networkPolicy.egressEnabled | bool | `true` | allow/deny external connections. This should be enabled if you want to monitor resources outside of this namespace | | networkPolicy.enabled | bool | `true` | Enable/disable network policy generation | | nodeSelector | object | `{}` | | +| persistence.enabled | bool | `true` | enable persistence when using an SQLite database | +| persistence.size | string | `"1Gi"` | size of the data partition | +| persistence.storageClassName | string | `""` | | | podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: yamllint disable-line rule:line-length https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | | podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ | | podSecurityContext | object | `{}` | | diff --git a/helmchart/geohealthcheck/templates/deployment.yaml b/helmchart/geohealthcheck/templates/deployment.yaml index ee4d1cc8..6c91f650 100644 --- a/helmchart/geohealthcheck/templates/deployment.yaml +++ b/helmchart/geohealthcheck/templates/deployment.yaml @@ -73,6 +73,8 @@ spec: mountPath: '/usr/local/share/ca-certificates' - name: 'ca-bundle' mountPath: '/etc/ssl/certs' + - name: data + mountPath: /data {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} @@ -82,6 +84,9 @@ spec: name: {{ printf "%s-certificates" (include "geohealthcheck.fullname" .) | squote }} - name: ca-bundle emptyDir: {} + - name: data + persistentVolumeClaim: + claimName: {{ include "geohealthcheck.fullname" . | squote }} {{- with .Values.volumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/helmchart/geohealthcheck/templates/pvc.yaml b/helmchart/geohealthcheck/templates/pvc.yaml new file mode 100644 index 00000000..bb238ccd --- /dev/null +++ b/helmchart/geohealthcheck/templates/pvc.yaml @@ -0,0 +1,18 @@ +--- +{{- if .Values.persistence.enabled }} +apiVersion: 'v1' +kind: 'PersistentVolumeClaim' +metadata: + name: {{ include "geohealthcheck.fullname" . | squote }} + labels: + {{- include "geohealthcheck.labels" . | nindent 4 }} +spec: + accessModes: + - 'ReadWriteOnce' + resources: + requests: + storage: {{ .Values.persistence.size | squote }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName | squote }} + {{- end }} +{{- end }} diff --git a/helmchart/geohealthcheck/values.yaml b/helmchart/geohealthcheck/values.yaml index f4b84695..5e261f73 100644 --- a/helmchart/geohealthcheck/values.yaml +++ b/helmchart/geohealthcheck/values.yaml @@ -85,7 +85,7 @@ geohealthcheck: # valid examples are: # SQLite: 'sqlite:///data.db' # PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' - databaseUri: 'sqlite:///data.db' + databaseUri: 'sqlite:////data/data.db' auth: # -- secret key to set when enabling authentication secret: 'changeme' @@ -210,6 +210,14 @@ readinessProbe: path: '/' port: 'http' +persistence: + # -- enable persistence when using an SQLite database + enabled: true + # -- size of the data partition + size: '1Gi' + # storage class name. Leave empty for the default class + storageClassName: '' + # -- Additional volumes on the output Deployment definition. # volumes: # - name: foo From f4868c62f79a91dc146c565b4d71700734b188dc Mon Sep 17 00:00:00 2001 From: heidmann Date: Wed, 26 Feb 2025 10:50:12 +0100 Subject: [PATCH 08/16] change directory name --- {helmchart => charts}/geohealthcheck/.editorconfig | 0 {helmchart => charts}/geohealthcheck/.helmignore | 0 {helmchart => charts}/geohealthcheck/.yamllint | 0 {helmchart => charts}/geohealthcheck/Chart.yaml | 2 +- {helmchart => charts}/geohealthcheck/README.md | 0 {helmchart => charts}/geohealthcheck/environment-variables.txt | 0 {helmchart => charts}/geohealthcheck/templates/NOTES.txt | 0 {helmchart => charts}/geohealthcheck/templates/_helpers.tpl | 0 {helmchart => charts}/geohealthcheck/templates/cm-ca-certs.yaml | 0 .../geohealthcheck/templates/cm-secrets-variables.yaml | 0 .../geohealthcheck/templates/cm-variables.yaml | 0 {helmchart => charts}/geohealthcheck/templates/deployment.yaml | 0 {helmchart => charts}/geohealthcheck/templates/ingress.yaml | 0 .../geohealthcheck/templates/networkpolicies.yaml | 0 {helmchart => charts}/geohealthcheck/templates/pvc.yaml | 0 {helmchart => charts}/geohealthcheck/templates/service.yaml | 0 .../geohealthcheck/templates/serviceaccount.yaml | 0 {helmchart => charts}/geohealthcheck/values.yaml | 0 18 files changed, 1 insertion(+), 1 deletion(-) rename {helmchart => charts}/geohealthcheck/.editorconfig (100%) rename {helmchart => charts}/geohealthcheck/.helmignore (100%) rename {helmchart => charts}/geohealthcheck/.yamllint (100%) rename {helmchart => charts}/geohealthcheck/Chart.yaml (88%) rename {helmchart => charts}/geohealthcheck/README.md (100%) rename {helmchart => charts}/geohealthcheck/environment-variables.txt (100%) rename {helmchart => charts}/geohealthcheck/templates/NOTES.txt (100%) rename {helmchart => charts}/geohealthcheck/templates/_helpers.tpl (100%) rename {helmchart => charts}/geohealthcheck/templates/cm-ca-certs.yaml (100%) rename {helmchart => charts}/geohealthcheck/templates/cm-secrets-variables.yaml (100%) rename {helmchart => charts}/geohealthcheck/templates/cm-variables.yaml (100%) rename {helmchart => charts}/geohealthcheck/templates/deployment.yaml (100%) rename {helmchart => charts}/geohealthcheck/templates/ingress.yaml (100%) rename {helmchart => charts}/geohealthcheck/templates/networkpolicies.yaml (100%) rename {helmchart => charts}/geohealthcheck/templates/pvc.yaml (100%) rename {helmchart => charts}/geohealthcheck/templates/service.yaml (100%) rename {helmchart => charts}/geohealthcheck/templates/serviceaccount.yaml (100%) rename {helmchart => charts}/geohealthcheck/values.yaml (100%) diff --git a/helmchart/geohealthcheck/.editorconfig b/charts/geohealthcheck/.editorconfig similarity index 100% rename from helmchart/geohealthcheck/.editorconfig rename to charts/geohealthcheck/.editorconfig diff --git a/helmchart/geohealthcheck/.helmignore b/charts/geohealthcheck/.helmignore similarity index 100% rename from helmchart/geohealthcheck/.helmignore rename to charts/geohealthcheck/.helmignore diff --git a/helmchart/geohealthcheck/.yamllint b/charts/geohealthcheck/.yamllint similarity index 100% rename from helmchart/geohealthcheck/.yamllint rename to charts/geohealthcheck/.yamllint diff --git a/helmchart/geohealthcheck/Chart.yaml b/charts/geohealthcheck/Chart.yaml similarity index 88% rename from helmchart/geohealthcheck/Chart.yaml rename to charts/geohealthcheck/Chart.yaml index 33a92fe1..2fda5077 100644 --- a/helmchart/geohealthcheck/Chart.yaml +++ b/charts/geohealthcheck/Chart.yaml @@ -3,5 +3,5 @@ apiVersion: 'v2' name: 'geohealthcheck' description: 'A Helm chart for GeoHealthCheck' type: 'application' -version: '0.1.0' +version: '1.0.0' appVersion: '0.9.0' diff --git a/helmchart/geohealthcheck/README.md b/charts/geohealthcheck/README.md similarity index 100% rename from helmchart/geohealthcheck/README.md rename to charts/geohealthcheck/README.md diff --git a/helmchart/geohealthcheck/environment-variables.txt b/charts/geohealthcheck/environment-variables.txt similarity index 100% rename from helmchart/geohealthcheck/environment-variables.txt rename to charts/geohealthcheck/environment-variables.txt diff --git a/helmchart/geohealthcheck/templates/NOTES.txt b/charts/geohealthcheck/templates/NOTES.txt similarity index 100% rename from helmchart/geohealthcheck/templates/NOTES.txt rename to charts/geohealthcheck/templates/NOTES.txt diff --git a/helmchart/geohealthcheck/templates/_helpers.tpl b/charts/geohealthcheck/templates/_helpers.tpl similarity index 100% rename from helmchart/geohealthcheck/templates/_helpers.tpl rename to charts/geohealthcheck/templates/_helpers.tpl diff --git a/helmchart/geohealthcheck/templates/cm-ca-certs.yaml b/charts/geohealthcheck/templates/cm-ca-certs.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/cm-ca-certs.yaml rename to charts/geohealthcheck/templates/cm-ca-certs.yaml diff --git a/helmchart/geohealthcheck/templates/cm-secrets-variables.yaml b/charts/geohealthcheck/templates/cm-secrets-variables.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/cm-secrets-variables.yaml rename to charts/geohealthcheck/templates/cm-secrets-variables.yaml diff --git a/helmchart/geohealthcheck/templates/cm-variables.yaml b/charts/geohealthcheck/templates/cm-variables.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/cm-variables.yaml rename to charts/geohealthcheck/templates/cm-variables.yaml diff --git a/helmchart/geohealthcheck/templates/deployment.yaml b/charts/geohealthcheck/templates/deployment.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/deployment.yaml rename to charts/geohealthcheck/templates/deployment.yaml diff --git a/helmchart/geohealthcheck/templates/ingress.yaml b/charts/geohealthcheck/templates/ingress.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/ingress.yaml rename to charts/geohealthcheck/templates/ingress.yaml diff --git a/helmchart/geohealthcheck/templates/networkpolicies.yaml b/charts/geohealthcheck/templates/networkpolicies.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/networkpolicies.yaml rename to charts/geohealthcheck/templates/networkpolicies.yaml diff --git a/helmchart/geohealthcheck/templates/pvc.yaml b/charts/geohealthcheck/templates/pvc.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/pvc.yaml rename to charts/geohealthcheck/templates/pvc.yaml diff --git a/helmchart/geohealthcheck/templates/service.yaml b/charts/geohealthcheck/templates/service.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/service.yaml rename to charts/geohealthcheck/templates/service.yaml diff --git a/helmchart/geohealthcheck/templates/serviceaccount.yaml b/charts/geohealthcheck/templates/serviceaccount.yaml similarity index 100% rename from helmchart/geohealthcheck/templates/serviceaccount.yaml rename to charts/geohealthcheck/templates/serviceaccount.yaml diff --git a/helmchart/geohealthcheck/values.yaml b/charts/geohealthcheck/values.yaml similarity index 100% rename from helmchart/geohealthcheck/values.yaml rename to charts/geohealthcheck/values.yaml From 8f69091253e42f5e13dab240a5cb60a75e93ec4b Mon Sep 17 00:00:00 2001 From: heidmann Date: Wed, 26 Feb 2025 10:51:40 +0100 Subject: [PATCH 09/16] update docs --- charts/geohealthcheck/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/geohealthcheck/README.md b/charts/geohealthcheck/README.md index b5dedc01..68fc67da 100644 --- a/charts/geohealthcheck/README.md +++ b/charts/geohealthcheck/README.md @@ -1,6 +1,6 @@ # geohealthcheck -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) A Helm chart for GeoHealthCheck From cb393113df7c85c8c3c127004eb51623756797a6 Mon Sep 17 00:00:00 2001 From: heidmann Date: Wed, 26 Feb 2025 12:40:06 +0100 Subject: [PATCH 10/16] add possibility to add a update strategy --- charts/geohealthcheck/README.md | 1 + charts/geohealthcheck/templates/deployment.yaml | 1 + charts/geohealthcheck/values.yaml | 5 +++++ 3 files changed, 7 insertions(+) diff --git a/charts/geohealthcheck/README.md b/charts/geohealthcheck/README.md index 68fc67da..95a5eb08 100644 --- a/charts/geohealthcheck/README.md +++ b/charts/geohealthcheck/README.md @@ -73,6 +73,7 @@ A Helm chart for GeoHealthCheck | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | | +| updateStrategy | string | `"Recreate"` | update strategy to the deployment. This should be Recreate unless you have a good reason to choose something else because otherwise you will get multi attach errors | | volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true | | volumes | list | `[]` | Additional volumes on the output Deployment definition. volumes: - name: foo secret: secretName: mysecret optional: false | diff --git a/charts/geohealthcheck/templates/deployment.yaml b/charts/geohealthcheck/templates/deployment.yaml index 6c91f650..69f7c79e 100644 --- a/charts/geohealthcheck/templates/deployment.yaml +++ b/charts/geohealthcheck/templates/deployment.yaml @@ -28,6 +28,7 @@ spec: serviceAccountName: {{ include "geohealthcheck.serviceAccountName" . | squote }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + strategy: {{ .Values.updateStrategy | squote }} initContainers: - name: update-ca-certificates image: '{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}' diff --git a/charts/geohealthcheck/values.yaml b/charts/geohealthcheck/values.yaml index 5e261f73..639936b0 100644 --- a/charts/geohealthcheck/values.yaml +++ b/charts/geohealthcheck/values.yaml @@ -65,6 +65,11 @@ initContainer: # -- Pull policy for the image of the init container pullPolicy: 'IfNotPresent' +# -- update strategy to the deployment. This should be Recreate unless you have +# a good reason to choose something else because otherwise you will get +# multi attach errors +updateStrategy: 'Recreate' + geohealthcheck: # -- additional env variables # additionalEnv: From 02f317b319ef8938051c20e29bc5b39623fb0110 Mon Sep 17 00:00:00 2001 From: heidmann Date: Wed, 26 Feb 2025 13:42:48 +0100 Subject: [PATCH 11/16] change to boolean values --- charts/geohealthcheck/README.md | 19 +++++++------ .../templates/cm-secrets-variables.yaml | 2 +- .../templates/cm-variables.yaml | 20 +++++++------ charts/geohealthcheck/values.yaml | 28 ++++++++++--------- 4 files changed, 37 insertions(+), 32 deletions(-) diff --git a/charts/geohealthcheck/README.md b/charts/geohealthcheck/README.md index 95a5eb08..2fcd633c 100644 --- a/charts/geohealthcheck/README.md +++ b/charts/geohealthcheck/README.md @@ -16,29 +16,30 @@ A Helm chart for GeoHealthCheck | geohealthcheck.additionalEnvSecrets | list | `[]` | additional envSecrets additionalEnvSecrets: - 'foo' - 'bar' | | geohealthcheck.adminEmail | string | `"you@example.com"` | email address of administrator / contact- notification emails will come from this address | | geohealthcheck.auth.secret | string | `"changeme"` | secret key to set when enabling authentication | -| geohealthcheck.basicAuthDisabled | string | `"False"` | disable Basic Authentication to access GHC webapp and APIs (default: False), | +| geohealthcheck.basicAuthDisabled | bool | `false` | disable Basic Authentication to access GHC webapp and APIs (default: False), | | geohealthcheck.databaseUri | string | `"sqlite:////data/data.db"` | database connection string for SQL-Alchemy valid examples are: SQLite: 'sqlite:///data.db' PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' | -| geohealthcheck.largeXml | string | `"False"` | allows GeoHealthCheck to receive large XML files from the servers under test (default False). Note: setting this to True might pose a security risk | +| geohealthcheck.largeXml | bool | `false` | allows GeoHealthCheck to receive large XML files from the servers under test (default False). Note: setting this to True might pose a security risk | | geohealthcheck.logLevel | string | `"30"` | logging level: 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL (default: 30, WARNING) | | geohealthcheck.metadataCacheSecs | string | `"900"` | metadata, “Capabilities Docs”, cache expiry time, default 900 secs, -1 to disable | | geohealthcheck.minimalRunFrequencyMins | int | `10` | minimal run frequency for Resource that can be set in web UI | -| geohealthcheck.notifications | string | `"False"` | turn on email and webhook notifications | +| geohealthcheck.notifications | bool | `false` | turn on email and webhook notifications | | geohealthcheck.notificationsEmail | list | `[]` | list of email addresses that notifications should come to. Use a different address to GHC_ADMIN_EMAIL if you have trouble receiving notification emails. Also, you can set separate notification emails t specific resources. Failing resource will send notification to emails from GHC_NOTIFICATIONS_EMAIL value and emails configured for that specific resource altogether. notificationsEmail: - 'you2@example.com' - 'you3@example.com' | -| geohealthcheck.notificationsVerbosity | string | `"True"` | receive additional email notifications than just Failing and Fixed (default True) | +| geohealthcheck.notificationsVerbosity | bool | `false` | receive additional email notifications than just Failing and Fixed (default True) | | geohealthcheck.probeHttpTimeoutSecs | int | `30` | stop waiting for the first byte of a Probe response after the given number of seconds | -| geohealthcheck.requireWebappAuth | string | `"False"` | require authentication (login or Basic Auth) to access GHC webapp and APIs (default: False) | +| geohealthcheck.requireWebappAuth | bool | `false` | require authentication (login or Basic Auth) to access GHC webapp and APIs (default: False) | | geohealthcheck.retentionDays | int | `30` | the number of days to keep Run history | -| geohealthcheck.runnerInWebapp | string | `"True"` | should the GHC Runner Daemon be run in webapp (default: True) | -| geohealthcheck.selfRegister | string | `"False"` | allow registrations from users on the website | +| geohealthcheck.runnerInWebapp | bool | `true` | should the GHC Runner Daemon be run in webapp (default: True) | +| geohealthcheck.selfRegister | bool | `false` | allow registrations from users on the website | | geohealthcheck.siteTitle | string | `"GeoHealthCheck Demonstration"` | title used for installation / deployment | | geohealthcheck.siteUrl | string | `"http://host"` | full URL of the installation / deployment | +| geohealthcheck.smtpEnabled | bool | `false` | enable/disable smtp | | geohealthcheck.smtpPassword | string | `nil` | SMTP server name or IP | | geohealthcheck.smtpPort | string | `nil` | SMTP port | | geohealthcheck.smtpServer | string | `nil` | SMTP server name or IP | | geohealthcheck.smtpUseTls | string | `nil` | whether or not to use StartTLS with SMTP | | geohealthcheck.smtpUsername | string | `nil` | SMTP server name or IP | -| geohealthcheck.verifySsl | string | `"True"` | perform SSL verification for Probe HTTPS requests (default: True) | -| geohealthcheck.wwwLinkExceptionCheck | string | `"False"` | turn on checking for OGC Exceptions in WWW:LINK Resource responses (default False) | +| geohealthcheck.verifySsl | bool | `true` | perform SSL verification for Probe HTTPS requests (default: True) | +| geohealthcheck.wwwLinkExceptionCheck | bool | `false` | turn on checking for OGC Exceptions in WWW:LINK Resource responses (default False) | | image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image | | image.repository | string | `"geopython/geohealthcheck"` | image for GeoHealthCheck | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | diff --git a/charts/geohealthcheck/templates/cm-secrets-variables.yaml b/charts/geohealthcheck/templates/cm-secrets-variables.yaml index 75d3e58e..d05ccadc 100644 --- a/charts/geohealthcheck/templates/cm-secrets-variables.yaml +++ b/charts/geohealthcheck/templates/cm-secrets-variables.yaml @@ -8,7 +8,7 @@ metadata: type: 'Opaque' data: SECRET_KEY: {{ .Values.geohealthcheck.auth.secret | b64enc | squote }} - {{- if .Values.geohealthcheck.smtpPassword }} + {{- if and .Values.geohealthcheck.smtpPassword .Values.geohealthcheck.smtpEnabled }} GHC_SMTP_PASSWORD: {{ .Values.geohealthcheck.smtpPassword | b64enc | squote }} {{- end }} SQLALCHEMY_DATABASE_URI: {{ .Values.geohealthcheck.databaseUri | b64enc | squote }} diff --git a/charts/geohealthcheck/templates/cm-variables.yaml b/charts/geohealthcheck/templates/cm-variables.yaml index 770a3a04..40a7b258 100644 --- a/charts/geohealthcheck/templates/cm-variables.yaml +++ b/charts/geohealthcheck/templates/cm-variables.yaml @@ -9,23 +9,25 @@ data: GHC_RETENTION_DAYS: {{ .Values.geohealthcheck.retentionDays | squote }} GHC_PROBE_HTTP_TIMEOUT_SECS: {{ .Values.geohealthcheck.probeHttpTimeoutSecs | squote }} GHC_MINIMAL_RUN_FREQUENCY_MINS: {{ .Values.geohealthcheck.minimalRunFrequencyMins | squote }} - GHC_SELF_REGISTER: {{ .Values.geohealthcheck.selfRegister | squote }} - GHC_NOTIFICATIONS: {{ .Values.geohealthcheck.notifications | squote }} - GHC_NOTIFICATIONS_VERBOSITY: {{ .Values.geohealthcheck.notificationsVerbosity | squote }} - GHC_WWW_LINK_EXCEPTION_CHECK: {{ .Values.geohealthcheck.wwwLinkExceptionCheck | squote }} - GHC_LARGE_XML: {{ .Values.geohealthcheck.largeXml | squote }} + GHC_SELF_REGISTER: {{ .Values.geohealthcheck.selfRegister | toString | squote }} + GHC_NOTIFICATIONS: {{ .Values.geohealthcheck.notifications | toString | squote }} + GHC_NOTIFICATIONS_VERBOSITY: {{ .Values.geohealthcheck.notificationsVerbosity | toString | squote }} + GHC_WWW_LINK_EXCEPTION_CHECK: {{ .Values.geohealthcheck.wwwLinkExceptionCheck | toString | squote }} + GHC_LARGE_XML: {{ .Values.geohealthcheck.largeXml | toString | squote }} GHC_ADMIN_EMAIL: {{ .Values.geohealthcheck.adminEmail | squote }} GHC_NOTIFICATIONS_EMAIL: {{- " " -}}{{- .Values.geohealthcheck.notificationsEmail | toJson | squote }} GHC_SITE_TITLE: {{ .Values.geohealthcheck.siteTitle | squote }} GHC_SITE_URL: {{ .Values.geohealthcheck.siteUrl | squote }} - GHC_RUNNER_IN_WEBAPP: {{ .Values.geohealthcheck.runnerInWebapp | squote }} - GHC_REQUIRE_WEBAPP_AUTH: {{ .Values.geohealthcheck.requireWebappAuth | squote }} - GHC_BASIC_AUTH_DISABLED: {{ .Values.geohealthcheck.basicAuthDisabled | squote }} - GHC_VERIFY_SSL: {{ .Values.geohealthcheck.verifySsl | squote }} + GHC_RUNNER_IN_WEBAPP: {{ .Values.geohealthcheck.runnerInWebapp | toString | squote }} + GHC_REQUIRE_WEBAPP_AUTH: {{ .Values.geohealthcheck.requireWebappAuth | toString | squote }} + GHC_BASIC_AUTH_DISABLED: {{ .Values.geohealthcheck.basicAuthDisabled | toString | squote }} + GHC_VERIFY_SSL: {{ .Values.geohealthcheck.verifySsl | toString | squote }} GHC_LOG_LEVEL: {{ .Values.geohealthcheck.logLevel | squote }} GHC_METADATA_CACHE_SECS: {{ .Values.geohealthcheck.metadataCacheSecs | squote }} + {{- if .Values.geohealthcheck.smtpEnabled }} GHC_SMTP_SERVER: {{ .Values.geohealthcheck.smtpServer | squote }} GHC_SMTP_PORT: {{ .Values.geohealthcheck.smtpPort | squote }} GHC_SMTP_TLS: {{ .Values.geohealthcheck.smtpUseTls | squote }} GHC_SMTP_SSL: 'False' GHC_SMTP_USERNAME: {{ .Values.geohealthcheck.smtpUsername | squote }} + {{- end }} diff --git a/charts/geohealthcheck/values.yaml b/charts/geohealthcheck/values.yaml index 639936b0..b97ba73e 100644 --- a/charts/geohealthcheck/values.yaml +++ b/charts/geohealthcheck/values.yaml @@ -9,8 +9,8 @@ image: # -- Overrides the image tag whose default is the chart appVersion. tag: '' -# -- This is for the secretes for pulling an image from a private repository more -# information can be found here: +# -- This is for the secretes for pulling an image from a private repository +# more information can be found here: # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # -- This is to override the chart name. @@ -102,18 +102,18 @@ geohealthcheck: # -- minimal run frequency for Resource that can be set in web UI minimalRunFrequencyMins: 10 # -- allow registrations from users on the website - selfRegister: 'False' + selfRegister: false # -- turn on email and webhook notifications - notifications: 'False' + notifications: false # -- receive additional email notifications than just Failing and Fixed # (default True) - notificationsVerbosity: 'True' + notificationsVerbosity: false # -- turn on checking for OGC Exceptions in WWW:LINK Resource responses # (default False) - wwwLinkExceptionCheck: 'False' + wwwLinkExceptionCheck: false # -- allows GeoHealthCheck to receive large XML files from the servers under # test (default False). Note: setting this to True might pose a security risk - largeXml: 'False' + largeXml: false # -- email address of administrator / contact- notification emails will come # from this address adminEmail: 'you@example.com' @@ -132,15 +132,15 @@ geohealthcheck: # -- full URL of the installation / deployment siteUrl: 'http://host' # -- should the GHC Runner Daemon be run in webapp (default: True) - runnerInWebapp: 'True' + runnerInWebapp: true # -- require authentication (login or Basic Auth) to access GHC webapp and # APIs (default: False) - requireWebappAuth: 'False' + requireWebappAuth: false # -- disable Basic Authentication to access GHC webapp and APIs # (default: False), - basicAuthDisabled: 'False' + basicAuthDisabled: false # -- perform SSL verification for Probe HTTPS requests (default: True) - verifySsl: 'True' + verifySsl: true # -- logging level: 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL # (default: 30, WARNING) logLevel: '30' @@ -148,6 +148,8 @@ geohealthcheck: # to disable metadataCacheSecs: '900' # SMTP configuration + # -- enable/disable smtp + smtpEnabled: false # -- SMTP server name or IP smtpServer: # -- SMTP port @@ -248,6 +250,6 @@ affinity: {} networkPolicy: # -- Enable/disable network policy generation enabled: true - # -- allow/deny external connections. This should be enabled if you want to monitor resources - # outside of this namespace + # -- allow/deny external connections. This should be enabled if you want to + # monitor resources outside of this namespace egressEnabled: true From bf6e062f728a648b7280fa3a2f62d7104b2bdf60 Mon Sep 17 00:00:00 2001 From: heidmann Date: Wed, 26 Feb 2025 13:51:29 +0100 Subject: [PATCH 12/16] remove file from first draft --- .../geohealthcheck/environment-variables.txt | 27 ------------------- 1 file changed, 27 deletions(-) delete mode 100644 charts/geohealthcheck/environment-variables.txt diff --git a/charts/geohealthcheck/environment-variables.txt b/charts/geohealthcheck/environment-variables.txt deleted file mode 100644 index 0062c127..00000000 --- a/charts/geohealthcheck/environment-variables.txt +++ /dev/null @@ -1,27 +0,0 @@ -DEBUG = False -SQLALCHEMY_ECHO = False -SQLALCHEMY_TRACK_MODIFICATIONS = False -SQLALCHEMY_ENGINE_OPTION_PRE_PING = False -SQLALCHEMY_DATABASE_URI = 'sqlite:///data.db' -# Alternative configuration for PostgreSQL database -# SQLALCHEMY_DATABASE_URI = 'postgresql://user:password@host:port/database' - -# Replace None with 'your secret key string' in quotes -GHC_WWW_LINK_EXCEPTION_CHECK = False -GHC_LARGE_XML = False -GHC_ADMIN_EMAIL = 'you@example.com' -GHC_NOTIFICATIONS_EMAIL = ['you2@example.com'] -GHC_SITE_TITLE = 'GeoHealthCheck Demonstration' -GHC_SITE_URL = 'http://host' -GHC_RUNNER_IN_WEBAPP = True -GHC_REQUIRE_WEBAPP_AUTH = False -GHC_BASIC_AUTH_DISABLED = False -GHC_VERIFY_SSL = True -# 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL -GHC_LOG_LEVEL = 30 -GHC_LOG_FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s' - -# Some GetCaps docs are huge. This allows -# caching them for N seconds. Set to -1 to -# disable caching. -GHC_METADATA_CACHE_SECS = 900 From f494b4caf853fa73ff3e3d5342291a642bc1548d Mon Sep 17 00:00:00 2001 From: heidmann Date: Thu, 27 Feb 2025 09:32:06 +0100 Subject: [PATCH 13/16] fix strategy type and set it to recreate --- charts/geohealthcheck/README.md | 1 - charts/geohealthcheck/templates/deployment.yaml | 3 ++- charts/geohealthcheck/values.yaml | 5 ----- 3 files changed, 2 insertions(+), 7 deletions(-) diff --git a/charts/geohealthcheck/README.md b/charts/geohealthcheck/README.md index 2fcd633c..5b1ae97f 100644 --- a/charts/geohealthcheck/README.md +++ b/charts/geohealthcheck/README.md @@ -74,7 +74,6 @@ A Helm chart for GeoHealthCheck | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | | -| updateStrategy | string | `"Recreate"` | update strategy to the deployment. This should be Recreate unless you have a good reason to choose something else because otherwise you will get multi attach errors | | volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. volumeMounts: - name: foo mountPath: "/etc/foo" readOnly: true | | volumes | list | `[]` | Additional volumes on the output Deployment definition. volumes: - name: foo secret: secretName: mysecret optional: false | diff --git a/charts/geohealthcheck/templates/deployment.yaml b/charts/geohealthcheck/templates/deployment.yaml index 69f7c79e..01861d0e 100644 --- a/charts/geohealthcheck/templates/deployment.yaml +++ b/charts/geohealthcheck/templates/deployment.yaml @@ -28,7 +28,8 @@ spec: serviceAccountName: {{ include "geohealthcheck.serviceAccountName" . | squote }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - strategy: {{ .Values.updateStrategy | squote }} + strategy: + type: 'Recreate' initContainers: - name: update-ca-certificates image: '{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}' diff --git a/charts/geohealthcheck/values.yaml b/charts/geohealthcheck/values.yaml index b97ba73e..2f931f7e 100644 --- a/charts/geohealthcheck/values.yaml +++ b/charts/geohealthcheck/values.yaml @@ -65,11 +65,6 @@ initContainer: # -- Pull policy for the image of the init container pullPolicy: 'IfNotPresent' -# -- update strategy to the deployment. This should be Recreate unless you have -# a good reason to choose something else because otherwise you will get -# multi attach errors -updateStrategy: 'Recreate' - geohealthcheck: # -- additional env variables # additionalEnv: From c8256ebb796e13b0aef70b64e9b55dde6da01327 Mon Sep 17 00:00:00 2001 From: heidmann Date: Tue, 4 Mar 2025 13:12:13 +0100 Subject: [PATCH 14/16] fix the definition for the update strategy --- charts/geohealthcheck/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/geohealthcheck/templates/deployment.yaml b/charts/geohealthcheck/templates/deployment.yaml index 01861d0e..9e6795ff 100644 --- a/charts/geohealthcheck/templates/deployment.yaml +++ b/charts/geohealthcheck/templates/deployment.yaml @@ -9,6 +9,8 @@ spec: selector: matchLabels: {{- include "geohealthcheck.selectorLabels" . | nindent 6 }} + strategy: + type: 'Recreate' template: metadata: {{- with .Values.podAnnotations }} @@ -28,8 +30,6 @@ spec: serviceAccountName: {{ include "geohealthcheck.serviceAccountName" . | squote }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - strategy: - type: 'Recreate' initContainers: - name: update-ca-certificates image: '{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}' From ca8101414c28beff23810c1b3ef9ae26744a5be0 Mon Sep 17 00:00:00 2001 From: heidmann Date: Fri, 9 May 2025 16:01:40 +0200 Subject: [PATCH 15/16] review: remove unwanted files --- charts/geohealthcheck/.editorconfig | 12 ------------ charts/geohealthcheck/.yamllint | 8 -------- 2 files changed, 20 deletions(-) delete mode 100644 charts/geohealthcheck/.editorconfig delete mode 100644 charts/geohealthcheck/.yamllint diff --git a/charts/geohealthcheck/.editorconfig b/charts/geohealthcheck/.editorconfig deleted file mode 100644 index 8f5d8087..00000000 --- a/charts/geohealthcheck/.editorconfig +++ /dev/null @@ -1,12 +0,0 @@ -# EditorConfig is awesome: https://EditorConfig.org - -# top-most EditorConfig file -root = true - -[*] -indent_style = space -indent_size = 2 -end_of_line = lf -charset = utf-8 -trim_trailing_whitespace = false -insert_final_newline = true diff --git a/charts/geohealthcheck/.yamllint b/charts/geohealthcheck/.yamllint deleted file mode 100644 index 1c3c68ca..00000000 --- a/charts/geohealthcheck/.yamllint +++ /dev/null @@ -1,8 +0,0 @@ ---- -extends: 'default' -ignore: [] -rules: - quoted-strings: - quote-type: 'single' - required: true - ignore: [] From 846bd5219abac14c3f1ca275e24b07bd6fdbf8fa Mon Sep 17 00:00:00 2001 From: heidmann Date: Fri, 9 May 2025 16:24:24 +0200 Subject: [PATCH 16/16] doc: add minimal documentation --- charts/geohealthcheck/docs/installhelm.rst | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 charts/geohealthcheck/docs/installhelm.rst diff --git a/charts/geohealthcheck/docs/installhelm.rst b/charts/geohealthcheck/docs/installhelm.rst new file mode 100644 index 00000000..c5514bc5 --- /dev/null +++ b/charts/geohealthcheck/docs/installhelm.rst @@ -0,0 +1,29 @@ +.. _installhelm: + +Installation with Helm on Kubernetes +==================================== + +This is the installation guide for GeoHealthCheck with Helm on Kubernetes. + +Requirements +------------ + +* Access to a Kubernetes cluster with an officially supported version of Kubernetes +* The Helm chart in this repository +* A values file containing your customizations to the default values + +Install +------- + +.. code-block:: bash + helm upgrade --install geohealthcheck -f mycustomvalues.yaml + + +When everything succeeded you will get an output like the following: + +.. code-block:: bash + 1. Get the application URL by running these commands: + export POD_NAME=$(kubectl get pods --namespace -l "app.kubernetes.io/name=geohealthcheck,app.kubernetes.io/instance=geohealthcheck" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace port-forward $POD_NAME 8080:$CONTAINER_PORT