diff --git a/.github/workflows/helm-charts-test.yaml b/.github/workflows/helm-charts-test.yaml index 0edd453..136d483 100644 --- a/.github/workflows/helm-charts-test.yaml +++ b/.github/workflows/helm-charts-test.yaml @@ -11,7 +11,8 @@ jobs: - name: Fetch history run: git fetch --prune --unshallow - + - run: | + echo -e " \"postgresql://postgres:postgres@postgres/postgres\"" >> charts/commento/ci/postgresql-values.yaml - name: Lint charts id: lint uses: helm/chart-testing-action@v1.1.0 @@ -19,7 +20,6 @@ jobs: command: lint config: ct.yaml - test: runs-on: ubuntu-latest needs: lint @@ -33,17 +33,31 @@ jobs: - name: Create kind cluster uses: helm/kind-action@v1.0.0 with: - installLocalPathProvisioner: true - # Only build a kind cluster if there are chart changes to test. + installLocalPathProvisioner: true # Only build a kind cluster if there are chart changes to test. + - name: Install postgresql + uses: evryfs/helm-ephemeral-action@v0.1 + with: + repo: https://charts.bitnami.com/bitnami + chart: postgresql + helm: 'helm' # optional, default value is 'helm' + args: '--wait --timeout 2m' #optional, default value is '--wait --timeout 2m' in order to wait for the chart-install to stabilize into ready state + - name: Get PG passowrd + id: postgresql_passowrd + run: | + echo ::set-output name=password::$(echo "$(kubectl get secret --namespace default postgresql-helm-charts-${{ github.run_number }} -o jsonpath="{.data.postgresql-password}" | base64 --decode)") + - name: Create postgresql URL + id: postgresql + run: | + echo ::set-output name=url::$(echo "postgresql://postgres:${{ steps.postgresql_passowrd.outputs.password }}@postgresql-helm-charts-${{ github.run_number }}.default/postgres") - name: Prepare library charts run: | cp charts/cron-jobs/library-ci/*.yaml charts/cron-jobs/templates/ cp charts/horizontal-pod-autoscalers/library-ci/*.yaml charts/horizontal-pod-autoscalers/templates/ cp charts/pi-hole-exporter/library-ci/*.yaml charts/pi-hole-exporter/templates/ + echo -e " \"${{ steps.postgresql.outputs.url }}\"" >> charts/commento/ci/postgresql-values.yaml sed -i 's/library/application/g' charts/cron-jobs/Chart.yaml sed -i 's/library/application/g' charts/horizontal-pod-autoscalers/Chart.yaml - - name: Test charts uses: helm/chart-testing-action@v1.0.0 with: diff --git a/README.md b/README.md index c53ff50..8c14567 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ Opinionated helm chats for my personal projects, and OSS Projects that either do ### Application +* [`commento`](https://artifacthub.io/packages/helm/wyrihaximusnet/commento) * [`default-backend`](https://artifacthub.io/packages/helm/wyrihaximusnet/default-backend) * [`docker-hub-exporter`](https://artifacthub.io/packages/helm/wyrihaximusnet/docker-hub-exporter) * [`pi-hole-exporter`](https://artifacthub.io/packages/helm/wyrihaximusnet/pi-hole-exporter) diff --git a/charts/commento/.helmignore b/charts/commento/.helmignore new file mode 100644 index 0000000..9c8d394 --- /dev/null +++ b/charts/commento/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +# Example k8s files +secrets/ diff --git a/charts/commento/Chart.lock b/charts/commento/Chart.lock new file mode 100644 index 0000000..cd6b7ca --- /dev/null +++ b/charts/commento/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: horizontal-pod-autoscalers + repository: https://helm.wyrihaximus.net/ + version: 0.2.0 +digest: sha256:c24acf3aaf1d76d5b431e2d608ee5162acf6e5bb0ad764b2a3cf81e37bb499bf +generated: "2020-11-13T22:49:13.62060267+01:00" diff --git a/charts/commento/Chart.yaml b/charts/commento/Chart.yaml new file mode 100644 index 0000000..0668527 --- /dev/null +++ b/charts/commento/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +appVersion: "v1.8.0" +description: Helm chart to install commento on a kubernetes cluster +home: https://commento.io/ +icon: https://cdn.commento.io/images/logo.svg +name: commento +version: 0.1.0 +maintainers: + - name: WyriHaximus + email: helm@wyrihaximus.net +dependencies: + - name: horizontal-pod-autoscalers + version: ^0.2 + repository: https://helm.wyrihaximus.net/ diff --git a/charts/commento/README.md b/charts/commento/README.md new file mode 100644 index 0000000..4a4aa4e --- /dev/null +++ b/charts/commento/README.md @@ -0,0 +1,14 @@ +# Commento + +

+ +

+ +Opinionated helm chart for [`commento`](https://commento.io/). + +## Opinionated decisions + +* Port are hardcoded to `8967`. +* Ingress with HTTPS certificate is assumed. +* Comes with a pod. + diff --git a/charts/commento/ci/postgresql-values.yaml b/charts/commento/ci/postgresql-values.yaml new file mode 100644 index 0000000..82e1b42 --- /dev/null +++ b/charts/commento/ci/postgresql-values.yaml @@ -0,0 +1,8 @@ +replicaCount: 1 + +hpa: + enable: true + +database: + urlSuffix: "?sslmode=disable" + manual: \ No newline at end of file diff --git a/charts/commento/secrets/github.yaml b/charts/commento/secrets/github.yaml new file mode 100644 index 0000000..ae75da4 --- /dev/null +++ b/charts/commento/secrets/github.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: auth-github +type: Opaque +data: + COMMENTO_GITHUB_KEY: COMMENTO_GITHUB_KEY_ENCRYPTED + COMMENTO_GITHUB_SECRET: COMMENTO_GITHUB_SECRET_ENCRYPTED diff --git a/charts/commento/secrets/twitter.yaml b/charts/commento/secrets/twitter.yaml new file mode 100644 index 0000000..c1ecb07 --- /dev/null +++ b/charts/commento/secrets/twitter.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: auth-twitter +type: Opaque +data: + COMMENTO_TWITTER_KEY: COMMENTO_TWITTER_KEY_ENCRYPTED + COMMENTO_TWITTER_SECRET: COMMENTO_TWITTER_SECRET_ENCRYPTED diff --git a/charts/commento/templates/NOTES.txt b/charts/commento/templates/NOTES.txt new file mode 100644 index 0000000..8887043 --- /dev/null +++ b/charts/commento/templates/NOTES.txt @@ -0,0 +1,8 @@ +Congratulations you can now reach you Commento installation at: https://{{ $.Values.ingress.host }} + +{{- if eq (.Values.application.forbidNewOwners) false }} +It looks like you've set forbidNewOwners to "false". If you intend for anyone to sign up and add sites to your installations that is fine, but. +If you don't want anyone to be able to sign up and add sites, it is recommended to set forbidNewOwners to "true". +{{- end }} + +For detail information how to configure Commento, visit: https://docs.commento.io/ diff --git a/charts/commento/templates/_helpers.tpl b/charts/commento/templates/_helpers.tpl new file mode 100644 index 0000000..bfb129b --- /dev/null +++ b/charts/commento/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "commento.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "commento.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "commento.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/commento/templates/deployment.yaml b/charts/commento/templates/deployment.yaml new file mode 100644 index 0000000..5b9252d --- /dev/null +++ b/charts/commento/templates/deployment.yaml @@ -0,0 +1,94 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "commento.fullname" . }} + labels: + app: {{ template "commento.name" . }} + chart: {{ template "commento.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "commento.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "commento.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: commento + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: commento + containerPort: 8967 + protocol: TCP + {{- if eq (empty .Values.secrets) false }} + envFrom: + {{- range .Values.secrets }} + - secretRef: + name: {{ . }} + {{- end }} + {{- end }} + env: + - name: "COMMENTO_ORIGIN_HOST" + value: {{ .Values.ingress.host | quote}} + - name: "COMMENTO_ORIGIN" + value: "https://$(COMMENTO_ORIGIN_HOST)" + - name: "COMMENTO_BIND_ADDRESS" + value: "0.0.0.0" + - name: "COMMENTO_PORT" + value: "8967" + {{- if .Values.database.movetokube.enable }} + - name: "COMMENTO_POSTGRES_BASE" + valueFrom: + secretKeyRef: + key: POSTGRES_URL + name: {{ .Values.database.movetokube.name }}-postgres-credentials-{{ .Values.database.movetokube.name }}-user + {{- else if .Values.database.secret.enable }} + - name: "COMMENTO_POSTGRES_BASE" + valueFrom: + secretKeyRef: + key: {{ .Values.database.secret.key }} + name: {{ .Values.database.secret.secret }} + {{- else }} + - name: "COMMENTO_POSTGRES_BASE" + value: {{ .Values.database.manual }} + {{- end }} + - name: "COMMENTO_POSTGRES_SUFFIX" + value: {{ .Values.database.urlSuffix | quote }} + - name: "COMMENTO_POSTGRES" + value: "$(COMMENTO_POSTGRES_BASE)$(COMMENTO_POSTGRES_SUFFIX)" + - name: "COMMENTO_FORBID_NEW_OWNERS" + value: {{ .Values.application.forbidNewOwners | quote }} + livenessProbe: + httpGet: + path: /login + port: commento + readinessProbe: + httpGet: + path: /login + port: commento + startupProbe: + failureThreshold: 120 + httpGet: + path: /login + port: commento + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/commento/templates/horizontal-pod-autoscaler.yaml b/charts/commento/templates/horizontal-pod-autoscaler.yaml new file mode 100644 index 0000000..4c7e31f --- /dev/null +++ b/charts/commento/templates/horizontal-pod-autoscaler.yaml @@ -0,0 +1,3 @@ +{{- if .Values.hpa.enable -}} +{{- include "horizontal-pod-autoscalers.hpa" (dict "name" (include "commento.fullname" .) "replicas" (dict "min" .Values.replicas "max" .Values.hpa.maxReplicas)) -}} +{{ end }} diff --git a/charts/commento/templates/ingress.yaml b/charts/commento/templates/ingress.yaml new file mode 100644 index 0000000..432fbdb --- /dev/null +++ b/charts/commento/templates/ingress.yaml @@ -0,0 +1,30 @@ +{{- if eq (eq .Values.ingress.host "comments.YOURDOMAIN.TLD") false }} +{{- $chartName := .Chart.Name -}} +{{- $fullName := include "commento.fullname" . -}} +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "commento.name" . }} + chart: {{ template "commento.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: tls-{{ .Values.ingress.host | replace "." "-" }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: / + backend: + serviceName: {{ $fullName }} + servicePort: commento +{{- end }} \ No newline at end of file diff --git a/charts/commento/templates/pod-disruption-budget.yaml b/charts/commento/templates/pod-disruption-budget.yaml new file mode 100644 index 0000000..5b5b84f --- /dev/null +++ b/charts/commento/templates/pod-disruption-budget.yaml @@ -0,0 +1,12 @@ +{{- if gt (.Values.replicas | int) 1 -}} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "commento.fullname" . }}-pdb +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: {{ include "commento.fullname" . }} + release: {{ include "commento.fullname" . }} +{{ end }} \ No newline at end of file diff --git a/charts/commento/templates/postgres-database.yaml b/charts/commento/templates/postgres-database.yaml new file mode 100644 index 0000000..2d36e50 --- /dev/null +++ b/charts/commento/templates/postgres-database.yaml @@ -0,0 +1,13 @@ +{{- if .Values.database.movetokube.enable -}} +apiVersion: db.movetokube.com/v1alpha1 +kind: Postgres +metadata: + name: {{ .Values.database.movetokube.name }} + namespace: {{ .Release.Namespace }} +spec: + database: {{ .Values.database.movetokube.name }} + dropOnDelete: {{ .Values.database.movetokube.dropOnDelete }} + masterRole: {{ .Values.database.movetokube.name }}-group + extensions: + - pgcrypto +{{ end }} diff --git a/charts/commento/templates/postgres-user.yaml b/charts/commento/templates/postgres-user.yaml new file mode 100644 index 0000000..92dc009 --- /dev/null +++ b/charts/commento/templates/postgres-user.yaml @@ -0,0 +1,12 @@ +{{- if .Values.database.movetokube.enable -}} +apiVersion: db.movetokube.com/v1alpha1 +kind: PostgresUser +metadata: + name: {{ .Values.database.movetokube.name }}-user + namespace: {{ .Release.Namespace }} +spec: + role: {{ .Values.database.movetokube.name }}-role + database: {{ .Values.database.movetokube.name }} # This references the Postgres CR + secretName: {{ .Values.database.movetokube.name }}-postgres-credentials + privileges: OWNER # Can be OWNER/READ/WRITE +{{ end }} diff --git a/charts/commento/templates/service.yaml b/charts/commento/templates/service.yaml new file mode 100644 index 0000000..e8766af --- /dev/null +++ b/charts/commento/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "commento.fullname" . }} + labels: + app: {{ template "commento.name" . }} + chart: {{ template "commento.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - port: 8967 + targetPort: 8967 + protocol: TCP + name: commento + selector: + app: {{ template "commento.name" . }} + release: {{ .Release.Name }} diff --git a/charts/commento/templates/tests/test-connection.yaml b/charts/commento/templates/tests/test-connection.yaml new file mode 100644 index 0000000..634ce23 --- /dev/null +++ b/charts/commento/templates/tests/test-connection.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "commento.fullname" . }}-test-connection" + labels: + app: {{ template "commento.name" . }} + chart: {{ template "commento.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "commento.fullname" . }}:8967/login'] + restartPolicy: Never diff --git a/charts/commento/values.yaml b/charts/commento/values.yaml new file mode 100644 index 0000000..aec4f23 --- /dev/null +++ b/charts/commento/values.yaml @@ -0,0 +1,48 @@ +replicas: 2 + +application: + forbidNewOwners: true + +database: + urlSuffix: "?" + manual: "postgresql://postgres:postgres@postgres/postgres" + secret: + enable: false + key: key + secret: secret + movetokube: + enable: false + name: commento # Name of database created in PostgreSQL + dropOnDelete: false # Set to true if you want the operator to drop the database and role when this CR is deleted (optional) + +secrets: [] +# - auth-github +# - auth-twitter +# See the secrets directory for several examples on added additional auth secrets + +image: + repository: registry.gitlab.com/commento/commento + tag: v1.8.0 + pullPolicy: IfNotPresent + +ingress: + annotations: + kubernetes.io/ingress.class: nginx + kubernetes.io/tls-acme: "true" + host: comments.YOURDOMAIN.TLD + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 1 + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + +hpa: + enable: false + maxReplicas: 1024