From e58d55f8f7ecf9629d9b9936c999d1131cad9ecc Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:27:11 +0800 Subject: [PATCH 01/11] build: Declare playground as new chart. --- charts/playground/Chart.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 charts/playground/Chart.yaml diff --git a/charts/playground/Chart.yaml b/charts/playground/Chart.yaml new file mode 100644 index 00000000..c113c70b --- /dev/null +++ b/charts/playground/Chart.yaml @@ -0,0 +1,28 @@ +apiVersion: v2 +name: agh3-playground +description: A Helm chart for ArgusHack3 Playground + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.0.1-beta.10" +dependencies: + - name: common + version: 2.19.1 + repository: https://charts.bitnami.com/bitnami From fe9a179daddda566a9421642b8e9431174c2dd56 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:27:44 +0800 Subject: [PATCH 02/11] build(deps): Add dependencies. --- charts/playground/Chart.lock | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 charts/playground/Chart.lock diff --git a/charts/playground/Chart.lock b/charts/playground/Chart.lock new file mode 100644 index 00000000..2d24765b --- /dev/null +++ b/charts/playground/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.19.1 +digest: sha256:4f539b1fbde383dd5bc020d77d70655108ed4c188b7329c1639df3f1e65de2e0 +generated: "2024-07-26T15:57:16.16244+08:00" From 1cc8a1899761e6f1208dbaf22b43f2f76206ab11 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:28:05 +0800 Subject: [PATCH 03/11] feat: Declare values template. --- charts/playground/values.yaml | 102 ++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 charts/playground/values.yaml diff --git a/charts/playground/values.yaml b/charts/playground/values.yaml new file mode 100644 index 00000000..83f6f4e1 --- /dev/null +++ b/charts/playground/values.yaml @@ -0,0 +1,102 @@ +## Default values for AGH3-Playground. +## This is a YAML-formatted file. +## Declare variables to be passed into your templates. + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker Image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global storage class for dynamic provisioning +## @param global.volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` +## +global: + imageRegistry: "registry.lkc-lab.com" + imagePullSecrets: + - lkc-registry + storageClass: "" + volumePermissions: + enabled: true +## @section Common parameters +## + +## @param customRegistrySecret.enabled Enable custom registry secret generation +## +customRegistrySecret: + ## @skip customRegistrySecret.secretName + ## Name of the generated secret + ## !!! DO NOT CHANGE IF YOU DON'T KNOW WHAT YOU ARE DOING !!! + ## + secretName: lkc-registry + enabled: true + ## @param customRegistrySecret.auth.registry URL of the registry server + ## @param customRegistrySecret.auth.username Username to authenticate with the registry server + ## @param customRegistrySecret.auth.password Password to authenticate with the registry server + auth: + registry: registry.lkc-lab.com + username: "" + password: "" + +## @param ingress.enabled Enable ingress controller +## @param ingress.host Ingress hostname +## +ingress: + enabled: true + host: "" + ## @section TLS parameters + ## + tls: + ## @param ingress.tls.enabled Enable TLS certificate generation + ## @param ingress.tls.secretName Name of the generated secret + ## @param ingress.tls.cert Server certificate content + ## @param ingress.tls.key Server private key content + ## + enabled: false + secretName: agh-playground-tls + cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZFRENDQXZpZ0F3SUJBZ0lVV1BvMjlXUGtjOTYwWGNQMWhkMzFFKzBFUkZnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1p6RUxNQWtHQTFVRUJoTUNWRmN4RHpBTkJnTlZCQWdNQmxSaGFYZGhiakVQTUEwR0ExVUVCd3dHVkdGcApjR1ZwTVNBd0hnWURWUVFLREJkTVpYVnJiMk41ZEdVdFRHRmlJRU52TGl3Z1RIUmtMakVVTUJJR0ExVUVBd3dMCmJHdGpMV3hoWWk1amIyMHdJQmNOTWpJeE1USXpNRGd5TkRJMldoZ1BNakV5TWpFd016QXdPREkwTWpaYU1JR0MKTVFzd0NRWURWUVFHRXdKVVZ6RVBNQTBHQTFVRUNBd0dWR0ZwZDJGdU1SZ3dGZ1lEVlFRSERBOU9aWGNnVkdGcApjR1ZwSUVOcGRIa3hJREFlQmdOVkJBb01GMHhsZFd0dlkzbDBaUzFNWVdJZ1EyOHVMQ0JNZEdRdU1Rd3dDZ1lEClZRUUxEQU5TUkZReEdEQVdCZ05WQkFNTUQzSmtkQzVzYTJNdGJHRmlMbU52YlRCWk1CTUdCeXFHU000OUFnRUcKQ0NxR1NNNDlBd0VIQTBJQUJHd0NKOWswZDN5U1VOSnpXUzlXS0x3Mm9OVkpuMW9MVkEralpzTlo1WGMvU2xsNgpWaGZDYlkvYTFLdTBlYjQxM1hIL3ZLUjBWU2pDQndlZ1RyVTBXOHlqZ2dGZk1JSUJXekNDQVJjR0ExVWRFUVNDCkFRNHdnZ0VLZ2c5eVpIUXViR3RqTFd4aFlpNWpiMjJDRVNvdWNtUjBMbXhyWXkxc1lXSXVZMjl0Z2hSc1l6QXgKTG5Ka2RDNXNhMk10YkdGaUxtTnZiWUlXS2k1c1l6QXhMbkprZEM1c2EyTXRiR0ZpTG1OdmJZSVViR013TWk1eQpaSFF1Ykd0akxXeGhZaTVqYjIyQ0Zpb3ViR013TWk1eVpIUXViR3RqTFd4aFlpNWpiMjJDRkd4ak1ETXVjbVIwCkxteHJZeTFzWVdJdVkyOXRnaFlxTG14ak1ETXVjbVIwTG14cll5MXNZV0l1WTI5dGdoUnNZekEwTG5Ka2RDNXMKYTJNdGJHRmlMbU52YllJV0tpNXNZekEwTG5Ka2RDNXNhMk10YkdGaUxtTnZiWUlVYkdNd05TNXlaSFF1Ykd0agpMV3hoWWk1amIyMkNGaW91YkdNd05TNXlaSFF1Ykd0akxXeGhZaTVqYjIwd0hRWURWUjBPQkJZRUZIeGF1a3dDCllibkF6S1lsZk9Lc2FnaWNNTjl5TUI4R0ExVWRJd1FZTUJhQUZBOWh6ZUJQdWVuRGZ2aTZTUXpzT0l3VHIrRlcKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElDQVFEQTBnM3VWcVpTanhURFpXNFJmTzZjRnNROW1pTTdrQUFsRW50RApTV2FJQW1TVVI3UUZPazFQVjdMNFJFL0lubTA2Qm9yb0RUSVY3TTBMbnFmVjdVaENIbVVmUXdFbEhwSnYxMGV2CnFZZUluMThkSlJxWng0dFh4c3o1eHBLOGMrMHZieG1hWEFna3ZHRmtHVXNSNG1YUzRiK3V2ckN0ZVUrUGFnbGIKT2pjd2V4Qk1NZ0ZtNDU1VUtVald1VjdoN3VaNGpyRVdVbU53ZVcyR0xBMjFoaXg3VkZxTG9aSlFTby93NjkzZAptVUtGaW5Sb0Myd0lLOStVMExJVXNnU21wbWFLdmROUFFKajB1MlhpOWZzbmdwQnV5SWozSjNpNURVczV1aW04CkZmbUtqN3lKY1NaWkV0MmxYY3lCLzJDUEo1ZW8rbEFLK3YxZVpmcGQzSytYeitaQVpGRDVxbGJ0SHl3Vk5tMkQKdHhHL1N1d05UNnpDbTVLNUI3ZWhTWFMyZ2Q3cGNSSFFmZUk5OGtwUHJsT3R5RXB4YU1jL1hWT0o4QytoSnBsQQpjOVg3bml1WmJNME9WdHlxdERLVGtpTzFFRVYxNUFPUGZvaWh6QlJtTGsxaGxrbnZwQWlxU1QzSFlsT0JpWGhrCnp3MTl3SUlTNTA3N3I5SkFrRmlRQ3FMMVdiM0FlbjVaSkxQa2FUYnNyMExGUmFlZTMwQUswZmIwYUpscnE3N0YKUHlacnhUMXp2MC9nZGNneG50dmtMbXpId2hGV1FtQWVJaWphVm05dXJTQ1p6dXVWL2pQRkdIZHY3K3pGS1ZueQp0eFhlUG1jT0plT2NUcG9PRVNwbW5rNW1XZTlVK3UwbncvMzlEbW4rcm04K3ZiYW0vUUVFSWdXUnBKd2V0N3lBClgvR0Y2UT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + key: + +## @section AGH3-CTR-Playground parameters +## @descriptionStart +## Playground module for AGH3. +## ref: https://github.com/Leukocyte-Lab/AGH3-CTR-Playground +## @descriptionEnd +## +playground: + ## @param playground.enabled Enable Playground module + ## + enabled: true + ## @param playground.image.repository Playground image repository + ## @param playground.image.tag Playground image tag (immutable tags are recommended) + ## @param playground.image.pullPolicy Playground image pull policy + ## @param playground.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + repository: leukocyte-lab/argushack3/ctr-playground + tag: v0.0.1-beta.10 + pullPolicy: IfNotPresent + pullSecrets: [] + ## @section Playground service provisioning parameters + ## + ## @param playground.service.backendRef.kind Backend Service kind (available options: Service, ExternalService) + ## @param playground.service.backendRef.namespace Backend Service namespace, leave empty for the same namespace as the chart + ## @param playground.service.backendRef.name Backend Service name + ## @param playground.service.backendRef.port Backend Service port + ## @param playground.service.backendRef.protocol Backend Service protocol + ## @param playground.service.backendRef.endpoint Backend Service endpoint for the Playground service (required and must be full URL when playground.service.backendRef.kind is ExternalService, only the path or leave empty when playground.service.backendRef.kind is Service) + ## + service: + backendRef: + kind: "Service" + namespace: "" + name: "captain" + port: 8080 + protocol: "HTTP" + endpoint: "" + + ## @param playground.extraEnv UI additional environment variables + ## + extraEnv: {} From 24bd94e98bd82c60663f1b6acba249e9319570d5 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:28:30 +0800 Subject: [PATCH 04/11] feat: Add validation macros. --- .../templates/validations/_required.tpl | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 charts/playground/templates/validations/_required.tpl diff --git a/charts/playground/templates/validations/_required.tpl b/charts/playground/templates/validations/_required.tpl new file mode 100644 index 00000000..bd6e1428 --- /dev/null +++ b/charts/playground/templates/validations/_required.tpl @@ -0,0 +1,45 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate required values are not empty. + +Usage: +{{ include "validations.required" (dict "path" "some.values" "fields" (list "filed1" "field2") "msg" "customMessage" "context" .Values) }} +Params: + - path: The path to the value to validate. (required) + - fields: The fields to validate. (required) + - msg: The message to display if validation fails. (optional) + - context: The context values. (required) +*/}} +{{- define "validations.required" -}} + {{- $value := include "utils.getValueFromKey" ( + dict + "path" .path + "context" .context + ) | fromYaml -}} + {{- $path := .path -}} + {{- $msg := .msg -}} + {{- $errorMsg := "" -}} + {{- if empty $value -}} + {{- $errorMsg = printf "[INVALID] %s is required%s" + $path + (empty $msg | ternary "" (printf ": %s" $msg)) + -}} + {{- else -}} + {{- range .fields -}} + {{- $field := . -}} + {{- if empty (get $value $field) -}} + {{- $errorMsg = printf "%s\n%s" + $errorMsg + ( + printf + "[INVALID] %s.%s is required%s" + $path + $field + (empty $msg | ternary "" (printf ": %s" $msg)) + ) + -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- print (trimAll "\n" $errorMsg) -}} +{{- end -}} From 58bf1e4a9019b306e88c75553ce2df0aaa72d7ff Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:28:56 +0800 Subject: [PATCH 05/11] feat: Add common macros. --- charts/playground/templates/_helpers.tpl | 94 ++++++++++++++++++++++++ charts/playground/templates/_utils.tpl | 20 +++++ 2 files changed, 114 insertions(+) create mode 100644 charts/playground/templates/_helpers.tpl create mode 100644 charts/playground/templates/_utils.tpl diff --git a/charts/playground/templates/_helpers.tpl b/charts/playground/templates/_helpers.tpl new file mode 100644 index 00000000..f8030fd7 --- /dev/null +++ b/charts/playground/templates/_helpers.tpl @@ -0,0 +1,94 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "AGH3-Playground.name" }} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "AGH3-Playground.fullname" -}} +{{- if .Values.fullnameOverride }} + {{ .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} + {{ $name := default .Chart.Name .Values.nameOverride }} + {{- if contains $name .Release.Name }} + {{ .Release.Name | trunc 63 | trimSuffix "-" }} + {{- else }} + {{ printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "AGH3-Playground.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "AGH3-Playground.labels" -}} +project: {{ .Release.Name }} +helm.sh/chart: {{ include "AGH3-Playground.chart" . }} +{{ include "AGH3-Playground.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "AGH3-Playground.selectorLabels" -}} +app.kubernetes.io/name: {{ include "AGH3-Playground.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "AGH3-Playground.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} + {{ default (include "AGH3-Playground.fullname" .) .Values.serviceAccount.name }} +{{- else }} + {{ default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Return the proper UI image name +*/}} +{{- define "playground.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.playground.image "global" .Values.global) }} +{{- end }} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "playground.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.playground.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return the API Endpoint +*/}} +{{- define "playground.apiEndpoint" -}} +{{- if eq .Values.playground.service.backendRef.kind "ExternalService" -}} + {{ printf .Values.playground.service.backendRef.endpoint }} +{{- else -}} + {{- $namespace := (coalesce .Values.playground.service.backendRef.namespace .Release.Namespace) }} + {{- $name := .Values.playground.service.backendRef.name }} + {{- $port := .Values.playground.service.backendRef.port }} + {{- $protocol := (lower .Values.playground.service.backendRef.protocol) }} + {{- $endpoint := .Values.playground.service.backendRef.endpoint }} + {{- printf "%v://%v.%v.svc.cluster.local:%v%v" $protocol $name $namespace $port $endpoint }} +{{- end -}} +{{- end -}} diff --git a/charts/playground/templates/_utils.tpl b/charts/playground/templates/_utils.tpl new file mode 100644 index 00000000..c5472535 --- /dev/null +++ b/charts/playground/templates/_utils.tpl @@ -0,0 +1,20 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Gets a value from .Values given +Usage: +{{ include "utils.getValueFromKey" (dict "path" "path.to.key" "context" $) }} +Params: + - path: The path to the value to validate. (required) + - context: The context values. (required) +*/}} +{{- define "utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .path -}} +{{- $value := dict -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- $key := . -}} + {{- $value = ( index $latestObj $key ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- $value | toYaml -}} +{{- end -}} From 0b6296aeb35b192117ab4998f4a067046fccf77d Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:29:20 +0800 Subject: [PATCH 06/11] test: Write validations. --- .../templates/validations/index.yaml | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 charts/playground/templates/validations/index.yaml diff --git a/charts/playground/templates/validations/index.yaml b/charts/playground/templates/validations/index.yaml new file mode 100644 index 00000000..7ebaffd5 --- /dev/null +++ b/charts/playground/templates/validations/index.yaml @@ -0,0 +1,83 @@ +{{- $errorMsg := "" -}} + +{{- if .Values.customRegistrySecret.enabled -}} + {{- $errorMsg = printf "%s\n%s" + $errorMsg + ( + include "validations.required" ( + dict + "path" "customRegistrySecret.auth" + "fields" (list "registry" "username" "password") + "msg" "Must provide when customRegistrySecret.enabled is true" + "context" $ + ) + ) + -}} +{{- end -}} + +{{- if .Values.ingress.tls.enabled -}} + {{- $errorMsg = printf "%s\n%s" + $errorMsg + ( + include "validations.required" ( + dict + "path" "ingress.tls" + "fields" (list "cert" "key") + "msg" "Must provide when ingress.tls.enabled is true" + "context" $ + ) + ) + -}} +{{- end -}} + +{{- if and .Values.playground.enabled -}} + {{- if eq (print .Values.playground.service.backendRef.kind) "ExternalService" -}} + {{- $errorMsg = printf "%s\n%s" + $errorMsg + ( + include "validations.required" ( + dict + "path" "playground.service.backendRef" + "fields" (list "endpoint") + "msg" "Must provide when playground.service.backendRef.kind is ExternalService" + "context" $ + ) + ) + -}} + {{- if .Values.playground.service.backendRef.endpoint | hasPrefix "/" -}} + {{- $errorMsg = printf "%s\n%s" + $errorMsg + "playground.service.backendRef.endpoint must be full URL when playground.service.backendRef.kind is ExternalService" + -}} + {{- end -}} + {{- else if eq (print .Values.playground.service.backendRef.kind) "Service" -}} + {{- $errorMsg = printf "%s\n%s" + $errorMsg + ( + include "validations.required" ( + dict + "path" "playground.service.backendRef" + "fields" (list "name" "port" "protocol") + "msg" "Must provide when playground.service.backendRef.kind is Service" + "context" $ + ) + ) + -}} + {{- if and .Values.playground.service.backendRef.endpoint (not (.Values.playground.service.backendRef.endpoint | hasPrefix "/")) -}} + {{- $errorMsg = printf "%s\n%s" + $errorMsg + "playground.service.backendRef.endpoint must be empty or just path when playground.service.backendRef.kind is Service" + -}} + {{- end -}} + {{- else -}} + {{- $errorMsg = printf "%s\n%s" + $errorMsg + (printf "Invalid value for playground.service.backendRef.kind (available options: Service, ExternalService), got: %v" .Values.playground.service.backendRef.kind) + -}} + {{- end -}} +{{- end -}} + +{{- $errorMsg = (trimAll "\n" $errorMsg) -}} +{{- if not (empty $errorMsg) -}} + {{- fail (print "\n\nValidation Failed:\n" $errorMsg) -}} +{{- end -}} From 99efe6cd7f9f0e28839c2500dc280e02468ca0e6 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:29:45 +0800 Subject: [PATCH 07/11] feat: Declare chart template. --- .../templates/agh-playground-ingressroute.yml | 36 +++++++++++++++++++ .../templates/playground-deployment.yml | 36 +++++++++++++++++++ .../templates/playground-service.yml | 14 ++++++++ 3 files changed, 86 insertions(+) create mode 100644 charts/playground/templates/agh-playground-ingressroute.yml create mode 100644 charts/playground/templates/playground-deployment.yml create mode 100644 charts/playground/templates/playground-service.yml diff --git a/charts/playground/templates/agh-playground-ingressroute.yml b/charts/playground/templates/agh-playground-ingressroute.yml new file mode 100644 index 00000000..b4261433 --- /dev/null +++ b/charts/playground/templates/agh-playground-ingressroute.yml @@ -0,0 +1,36 @@ +{{- if and .Values.ingress.enabled .Values.playground.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: agh-playground-ingressroute +spec: + entryPoints: + - web + - websecure + routes: + - kind: Rule + match: {{ empty .Values.ingress.host | ternary "PathPrefix(`/`)" (print "Host(`" (.Values.ingress.host) "`)") }} + middlewares: + - name: https-redirectscheme + services: + - kind: Service + name: playground + port: 80 + - kind: Rule + match: {{ printf "%s%s" "(PathPrefix(`/api/static`) || PathPrefix(`/api/template`))" (empty .Values.ingress.host | ternary "" (print " && Host(`" (.Values.ingress.host) "`)" )) }} + middlewares: + - name: https-redirectscheme + services: + - kind: Service + name: playground + port: 80 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: https-redirectscheme +spec: + redirectScheme: + scheme: https + permanent: true +{{- end }} diff --git a/charts/playground/templates/playground-deployment.yml b/charts/playground/templates/playground-deployment.yml new file mode 100644 index 00000000..1860c1c2 --- /dev/null +++ b/charts/playground/templates/playground-deployment.yml @@ -0,0 +1,36 @@ +{{- if and .Values.playground.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: playground + labels: + {{- include "AGH3-Playground.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: playground + template: + metadata: + labels: + app: playground + spec: + {{- include "playground.imagePullSecrets" . | nindent 6 }} + containers: + - name: playground + image: {{ include "playground.image" . }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: API_ENDPOINT + value: {{ include "playground.apiEndpoint" . }} + {{- if .Values.playground.extraEnv }} + {{- include "common.tplvalues.render" (dict "value" .Values.playground.extraEnv "context" $) | nindent 12 }} + {{- end }} + ports: + - name: web + containerPort: 80 + imagePullPolicy: {{ .Values.playground.image.pullPolicy }} + restartPolicy: Always +{{- end }} diff --git a/charts/playground/templates/playground-service.yml b/charts/playground/templates/playground-service.yml new file mode 100644 index 00000000..1a74f4a0 --- /dev/null +++ b/charts/playground/templates/playground-service.yml @@ -0,0 +1,14 @@ +{{- if and .Values.playground.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: playground + labels: + {{- include "AGH3-Playground.labels" . | nindent 4 }} +spec: + selector: + app: playground + ports: + - port: 80 + targetPort: web +{{- end }} From 5ad5c3b9f17acd9d95c8ff38e1b24df9454cf050 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:37:18 +0800 Subject: [PATCH 08/11] ci: Add CI for chart lint & test. --- .github/workflows/agh3-playground-test.yml | 65 ++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .github/workflows/agh3-playground-test.yml diff --git a/.github/workflows/agh3-playground-test.yml b/.github/workflows/agh3-playground-test.yml new file mode 100644 index 00000000..b83af5cd --- /dev/null +++ b/.github/workflows/agh3-playground-test.yml @@ -0,0 +1,65 @@ +name: โš™๏ธ [AGH3-Playground] ๐Ÿงช Test + +on: + pull_request: + branches: + - main + paths: + - charts/playground/** + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: ๐Ÿ”” Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: โš™๏ธ Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: ๐Ÿช Install Helm + uses: azure/setup-helm@v4 + with: + version: v3.14.4 + + - name: ๐Ÿ“ฆ Add Helm dependency repos + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo update + + - name: ๐Ÿงช Run chart-linting + run: | + helm dependency build charts/playground + helm lint charts/playground + + - name: ๐Ÿงช Run chart-testing -> internal mode (default) + run: | + helm dependency build charts/playground + helm template agh charts/playground \ + --set customRegistrySecret.auth.username='robot$ci-test-lkc-lab+foo' \ + --set customRegistrySecret.auth.password='ci-test-9e1e8ee7-edba-49d9-9cae-2dabf522d4d1' \ + -n agh3-playground + + - name: ๐Ÿงช Run chart-testing -> internal mode with custom namespace + run: | + helm dependency build charts/playground + helm template agh charts/playground \ + --set customRegistrySecret.auth.username='robot$ci-test-lkc-lab+foo' \ + --set customRegistrySecret.auth.password='ci-test-9e1e8ee7-edba-49d9-9cae-2dabf522d4d1' \ + --set playground.service.backendRef.namespace='agh3-prod' \ + --set playground.service.backendRef.kind='Service' \ + -n agh3-playground + + - name: ๐Ÿงช Run chart-testing -> external mode + run: | + helm dependency build charts/playground + helm template agh charts/playground \ + --set customRegistrySecret.auth.username='robot$ci-test-lkc-lab+foo' \ + --set customRegistrySecret.auth.password='ci-test-9e1e8ee7-edba-49d9-9cae-2dabf522d4d1' \ + --set playground.service.backendRef.kind='ExternalService' \ + --set playground.service.backendRef.endpoint='example.com/api/v1' \ + -n agh3-playground From 335c142e042f507364e4bef724d861a7fe62d8e6 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:41:13 +0800 Subject: [PATCH 09/11] ci: Add CI for release playground chart. --- .github/workflows/agh3-playground-release.yml | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 .github/workflows/agh3-playground-release.yml diff --git a/.github/workflows/agh3-playground-release.yml b/.github/workflows/agh3-playground-release.yml new file mode 100644 index 00000000..47103ff6 --- /dev/null +++ b/.github/workflows/agh3-playground-release.yml @@ -0,0 +1,93 @@ +name: ๐Ÿ”ง [AGH3-Playground] Fetch & Create Chart for Release + +on: + workflow_dispatch: + inputs: + chart_version_increment: + description: "Chart Version Increment (Semver)" + required: true + default: "patch" + type: choice + options: + - "minor" + - "patch" + app_version_increment: + description: "App Version Increment (Semver or Use Existing)" + required: true + default: "patch" + type: choice + options: + - "minor" + - "patch" + - "use-existing" + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: ๐Ÿท๏ธ Get latest Playground tags from Release + uses: oprypin/find-latest-tag@v1 + id: ui + with: + repository: Leukocyte-Lab/AGH3-CTR-Playground + releases-only: true + token: ${{ secrets.GH_TOKEN }} + regex: '^v\d+\.\d+\.\d+$' + + - name: ๐Ÿ”” Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: ๐Ÿ–๏ธ Update version tags for Apps + uses: mikefarah/yq@v4.43.1 + with: + cmd: | + cp charts/playground/values.yaml charts/playground/values.yaml.tmp + cat charts/playground/values.yaml.tmp | \ + yq '.playground.image.tag = "${{ steps.ui.outputs.tag }}"' | \ + yq '.' > charts/playground/values.yaml + rm charts/playground/values.yaml.tmp + + - name: ๐Ÿ“ฆ Install Tools for parsing semver + run: | + sudo apt update + sudo apt install gettext-base + sudo wget -O /usr/local/bin/semver https://raw.githubusercontent.com/fsaintjacques/semver-tool/master/src/semver + sudo chmod +x /usr/local/bin/semver + semver --version + + - name: ๐Ÿ”Ž Get Chart versions + run: | + export APP_VERSION="$(yq '.appVersion' charts/playground/Chart.yaml | ${{ inputs.app_version_increment == 'use-existing' && 'sed "s/^v//g"' || format('xargs semver bump {0}', inputs.app_version_increment) }})" + export CHART_VERSION="$(yq '.version' charts/playground/Chart.yaml | xargs semver bump ${{ inputs.chart_version_increment }})" + echo "APP_VERSION=$APP_VERSION" >> "$GITHUB_ENV" + echo "CHART_VERSION=$CHART_VERSION" >> "$GITHUB_ENV" + + - name: ๐Ÿ–๏ธ Update Chart versions + uses: mikefarah/yq@v4.43.1 + with: + cmd: | + cp charts/playground/Chart.yaml charts/playground/Chart.yaml.tmp + cat charts/playground/Chart.yaml.tmp | \ + yq '.version = "${{ env.CHART_VERSION }}"' | \ + yq '.appVersion = "v${{ env.APP_VERSION }}"' | \ + yq '.' > charts/playground/Chart.yaml + rm charts/playground/Chart.yaml.tmp + + - name: ๐Ÿ™Œ Create PR + uses: peter-evans/create-pull-request@v6 + with: + token: ${{ secrets.GH_TOKEN }} + branch: build/release-chart-agh3-playground-${{ env.CHART_VERSION }} + commit-message: | + build: Release chart/agh3-playground ${{ env.CHART_VERSION }} + + - Chart Version: `${{ env.CHART_VERSION }}` + - App Version: `${{ env.APP_VERSION }}` + - Playground: `${{ steps.ui.outputs.tag }}` + title: "build: Release chart/agh3-playground `v${{ env.CHART_VERSION }}`" + body: | + - Chart Version: `${{ env.CHART_VERSION }}` + - App Version: `${{ env.APP_VERSION }}` + - Playground: `${{ steps.ui.outputs.tag }}` From e5bddbe5acfd6159483408d49f7fd68e7048ca5f Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 16:42:47 +0800 Subject: [PATCH 10/11] ci: Add CI for auto publish playground chart. --- .../workflows/agh3-playground-publish.yaml | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/agh3-playground-publish.yaml diff --git a/.github/workflows/agh3-playground-publish.yaml b/.github/workflows/agh3-playground-publish.yaml new file mode 100644 index 00000000..24f601bd --- /dev/null +++ b/.github/workflows/agh3-playground-publish.yaml @@ -0,0 +1,37 @@ +name: โš™๏ธ [AGH3-Playground] Auto Publish Chart + +on: + push: + branches: + - main + paths: + - charts/playground/** + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: ๐Ÿ”” Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: โš™๏ธ Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: ๐Ÿ“ฆ Install Helm + uses: azure/setup-helm@v4 + with: + version: v3.14.4 + + - name: ๐Ÿ“ฆ Add Helm dependency repos + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo update + + - name: ๐ŸŽ Release Chart + uses: helm/chart-releaser-action@v1 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From c68a60d7f877c97f38dfde204b2bbf4f701a7615 Mon Sep 17 00:00:00 2001 From: aries0d0f Date: Fri, 26 Jul 2024 17:48:41 +0800 Subject: [PATCH 11/11] docs: Add README. --- charts/playground/README.md | 67 +++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 charts/playground/README.md diff --git a/charts/playground/README.md b/charts/playground/README.md new file mode 100644 index 00000000..ecbeea00 --- /dev/null +++ b/charts/playground/README.md @@ -0,0 +1,67 @@ +# AGH3 + +## Install + +```bash +helm repo add lkclab https://charts.lkc-lab.com/ +helm repo update + +helm install agh3-playground lkclab/agh3-playground +``` + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `global.imageRegistry` | Global Docker Image registry | `registry.lkc-lab.com` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `["lkc-registry"]` | +| `global.storageClass` | Global storage class for dynamic provisioning | `""` | +| `global.volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `true` | + +### Common parameters + +| Name | Description | Value | +| ------------------------------------ | ------------------------------------------------- | ---------------------- | +| `customRegistrySecret.enabled` | Enable custom registry secret generation | `true` | +| `customRegistrySecret.auth.registry` | URL of the registry server | `registry.lkc-lab.com` | +| `customRegistrySecret.auth.username` | Username to authenticate with the registry server | `""` | +| `customRegistrySecret.auth.password` | Password to authenticate with the registry server | `""` | +| `ingress.enabled` | Enable ingress controller | `true` | +| `ingress.host` | Ingress hostname | `""` | + +### TLS parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `ingress.tls.enabled` | Enable TLS certificate generation | `false` | +| `ingress.tls.secretName` | Name of the generated secret | `agh-playground-tls` | +| `ingress.tls.cert` | Server certificate content | `LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZFRENDQXZpZ0F3SUJBZ0lVV1BvMjlXUGtjOTYwWGNQMWhkMzFFKzBFUkZnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1p6RUxNQWtHQTFVRUJoTUNWRmN4RHpBTkJnTlZCQWdNQmxSaGFYZGhiakVQTUEwR0ExVUVCd3dHVkdGcApjR1ZwTVNBd0hnWURWUVFLREJkTVpYVnJiMk41ZEdVdFRHRmlJRU52TGl3Z1RIUmtMakVVTUJJR0ExVUVBd3dMCmJHdGpMV3hoWWk1amIyMHdJQmNOTWpJeE1USXpNRGd5TkRJMldoZ1BNakV5TWpFd016QXdPREkwTWpaYU1JR0MKTVFzd0NRWURWUVFHRXdKVVZ6RVBNQTBHQTFVRUNBd0dWR0ZwZDJGdU1SZ3dGZ1lEVlFRSERBOU9aWGNnVkdGcApjR1ZwSUVOcGRIa3hJREFlQmdOVkJBb01GMHhsZFd0dlkzbDBaUzFNWVdJZ1EyOHVMQ0JNZEdRdU1Rd3dDZ1lEClZRUUxEQU5TUkZReEdEQVdCZ05WQkFNTUQzSmtkQzVzYTJNdGJHRmlMbU52YlRCWk1CTUdCeXFHU000OUFnRUcKQ0NxR1NNNDlBd0VIQTBJQUJHd0NKOWswZDN5U1VOSnpXUzlXS0x3Mm9OVkpuMW9MVkEralpzTlo1WGMvU2xsNgpWaGZDYlkvYTFLdTBlYjQxM1hIL3ZLUjBWU2pDQndlZ1RyVTBXOHlqZ2dGZk1JSUJXekNDQVJjR0ExVWRFUVNDCkFRNHdnZ0VLZ2c5eVpIUXViR3RqTFd4aFlpNWpiMjJDRVNvdWNtUjBMbXhyWXkxc1lXSXVZMjl0Z2hSc1l6QXgKTG5Ka2RDNXNhMk10YkdGaUxtTnZiWUlXS2k1c1l6QXhMbkprZEM1c2EyTXRiR0ZpTG1OdmJZSVViR013TWk1eQpaSFF1Ykd0akxXeGhZaTVqYjIyQ0Zpb3ViR013TWk1eVpIUXViR3RqTFd4aFlpNWpiMjJDRkd4ak1ETXVjbVIwCkxteHJZeTFzWVdJdVkyOXRnaFlxTG14ak1ETXVjbVIwTG14cll5MXNZV0l1WTI5dGdoUnNZekEwTG5Ka2RDNXMKYTJNdGJHRmlMbU52YllJV0tpNXNZekEwTG5Ka2RDNXNhMk10YkdGaUxtTnZiWUlVYkdNd05TNXlaSFF1Ykd0agpMV3hoWWk1amIyMkNGaW91YkdNd05TNXlaSFF1Ykd0akxXeGhZaTVqYjIwd0hRWURWUjBPQkJZRUZIeGF1a3dDCllibkF6S1lsZk9Lc2FnaWNNTjl5TUI4R0ExVWRJd1FZTUJhQUZBOWh6ZUJQdWVuRGZ2aTZTUXpzT0l3VHIrRlcKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElDQVFEQTBnM3VWcVpTanhURFpXNFJmTzZjRnNROW1pTTdrQUFsRW50RApTV2FJQW1TVVI3UUZPazFQVjdMNFJFL0lubTA2Qm9yb0RUSVY3TTBMbnFmVjdVaENIbVVmUXdFbEhwSnYxMGV2CnFZZUluMThkSlJxWng0dFh4c3o1eHBLOGMrMHZieG1hWEFna3ZHRmtHVXNSNG1YUzRiK3V2ckN0ZVUrUGFnbGIKT2pjd2V4Qk1NZ0ZtNDU1VUtVald1VjdoN3VaNGpyRVdVbU53ZVcyR0xBMjFoaXg3VkZxTG9aSlFTby93NjkzZAptVUtGaW5Sb0Myd0lLOStVMExJVXNnU21wbWFLdmROUFFKajB1MlhpOWZzbmdwQnV5SWozSjNpNURVczV1aW04CkZmbUtqN3lKY1NaWkV0MmxYY3lCLzJDUEo1ZW8rbEFLK3YxZVpmcGQzSytYeitaQVpGRDVxbGJ0SHl3Vk5tMkQKdHhHL1N1d05UNnpDbTVLNUI3ZWhTWFMyZ2Q3cGNSSFFmZUk5OGtwUHJsT3R5RXB4YU1jL1hWT0o4QytoSnBsQQpjOVg3bml1WmJNME9WdHlxdERLVGtpTzFFRVYxNUFPUGZvaWh6QlJtTGsxaGxrbnZwQWlxU1QzSFlsT0JpWGhrCnp3MTl3SUlTNTA3N3I5SkFrRmlRQ3FMMVdiM0FlbjVaSkxQa2FUYnNyMExGUmFlZTMwQUswZmIwYUpscnE3N0YKUHlacnhUMXp2MC9nZGNneG50dmtMbXpId2hGV1FtQWVJaWphVm05dXJTQ1p6dXVWL2pQRkdIZHY3K3pGS1ZueQp0eFhlUG1jT0plT2NUcG9PRVNwbW5rNW1XZTlVK3UwbncvMzlEbW4rcm04K3ZiYW0vUUVFSWdXUnBKd2V0N3lBClgvR0Y2UT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K` | +| `ingress.tls.key` | Server private key content | `nil` | + +### AGH3-CTR-Playground parameters + +Playground module for AGH3. +ref: https://github.com/Leukocyte-Lab/AGH3-CTR-Playground + +| Name | Description | Value | +| ------------------------------ | ----------------------------------------------------- | ----------------------------------------- | +| `playground.enabled` | Enable Playground module | `true` | +| `playground.image.repository` | Playground image repository | `leukocyte-lab/argushack3/ctr-playground` | +| `playground.image.tag` | Playground image tag (immutable tags are recommended) | `v0.0.1-beta.10` | +| `playground.image.pullPolicy` | Playground image pull policy | `IfNotPresent` | +| `playground.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | + +### Playground service provisioning parameters + +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | +| `playground.service.backendRef.kind` | Backend Service kind (available options: Service, ExternalService) | `Service` | +| `playground.service.backendRef.namespace` | Backend Service namespace, leave empty for the same namespace as the chart | `""` | +| `playground.service.backendRef.name` | Backend Service name | `captain` | +| `playground.service.backendRef.port` | Backend Service port | `8080` | +| `playground.service.backendRef.protocol` | Backend Service protocol | `HTTP` | +| `playground.service.backendRef.endpoint` | Backend Service endpoint for the Playground service (required and must be full URL when playground.service.backendRef.kind is ExternalService, only the path or leave empty when playground.service.backendRef.kind is Service) | `""` | +| `playground.extraEnv` | UI additional environment variables | `{}` | +