diff --git a/.github/workflows/test-and-release.yaml b/.github/workflows/test-and-release.yaml index 2d95426..75e03a0 100644 --- a/.github/workflows/test-and-release.yaml +++ b/.github/workflows/test-and-release.yaml @@ -16,6 +16,16 @@ jobs: - name: Install dependencies run: "pip install -r ./requirements.txt && pip install -r ./requirements-dev.txt && sudo apt-get install whois sshpass" + - name: Lint Helm + uses: WyriHaximus/github-action-helm3@v2 + with: + exec: helm lint ./k8s + + - name: Render Helm + uses: WyriHaximus/github-action-helm3@v2 + with: + exec: "cd k8s && helm template ./ --debug" + - name: Install project via setuptools run: "rkd :install" diff --git a/.rkd/makefile.yaml b/.rkd/makefile.yaml index 2f3e1e9..c061a68 100644 --- a/.rkd/makefile.yaml +++ b/.rkd/makefile.yaml @@ -23,6 +23,11 @@ tasks: - pip install -r ./requirements.txt - python3 ./setup.py install + :compile:helm: + description: Checks if Helm Chart compiles + steps: + - cd k8s && helm template ./ --debug + :image: description: Build a docker image arguments: diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml new file mode 100644 index 0000000..a3d80b4 --- /dev/null +++ b/k8s/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +type: application +name: infracheck +version: 0.0.1 +appVersion: 2.1.2 +description: Incredibly elastic and lightweight health check endpoint to cover ANY CASE, including infrastructure as well as applications +home: https://github.com/riotkit-org/infracheck +sources: + - https://github.com/riotkit-org/infracheck +maintainers: + - name: Riotkit + email: riotkit@riseup.net diff --git a/k8s/templates/NOTES.txt b/k8s/templates/NOTES.txt new file mode 100644 index 0000000..76d6d2d --- /dev/null +++ b/k8s/templates/NOTES.txt @@ -0,0 +1 @@ +Infracheck installed. diff --git a/k8s/templates/_helpers.tpl b/k8s/templates/_helpers.tpl new file mode 100644 index 0000000..370c87b --- /dev/null +++ b/k8s/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "infracheck.appName" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "infracheck.chartName" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} diff --git a/k8s/templates/configmap.yaml b/k8s/templates/configmap.yaml new file mode 100644 index 0000000..0b667c7 --- /dev/null +++ b/k8s/templates/configmap.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-scripts +data: + {{- range $k, $v := .Values.checks.scripts }} + {{ $k }}: | +{{ $v | indent 8 }} + {{ end }} + + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-configs +data: + {{- range $k, $v := .Values.checks.configured }} + {{ $k }}.json: | +{{ $v | indent 8 }} + {{ end }} +{{ .Values.checks.configuredStr | indent 8 }} diff --git a/k8s/templates/deployment.yaml b/k8s/templates/deployment.yaml new file mode 100644 index 0000000..25a3876 --- /dev/null +++ b/k8s/templates/deployment.yaml @@ -0,0 +1,128 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + labels: + helm.sh/chart: {{ include "infracheck.chartName" . }} + app.kubernetes.io/name: {{ include "infracheck.appName" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- if .Chart.AppVersion }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + {{- end }} + {{- if .Values.deployment.labels }} + {{ toYaml .Values.deployment.labels | indent 4 }} + {{- end }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "infracheck.appName" . }} + template: + metadata: + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "infracheck.appName" . }} + {{- if .Values.deployment.labels }} + {{ toYaml .Values.deployment.labels | indent 16 }} + {{- end }} + + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.deployment.annotations }} + {{ toYaml . | indent 20 }} + {{ end }} + spec: + {{- with .Values.deployment.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 16 }} + {{- end }} + + {{- with .Values.deployment.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 16 }} + {{- end }} + volumes: + - name: scripts + configMap: + name: {{ .Release.Name }}-scripts + - name: configs + configMap: + name: {{ .Release.Name }}-configs + {{- if .Values.deployment.allowHostSystemPaths }} + - name: sysfs + hostPath: + path: /sys + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: proc + hostPath: + path: /proc + type: Directory + {{- if .Values.dbVolume.enabled }} + - name: database + persistentVolumeClaim: + claimName: {{ .Release.Name }}-database + {{- end }} + {{- end }} + + {{- with .Values.deployment.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .Values.deployment.affinity }} + affinity: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .Values.deployment.tolerations }} + tolerations: + {{- toYaml . | nindent 16 }} + {{- end }} + + containers: + - name: app + image: {{ .Values.deployment.image }}:v{{ .Chart.AppVersion }}-x86_64 + ports: + - containerPort: 8000 + args: ["--server-path-prefix", "/{{ .Values.settings.secret_code }}", "--log-level", "{{ .Values.settings.log_level }}"] + volumeMounts: + - name: scripts + mountPath: /data/checks + - name: configs + mountPath: /data/configured + {{- if .Values.deployment.allowHostSystemPaths }} + - name: sysfs + mountPath: /sys + - name: dev + mountPath: /dev + - name: proc + mountPath: /proc-host + {{- end }} + {{- if .Values.dbVolume.enabled }} + - name: database + mountPath: /database + {{- end }} + env: + - name: REFRESH_TIME + value: "{{ .Values.settings.refresh_time }}" + - name: WAIT_TIME + value: "{{ .Values.settings.wait_time }}" + - name: CHECK_TIMEOUT + value: "{{ .Values.settings.check_timeout }}" + {{- with .Values.deployment.environment }} + {{- range $key, $val := . }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + {{ end }} + resources: + {{- toYaml .Values.deployment.resources | nindent 22 }} + securityContext: + {{- if .Values.deployment.isPrivileged }} + privileged: true + {{- end }} diff --git a/k8s/templates/network.yaml b/k8s/templates/network.yaml new file mode 100644 index 0000000..fb5ad06 --- /dev/null +++ b/k8s/templates/network.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-http +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: {{ .Release.Name }} + ports: + - protocol: TCP + port: 80 + targetPort: 8000 + +{{ if .Values.ingress.enabled }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ .Release.Name }} +spec: + entryPoints: + - websecure + - web + routes: + - kind: Rule + match: Host(`{{ .Values.ingress.host }}`) + priority: 10 + services: + - name: {{ .Release.Name }}-http + port: 80 + tls: + certResolver: default +{{ end }} diff --git a/k8s/templates/volume.yaml b/k8s/templates/volume.yaml new file mode 100644 index 0000000..d158a5c --- /dev/null +++ b/k8s/templates/volume.yaml @@ -0,0 +1,17 @@ +{{- if .Values.dbVolume.enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-database +spec: + storageClassName: "{{ .Values.dbVolume.storageClassName }}" + {{- with .Values.dbVolume.volumeName }} + volumeName: "{{ . }}" + {{- end }} + accessModes: + - {{ .Values.dbVolume.accessMode}} + resources: + requests: + storage: {{ .Values.dbVolume.requests }} +{{ end }} diff --git a/k8s/values.yaml b/k8s/values.yaml new file mode 100644 index 0000000..b36bf12 --- /dev/null +++ b/k8s/values.yaml @@ -0,0 +1,74 @@ +deployment: + image: quay.io/riotkit/infracheck + version: v2.1.2-x86_64 + replicas: 1 + imagePullSecrets: [] + podSecurityContext: {} + environment: + AUTHORS: https://github.com/riotkit-org + labels: {} + nodeSelector: {} + affinity: {} + tolerations: [] + annotations: {} + resources: + requests: + memory: "128Mi" + cpu: "0" + limits: + memory: "512Mi" + cpu: "4" + + # You can turn off any of those for security reasons. This gives at least read-only access to host devices, kernel + # and host process data for monitoring purposes. + allowHostSystemPaths: true + isPrivileged: true + +settings: + refresh_time: "300" # interval between refreshing all checks + wait_time: "0" # time in seconds between two checks are running + check_timeout: "120" # timeout on every check + secret_code: "change-me-please" # --server-path-prefix + log_level: "info" # --log-level + +dbVolume: + enabled: true + storageClassName: "" + #volumeName: "" + requests: 15Mi + accessMode: ReadWriteOnce + +ingress: + enabled: true + host: health.example.org + +checks: + scripts: + # example - later use it in field "type". + # + # { + # "type": "hello.sh", + # "input": { + # "word": "Cheese" + # } + # } + hello.sh: | + #!/bin/bash + + echo "Hello! This is an example check, you can write your own 'check' scripts that takes parameters from JSON and environment variables" + echo "The word is: ${WORD}" + env + + exit 0 + + configured: {} +# disk-space: | +# { +# "type": "disk-space", +# "input": { +# "dir": "/", +# "min_req_space": "6" +# } +# } + # raw string to be pasted into ConfigMap + configuredStr: ""