riotkit-org · blackandred · Oct 20, 2021 · Oct 20, 2021 · Oct 20, 2021 · Oct 20, 2021
diff --git a/.github/workflows/test-and-release.yaml b/.github/workflows/test-and-release.yaml
@@ -16,6 +16,16 @@ jobs:
             - name: Install dependencies
               run: "pip install -r ./requirements.txt && pip install -r ./requirements-dev.txt && sudo apt-get install whois sshpass"
 
+            - name: Lint Helm
+              uses: WyriHaximus/github-action-helm3@v2
+              with:
+                  exec: helm lint ./k8s
+
+            - name: Render Helm
+              uses: WyriHaximus/github-action-helm3@v2
+              with:
+                  exec: "cd k8s && helm template ./ --debug"
+
             - name: Install project via setuptools
               run: "rkd :install"
 

diff --git a/.rkd/makefile.yaml b/.rkd/makefile.yaml
@@ -23,6 +23,11 @@ tasks:
             - pip install -r ./requirements.txt
             - python3 ./setup.py install
 
+    :compile:helm:
+        description: Checks if Helm Chart compiles
+        steps:
+            - cd k8s && helm template ./  --debug
+
     :image:
         description: Build a docker image
         arguments:

diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+type: application
+name: infracheck
+version: 0.0.1
+appVersion: 2.1.2
+description: Incredibly elastic and lightweight health check endpoint to cover ANY CASE, including infrastructure as well as applications
+home: https://github.com/riotkit-org/infracheck
+sources:
+    - https://github.com/riotkit-org/infracheck
+maintainers:
+    - name: Riotkit
+      email: riotkit@riseup.net
diff --git a/k8s/templates/NOTES.txt b/k8s/templates/NOTES.txt
@@ -0,0 +1 @@
+Infracheck installed.
diff --git a/k8s/templates/_helpers.tpl b/k8s/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "infracheck.appName" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "infracheck.chartName" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
diff --git a/k8s/templates/configmap.yaml b/k8s/templates/configmap.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: {{ .Release.Name }}-scripts
+data:
+    {{- range $k, $v := .Values.checks.scripts }}
+    {{ $k }}: |
+{{ $v | indent 8 }}
+    {{ end }}
+
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: {{ .Release.Name }}-configs
+data:
+    {{- range $k, $v := .Values.checks.configured }}
+    {{ $k }}.json: |
+{{ $v | indent 8 }}
+    {{ end }}
+{{ .Values.checks.configuredStr | indent 8 }}
diff --git a/k8s/templates/deployment.yaml b/k8s/templates/deployment.yaml
@@ -0,0 +1,128 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: {{ .Release.Name }}
+    labels:
+        helm.sh/chart: {{ include "infracheck.chartName" . }}
+        app.kubernetes.io/name: {{ include "infracheck.appName" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        {{- if .Chart.AppVersion }}
+        app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+        {{- end }}
+        {{- if .Values.deployment.labels }}
+    {{ toYaml .Values.deployment.labels | indent 4 }}
+        {{- end }}
+spec:
+    replicas: {{ .Values.deployment.replicas }}
+    selector:
+        matchLabels:
+            app.kubernetes.io/instance: {{ .Release.Name }}
+            app.kubernetes.io/name: {{ include "infracheck.appName" . }}
+    template:
+        metadata:
+            labels:
+                app.kubernetes.io/instance: {{ .Release.Name }}
+                app.kubernetes.io/name: {{ include "infracheck.appName" . }}
+                {{- if .Values.deployment.labels }}
+                {{ toYaml .Values.deployment.labels | indent 16 }}
+                {{- end }}
+
+            annotations:
+                checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+            {{- with .Values.deployment.annotations }}
+                {{ toYaml . | indent 20 }}
+            {{ end }}
+        spec:
+            {{- with .Values.deployment.imagePullSecrets }}
+            imagePullSecrets:
+                {{- toYaml . | nindent 16 }}
+            {{- end }}
+
+            {{- with .Values.deployment.podSecurityContext }}
+            securityContext:
+                {{- toYaml . | nindent 16 }}
+            {{- end }}
+            volumes:
+                - name: scripts
+                  configMap:
+                      name: {{ .Release.Name }}-scripts
+                - name: configs
+                  configMap:
+                      name: {{ .Release.Name }}-configs
+            {{- if .Values.deployment.allowHostSystemPaths }}
+                - name: sysfs
+                  hostPath:
+                      path: /sys
+                      type: Directory
+                - name: dev
+                  hostPath:
+                      path: /dev
+                      type: Directory
+                - name: proc
+                  hostPath:
+                      path: /proc
+                      type: Directory
+                {{- if .Values.dbVolume.enabled }}
+                - name: database
+                  persistentVolumeClaim:
+                      claimName: {{ .Release.Name }}-database
+                {{- end }}
+            {{- end }}
+
+            {{- with .Values.deployment.nodeSelector }}
+            nodeSelector:
+                {{- toYaml . | nindent 16 }}
+            {{- end }}
+            {{- with .Values.deployment.affinity }}
+            affinity:
+                {{- toYaml . | nindent 16 }}
+             {{- end }}
+            {{- with .Values.deployment.tolerations }}
+            tolerations:
+                {{- toYaml . | nindent 16 }}
+            {{- end }}
+
+            containers:
+                - name: app
+                  image: {{ .Values.deployment.image }}:v{{ .Chart.AppVersion }}-x86_64
+                  ports:
+                      - containerPort: 8000
+                  args: ["--server-path-prefix", "/{{ .Values.settings.secret_code }}", "--log-level", "{{ .Values.settings.log_level }}"]
+                  volumeMounts:
+                      - name: scripts
+                        mountPath: /data/checks
+                      - name: configs
+                        mountPath: /data/configured
+                      {{- if .Values.deployment.allowHostSystemPaths }}
+                      - name: sysfs
+                        mountPath: /sys
+                      - name: dev
+                        mountPath: /dev
+                      - name: proc
+                        mountPath: /proc-host
+                      {{- end }}
+                      {{- if .Values.dbVolume.enabled }}
+                      - name: database
+                        mountPath: /database
+                      {{- end }}
+                  env:
+                      - name: REFRESH_TIME
+                        value: "{{ .Values.settings.refresh_time }}"
+                      - name: WAIT_TIME
+                        value: "{{ .Values.settings.wait_time }}"
+                      - name: CHECK_TIMEOUT
+                        value: "{{ .Values.settings.check_timeout }}"
+                  {{- with .Values.deployment.environment }}
+                      {{- range $key, $val := . }}
+                      - name: {{ $key }}
+                        value: {{ $val | quote }}
+                      {{- end }}
+                  {{ end }}
+                  resources:
+                      {{- toYaml .Values.deployment.resources | nindent 22 }}
+                  securityContext:
+                    {{- if .Values.deployment.isPrivileged }}
+                      privileged: true
+                    {{- end }}
diff --git a/k8s/templates/network.yaml b/k8s/templates/network.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+    name: {{ .Release.Name }}-http
+spec:
+    type: ClusterIP
+    selector:
+        app.kubernetes.io/name: {{ .Release.Name }}
+    ports:
+        - protocol: TCP
+          port: 80
+          targetPort: 8000
+
+{{ if .Values.ingress.enabled }}
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+    name: {{ .Release.Name }}
+spec:
+    entryPoints:
+        - websecure
+        - web
+    routes:
+        - kind: Rule
+          match: Host(`{{ .Values.ingress.host }}`)
+          priority: 10
+          services:
+              - name: {{ .Release.Name }}-http
+                port: 80
+    tls:
+        certResolver: default
+{{ end }}
diff --git a/k8s/templates/volume.yaml b/k8s/templates/volume.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.dbVolume.enabled }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+    name: {{ .Release.Name }}-database
+spec:
+    storageClassName: "{{ .Values.dbVolume.storageClassName }}"
+    {{- with .Values.dbVolume.volumeName }}
+    volumeName: "{{ . }}"
+    {{- end }}
+    accessModes:
+        - {{ .Values.dbVolume.accessMode}}
+    resources:
+        requests:
+            storage: {{ .Values.dbVolume.requests }}
+{{ end }}
diff --git a/k8s/values.yaml b/k8s/values.yaml
@@ -0,0 +1,74 @@
+deployment:
+    image: quay.io/riotkit/infracheck
+    version: v2.1.2-x86_64
+    replicas: 1
+    imagePullSecrets: []
+    podSecurityContext: {}
+    environment:
+        AUTHORS: https://github.com/riotkit-org
+    labels: {}
+    nodeSelector: {}
+    affinity: {}
+    tolerations: []
+    annotations: {}
+    resources:
+        requests:
+            memory: "128Mi"
+            cpu: "0"
+        limits:
+            memory: "512Mi"
+            cpu: "4"
+
+    # You can turn off any of those for security reasons. This gives at least read-only access to host devices, kernel
+    # and host process data for monitoring purposes.
+    allowHostSystemPaths: true
+    isPrivileged: true
+
+settings:
+    refresh_time: "300"              # interval between refreshing all checks
+    wait_time: "0"                   # time in seconds between two checks are running
+    check_timeout: "120"             # timeout on every check
+    secret_code: "change-me-please"  # --server-path-prefix
+    log_level: "info"                # --log-level
+
+dbVolume:
+    enabled: true
+    storageClassName: ""
+    #volumeName: ""
+    requests: 15Mi
+    accessMode: ReadWriteOnce
+
+ingress:
+    enabled: true
+    host: health.example.org
+
+checks:
+    scripts:
+        # example - later use it in field "type".
+        #
+        # {
+        #     "type": "hello.sh",
+        #     "input": {
+        #         "word": "Cheese"
+        #     }
+        # }
+        hello.sh: |
+            #!/bin/bash
+
+            echo "Hello! This is an example check, you can write your own 'check' scripts that takes parameters from JSON and environment variables"
+            echo "The word is: ${WORD}"
+            env
+
+            exit 0
+
+    configured: {}
+#        disk-space: |
+#              {
+#                  "type": "disk-space",
+#                  "input": {
+#                      "dir": "/",
+#                      "min_req_space": "6"
+#                  }
+#              }
+    # raw string to be pasted into ConfigMap
+    configuredStr: ""