Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Helm Chart to flipflop #11

Merged
merged 4 commits into from
Aug 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions .github/workflows/chart-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Release Charts

on:
push:
tags:
- 'v*.*.*'

jobs:
build:
name: Publish Helm Chart
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
CHART_NAME: flipflop
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
path: ${{ env.CHART_NAME }}
fetch-depth: 0
-
name: Checkout Helm chart Repo
uses: actions/checkout@v4
with:
repository: metal-toolbox/${{ env.CHART_NAME }}
path: helm-charts
ref: gh-pages
jakeschuurmans marked this conversation as resolved.
Show resolved Hide resolved
fetch-depth: 0
-
name: Install Helm
uses: azure/[email protected]
-
name: Package Helm Chart
run: |
helm package --version ${{ github.ref_name }} ./${{ env.CHART_NAME }}/chart -u -d ./helm-charts/
helm repo index ./helm-charts/ --url https://metal-toolbox.github.io/${{ env.CHART_NAME }}/
-
name: Create Git Commit
run: |
cd helm-charts
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
git add index.yaml *.tgz
git commit -m "published ${{ env.CHART_NAME }}-${{ github.ref_name }}.tgz"
-
name: Push Changes
uses: ad-m/github-push-action@master
with:
repository: metal-toolbox/${{ env.CHART_NAME }}
directory: helm-charts
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: gh-pages
23 changes: 23 additions & 0 deletions chart/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
9 changes: 9 additions & 0 deletions chart/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: v2
name: flipflop
description: A chart to control BMCs
version: v0.1.0
keywords:
- bmc
home: "https://github.com/metal-toolbox/flipflop"
sources:
- "https://github.com/metal-toolbox/flipflop"
10 changes: 10 additions & 0 deletions chart/templates/configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{{ if .Values.enable }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: flipflop-config
data:
config.yaml: |-
{{ toYaml .Values.env | indent 4 }}
{{ end }}
91 changes: 91 additions & 0 deletions chart/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
{{ if .Values.enable }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-service: flipflop
kind: controller
name: flipflop
spec:
replicas: 1
selector:
matchLabels:
k8s-service: flipflop
template:
metadata:
labels:
k8s-service: flipflop
spec:
terminationGracePeriodSeconds: 1200
containers:
- name: flipflop
image: {{ .Values.image.repository.url }}/flipflop:{{ .Values.image.repository.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: [
"flipflop",
"run",
"--config",
"/etc/flipflop/config.yaml",
"--enable-pprof",
"--log-level",
"{{- .Values.env.log_level -}}",
{{- if .Values.env.fault_injection -}}
"--fault-injection",
{{- end -}}
{{- if .Values.env.dryrun -}}
"--dry-run",
{{- end -}}
]
volumeMounts:
- name: config-volume
mountPath: /etc/flipflop
- name: nats-creds-volume
mountPath: /etc/nats
readOnly: true
env:
{{- if .Values.env.endpoints.fleetdb.authenticate }}
- name: FLIPFLOP_ENDPOINTS_FLEETDB_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: flipflop-secrets
key: flipflop-oidc-client-secret # TODO; INCORRECT NAME
{{- end }}
securityContext:
capabilities:
drop:
- NET_RAW
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
resources:
limits:
cpu: 200m
memory: 200M
requests:
cpu: 200m
memory: 200M
ports:
- name: metrics-port
containerPort: 9090
livenessProbe:
httpGet:
path: /metrics
port: metrics-port
initialDelaySeconds: 5
readinessProbe:
httpGet:
path: /metrics
port: metrics-port
initialDelaySeconds: 5
volumes:
- name: config-volume
configMap:
name: flipflop-config
- name: nats-creds-volume
secret:
secretName: flipflop-secrets
items:
- key: flipflop-nats-creds
path: nats.creds
restartPolicy: Always
{{ end }}
52 changes: 52 additions & 0 deletions chart/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
enable: true
image:
pullPolicy: Always
repository:
tag: latest
url: localhost:5001
env:
namespace: default
facility: sandbox
log_level: debug
dryrun: true
fault_injection: true
endpoints:
nats:
url: nats://nats:4222
creds_file: /etc/nats/nats.creds
connection_timeout: 60s
kv_replication: 1
app_name: flipflop
# TODO: remove deprecated stream_urn_ns field
stream_urn_ns: hollow-controllers
consumer:
name: sandbox-flipflop
jakeschuurmans marked this conversation as resolved.
Show resolved Hide resolved
pull: true
ack_wait: 5m
max_ack_pending: 10
queue_group: flipflop
stream:
name: controllers
subjects:
- com.hollow.sh.controllers.commands.>
- com.hollow.sh.controllers.responses.>
acknowledgements: true
duplicate_window: 5m
retention: workQueue
otel:
url: jaeger:4317
authenticate: false
fleetdb:
authenticate: true
url: http://fleetdb:8000
oidc_audience_url: # to be filled by parent helm chart if authenticate is true
oidc_issuer_url: # to be filled by parent helm chart if authenticate is true
oidc_client_id: # to be filled by parent helm chart if authenticate is true
oidc_scopes: # to be filled by parent helm chart if authenticate is true
conditionorc:
authenticate: true
url: http://conditionorc-api:9001
oidc_audience_url: # to be filled by parent helm chart if authenticate is true
oidc_issuer_url: # to be filled by parent helm chart if authenticate is true
oidc_client_id: # to be filled by parent helm chart if authenticate is true
oidc_scopes: # to be filled by parent helm chart if authenticate is true
Loading