Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
35 changed files
with
1,219 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/bin/bash | ||
set -euo pipefail | ||
|
||
HELM_DOCS_VERSION="0.15.0" | ||
|
||
# install helm-docs | ||
curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz | ||
tar -xf /tmp/helm-docs.tar.gz helm-docs | ||
|
||
# validate docs | ||
./helm-docs | ||
git diff --exit-code |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/bash | ||
set -xeuo pipefail | ||
|
||
CHART_DIRS="$(find ./ -name '[Cc]hart.yaml' | sed -e 's#/[Cc]hart.yaml##g' |grep -v -e example -e dependencies)" | ||
KUBEVAL_VERSION="0.15.0" | ||
SCHEMA_LOCATION="https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/master/" | ||
|
||
# install kubeval | ||
curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz https://github.com/instrumenta/kubeval/releases/download/"${KUBEVAL_VERSION}"/kubeval-linux-amd64.tar.gz | ||
tar -xf /tmp/kubeval.tar.gz kubeval | ||
|
||
# validate charts | ||
for CHART_DIR in ${CHART_DIRS}; do | ||
helm template "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}" | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
name: Lint and Test Charts | ||
|
||
on: pull_request | ||
|
||
jobs: | ||
lint-docs: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
- name: Run helm-docs | ||
run: .github/helm-docs.sh | ||
|
||
kubeval: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- lint-docs | ||
strategy: | ||
matrix: | ||
k8s: | ||
- v1.18.8 | ||
- v1.19.1 | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
- name: Run kubeval | ||
env: | ||
KUBERNETES_VERSION: ${{ matrix.k8s }} | ||
run: .github/kubeval.sh | ||
|
||
lint: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- kubeval | ||
strategy: | ||
matrix: | ||
k8s: | ||
- v1.18.8 | ||
- v1.19.1 | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
- name: Fetch history | ||
run: git fetch --prune --unshallow | ||
- name: Run chart-testing (lint) | ||
id: lint | ||
uses: helm/chart-testing-action@v1.1.0 | ||
with: | ||
command: lint | ||
config: ct.yaml | ||
|
||
test: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- lint | ||
strategy: | ||
matrix: | ||
k8s: | ||
- v1.18.8 | ||
- v1.19.1 | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
- name: Fetch history | ||
run: git fetch --prune --unshallow | ||
- name: Create kind cluster | ||
uses: helm/kind-action@v1.0.0 | ||
with: | ||
node_image: kindest/node:${{ matrix.k8s }} | ||
- name: Run chart-testing (install) | ||
uses: helm/chart-testing-action@v1.1.0 | ||
with: | ||
command: install | ||
config: ct.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: Release Charts | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
release: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Configure Git | ||
run: | | ||
git config user.name "$GITHUB_ACTOR" | ||
git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | ||
- name: Install Helm | ||
uses: azure/setup-helm@v1 | ||
with: | ||
version: v3.4.0 | ||
|
||
- name: Run chart-releaser | ||
uses: helm/chart-releaser-action@v1.1.0 | ||
env: | ||
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
ovpn0 | ||
*.tgz | ||
.DS_Store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
# We can add here some unwanted charts for helm-docs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
#!/usr/bin/env bash | ||
|
||
ensure-environment() { | ||
if [[ $1 == *"VPN_PORT"* ]] && [[ -z ${VPN_PORT} ]]; then | ||
echo "ℹ️ No VPN_PORT specified. Defaulting to 31304" | ||
VPN_PORT=31304 | ||
fi | ||
|
||
if [[ $1 == *"VPN_PROTOCOL"* ]] && [[ -z ${VPN_PROTOCOL} ]]; then | ||
echo "ℹ️ No VPN_PROTOCOL specified. Defaulting to tcp" | ||
VPN_PROTOCOL=tcp | ||
fi | ||
|
||
if [[ $1 == *"VPN_HOSTNAME"* ]] && [[ -z ${VPN_HOSTNAME} ]]; then | ||
echo "⚠️ Please specify VPN_HOSTNAME This is the hostname or domain pointing at your cluster." | ||
exit 1 | ||
fi | ||
|
||
if [[ $1 == *"DNS_SERVER"* ]] && [[ -z ${DNS_SERVER} ]]; then | ||
echo "ℹ️ No DNS_SERVER specified. Defaulting to 1.1.1.1 (CloudFlare)" | ||
DNS_SERVER=1.1.1.1 | ||
fi | ||
|
||
if [[ $1 == *"NAMESPACE"* ]] && [[ -z ${NAMESPACE} ]]; then | ||
echo "ℹ️ No NAMESPACE specified. Defaulting to ovpn" | ||
NAMESPACE=ovpn | ||
fi | ||
|
||
if [[ $1 == *"CLIENT_NAME"* ]] && [[ -z ${CLIENT_NAME} ]]; then | ||
echo "⚠️ Please specify CLIENT_NAME" | ||
exit 1 | ||
fi | ||
|
||
VPN_URI=${VPN_PROTOCOL}://${VPN_HOSTNAME}:${VPN_PORT} | ||
# Get the APP_VERSION from Chart.yaml | ||
APP_VERSION=$(cat charts/personal-ovpn/Chart.yaml | grep "appVersion" | awk '{print $2}' | sed s/\"//g) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -e | ||
|
||
source bin/_helpers | ||
ensure-environment "CLIENT_NAME" | ||
|
||
if [[ ! -z ${USE_RSA} ]] && [[ "${USE_RSA}" == "true" ]]; then | ||
echo "ℹ️ Will generate RSA certificates instead of ECC" | ||
else | ||
echo "ℹ️ Will generate ECC certificates" | ||
ARGS="-e EASYRSA_ALGO=ec -e EASYRSA_CURVE=secp384r1" | ||
fi | ||
|
||
echo "🔢 Generating client certificate and config..." | ||
docker run ${ARGS} \ | ||
--net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} easyrsa build-client-full ${CLIENT_NAME} | ||
|
||
docker run --net=none --rm -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_getclient ${CLIENT_NAME} > ovpn0/${CLIENT_NAME}.ovpn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -e | ||
|
||
source bin/_helpers | ||
ensure-environment "VPN_PROTOCOL VPN_HOSTNAME VPN_PORT DNS_SERVER" | ||
|
||
echo "🔢 Generating OpenVPN config..." | ||
docker run --net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_genconfig \ | ||
-u ${VPN_URI} \ | ||
-C 'AES-256-CBC' -a 'SHA384' \ | ||
-b -n ${DNS_SERVER} | ||
|
||
echo "🔑 Initialising keys..." | ||
docker run --net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_initpki | ||
|
||
docker run --net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_copy_server_files |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -e | ||
|
||
source bin/_helpers | ||
ensure-environment "VPN_HOSTNAME NAMESPACE" | ||
|
||
if [[ ! -z ${REPLACE} ]] && [[ "${REPLACE}" == "true" ]]; then | ||
echo "⚠️ Removing all previous secrets and configmaps" | ||
kubectl delete -n ${NAMESPACE} secret ovpn0-key | ||
kubectl delete -n ${NAMESPACE} secret ovpn0-cert | ||
kubectl delete -n ${NAMESPACE} secret ovpn0-pki | ||
kubectl delete -n ${NAMESPACE} configmap ovpn0-conf | ||
kubectl delete -n ${NAMESPACE} configmap ccd0 | ||
fi | ||
|
||
kubectl create -n ${NAMESPACE} secret generic ovpn0-key --from-file=ovpn0/server/pki/private/${VPN_HOSTNAME}.key | ||
kubectl create -n ${NAMESPACE} secret generic ovpn0-cert --from-file=ovpn0/server/pki/issued/${VPN_HOSTNAME}.crt | ||
kubectl create -n ${NAMESPACE} secret generic ovpn0-pki \ | ||
--from-file=ovpn0/server/pki/ca.crt --from-file=ovpn0/server/pki/dh.pem --from-file=ovpn0/server/pki/ta.key | ||
kubectl create -n ${NAMESPACE} configmap ovpn0-conf --from-file=ovpn0/server/ | ||
kubectl create -n ${NAMESPACE} configmap ccd0 --from-file=ovpn0/server/ccd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: v2 | ||
appVersion: "2.4.1" | ||
description: A Helm chart for Ackee analytics tool | ||
name: ackee | ||
version: 0.2.0 | ||
type: application | ||
source: | ||
- https://github.com/suda/charts/ackee | ||
home: https://github.com/suda/charts/ackee | ||
maintainers: | ||
- name: Wojtek Siudzinski | ||
email: admin@suda.pl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
# ackee [![](https://img.shields.io/static/v1.svg?label=Deploy%20on&message=DigitalOcean&color=blue)](https://www.digitalocean.com/products/kubernetes/?refcode=fef9487dad1e&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=CopyPaste) | ||
|
||
[Ackee](https://ackee.electerious.com/) - Self-hosted analytics tool for those who care about privacy | ||
|
||
## TL;DR; | ||
|
||
```console | ||
$ helm repo add suda https://suda.github.io/charts/ | ||
$ helm repo update | ||
$ helm install ackee-release suda/ackee -n ackee | ||
``` | ||
|
||
## Introduction | ||
|
||
This chart deploys on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. | ||
|
||
## Prerequisites | ||
|
||
|
||
## Installing the Chart | ||
|
||
To install the chart with the release name `ackee-release`: | ||
|
||
```console | ||
$ helm install ackee-release suda/ackee -n ackee | ||
``` | ||
|
||
The command deploys on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. | ||
|
||
> **Tip**: List all releases using `helm list` | ||
## Uninstalling the Chart | ||
|
||
To uninstall/delete the `ackee-release`: | ||
|
||
```console | ||
$ helm delete ackee-release -n ackee | ||
``` | ||
|
||
The command removes all the Kubernetes components associated with the chart and deletes the release. | ||
|
||
## Configuration | ||
|
||
The following table lists the configurable parameters of the `ackee` chart and their default values. | ||
|
||
| Parameter | Description | Default | | ||
|-------------------------------------------------------------|-----------------------------------------------------------------------|-------------------------------| | ||
| nameOverride | Overrides name template | `""` | | ||
| fullnameOverride | Overrides fullname template | `""` | | ||
| replicaCount | Number of Ackee replicas to create | `1` | | ||
| ackee.mongodb | Address to MongoDB for ackee | `mongodb://mongo:27017/ackee` | | ||
| ackee.username | Username for the default Ackee user | `ackee` | | ||
| ackee.passwordSecret | Name of the secret containing the password for the default Ackee user | `ackee-password` | | ||
| image.repository | Ackee Image name | `electerious/ackee` | | ||
| image.tag | Ackee Image tag | `1.7.0` | | ||
| image.pullPolicy | Image pull policy | `IfNotPresent` | | ||
| service.type | Kubernetes Service type | `ClusterIP` | | ||
| service.port | Ackee service port | `80` | | ||
| ingress.enabled | Enable ingress controller resource | `false` | | ||
| ingress.annotations.nginx.ingress.kubernetes.io/enable-cors | | `"true"` | | ||
| ingress.path | | `/` | | ||
| ingress.tls | Ingress TLS configuration | `[]` | | ||
| livenessProbe.enabled | Turn on and off liveness probe | `true` | | ||
| livenessProbe.initialDelaySeconds | Delay before liveness probe is initiated | `10` | | ||
| livenessProbe.periodSeconds | How often to perform the probe | `60` | | ||
| livenessProbe.timeoutSeconds | When the probe times out | `2` | | ||
| livenessProbe.successThreshold | Minimum consecutive successes for the probe | `1` | | ||
| livenessProbe.failureThreshold | Minimum consecutive failures for the probe | `3` | | ||
| readinessProbe.enabled | Turn on and off readiness probe | `true` | | ||
| readinessProbe.initialDelaySeconds | Delay before readiness probe is initiated | `10` | | ||
| readinessProbe.periodSeconds | How often to perform the probe | `60` | | ||
| readinessProbe.timeoutSeconds | When the probe times out | `2` | | ||
| readinessProbe.successThreshold | Minimum consecutive successes for the probe | `1` | | ||
| readinessProbe.failureThreshold | Minimum consecutive failures for the probe | `3` | | ||
| resources | CPU/Memory resource requests/limits | `{}` | | ||
| nodeSelector | Node selector for pod assignment | `{}` | | ||
| tolerations | Optional deployment tolerations | `[]` | | ||
| affinity | Map of node/pod affinities | `{}` | | ||
|
||
|
||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: | ||
|
||
```console | ||
$ helm install ackee-release suda/ackee -n ackee --set replicaCount=1 | ||
``` | ||
|
||
Alternatively, a YAML file that specifies the values for the parameters can be provided while | ||
installing the chart. For example: | ||
|
||
```console | ||
$ helm install ackee-release suda/ackee -n ackee --values values.yaml | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
project: | ||
name: Ackee | ||
shortName: ackee | ||
url: https://ackee.electerious.com/ | ||
description: Self-hosted analytics tool for those who care about privacy | ||
repository: | ||
url: https://suda.github.io/charts/ | ||
name: ackee | ||
chart: | ||
name: ackee | ||
release: | ||
name: ackee-release | ||
namespace: ackee |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
1. Get the application URL by running these commands: | ||
{{- if .Values.ingress.enabled }} | ||
{{- range .Values.ingress.hosts }} | ||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} | ||
{{- end }} | ||
{{- else if contains "NodePort" .Values.service.type }} | ||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ackee.fullname" . }}) | ||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") | ||
echo http://$NODE_IP:$NODE_PORT | ||
{{- else if contains "LoadBalancer" .Values.service.type }} | ||
NOTE: It may take a few minutes for the LoadBalancer IP to be available. | ||
You can watch the status of by running 'kubectl get svc -w {{ template "ackee.fullname" . }}' | ||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ackee.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') | ||
echo http://$SERVICE_IP:{{ .Values.service.port }} | ||
{{- else if contains "ClusterIP" .Values.service.type }} | ||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ackee.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") | ||
echo "Visit http://127.0.0.1:8080 to use your application" | ||
kubectl port-forward $POD_NAME 8080:3000 | ||
{{- end }} |
Oops, something went wrong.