Skip to content

Commit

Permalink
Initial migration
Browse files Browse the repository at this point in the history
  • Loading branch information
@suda
suda committed Jan 7, 2021
1 parent 51d3ae6 commit 4406529
Show file tree
Hide file tree
Showing 35 changed files with 1,219 additions and 0 deletions.
12 changes: 12 additions & 0 deletions .github/helm-docs.sh
View file
@@ -0,0 +1,12 @@
#!/bin/bash
set -euo pipefail

HELM_DOCS_VERSION="0.15.0"

# install helm-docs
curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz
tar -xf /tmp/helm-docs.tar.gz helm-docs

# validate docs
./helm-docs
git diff --exit-code
15 changes: 15 additions & 0 deletions .github/kubeval.sh
View file
@@ -0,0 +1,15 @@
#!/bin/bash
set -xeuo pipefail

CHART_DIRS="$(find ./ -name '[Cc]hart.yaml' | sed -e 's#/[Cc]hart.yaml##g' |grep -v -e example -e dependencies)"
KUBEVAL_VERSION="0.15.0"
SCHEMA_LOCATION="https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/master/"

# install kubeval
curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz https://github.com/instrumenta/kubeval/releases/download/"${KUBEVAL_VERSION}"/kubeval-linux-amd64.tar.gz
tar -xf /tmp/kubeval.tar.gz kubeval

# validate charts
for CHART_DIR in ${CHART_DIRS}; do
helm template "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}"
done
74 changes: 74 additions & 0 deletions .github/workflows/lint-test.yaml
View file
@@ -0,0 +1,74 @@
name: Lint and Test Charts

on: pull_request

jobs:
lint-docs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run helm-docs
run: .github/helm-docs.sh

kubeval:
runs-on: ubuntu-latest
needs:
- lint-docs
strategy:
matrix:
k8s:
- v1.18.8
- v1.19.1
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run kubeval
env:
KUBERNETES_VERSION: ${{ matrix.k8s }}
run: .github/kubeval.sh

lint:
runs-on: ubuntu-latest
needs:
- kubeval
strategy:
matrix:
k8s:
- v1.18.8
- v1.19.1
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Fetch history
run: git fetch --prune --unshallow
- name: Run chart-testing (lint)
id: lint
uses: helm/chart-testing-action@v1.1.0
with:
command: lint
config: ct.yaml

test:
runs-on: ubuntu-latest
needs:
- lint
strategy:
matrix:
k8s:
- v1.18.8
- v1.19.1
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Fetch history
run: git fetch --prune --unshallow
- name: Create kind cluster
uses: helm/kind-action@v1.0.0
with:
node_image: kindest/node:${{ matrix.k8s }}
- name: Run chart-testing (install)
uses: helm/chart-testing-action@v1.1.0
with:
command: install
config: ct.yaml
30 changes: 30 additions & 0 deletions .github/workflows/release.yml
View file
@@ -0,0 +1,30 @@
name: Release Charts

on:
push:
branches:
- main

jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Install Helm
uses: azure/setup-helm@v1
with:
version: v3.4.0

- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.1.0
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
3 changes: 3 additions & 0 deletions .gitignore
View file
@@ -0,0 +1,3 @@
ovpn0
*.tgz
.DS_Store
1 change: 1 addition & 0 deletions .helmdocsignore
View file
@@ -0,0 +1 @@
# We can add here some unwanted charts for helm-docs
37 changes: 37 additions & 0 deletions bin/_helpers
View file
@@ -0,0 +1,37 @@
#!/usr/bin/env bash

ensure-environment() {
if [[ $1 == *"VPN_PORT"* ]] && [[ -z ${VPN_PORT} ]]; then
echo "ℹ️ No VPN_PORT specified. Defaulting to 31304"
VPN_PORT=31304
fi

if [[ $1 == *"VPN_PROTOCOL"* ]] && [[ -z ${VPN_PROTOCOL} ]]; then
echo "ℹ️ No VPN_PROTOCOL specified. Defaulting to tcp"
VPN_PROTOCOL=tcp
fi

if [[ $1 == *"VPN_HOSTNAME"* ]] && [[ -z ${VPN_HOSTNAME} ]]; then
echo "⚠️ Please specify VPN_HOSTNAME This is the hostname or domain pointing at your cluster."
exit 1
fi

if [[ $1 == *"DNS_SERVER"* ]] && [[ -z ${DNS_SERVER} ]]; then
echo "ℹ️ No DNS_SERVER specified. Defaulting to 1.1.1.1 (CloudFlare)"
DNS_SERVER=1.1.1.1
fi

if [[ $1 == *"NAMESPACE"* ]] && [[ -z ${NAMESPACE} ]]; then
echo "ℹ️ No NAMESPACE specified. Defaulting to ovpn"
NAMESPACE=ovpn
fi

if [[ $1 == *"CLIENT_NAME"* ]] && [[ -z ${CLIENT_NAME} ]]; then
echo "⚠️ Please specify CLIENT_NAME"
exit 1
fi

VPN_URI=${VPN_PROTOCOL}://${VPN_HOSTNAME}:${VPN_PORT}
# Get the APP_VERSION from Chart.yaml
APP_VERSION=$(cat charts/personal-ovpn/Chart.yaml | grep "appVersion" | awk '{print $2}' | sed s/\"//g)
}
19 changes: 19 additions & 0 deletions bin/add-client
View file
@@ -0,0 +1,19 @@
#!/usr/bin/env bash

set -e

source bin/_helpers
ensure-environment "CLIENT_NAME"

if [[ ! -z ${USE_RSA} ]] && [[ "${USE_RSA}" == "true" ]]; then
echo "ℹ️ Will generate RSA certificates instead of ECC"
else
echo "ℹ️ Will generate ECC certificates"
ARGS="-e EASYRSA_ALGO=ec -e EASYRSA_CURVE=secp384r1"
fi

echo "🔢 Generating client certificate and config..."
docker run ${ARGS} \
--net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} easyrsa build-client-full ${CLIENT_NAME}

docker run --net=none --rm -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_getclient ${CLIENT_NAME} > ovpn0/${CLIENT_NAME}.ovpn
17 changes: 17 additions & 0 deletions bin/generate-config
View file
@@ -0,0 +1,17 @@
#!/usr/bin/env bash

set -e

source bin/_helpers
ensure-environment "VPN_PROTOCOL VPN_HOSTNAME VPN_PORT DNS_SERVER"

echo "🔢 Generating OpenVPN config..."
docker run --net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_genconfig \
-u ${VPN_URI} \
-C 'AES-256-CBC' -a 'SHA384' \
-b -n ${DNS_SERVER}

echo "🔑 Initialising keys..."
docker run --net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_initpki

docker run --net=none --rm -it -v ${PWD}/ovpn0:/etc/openvpn kylemanna/openvpn:${APP_VERSION} ovpn_copy_server_files
22 changes: 22 additions & 0 deletions bin/set-secrets
View file
@@ -0,0 +1,22 @@
#!/usr/bin/env bash

set -e

source bin/_helpers
ensure-environment "VPN_HOSTNAME NAMESPACE"

if [[ ! -z ${REPLACE} ]] && [[ "${REPLACE}" == "true" ]]; then
echo "⚠️ Removing all previous secrets and configmaps"
kubectl delete -n ${NAMESPACE} secret ovpn0-key
kubectl delete -n ${NAMESPACE} secret ovpn0-cert
kubectl delete -n ${NAMESPACE} secret ovpn0-pki
kubectl delete -n ${NAMESPACE} configmap ovpn0-conf
kubectl delete -n ${NAMESPACE} configmap ccd0
fi

kubectl create -n ${NAMESPACE} secret generic ovpn0-key --from-file=ovpn0/server/pki/private/${VPN_HOSTNAME}.key
kubectl create -n ${NAMESPACE} secret generic ovpn0-cert --from-file=ovpn0/server/pki/issued/${VPN_HOSTNAME}.crt
kubectl create -n ${NAMESPACE} secret generic ovpn0-pki \
--from-file=ovpn0/server/pki/ca.crt --from-file=ovpn0/server/pki/dh.pem --from-file=ovpn0/server/pki/ta.key
kubectl create -n ${NAMESPACE} configmap ovpn0-conf --from-file=ovpn0/server/
kubectl create -n ${NAMESPACE} configmap ccd0 --from-file=ovpn0/server/ccd
12 changes: 12 additions & 0 deletions charts/ackee/Chart.yaml
View file
@@ -0,0 +1,12 @@
apiVersion: v2
appVersion: "2.4.1"
description: A Helm chart for Ackee analytics tool
name: ackee
version: 0.2.0
type: application
source:
- https://github.com/suda/charts/ackee
home: https://github.com/suda/charts/ackee
maintainers:
- name: Wojtek Siudzinski
email: admin@suda.pl
92 changes: 92 additions & 0 deletions charts/ackee/README.md
View file
@@ -0,0 +1,92 @@
# ackee [![](https://img.shields.io/static/v1.svg?label=Deploy%20on&message=DigitalOcean&color=blue)](https://www.digitalocean.com/products/kubernetes/?refcode=fef9487dad1e&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=CopyPaste)

[Ackee](https://ackee.electerious.com/) - Self-hosted analytics tool for those who care about privacy

## TL;DR;

```console
$ helm repo add suda https://suda.github.io/charts/
$ helm repo update
$ helm install ackee-release suda/ackee -n ackee
```

## Introduction

This chart deploys on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.

## Prerequisites


## Installing the Chart

To install the chart with the release name `ackee-release`:

```console
$ helm install ackee-release suda/ackee -n ackee
```

The command deploys on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.

> **Tip**: List all releases using `helm list`
## Uninstalling the Chart

To uninstall/delete the `ackee-release`:

```console
$ helm delete ackee-release -n ackee
```

The command removes all the Kubernetes components associated with the chart and deletes the release.

## Configuration

The following table lists the configurable parameters of the `ackee` chart and their default values.

| Parameter | Description | Default |
|-------------------------------------------------------------|-----------------------------------------------------------------------|-------------------------------|
| nameOverride | Overrides name template | `""` |
| fullnameOverride | Overrides fullname template | `""` |
| replicaCount | Number of Ackee replicas to create | `1` |
| ackee.mongodb | Address to MongoDB for ackee | `mongodb://mongo:27017/ackee` |
| ackee.username | Username for the default Ackee user | `ackee` |
| ackee.passwordSecret | Name of the secret containing the password for the default Ackee user | `ackee-password` |
| image.repository | Ackee Image name | `electerious/ackee` |
| image.tag | Ackee Image tag | `1.7.0` |
| image.pullPolicy | Image pull policy | `IfNotPresent` |
| service.type | Kubernetes Service type | `ClusterIP` |
| service.port | Ackee service port | `80` |
| ingress.enabled | Enable ingress controller resource | `false` |
| ingress.annotations.nginx.ingress.kubernetes.io/enable-cors | | `"true"` |
| ingress.path | | `/` |
| ingress.tls | Ingress TLS configuration | `[]` |
| livenessProbe.enabled | Turn on and off liveness probe | `true` |
| livenessProbe.initialDelaySeconds | Delay before liveness probe is initiated | `10` |
| livenessProbe.periodSeconds | How often to perform the probe | `60` |
| livenessProbe.timeoutSeconds | When the probe times out | `2` |
| livenessProbe.successThreshold | Minimum consecutive successes for the probe | `1` |
| livenessProbe.failureThreshold | Minimum consecutive failures for the probe | `3` |
| readinessProbe.enabled | Turn on and off readiness probe | `true` |
| readinessProbe.initialDelaySeconds | Delay before readiness probe is initiated | `10` |
| readinessProbe.periodSeconds | How often to perform the probe | `60` |
| readinessProbe.timeoutSeconds | When the probe times out | `2` |
| readinessProbe.successThreshold | Minimum consecutive successes for the probe | `1` |
| readinessProbe.failureThreshold | Minimum consecutive failures for the probe | `3` |
| resources | CPU/Memory resource requests/limits | `{}` |
| nodeSelector | Node selector for pod assignment | `{}` |
| tolerations | Optional deployment tolerations | `[]` |
| affinity | Map of node/pod affinities | `{}` |


Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:

```console
$ helm install ackee-release suda/ackee -n ackee --set replicaCount=1
```

Alternatively, a YAML file that specifies the values for the parameters can be provided while
installing the chart. For example:

```console
$ helm install ackee-release suda/ackee -n ackee --values values.yaml
```
13 changes: 13 additions & 0 deletions charts/ackee/doc.yaml
View file
@@ -0,0 +1,13 @@
project:
name: Ackee
shortName: ackee
url: https://ackee.electerious.com/
description: Self-hosted analytics tool for those who care about privacy
repository:
url: https://suda.github.io/charts/
name: ackee
chart:
name: ackee
release:
name: ackee-release
namespace: ackee
19 changes: 19 additions & 0 deletions charts/ackee/templates/NOTES.txt
View file
@@ -0,0 +1,19 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ackee.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ template "ackee.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ackee.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ackee.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:3000
{{- end }}

0 comments on commit 4406529

Please sign in to comment.