From 571976752db1d98ae1ea6de1d2c6f4d9f52b2130 Mon Sep 17 00:00:00 2001 From: DevMiner Date: Wed, 7 Feb 2024 20:22:01 +0100 Subject: [PATCH] Publii: update content --- .github/workflows/docker.yml | 55 +++++++++++++++++++++++++++++++++ chart/Chart.yaml | 7 +++++ chart/templates/_helpers.tpl | 41 ++++++++++++++++++++++++ chart/templates/deployment.yaml | 39 +++++++++++++++++++++++ chart/templates/istio.yaml | 50 ++++++++++++++++++++++++++++++ chart/templates/service.yaml | 14 +++++++++ chart/templates/ssl.yaml | 27 ++++++++++++++++ chart/values.yml | 28 +++++++++++++++++ 8 files changed, 261 insertions(+) create mode 100644 .github/workflows/docker.yml create mode 100644 chart/Chart.yaml create mode 100644 chart/templates/_helpers.tpl create mode 100644 chart/templates/deployment.yaml create mode 100644 chart/templates/istio.yaml create mode 100644 chart/templates/service.yaml create mode 100644 chart/templates/ssl.yaml create mode 100644 chart/values.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..3c59e8a --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,55 @@ +name: docker +on: + release: + types: [published] + pull_request: + push: + workflow_dispatch: + +env: + REGISTRY: git.devminer.xyz + IMAGE_NAME: "${{ github.actor }}/publii-testing" + +jobs: + docker: + runs-on: ubuntu-22.04 + steps: + # - run: curl -fsSL https://get.docker.com | sh + - uses: actions/checkout@v4 + - uses: docker/setup-buildx-action@v3 + - uses: actions/cache@v4 + id: cache + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + labels: | + cache-from=type=local,src=/tmp/.buildx-cache + cache-to=type=local,dest=/tmp/.buildx-cache + - uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.DOCKER_PASSWORD }} + - id: get_commit + run: echo ::set-output "name=hash::${GITHUB_SHA:0:7}" + - uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + - run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache \ No newline at end of file diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 0000000..9a3f09e --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v2 +name: app +description: '' + +type: application +version: 0.0.1 +appVersion: "0.0.1" diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl new file mode 100644 index 0000000..88446af --- /dev/null +++ b/chart/templates/_helpers.tpl @@ -0,0 +1,41 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "app.name" -}} +{{- .Values.devhosting.appname | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "app.fullname" -}} +{{- .Values.devhosting.appname | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "app.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "app.labels" -}} +helm.sh/chart: {{ include "app.chart" . }} +{{ include "app.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "app.selectorLabels" -}} +app.kubernetes.io/name: {{ include "app.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml new file mode 100644 index 0000000..9a2cd29 --- /dev/null +++ b/chart/templates/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "app.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + {{- include "app.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "app.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.app_port }} + protocol: TCP + startupProbe: + initialDelaySeconds: 20 + httpGet: + path: / + port: http + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/chart/templates/istio.yaml b/chart/templates/istio.yaml new file mode 100644 index 0000000..aaf2095 --- /dev/null +++ b/chart/templates/istio.yaml @@ -0,0 +1,50 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "app.labels" . | nindent 4 }} +spec: + selector: + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - {{ .Values.service.host }} + {{- if .Values.service.ssl.enabled }} + - port: + number: 443 + name: https + protocol: HTTPS + hosts: + - {{ .Values.service.host }} + tls: + mode: SIMPLE + credentialName: {{ include "app.fullname" . }} + {{- end }} +--- +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "app.labels" . | nindent 4 }} +spec: + hosts: + - {{ .Values.service.host }} + gateways: + - {{ include "app.fullname" . }} + http: + - name: primary + headers: + response: + set: + Cache-Control: public, max-age=31536000, immutable + route: + - destination: + host: {{ include "app.fullname" . }} + port: + number: {{ .Values.service.app_port }} diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml new file mode 100644 index 0000000..8f0b0da --- /dev/null +++ b/chart/templates/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "app.fullname" . }} + labels: + {{- include "app.labels" . | nindent 4 }} +spec: + selector: + {{- include "app.selectorLabels" . | nindent 4 }} + ports: + - port: {{ .Values.service.app_port }} + targetPort: http + name: http + protocol: TCP diff --git a/chart/templates/ssl.yaml b/chart/templates/ssl.yaml new file mode 100644 index 0000000..e58e2db --- /dev/null +++ b/chart/templates/ssl.yaml @@ -0,0 +1,27 @@ +{{- if .Values.service.ssl.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "app.fullname" . }} + namespace: istio-system +spec: + secretName: {{ include "app.fullname" . }} + commonName: {{ .Values.service.host }} + duration: 2160h0m0s # 90d + renewBefore: 360h0m0s # 15d + subject: + organizations: + - DevMiner.xyz + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 4096 + usages: + - server auth + - client auth + dnsNames: + - {{ .Values.service.host }} + issuerRef: + name: {{ .Values.service.ssl.issuer.name }} + kind: {{ .Values.service.ssl.issuer.kind }} +{{- end }} diff --git a/chart/values.yml b/chart/values.yml new file mode 100644 index 0000000..38a6c44 --- /dev/null +++ b/chart/values.yml @@ -0,0 +1,28 @@ +image: + repository: git.devminer.xyz/devminer/publii-testing + pullPolicy: Always + tag: "main" + +replicas: 3 + +service: + app_port: 80 + host: publii-testing.devminer.xyz + ssl: + enabled: true + port: 443 + issuer: + name: letsencrypt + kind: ClusterIssuer + +resources: + limits: + cpu: 128m + memory: 128Mi + requests: + cpu: 16m + memory: 32Mi + +# populated by the ArgoCD application +devhosting: + appname: ''