From ebaa2f6d3809a2c4e37a6e095b0174325de87057 Mon Sep 17 00:00:00 2001
From: anna <devminer@devminer.xyz>
Date: Wed, 7 Feb 2024 17:41:00 +0000
Subject: [PATCH] impl: add helm chart

---
 chart/Chart.yaml                |  7 +++++
 chart/templates/_helpers.tpl    | 41 +++++++++++++++++++++++++++
 chart/templates/deployment.yaml | 39 +++++++++++++++++++++++++
 chart/templates/istio.yaml      | 50 +++++++++++++++++++++++++++++++++
 chart/templates/service.yaml    | 14 +++++++++
 chart/templates/ssl.yaml        | 27 ++++++++++++++++++
 chart/values.yml                | 28 ++++++++++++++++++
 7 files changed, 206 insertions(+)
 create mode 100644 chart/Chart.yaml
 create mode 100644 chart/templates/_helpers.tpl
 create mode 100644 chart/templates/deployment.yaml
 create mode 100644 chart/templates/istio.yaml
 create mode 100644 chart/templates/service.yaml
 create mode 100644 chart/templates/ssl.yaml
 create mode 100644 chart/values.yml

diff --git a/chart/Chart.yaml b/chart/Chart.yaml
new file mode 100644
index 0000000..9a3f09e
--- /dev/null
+++ b/chart/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: app
+description: ''
+
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
new file mode 100644
index 0000000..88446af
--- /dev/null
+++ b/chart/templates/_helpers.tpl
@@ -0,0 +1,41 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "app.name" -}}
+{{- .Values.devhosting.appname | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "app.fullname" -}}
+{{- .Values.devhosting.appname | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "app.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "app.labels" -}}
+helm.sh/chart: {{ include "app.chart" . }}
+{{ include "app.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "app.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "app.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
new file mode 100644
index 0000000..9a2cd29
--- /dev/null
+++ b/chart/templates/deployment.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "app.fullname" . }}
+  labels:
+    {{- include "app.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      {{- include "app.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "app.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.app_port }}
+              protocol: TCP
+          startupProbe:
+            initialDelaySeconds: 20
+            httpGet:
+              path: /
+              port: http
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
diff --git a/chart/templates/istio.yaml b/chart/templates/istio.yaml
new file mode 100644
index 0000000..aaf2095
--- /dev/null
+++ b/chart/templates/istio.yaml
@@ -0,0 +1,50 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: {{ include "app.fullname" . }}
+  labels:
+    {{- include "app.labels" . | nindent 4 }}
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+    - port:
+        number: 80
+        name: http
+        protocol: HTTP
+      hosts:
+        - {{ .Values.service.host }}
+    {{- if .Values.service.ssl.enabled }}
+    - port:
+        number: 443
+        name: https
+        protocol: HTTPS
+      hosts:
+        - {{ .Values.service.host }}
+      tls:
+        mode: SIMPLE
+        credentialName: {{ include "app.fullname" . }}
+    {{- end }}
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: {{ include "app.fullname" . }}
+  labels:
+    {{- include "app.labels" . | nindent 4 }}
+spec:
+  hosts:
+    - {{ .Values.service.host }}
+  gateways:
+    - {{ include "app.fullname" . }}
+  http:
+    - name: primary
+      headers:
+        response:
+          set:
+            Cache-Control: public, max-age=31536000, immutable
+      route:
+        - destination:
+            host: {{ include "app.fullname" . }}
+            port:
+              number: {{ .Values.service.app_port }}
diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml
new file mode 100644
index 0000000..8f0b0da
--- /dev/null
+++ b/chart/templates/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "app.fullname" . }}
+  labels:
+    {{- include "app.labels" . | nindent 4 }}
+spec:
+  selector:
+    {{- include "app.selectorLabels" . | nindent 4 }}
+  ports:
+    - port: {{ .Values.service.app_port }}
+      targetPort: http
+      name: http
+      protocol: TCP
diff --git a/chart/templates/ssl.yaml b/chart/templates/ssl.yaml
new file mode 100644
index 0000000..e58e2db
--- /dev/null
+++ b/chart/templates/ssl.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.service.ssl.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "app.fullname" . }}
+  namespace: istio-system
+spec:
+  secretName: {{ include "app.fullname" . }}
+  commonName: {{ .Values.service.host }}
+  duration: 2160h0m0s # 90d
+  renewBefore: 360h0m0s # 15d
+  subject:
+    organizations:
+      - DevMiner.xyz
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 4096
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+    - {{ .Values.service.host }}
+  issuerRef:
+    name: {{ .Values.service.ssl.issuer.name }}
+    kind: {{ .Values.service.ssl.issuer.kind }}
+{{- end }}
diff --git a/chart/values.yml b/chart/values.yml
new file mode 100644
index 0000000..560a94e
--- /dev/null
+++ b/chart/values.yml
@@ -0,0 +1,28 @@
+image:
+  repository: git.devminer.xyz/devminer/publii-testing
+  pullPolicy: Always
+  tag: "master"
+
+replicas: 3
+
+service:
+  app_port: 80
+  host: publii-testing.devminer.xyz
+  ssl:
+    enabled: true
+    port: 443
+    issuer:
+      name: letsencrypt
+      kind: ClusterIssuer
+
+resources:
+  limits:
+    cpu: 128m
+    memory: 128Mi
+  requests:
+    cpu: 16m
+    memory: 32Mi
+
+# populated by the ArgoCD application
+devhosting:
+  appname: ''