diff --git a/.github/configs/ct.yaml b/.github/configs/ct.yaml index 5988d3b..855b6e5 100644 --- a/.github/configs/ct.yaml +++ b/.github/configs/ct.yaml @@ -3,7 +3,7 @@ remote: origin target-branch: main chart-dirs: - - helm/ + - charts/ chart-repos: - buttahtoast=https://buttahtoast.github.io/helm-charts/ - bitnami=https://charts.bitnami.com/bitnami diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml index 38efdbb..1d5ef8b 100644 --- a/.github/workflows/helm-publish.yml +++ b/.github/workflows/helm-publish.yml @@ -29,7 +29,7 @@ jobs: registry: ghcr.io repository: ${{ github.repository_owner }}/charts name: "svc-ingress-propagator" - path: "./helm" + path: "./charts/svc-ingress-propagator/" app-version: ${{ steps.extract_version.outputs.version }} version: ${{ steps.extract_version.outputs.version }} registry-username: ${{ github.actor }} diff --git a/helm/.helmignore b/charts/svc-ingress-propagator/.helmignore similarity index 100% rename from helm/.helmignore rename to charts/svc-ingress-propagator/.helmignore diff --git a/helm/Chart.yaml b/charts/svc-ingress-propagator/Chart.yaml similarity index 100% rename from helm/Chart.yaml rename to charts/svc-ingress-propagator/Chart.yaml diff --git a/charts/svc-ingress-propagator/README.md b/charts/svc-ingress-propagator/README.md new file mode 100644 index 0000000..b75f5af --- /dev/null +++ b/charts/svc-ingress-propagator/README.md @@ -0,0 +1,49 @@ +# svc-ingress-propagator + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +Ingress Propagation Controller + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| fullnameOverride | string | `""` | | +| identifier | string | `""` | instance identifier (Defaults to release name) | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.registry | string | `"ghcr.io"` | | +| image.repository | string | `"buttahtoast/svc-ingress-propagator"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingressClass.controllerValue | string | `""` | Ingress class controller | +| ingressClass.create | bool | `true` | Create IngressClass | +| ingressClass.isDefaultClass | bool | `false` | Cluster default ingress class | +| ingressClass.name | string | `"propagation"` | Ingress class name | +| livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podSecurityContext | object | `{}` | | +| readinessProbe | object | `{"httpGet":{"path":"/readyz","port":10080}}` | Configure the readiness probe using Deployment probe spec | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| target.ingressClass | string | `"propagated"` | IngressClass on target | +| target.issuer.name | string | `""` | Issuer name on target cluster | +| target.issuer.namespaced | bool | `false` | Whether the issuer is namespaced on target cluster | +| target.kubeconfig | object | `{"secret":{"key":"kubeconfig.yaml","name":"loadbalancer-propagation"}}` | Target Kubeconfig Secret | +| target.namespace | string | `"ingress-central"` | Namespaced on target | +| tolerations | list | `[]` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/templates/_helpers.tpl b/charts/svc-ingress-propagator/templates/_helpers.tpl similarity index 100% rename from helm/templates/_helpers.tpl rename to charts/svc-ingress-propagator/templates/_helpers.tpl diff --git a/helm/templates/deployment.yaml b/charts/svc-ingress-propagator/templates/deployment.yaml similarity index 100% rename from helm/templates/deployment.yaml rename to charts/svc-ingress-propagator/templates/deployment.yaml diff --git a/helm/templates/ingressclass.yaml b/charts/svc-ingress-propagator/templates/ingressclass.yaml similarity index 69% rename from helm/templates/ingressclass.yaml rename to charts/svc-ingress-propagator/templates/ingressclass.yaml index 1ad5387..d916854 100644 --- a/helm/templates/ingressclass.yaml +++ b/charts/svc-ingress-propagator/templates/ingressclass.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ingressClass.create }} apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: @@ -5,4 +6,5 @@ metadata: ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }} name: {{ .Values.ingressClass.name }} spec: - controller: {{ include "controller.value" $ }} \ No newline at end of file + controller: {{ include "controller.value" $ }} +{{- end }} \ No newline at end of file diff --git a/charts/svc-ingress-propagator/templates/rbac.yaml b/charts/svc-ingress-propagator/templates/rbac.yaml new file mode 100644 index 0000000..2a1c4e1 --- /dev/null +++ b/charts/svc-ingress-propagator/templates/rbac.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "helm.fullname" . }} + labels: + {{- include "helm.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - list + - update + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "helm.fullname" . }} + labels: + {{- include "helm.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "helm.fullname" . }} +subjects: + - name: {{ include "helm.serviceAccountName" . }} + kind: ServiceAccount + namespace: {{ .Release.Namespace | quote }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "helm.fullname" . }} + labels: + {{- include "helm.labels" . | nindent 4 }} +rules: +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "helm.fullname" . }} + labels: + {{- include "helm.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "helm.fullname" . }} +subjects: + - name: {{ include "helm.serviceAccountName" . }} + kind: ServiceAccount + namespace: {{ .Release.Namespace | quote }} diff --git a/helm/templates/service.yaml b/charts/svc-ingress-propagator/templates/service.yaml similarity index 100% rename from helm/templates/service.yaml rename to charts/svc-ingress-propagator/templates/service.yaml diff --git a/helm/templates/serviceaccount.yaml b/charts/svc-ingress-propagator/templates/serviceaccount.yaml similarity index 100% rename from helm/templates/serviceaccount.yaml rename to charts/svc-ingress-propagator/templates/serviceaccount.yaml diff --git a/helm/values.yaml b/charts/svc-ingress-propagator/values.yaml similarity index 98% rename from helm/values.yaml rename to charts/svc-ingress-propagator/values.yaml index 24bcbca..0c8c91e 100644 --- a/helm/values.yaml +++ b/charts/svc-ingress-propagator/values.yaml @@ -6,6 +6,8 @@ identifier: "" ingressClass: + # -- Create IngressClass + create: true # -- Ingress class name name: propagation # -- Ingress class controller diff --git a/hack/target-rbac/README.md b/hack/target-rbac/README.md new file mode 100644 index 0000000..a941d29 --- /dev/null +++ b/hack/target-rbac/README.md @@ -0,0 +1,17 @@ +# propagation-target + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) + +Resources for target cluster + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| serviceAccount.token | bool | `true` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/templates/clusterrole.yaml b/helm/templates/clusterrole.yaml deleted file mode 100644 index a225939..0000000 --- a/helm/templates/clusterrole.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "helm.fullname" . }} - labels: - {{- include "helm.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - - ingressclasses - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - events - verbs: - - list - - update - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update \ No newline at end of file diff --git a/helm/templates/clusterrolebinding.yaml b/helm/templates/clusterrolebinding.yaml deleted file mode 100644 index 232dc47..0000000 --- a/helm/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "helm.fullname" . }} - labels: - {{- include "helm.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "helm.fullname" . }} -subjects: - - name: {{ include "helm.serviceAccountName" . }} - kind: ServiceAccount - namespace: {{ .Release.Namespace | quote }} \ No newline at end of file