Skip to content
/ hurricane-based-helm-template Public

This is a cookiecutter template repository to generate Helm charts for a Hurricane-based Django deployment and a Postgresql database.

License

MIT license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

django-hurricane/hurricane-based-helm-template

BranchesTags

Repository files navigation

hurricane-based-helm-template

This is a cookiecutter template for Django-Hurricane-based Helm charts.
It provides workload manifests for a Django deployment and a PostgreSQL. In addition, you can generate a Celery setup with RabbitMQ as broker, a Celery worker and beat deployment.

Purpose

This template is used to scaffold a Helm chart for applications using django-hurricane. It sets required environment variables and should replace 90% for all docker-compose setups with django and a postgresql.

Installation

Firstly, you will need to install cookiecutter:

pip install cookiecutter

Usage

Create a new Helm chart with

cookiecutter gh:Blueshoe/hurricane-based-helm-template

and answer the questions accordingly.

Volumes

It is generally considered more secure to run containers with a user other than root. Our Dockerfiles usually incorporate a special user to run the application. For development environments such as k3d we're using local-path provisioner for local volume creation. This storage class does not honor the fsGroup option and volumes get still mounted with root owner which leads to permission issues.
Anyway, volumePermissions.enabled: true is set as default, which starts an initContainer that simply chowns the requested volume mounts. However, you have to set podSecurityContext.fsGroup and podSecurityContext.runAsUser to make this work.

Use OAuth2Proxy?

For a robust OpenID Connect integration we prefer to deploy the OAuth2-Proxy in a sidecar pattern scenario. The architecture is then as depicted in the following image.

Pycloak Architecture

Django will be additionally equipped with pycloak in order to use an external OpenID identity provider, such as Keycloak, for user and permission management. Once you answer Cookiecutters "use_oauth2_proxy" with "yes", you will get the sidecare specification prepared.
Beware: the Helm charts wont come up without the OIDC provider running at the specified location.

How can I test my generated charts?

The simplest solution to test your generated Helm charts is by applying them to an ephemeral cluster using k3d.

Create a local custer

k3d cluster create my-test

Make sure your local kubectl connection is set to the cluster which you just created.

Prepare Helm dependencies

helm dep up <appname>/

Install the charts

helm install my-release <appname>/

and keep an eye on the Pods running

Install the charts

kubectl get pods

About

This is a cookiecutter template repository to generate Helm charts for a Hurricane-based Django deployment and a Postgresql database.

Topics

kubernetes helm helm-charts oidc cookiecutter-python cookiecutter-template cookiecutter-django helm-chart cookiecutter-kubernetes

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Contributors 3

  •  
  •  
  •  

Languages