helmifying hauler

deploy/kubernetes/helm/charts/hauler/.helmignore

@@ -0,0 +1,21 @@
+# HELM IGNORE OPTIONS:
+# Patterns to ignore when building Helm packages.
+# Supports shell glob matching, relative path matching, and negation (prefixed with !)
+
+.DS_Store
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+.project
+.idea/
+*.tmproj
+.vscode/

deploy/kubernetes/helm/charts/hauler/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: hauler
+description: Hauler Helm Chart - Airgap Swiss Army Knife
+icon: https://raw.githubusercontent.com/rancherfederal/hauler/main/static/rgs-hauler-logo-icon.svg
+type: application
+version: 0.1.0
+appVersion: 1.0.2

deploy/kubernetes/helm/charts/hauler/README.md

@@ -0,0 +1,33 @@
+# Hauler Helm Chart
+
+### Airgap Swiss Army Knife
+
+`Rancher Government Hauler` simplifies the airgap experience without requiring operators to adopt a specific workflow. **Hauler** simplifies the airgapping process, by representing assets (images, charts, files, etc...) as content and collections to allow operators to easily fetch, store, package, and distribute these assets with declarative manifests or through the command line.
+
+`Hauler` does this by storing contents and collections as OCI Artifacts and allows operators to serve contents and collections with an embedded registry and fileserver. Additionally, `Hauler` has the ability to store and inspect various non-image OCI Artifacts.
+
+**GitHub Repostiory:** https://github.com/rancherfederal/hauler
+
+**Documentation:** http://hauler.dev
+
+---
+
+| Type        | Chart Version | App Version |
+| ----------- | ------------- | ----------- |
+| application | `0.1.0`       | `1.0.2`     |
+
+## Installing the Chart
+
+```bash
+helm install hauler hauler/hauler -n hauler-system -f values.yaml
+```
+
+```bash
+helm status hauler -n hauler-system
+```
+
+## Uninstalling the Chart
+
+```bash
+helm uninstall hauler -n hauler-system
+```

deploy/kubernetes/helm/charts/hauler/app-readme.md

@@ -0,0 +1,33 @@
+# Hauler Helm Chart
+
+### Airgap Swiss Army Knife
+
+`Rancher Government Hauler` simplifies the airgap experience without requiring operators to adopt a specific workflow. **Hauler** simplifies the airgapping process, by representing assets (images, charts, files, etc...) as content and collections to allow operators to easily fetch, store, package, and distribute these assets with declarative manifests or through the command line.
+
+`Hauler` does this by storing contents and collections as OCI Artifacts and allows operators to serve contents and collections with an embedded registry and fileserver. Additionally, `Hauler` has the ability to store and inspect various non-image OCI Artifacts.
+
+**GitHub Repostiory:** https://github.com/rancherfederal/hauler
+
+**Documentation:** http://hauler.dev
+
+---
+
+| Type        | Chart Version | App Version |
+| ----------- | ------------- | ----------- |
+| application | `0.1.0`       | `1.0.2`     |
+
+## Installing the Chart
+
+```bash
+helm install hauler hauler/hauler -n hauler-system -f values.yaml
+```
+
+```bash
+helm status hauler -n hauler-system
+```
+
+## Uninstalling the Chart
+
+```bash
+helm uninstall hauler -n hauler-system
+```

deploy/kubernetes/helm/charts/hauler/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "hauler.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "hauler.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "hauler.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "hauler.labels" -}}
+helm.sh/chart: {{ include "hauler.chart" . }}
+{{ include "hauler.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "hauler.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "hauler.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "hauler.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "hauler.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-fileserver/hauler-fileserver-deployment.yaml

@@ -0,0 +1,76 @@
+{{- if .Values.haulerFileserver.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hauler-fileserver
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "hauler.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.haulerFileserver.replicas }}
+  selector:
+    matchLabels:
+      app: hauler-fileserver
+      {{- include "hauler.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: hauler-fileserver
+        {{- include "hauler.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if or .Values.haulerJobs.hauls.enabled .Values.haulerJobs.manifests.enabled }}
+      initContainers:
+        {{- if .Values.haulerJobs.hauls.enabled }}
+        - name: wait-for-hauler-hauls-job
+          image: {{ .Values.hauler.initContainers.image.repository }}:{{ .Values.hauler.initContainers.image.tag }}
+          imagePullPolicy: {{ .Values.hauler.initContainers.imagePullPolicy }}
+          args: ["wait", "--for=condition=complete", "job", "hauler-hauls-job", "--namespace", "{{ .Release.Namespace }}", "--timeout={{ .Values.hauler.initContainers.timeout }}"]
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            runAsUser: 1001
+            seccompProfile:
+              type: RuntimeDefault
+        {{- end }}
+        {{- if .Values.haulerJobs.manifests.enabled }}
+        - name: wait-for-hauler-manifests-job
+          image: {{ .Values.hauler.initContainers.image.repository }}:{{ .Values.hauler.initContainers.image.tag }}
+          imagePullPolicy: {{ .Values.hauler.initContainers.imagePullPolicy }}
+          args: ["wait", "--for=condition=complete", "job", "hauler-manifests-job", "--namespace", "{{ .Release.Namespace }}", "--timeout={{ .Values.hauler.initContainers.timeout }}"]
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            runAsUser: 1001
+            seccompProfile:
+              type: RuntimeDefault
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: hauler-fileserver
+          image: {{ .Values.hauler.image.repository }}:{{ .Values.hauler.image.tag }}
+          imagePullPolicy: {{ .Values.hauler.imagePullPolicy }}
+          args: ["store", "serve", "fileserver", "--port", "{{ .Values.haulerFileserver.port }}"]
+          ports:
+            - containerPort: {{ .Values.haulerFileserver.port }}
+          volumeMounts:
+            - name: hauler-data
+              mountPath: /store
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            runAsUser: 1001
+            seccompProfile:
+              type: RuntimeDefault
+      restartPolicy: Always
+      serviceAccountName: hauler-service-account
+      volumes:
+        - name: hauler-data
+          persistentVolumeClaim:
+            claimName: hauler-data
+{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-fileserver/hauler-fileserver-ingress.yaml

@@ -0,0 +1,27 @@
+{{- if and .Values.haulerFileserver.enabled .Values.haulerFileserver.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hauler-fileserver
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "hauler.labels" . | nindent 4 }}
+spec:
+  rules:
+  - host: {{ .Values.haulerFileserver.ingress.hostname }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: hauler-fileserver
+            port:
+              number: {{ .Values.haulerFileserver.service.ports.targetPort }}
+        path: /
+        pathType: Prefix
+  {{- if .Values.haulerFileserver.ingress.tls.enabled }}
+  tls:
+  - hosts:
+    - {{ .Values.haulerFileserver.ingress.hostname }}
+    secretName: {{ .Values.haulerFileserver.ingress.tls.secretName }}
+  {{- end }}
+{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-fileserver/hauler-fileserver-service.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.haulerFileserver.enabled .Values.haulerFileserver.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: hauler-fileserver
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "hauler.labels" . | nindent 4 }}
+spec:
+  selector:
+    app: hauler-fileserver
+  ports:
+    - name: hauler-fileserver
+      protocol: {{ .Values.haulerFileserver.service.ports.protocol }}
+      port: {{ .Values.haulerFileserver.service.ports.port }}
+      targetPort: {{ .Values.haulerFileserver.service.ports.targetPort }}
+  type: {{ .Values.haulerFileserver.service.type }}
+{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-registry/hauler-registry-deployment.yaml

@@ -0,0 +1,76 @@
+{{- if .Values.haulerRegistry.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hauler-registry
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "hauler.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.haulerRegistry.replicas }}
+  selector:
+    matchLabels:
+      app: hauler-registry
+      {{- include "hauler.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: hauler-registry
+        {{- include "hauler.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if or .Values.haulerJobs.hauls.enabled .Values.haulerJobs.manifests.enabled }}
+      initContainers:
+        {{- if .Values.haulerJobs.hauls.enabled }}
+        - name: wait-for-hauler-hauls-job
+          image: {{ .Values.hauler.initContainers.image.repository }}:{{ .Values.hauler.initContainers.image.tag }}
+          imagePullPolicy: {{ .Values.hauler.initContainers.imagePullPolicy }}
+          args: ["wait", "--for=condition=complete", "job", "hauler-hauls-job", "--namespace", "{{ .Release.Namespace }}", "--timeout={{ .Values.hauler.initContainers.timeout }}"]
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            runAsUser: 1001
+            seccompProfile:
+              type: RuntimeDefault
+        {{- end }}
+        {{- if .Values.haulerJobs.manifests.enabled }}
+        - name: wait-for-hauler-manifests-job
+          image: {{ .Values.hauler.initContainers.image.repository }}:{{ .Values.hauler.initContainers.image.tag }}
+          imagePullPolicy: {{ .Values.hauler.initContainers.imagePullPolicy }}
+          args: ["wait", "--for=condition=complete", "job", "hauler-manifests-job", "--namespace", "{{ .Release.Namespace }}", "--timeout={{ .Values.hauler.initContainers.timeout }}"]
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            runAsUser: 1001
+            seccompProfile:
+              type: RuntimeDefault
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: hauler-registry
+          image: {{ .Values.hauler.image.repository }}:{{ .Values.hauler.image.tag }}
+          imagePullPolicy: {{ .Values.hauler.imagePullPolicy }}
+          args: ["store", "serve", "registry", "--port", "{{ .Values.haulerRegistry.port }}"]
+          ports:
+            - containerPort: {{ .Values.haulerRegistry.port }}
+          volumeMounts:
+            - name: hauler-data
+              mountPath: /store
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            runAsUser: 1001
+            seccompProfile:
+              type: RuntimeDefault
+      restartPolicy: Always
+      serviceAccountName: hauler-service-account
+      volumes:
+        - name: hauler-data
+          persistentVolumeClaim:
+            claimName: hauler-data
+{{- end }}

deploy/kubernetes/helm/charts/hauler/templates/hauler-registry/hauler-registry-ingress.yaml

@@ -0,0 +1,28 @@
+{{- if and .Values.haulerRegistry.enabled .Values.haulerRegistry.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hauler-registry
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "hauler.labels" . | nindent 4 }}
+spec:
+  rules:
+  - host: {{ .Values.haulerRegistry.ingress.hostname }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: hauler-registry
+            port:
+              number: {{ .Values.haulerRegistry.service.ports.targetPort }}
+        path: /
+        pathType: Prefix
+  {{- if .Values.haulerRegistry.ingress.tls.enabled }}
+  tls:
+  - hosts:
+    - {{ .Values.haulerRegistry.ingress.hostname }}
+    secretName: {{ .Values.haulerRegistry.ingress.tls.secretName }}
+  {{- end }}
+{{- end }}
+