From 4468fe849f9a67635b81874d78fd7c02d36b7606 Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Mon, 27 May 2024 12:22:33 +0530 Subject: [PATCH 1/3] chore: add templating option to helm chart Signed-off-by: Vishal Choudhary --- Makefile | 1 + charts/reports-server/templates/namespace.yaml | 6 ++++++ charts/reports-server/values.yaml | 5 +++++ config/install.yaml | 5 +++++ 4 files changed, 17 insertions(+) create mode 100644 charts/reports-server/templates/namespace.yaml diff --git a/Makefile b/Makefile index 514136e..14caebf 100644 --- a/Makefile +++ b/Makefile @@ -147,6 +147,7 @@ codegen-helm-docs: ## Generate helm docs codegen-install-manifest: $(HELM) ## Create install manifest @echo Generate latest install manifest... >&2 @$(HELM) template reports-server --namespace reports-server ./charts/reports-server/ \ + --set templating.enabled=true \ | $(SED) -e '/^#.*/d' \ > ./config/install.yaml diff --git a/charts/reports-server/templates/namespace.yaml b/charts/reports-server/templates/namespace.yaml new file mode 100644 index 0000000..b071097 --- /dev/null +++ b/charts/reports-server/templates/namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.templating.enabled -}} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $.Release.Namespace }} +{{- end -}} diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml index 811db77..4e31e48 100644 --- a/charts/reports-server/values.yaml +++ b/charts/reports-server/values.yaml @@ -1,3 +1,8 @@ +# -- Internal settings used with `helm template` to generate install manifest +# @ignored +templating: + enabled: false + postgresql: # -- Deploy postgresql dependency chart diff --git a/config/install.yaml b/config/install.yaml index e5f1d69..2c25188 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -1,5 +1,10 @@ --- apiVersion: v1 +kind: Namespace +metadata: + name: reports-server +--- +apiVersion: v1 kind: ServiceAccount metadata: name: reports-server-postgresql From 2a1059bc27a9e1079b181776d76c32da71ecae03 Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Mon, 27 May 2024 12:56:11 +0530 Subject: [PATCH 2/3] feat: add install manifest without postgres Signed-off-by: Vishal Choudhary --- Makefile | 10 ++ config/install-inmemory.yaml | 260 +++++++++++++++++++++++++++++++++++ 2 files changed, 270 insertions(+) create mode 100644 config/install-inmemory.yaml diff --git a/Makefile b/Makefile index 14caebf..c26fe22 100644 --- a/Makefile +++ b/Makefile @@ -151,11 +151,21 @@ codegen-install-manifest: $(HELM) ## Create install manifest | $(SED) -e '/^#.*/d' \ > ./config/install.yaml +codegen-install-manifest-inmemory: $(HELM) ## Create install manifest without postgres + @echo Generate latest install manifest... >&2 + @$(HELM) template reports-server --namespace reports-server ./charts/reports-server/ \ + --set config.debug=true \ + --set postgresql.enabled=false \ + --set templating.enabled=true \ + | $(SED) -e '/^#.*/d' \ + > ./config/install-inmemory.yaml + .PHONY: codegen codegen: ## Rebuild all generated code and docs codegen: codegen-helm-docs codegen: codegen-openapi codegen: codegen-install-manifest +codegen: codegen-install-manifest-inmemory .PHONY: verify-codegen verify-codegen: codegen ## Verify all generated code and docs are up to date diff --git a/config/install-inmemory.yaml b/config/install-inmemory.yaml new file mode 100644 index 0000000..39ac045 --- /dev/null +++ b/config/install-inmemory.yaml @@ -0,0 +1,260 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: reports-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: reports-server + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: +metadata: + name: reports-server + labels: + rbac.authorization.k8s.io/aggregate-to-admin: 'true' + rbac.authorization.k8s.io/aggregate-to-edit: 'true' + rbac.authorization.k8s.io/aggregate-to-view: 'true' + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - reports.kyverno.io + resources: + - ephemeralreports + - clusterephemeralreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection +- apiGroups: + - wgpolicyk8s.io + resources: + - policyreports + - policyreports/status + - clusterpolicyreports + - clusterpolicyreports/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection +- apiGroups: + - '' + - events.k8s.io + resources: + - events + verbs: + - create + - patch +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: reports-server +subjects: +- kind: ServiceAccount + name: reports-server + namespace: reports-server +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: reports-server + namespace: kube-system + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: reports-server + namespace: reports-server +--- +apiVersion: v1 +kind: Service +metadata: + name: reports-server + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: reports-server + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +spec: + strategy: + rollingUpdate: + maxUnavailable: 0 + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + template: + metadata: + labels: + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + spec: + priorityClassName: system-cluster-critical + serviceAccountName: reports-server + securityContext: + fsGroup: 2000 + containers: + - name: reports-server + args: + - --debug + - --cert-dir=/tmp + - --secure-port=4443 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + image: "ghcr.io/kyverno/reports-server:v0.1.0-alpha.1" + imagePullPolicy: IfNotPresent + ports: + - name: https + containerPort: 4443 + protocol: TCP + volumeMounts: + - mountPath: /tmp + name: tmp-dir + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + limits: null + requests: null + volumes: + - emptyDir: {} + name: tmp-dir +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha2.wgpolicyk8s.io + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm + kube-aggregator.kubernetes.io/automanaged: "false" +spec: + group: wgpolicyk8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: reports-server + namespace: reports-server + version: v1alpha2 + versionPriority: 100 +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1.reports.kyverno.io + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm + kube-aggregator.kubernetes.io/automanaged: "false" +spec: + group: reports.kyverno.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: reports-server + namespace: reports-server + version: v1 + versionPriority: 100 From 5df5ab28eccde27ecff01a984e839a760bb80e80 Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Tue, 4 Jun 2024 11:12:53 +0530 Subject: [PATCH 3/3] fix: codegen Signed-off-by: Vishal Choudhary --- Makefile | 10 ++++++++++ config/install-inmemory.yaml | 1 - 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1589dbc..aec684f 100644 --- a/Makefile +++ b/Makefile @@ -216,6 +216,16 @@ kind-install: $(HELM) kind-load ## Build image, load it in kind cluster and depl --set image.repository=$(PACKAGE) \ --set image.tag=$(GIT_SHA) +.PHONY: kind-install-inmemory +kind-install-inmemory: $(HELM) kind-load ## Build image, load it in kind cluster and deploy helm chart + @echo Install chart... >&2 + @$(HELM) upgrade --install reports-server --namespace reports-server --create-namespace --wait ./charts/reports-server \ + --set image.registry=$(KO_REGISTRY) \ + --set config.debug=true \ + --set postgresql.enabled=false \ + --set image.repository=$(PACKAGE) \ + --set image.tag=$(GIT_SHA) + ######## # HELP # ######## diff --git a/config/install-inmemory.yaml b/config/install-inmemory.yaml index 39ac045..5120923 100644 --- a/config/install-inmemory.yaml +++ b/config/install-inmemory.yaml @@ -18,7 +18,6 @@ metadata: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: metadata: name: reports-server labels: