Add Penpot chart
Update maintainer information Update version for Dispatch chart Update version for Netbox chart Update version for Attic chart Update version for Hasura Engine chart Update maintainer information for FDB Operator chart
This commit is contained in:
parent
4ca2d6f61e
commit
3bc765bf4d
16 changed files with 378 additions and 23 deletions
36
README.org
36
README.org
|
@ -48,13 +48,47 @@ Below you'll find an overview of the charts and an intro to get you started.
|
|||
|
||||
- [[charts/][Dispatch]]: A incident management and coordination system developed by Netflix.
|
||||
|
||||
- [[charts/foundationdb][FoundationDB]] (=fdb-operator=): Distributed database with ACID transactions developed by Apple.
|
||||
- [[charts/foundationdb][FoundationDB]] (=fdb-operator=): Distributed database with ACID transactions developed by Apple.
|
||||
This buils and deploys, but I don't actively use it at the moment.
|
||||
|
||||
- [[charts/hasura-engine][Hasura]]: Connects to databases and services to provide a realtime GraphQL API.
|
||||
|
||||
- [[charts/netbox][Netbox]]: Modeling and docs for IP address management (IPAM) and datacenter
|
||||
infrastructure management (DCIM).
|
||||
|
||||
- [[charts/penpot][Penpot]]: Design and prototyping tool. For visual collaboration on visuals, prototypes, UX and more.
|
||||
|
||||
*** Requirements
|
||||
|
||||
You may need the following:
|
||||
|
||||
* S3 compatible storage
|
||||
* PostgreSQL
|
||||
|
||||
All tests are run on the latest version of Kubernetes and Helm and no consideration is taken to vendor-specific
|
||||
implementations.
|
||||
|
||||
*** Principles
|
||||
|
||||
So what makes this repo different from others? It is KISS and Safe of course.
|
||||
|
||||
- All secrets and ingresses are defined in a secret external from the chart
|
||||
- We expect that an ingress terminates external connection and TLS
|
||||
- Always use object storage over block storage when possible
|
||||
- Never rely on vendor-specific components
|
||||
- We prefer open source
|
||||
- We never leave room for plaintext secrets, a sane default
|
||||
- We always leave for initContainers
|
||||
- We use as few values as possible in values.yaml
|
||||
- Always use external databases and transports
|
||||
- We always configure for OIDC when possible
|
||||
- A values file should be possible to read up on in minutes
|
||||
- We only support the current major version of Kubernetes and the application
|
||||
- Always enable service accounts
|
||||
- Use semver for versioning
|
||||
|
||||
If you see a chart that does not comply with these principles, please open an issue.
|
||||
|
||||
*** 🧑💻 Usage
|
||||
|
||||
**** Exploration
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
apiVersion: v2
|
||||
name: attic-repo
|
||||
description: A Nix binary caching server
|
||||
appVersion: b43d12
|
||||
|
||||
type: application
|
||||
version: 0.5
|
||||
version: 0.5.0
|
||||
maintainers:
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
|
||||
|
|
|
@ -4,3 +4,6 @@ description: Conduit is a simple, fast and reliable chat server powered by Matri
|
|||
type: application
|
||||
version: 0.2.9
|
||||
appVersion: "0.6.0"
|
||||
maintainers:
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
apiVersion: v2
|
||||
name: dispatch
|
||||
description: Netflix Dispatch incident management system
|
||||
version: 0.3.2
|
||||
version: 0.3.2
|
||||
maintainers:
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
|
|
|
@ -4,20 +4,9 @@ description: A Helm chart for foundationDB operator
|
|||
home: https://www.foundationdb.org/
|
||||
sources:
|
||||
- https://github.com/FoundationDB/fdb-kubernetes-operator/tree/master/helm/fdb-operator
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
version: 0.2.2
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application.
|
||||
appVersion: v1.30.0
|
||||
maintainers:
|
||||
- name: "foundationdb-ci"
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
|
|
|
@ -2,4 +2,7 @@ apiVersion: v2
|
|||
name: hasura-engine
|
||||
description: GraphQL Engine to make data accessible over a GraphQL API
|
||||
type: application
|
||||
version: 0.1.2
|
||||
version: 0.1.2
|
||||
maintainers:
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
---
|
||||
apiVersion: v2
|
||||
name: netbox
|
||||
description: |
|
||||
|
@ -12,5 +11,5 @@ appVersion: 3.6.3
|
|||
type: application
|
||||
version: 5.5.3
|
||||
maintainers:
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
|
|
23
charts/penpot/.helmignore
Normal file
23
charts/penpot/.helmignore
Normal file
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
16
charts/penpot/Chart.yaml
Normal file
16
charts/penpot/Chart.yaml
Normal file
|
@ -0,0 +1,16 @@
|
|||
name: penpot
|
||||
maintainers:
|
||||
- name: Tommy Skaug
|
||||
email: tommy@skaug.me
|
||||
apiVersion: v2
|
||||
appVersion: 1.19.3
|
||||
version: 2.0.0
|
||||
description: Penpot is a design and prototyping platform for teams and individuals.
|
||||
home: https://github.com/tommy-skaug/charts
|
||||
icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4
|
||||
keywords:
|
||||
- kubernetes
|
||||
- penpot
|
||||
- design
|
||||
sources:
|
||||
- https://github.com/penpot/penpot
|
57
charts/penpot/templates/_helpers.tpl
Normal file
57
charts/penpot/templates/_helpers.tpl
Normal file
|
@ -0,0 +1,57 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "penpot.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "penpot.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "penpot.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels.
|
||||
*/}}
|
||||
{{- define "penpot.labels" -}}
|
||||
helm.sh/chart: {{ include "penpot.chart" . }}
|
||||
app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use.
|
||||
*/}}
|
||||
{{- define "penpot.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.enabled -}}
|
||||
{{ default (include "penpot.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
62
charts/penpot/templates/deployment-backend.yaml
Normal file
62
charts/penpot/templates/deployment-backend.yaml
Normal file
|
@ -0,0 +1,62 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-backend
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.backend.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "penpot.backendSelectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "penpot.backendSelectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||
securityContext:
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-backend
|
||||
image:
|
||||
repository: "penpotapp/backend:{{ .Values.penpotVersion.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
volumeMounts:
|
||||
- mountPath: /opt/data
|
||||
name: app-data
|
||||
readOnly: false
|
||||
env:
|
||||
- name: PENPOT_PUBLIC_URI
|
||||
value: {{ .Values.config.publicURI | quote }}
|
||||
- name: PENPOT_FLAGS
|
||||
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
|
||||
- name: PENPOT_TELEMETRY_ENABLED
|
||||
value: false
|
||||
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
|
||||
value: {{ .Values.registrationDomainWhitelist | quote }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ .Values.envFromSecret }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 6060
|
||||
protocol: TCP
|
||||
resources:
|
||||
{{- toYaml .Values.backend.resources | nindent 12 }}
|
||||
volumes:
|
||||
- name: app-data
|
||||
emptyDir: {}
|
49
charts/penpot/templates/deployment-exporter.yaml
Normal file
49
charts/penpot/templates/deployment-exporter.yaml
Normal file
|
@ -0,0 +1,49 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-exporter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.exporter.replicaCount }}
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||
securityContext:
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-exporter
|
||||
image:
|
||||
repository: "penpotapp/exporter:{{ .Values.penpotVersion.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
env:
|
||||
- name: PENPOT_PUBLIC_URI
|
||||
value: {{ .Values.config.publicURI | quote }}
|
||||
- name: PENPOT_FLAGS
|
||||
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
|
||||
- name: PENPOT_TELEMETRY_ENABLED
|
||||
value: false
|
||||
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
|
||||
value: {{ .Values.registrationDomainWhitelist | quote }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ .Values.envFromSecret }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 6061
|
||||
protocol: TCP
|
||||
resources:
|
||||
{{- toYaml .Values.frontend.resources | nindent 12 }}
|
48
charts/penpot/templates/deployment-frontend.yaml
Normal file
48
charts/penpot/templates/deployment-frontend.yaml
Normal file
|
@ -0,0 +1,48 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-frontend
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "penpot.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.frontend.replicaCount }}
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||
securityContext:
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}-frontend
|
||||
image: "penpotapp/frontend:{{ .Values.penpotVersion.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: true
|
||||
env:
|
||||
- name: PENPOT_PUBLIC_URI
|
||||
value: {{ .Values.config.publicURI | quote }}
|
||||
- name: PENPOT_FLAGS
|
||||
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
|
||||
- name: PENPOT_TELEMETRY_ENABLED
|
||||
value: false
|
||||
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
|
||||
value: {{ .Values.registrationDomainWhitelist | quote }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: {{ .Values.envFromSecret }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
resources:
|
||||
{{- toYaml .Values.frontend.resources | nindent 12 }}
|
||||
|
5
charts/penpot/templates/serviceaccount.yaml
Normal file
5
charts/penpot/templates/serviceaccount.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "penpot.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
38
charts/penpot/templates/services.yaml
Normal file
38
charts/penpot/templates/services.yaml
Normal file
|
@ -0,0 +1,38 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-frontend
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-exporter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 6061
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "penpot.fullname" . }}-backend
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 6060
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
27
charts/penpot/values.yaml
Normal file
27
charts/penpot/values.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
envFromSecret: penpot-secret
|
||||
penpotVersion: 1.19.3
|
||||
|
||||
publicURI: "http://localhost:8080"
|
||||
registrationDomainWhitelist: "localhost"
|
||||
flags: "enable-registration enable-login disable-demo-users disable-demo-warning disable-secure-session-cookies"
|
||||
|
||||
serviceAccount:
|
||||
name: "penpot-sa"
|
||||
|
||||
backend:
|
||||
replicaCount: 1
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
|
||||
frontend:
|
||||
replicaCount: 1
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
||||
|
||||
exporter:
|
||||
replicaCount: 1
|
||||
resources:
|
||||
limits: {}
|
||||
requests: {}
|
Loading…
Reference in a new issue