Add Penpot chart

Update maintainer information
Update version for Dispatch chart
Update version for Netbox chart
Update version for Attic chart
Update version for Hasura Engine chart
Update maintainer information for FDB Operator chart
This commit is contained in:
Tommy 2023-12-25 19:18:16 +01:00
parent 4ca2d6f61e
commit 3bc765bf4d
No known key found for this signature in database
16 changed files with 378 additions and 23 deletions

View file

@ -48,13 +48,47 @@ Below you'll find an overview of the charts and an intro to get you started.
- [[charts/][Dispatch]]: A incident management and coordination system developed by Netflix.
- [[charts/foundationdb][FoundationDB]] (=fdb-operator=): Distributed database with ACID transactions developed by Apple.
- [[charts/foundationdb][FoundationDB]] (=fdb-operator=): Distributed database with ACID transactions developed by Apple.
This buils and deploys, but I don't actively use it at the moment.
- [[charts/hasura-engine][Hasura]]: Connects to databases and services to provide a realtime GraphQL API.
- [[charts/netbox][Netbox]]: Modeling and docs for IP address management (IPAM) and datacenter
infrastructure management (DCIM).
- [[charts/penpot][Penpot]]: Design and prototyping tool. For visual collaboration on visuals, prototypes, UX and more.
*** Requirements
You may need the following:
* S3 compatible storage
* PostgreSQL
All tests are run on the latest version of Kubernetes and Helm and no consideration is taken to vendor-specific
implementations.
*** Principles
So what makes this repo different from others? It is KISS and Safe of course.
- All secrets and ingresses are defined in a secret external from the chart
- We expect that an ingress terminates external connection and TLS
- Always use object storage over block storage when possible
- Never rely on vendor-specific components
- We prefer open source
- We never leave room for plaintext secrets, a sane default
- We always leave for initContainers
- We use as few values as possible in values.yaml
- Always use external databases and transports
- We always configure for OIDC when possible
- A values file should be possible to read up on in minutes
- We only support the current major version of Kubernetes and the application
- Always enable service accounts
- Use semver for versioning
If you see a chart that does not comply with these principles, please open an issue.
*** 🧑‍💻 Usage
**** Exploration

View file

@ -1,12 +1,11 @@
---
apiVersion: v2
name: attic-repo
description: A Nix binary caching server
appVersion: b43d12
type: application
version: 0.5
version: 0.5.0
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -4,3 +4,6 @@ description: Conduit is a simple, fast and reliable chat server powered by Matri
type: application
version: 0.2.9
appVersion: "0.6.0"
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -1,4 +1,7 @@
apiVersion: v2
name: dispatch
description: Netflix Dispatch incident management system
version: 0.3.2
version: 0.3.2
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -4,20 +4,9 @@ description: A Helm chart for foundationDB operator
home: https://www.foundationdb.org/
sources:
- https://github.com/FoundationDB/fdb-kubernetes-operator/tree/master/helm/fdb-operator
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 0.2.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: v1.30.0
maintainers:
- name: "foundationdb-ci"
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -2,4 +2,7 @@ apiVersion: v2
name: hasura-engine
description: GraphQL Engine to make data accessible over a GraphQL API
type: application
version: 0.1.2
version: 0.1.2
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -1,4 +1,3 @@
---
apiVersion: v2
name: netbox
description: |
@ -12,5 +11,5 @@ appVersion: 3.6.3
type: application
version: 5.5.3
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me
- name: Tommy Skaug
email: tommy@skaug.me

23
charts/penpot/.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

16
charts/penpot/Chart.yaml Normal file
View file

@ -0,0 +1,16 @@
name: penpot
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me
apiVersion: v2
appVersion: 1.19.3
version: 2.0.0
description: Penpot is a design and prototyping platform for teams and individuals.
home: https://github.com/tommy-skaug/charts
icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4
keywords:
- kubernetes
- penpot
- design
sources:
- https://github.com/penpot/penpot

View file

@ -0,0 +1,57 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "penpot.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "penpot.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "penpot.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels.
*/}}
{{- define "penpot.labels" -}}
helm.sh/chart: {{ include "penpot.chart" . }}
app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Create the name of the service account to use.
*/}}
{{- define "penpot.serviceAccountName" -}}
{{- if .Values.serviceAccount.enabled -}}
{{ default (include "penpot.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

View file

@ -0,0 +1,62 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-backend
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.backend.replicaCount }}
selector:
matchLabels:
{{- include "penpot.backendSelectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "penpot.backendSelectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
securityContext:
podSecurityContext:
enabled: true
fsGroup: 1001
containers:
- name: {{ .Chart.Name }}-backend
image:
repository: "penpotapp/backend:{{ .Values.penpotVersion.tag }}"
imagePullPolicy: IfNotPresent
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
volumeMounts:
- mountPath: /opt/data
name: app-data
readOnly: false
env:
- name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }}
- name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
- name: PENPOT_TELEMETRY_ENABLED
value: false
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.registrationDomainWhitelist | quote }}
envFrom:
- secretRef:
name: {{ .Values.envFromSecret }}
ports:
- name: http
containerPort: 6060
protocol: TCP
resources:
{{- toYaml .Values.backend.resources | nindent 12 }}
volumes:
- name: app-data
emptyDir: {}

View file

@ -0,0 +1,49 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-exporter
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.exporter.replicaCount }}
template:
spec:
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
securityContext:
podSecurityContext:
enabled: true
fsGroup: 1001
readOnlyRootFilesystem: false
runAsNonRoot: true
containers:
- name: {{ .Chart.Name }}-exporter
image:
repository: "penpotapp/exporter:{{ .Values.penpotVersion.tag }}"
imagePullPolicy: IfNotPresent
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
env:
- name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }}
- name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
- name: PENPOT_TELEMETRY_ENABLED
value: false
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.registrationDomainWhitelist | quote }}
envFrom:
- secretRef:
name: {{ .Values.envFromSecret }}
ports:
- name: http
containerPort: 6061
protocol: TCP
resources:
{{- toYaml .Values.frontend.resources | nindent 12 }}

View file

@ -0,0 +1,48 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-frontend
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.frontend.replicaCount }}
template:
spec:
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
securityContext:
podSecurityContext:
enabled: true
fsGroup: 1001
containers:
- name: {{ .Chart.Name }}-frontend
image: "penpotapp/frontend:{{ .Values.penpotVersion.tag }}"
imagePullPolicy: IfNotPresent
containerSecurityContext:
enabled: true
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: false
runAsNonRoot: true
env:
- name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }}
- name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
- name: PENPOT_TELEMETRY_ENABLED
value: false
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.registrationDomainWhitelist | quote }}
envFrom:
- secretRef:
name: {{ .Values.envFromSecret }}
ports:
- name: http
containerPort: 80
protocol: TCP
resources:
{{- toYaml .Values.frontend.resources | nindent 12 }}

View file

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "penpot.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

View file

@ -0,0 +1,38 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}-frontend
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
ports:
- port: 80
targetPort: http
protocol: TCP
name: http
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}-exporter
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
ports:
- port: 6061
targetPort: http
protocol: TCP
name: http
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}-backend
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
ports:
- port: 6060
targetPort: http
protocol: TCP
name: http

27
charts/penpot/values.yaml Normal file
View file

@ -0,0 +1,27 @@
envFromSecret: penpot-secret
penpotVersion: 1.19.3
publicURI: "http://localhost:8080"
registrationDomainWhitelist: "localhost"
flags: "enable-registration enable-login disable-demo-users disable-demo-warning disable-secure-session-cookies"
serviceAccount:
name: "penpot-sa"
backend:
replicaCount: 1
resources:
limits: {}
requests: {}
frontend:
replicaCount: 1
resources:
limits: {}
requests: {}
exporter:
replicaCount: 1
resources:
limits: {}
requests: {}