From c2c53ccfbbd99b780b479f0611feacac2fab1ea7 Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Thu, 5 Sep 2024 08:37:15 +0200 Subject: [PATCH] Feature/migrate helm charts (#3) * Add Helm charts * Add Helm chart-testing in CI pipeline * Use 2.6.1 * Fix chart version to 0.1.0 to start with * Add CD pipeline (PKG GitHub action) to release Helm charts * Rename feature/init-solution to develop in samples * Fix bug introduced yesterday * Skip SC2126 * Update README --- .github/workflows/ci.yml | 45 ++++++++-- .github/workflows/pkg.yml | 65 ++++++++++++++ .gitignore | 8 ++ .kube-linter.yaml | 7 ++ README.md | 34 ++++--- charts/README.md | 18 ++++ charts/cow-demo/Chart.yaml | 10 +++ charts/cow-demo/README.md | 25 ++++++ charts/cow-demo/templates/NOTES.txt | 0 charts/cow-demo/templates/_helpers.tpl | 0 charts/cow-demo/templates/deployment.yaml | 36 ++++++++ charts/cow-demo/templates/ingress.yaml | 34 +++++++ charts/cow-demo/templates/service.yaml | 19 ++++ charts/cow-demo/values.yaml | 27 ++++++ charts/game-2048/.helmignore | 23 +++++ charts/game-2048/Chart.yaml | 10 +++ charts/game-2048/README.md | 25 ++++++ charts/game-2048/templates/NOTES.txt | 0 charts/game-2048/templates/_helpers.tpl | 0 charts/game-2048/templates/deployment.yaml | 31 +++++++ charts/game-2048/templates/ingress.yaml | 34 +++++++ charts/game-2048/templates/service.yaml | 19 ++++ charts/game-2048/values.yaml | 20 +++++ charts/letsencrypt/Chart.yaml | 10 +++ charts/letsencrypt/README.md | 38 ++++++++ .../letsencrypt/templates/clusterissuer.yaml | 30 +++++++ charts/letsencrypt/values.yaml | 4 + charts/wordpress/Chart.lock | 6 ++ charts/wordpress/Chart.yaml | 14 +++ charts/wordpress/README.md | 88 +++++++++++++++++++ charts/wordpress/templates/sealedsecret.yaml | 16 ++++ charts/wordpress/values.yaml | 9 ++ samples/scripting/rancher_installation.sh | 4 +- scripts/README.md | 4 + scripts/kubernetes/cluster-status.sh | 2 +- 35 files changed, 696 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/pkg.yml create mode 100644 .gitignore create mode 100644 .kube-linter.yaml create mode 100644 charts/README.md create mode 100644 charts/cow-demo/Chart.yaml create mode 100644 charts/cow-demo/README.md create mode 100644 charts/cow-demo/templates/NOTES.txt create mode 100644 charts/cow-demo/templates/_helpers.tpl create mode 100644 charts/cow-demo/templates/deployment.yaml create mode 100644 charts/cow-demo/templates/ingress.yaml create mode 100644 charts/cow-demo/templates/service.yaml create mode 100644 charts/cow-demo/values.yaml create mode 100644 charts/game-2048/.helmignore create mode 100644 charts/game-2048/Chart.yaml create mode 100644 charts/game-2048/README.md create mode 100644 charts/game-2048/templates/NOTES.txt create mode 100644 charts/game-2048/templates/_helpers.tpl create mode 100644 charts/game-2048/templates/deployment.yaml create mode 100644 charts/game-2048/templates/ingress.yaml create mode 100644 charts/game-2048/templates/service.yaml create mode 100644 charts/game-2048/values.yaml create mode 100644 charts/letsencrypt/Chart.yaml create mode 100644 charts/letsencrypt/README.md create mode 100644 charts/letsencrypt/templates/clusterissuer.yaml create mode 100644 charts/letsencrypt/values.yaml create mode 100644 charts/wordpress/Chart.lock create mode 100644 charts/wordpress/Chart.yaml create mode 100644 charts/wordpress/README.md create mode 100644 charts/wordpress/templates/sealedsecret.yaml create mode 100644 charts/wordpress/values.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab9ba65..398caa2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - develop pull_request: branches: - develop @@ -11,19 +12,51 @@ on: - cron: "0 2 * * 1-5" workflow_dispatch: {} +concurrency: + group: "${{ github.ref }}-${{ github.workflow }}" + cancel-in-progress: true + jobs: code-check: runs-on: ubuntu-latest steps: - - name: Checks-out the repository + - name: Check-out the repository uses: actions/checkout@v4 - - name: Lints Markdown files + with: + # gets all history for all branches and tags (mandatory for chart-testing to work, see https://github.com/helm/chart-testing/issues/186) + fetch-depth: 0 + - name: Lint Markdown files uses: DavidAnson/markdownlint-cli2-action@v16 with: globs: '**/*.md' - # checking shell code with ShellCheck (https://github.com/koalaman/shellcheck) - - name: Installs packages + # uses https://github.com/koalaman/shellcheck + - name: Install Shellcheck run: sudo apt install shellcheck - - name: Checks shell file code + - name: Check shell file code run: - shellcheck -e SC2086 -e SC2034 scripts/**/*.sh + shellcheck -e SC2086 -e SC2034 -e SC2126 scripts/**/*.sh + - name: Install Helm + uses: azure/setup-helm@v4.2.0 + with: + version: v3.14.0 + - name: Add dependency Helm chart repositories + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo update + - name: Install Python + uses: actions/setup-python@v5 + with: + python-version: '3.x' + check-latest: true + - name: Install Helm chart-testing + uses: helm/chart-testing-action@v2.6.1 + - name: List changed Helm charts + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/pkg.yml b/.github/workflows/pkg.yml new file mode 100644 index 0000000..2c33923 --- /dev/null +++ b/.github/workflows/pkg.yml @@ -0,0 +1,65 @@ +name: PKG + +on: + push: + branches: [ "main" ] + workflow_dispatch: + +permissions: + contents: write + pages: write + id-token: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Check-out the repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Install Helm + uses: azure/setup-helm@v4.2.0 + with: + version: v3.14.0 + - name: Add dependency Helm chart repositories + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo update + - name: Host charts repository on GitHub Pages + uses: helm/chart-releaser-action@v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + - name: Checkout gh-pages branch + uses: actions/checkout@v4 + with: + ref: gh-pages + - name: Setup Go environment + uses: actions/setup-go@v5 + - name: Generate index.html + run: | + go install github.com/halkeye/helm-repo-html@v0.0.8 + /home/runner/go/bin/helm-repo-html + - name: Setup Pages + uses: actions/configure-pages@v1 + - name: Build with Jekyll + uses: actions/jekyll-build-pages@v1 + with: + source: ./ + destination: ./_site + - name: Upload artifact + uses: actions/upload-pages-artifact@v1 + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v1 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..78b6342 --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +# local downloaded chart compressed files +/**/charts/*.tgz + +# local temporary files +temp*.yaml +temp.sh +/charts/temp/ +values_*.y*ml diff --git a/.kube-linter.yaml b/.kube-linter.yaml new file mode 100644 index 0000000..362d84a --- /dev/null +++ b/.kube-linter.yaml @@ -0,0 +1,7 @@ +checks: + addAllBuiltIn: true + exclude: + - "no-read-only-root-fs" + - "unset-cpu-requirements" + - "unset-memory-requirements" + ignorePaths: [] diff --git a/README.md b/README.md index c6b051b..11f96c4 100644 --- a/README.md +++ b/README.md @@ -2,30 +2,44 @@ [![CI](https://github.com/SUSE/lab-setup/actions/workflows/ci.yml/badge.svg?branch=develop)](https://github.com/SUSE/lab-setup/actions/workflows/ci.yml) -Welcome! You'll find in this repository some IT material to help setup your lab environments. +Welcome! You'll find in this repository some open-source material to setup a lab environment. It is used internally at SUSE (the goal being to capitalize and factorize), but is open to everyone. Feel free to contribute and share feedback! ## Getting started +Wether you're looking for simple way to automate an infrastructure or running demo workload, we've got you covered! + ### Bash scripting -* Download and source the files (here targetting `develop` branch but you can chose the revision you want): +Download and source the files (targetting `develop` branch): ```bash -SETUP_FOLDER=lab-setup -curl -sfL https://raw.githubusercontent.com/SUSE/lab-setup/feature/init-solution/scripts/download.sh \ - | GIT_REVISION=refs/heads/develop sh -s -- -o $SETUP_FOLDER -. $SETUP_FOLDER/scripts/index.sh +curl -sfL https://raw.githubusercontent.com/SUSE/lab-setup/develop/scripts/download.sh | GIT_REVISION=refs/heads/develop sh -s -- -o temp +. temp/scripts/index.sh ``` -* Try some functions: +Call a function: ```bash -# create a Kubernetes cluster (K3s distribution) k3s_create_cluster v1.23 ``` -* Look at concrete examples: [Rancher installation with downstream cluster](samples/scripting/rancher_installation.sh) +Browse the [catalog of functions](scripts/README.md#shell-functions) and [concrete examples](scripts/README.md#concrete-examples). + +### Helm charts + +Add Helm repository: + +```bash +helm repo add suse-lab-setup https://suse.github.io/lab-setup +helm repo update +``` + +Deploy a chart: + +```bash +helm upgrade --install cow-demo suse-lab-setup/cow-demo --namespace demo +``` -* Browse the [catalog of functions](scripts/README.md#shell-functions) +Browse the [catalog of Helm charts](charts/README.md). diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 0000000..004973b --- /dev/null +++ b/charts/README.md @@ -0,0 +1,18 @@ +# Helm Charts + +## Catalog + +* [Cow Demo](cow-demo/README.md) +* [Game 2048](game-2048/README.md) +* [Let's Encrypt](letsencrypt/README.md) +* [WordPress](wordpress/README.md) + +## Developer's guide + +```bash +# lints a chart +helm lint . + +# creates Kubernetes template file from chart (for review/comparison) +helm template myname . -f values.yaml --namespace demo > temp.yaml +``` diff --git a/charts/cow-demo/Chart.yaml b/charts/cow-demo/Chart.yaml new file mode 100644 index 0000000..d5dd9f6 --- /dev/null +++ b/charts/cow-demo/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: cow-demo +description: Helm chart for Cow Demo Application +type: application +version: 0.1.0 +appVersion: "2.0.0" +home: https://github.com/SUSE/lab-setup/tree/main/charts/cow-demo +maintainers: + - name: devpro + email: bertrand.thomas@suse.com diff --git a/charts/cow-demo/README.md b/charts/cow-demo/README.md new file mode 100644 index 0000000..9452a2c --- /dev/null +++ b/charts/cow-demo/README.md @@ -0,0 +1,25 @@ +# Cow Demo Helm Chart + +This chart will install the "Cow Demo" web application in a Kubernetes cluster. + +## Quick start + +Install the app with default settings: + +```bash +# adds the repo +helm repo add devpro https://devpro.github.io/helm-charts +helm repo update + +# installs the chart +helm upgrade --install cow-demo devpro/cow-demo --namespace demo --create-namespace +``` + +Look at [values.yaml](values.yaml) for the configuration. + +Clean-up: + +```bash +helm delete cow-demo +kubectl delete ns demo +``` diff --git a/charts/cow-demo/templates/NOTES.txt b/charts/cow-demo/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/charts/cow-demo/templates/_helpers.tpl b/charts/cow-demo/templates/_helpers.tpl new file mode 100644 index 0000000..e69de29 diff --git a/charts/cow-demo/templates/deployment.yaml b/charts/cow-demo/templates/deployment.yaml new file mode 100644 index 0000000..1c20728 --- /dev/null +++ b/charts/cow-demo/templates/deployment.yaml @@ -0,0 +1,36 @@ +{{- $name := $.Values.name -}} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }} + labels: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} +spec: + replicas: {{ $.Values.replicaCount }} + selector: + matchLabels: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} + template: + metadata: + labels: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} + spec: + containers: + - name: webapp + image: "{{ $.Values.image }}:{{ $.Values.tag }}" + imagePullPolicy: Always + env: + - name: CONTAINER_COLOR + value: {{ $.Values.pet.color }} + - name: PETS + value: {{ $.Values.pet.type }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/cow-demo/templates/ingress.yaml b/charts/cow-demo/templates/ingress.yaml new file mode 100644 index 0000000..d40ba2f --- /dev/null +++ b/charts/cow-demo/templates/ingress.yaml @@ -0,0 +1,34 @@ +{{- if $.Values.ingress.enabled -}} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $.Values.name }} + {{- with $.Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if $.Values.ingress.className }} + ingressClassName: {{ $.Values.ingress.className }} + {{- end }} + rules: + - {{- if $.Values.ingress.host }} + host: {{ $.Values.ingress.host }} + {{- end }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ $.Values.name }} + port: + number: {{ $.Values.port }} + {{- if $.Values.ingress.tls }} + tls: + - hosts: + - {{ $.Values.ingress.host | quote }} + secretName: {{ $.Values.ingress.tls.secretName }} + {{- end }} +{{- end }} diff --git a/charts/cow-demo/templates/service.yaml b/charts/cow-demo/templates/service.yaml new file mode 100644 index 0000000..11cdfe7 --- /dev/null +++ b/charts/cow-demo/templates/service.yaml @@ -0,0 +1,19 @@ +{{- $name := $.Values.name -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $name }} + labels: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} +spec: + type: ClusterIP + selector: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} + ports: + - name: http + port: {{ $.Values.port }} + protocol: TCP + targetPort: 8080 diff --git a/charts/cow-demo/values.yaml b/charts/cow-demo/values.yaml new file mode 100644 index 0000000..6267a01 --- /dev/null +++ b/charts/cow-demo/values.yaml @@ -0,0 +1,27 @@ +name: cow-demo +image: devprofr/cow-demo +tag: 1.0.8830193847 +replicaCount: 2 +port: 80 +ingress: + enabled: false + className: "nginx" + host: "" + annotations: {} + # nginx.ingress.kubernetes.io/ssl-redirect: "false" + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # cert-manager.io/cluster-issuer: letsencrypt-prod + tls: + secretName: "cow-demo-tls" +pet: + # choice: cows, chameleons, cowmeleons + type: cows + # choice: red, orange, yellow, olive, green, teal, blue, violet, purple, pink, black + color: blue +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi diff --git a/charts/game-2048/.helmignore b/charts/game-2048/.helmignore new file mode 100644 index 0000000..f82e96d --- /dev/null +++ b/charts/game-2048/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/game-2048/Chart.yaml b/charts/game-2048/Chart.yaml new file mode 100644 index 0000000..75a77e0 --- /dev/null +++ b/charts/game-2048/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: game-2048 +description: Helm chart for Game 2048 +type: application +version: 0.1.0 +appVersion: "1.0.0" +home: https://github.com/SUSE/lab-setup/tree/main/charts/game-2048 +maintainers: + - name: devpro + email: bertrand.thomas@suse.com diff --git a/charts/game-2048/README.md b/charts/game-2048/README.md new file mode 100644 index 0000000..3039804 --- /dev/null +++ b/charts/game-2048/README.md @@ -0,0 +1,25 @@ +# Game 2048 Helm Chart + +This chart will install the "2048 game" web application in a Kubernetes cluster. + +## Quick start + +Install the app with default settings: + +```bash +# adds the repo +helm repo add devpro https://devpro.github.io/helm-charts +helm repo update + +# installs the chart +helm upgrade --install game-2048 devpro/game-2048 --namespace demo --create-namespace +``` + +Look at [values.yaml](values.yaml) for the configuration. + +Clean-up: + +```bash +helm delete game-2048 +kubectl delete ns demo +``` diff --git a/charts/game-2048/templates/NOTES.txt b/charts/game-2048/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/charts/game-2048/templates/_helpers.tpl b/charts/game-2048/templates/_helpers.tpl new file mode 100644 index 0000000..e69de29 diff --git a/charts/game-2048/templates/deployment.yaml b/charts/game-2048/templates/deployment.yaml new file mode 100644 index 0000000..e88e0bd --- /dev/null +++ b/charts/game-2048/templates/deployment.yaml @@ -0,0 +1,31 @@ +{{- $name := $.Values.name -}} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $name }} + labels: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} +spec: + replicas: {{ $.Values.replicaCount }} + selector: + matchLabels: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} + template: + metadata: + labels: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} + spec: + containers: + - name: webapp + image: "{{ $.Values.image }}:{{ $.Values.tag }}" + imagePullPolicy: Always + ports: + - name: http + containerPort: 80 + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/game-2048/templates/ingress.yaml b/charts/game-2048/templates/ingress.yaml new file mode 100644 index 0000000..d40ba2f --- /dev/null +++ b/charts/game-2048/templates/ingress.yaml @@ -0,0 +1,34 @@ +{{- if $.Values.ingress.enabled -}} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $.Values.name }} + {{- with $.Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if $.Values.ingress.className }} + ingressClassName: {{ $.Values.ingress.className }} + {{- end }} + rules: + - {{- if $.Values.ingress.host }} + host: {{ $.Values.ingress.host }} + {{- end }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ $.Values.name }} + port: + number: {{ $.Values.port }} + {{- if $.Values.ingress.tls }} + tls: + - hosts: + - {{ $.Values.ingress.host | quote }} + secretName: {{ $.Values.ingress.tls.secretName }} + {{- end }} +{{- end }} diff --git a/charts/game-2048/templates/service.yaml b/charts/game-2048/templates/service.yaml new file mode 100644 index 0000000..f3b433b --- /dev/null +++ b/charts/game-2048/templates/service.yaml @@ -0,0 +1,19 @@ +{{- $name := $.Values.name -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $name }} + labels: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} +spec: + type: ClusterIP + selector: + app: {{ $name }} + app.kubernetes.io/name: {{ $name }} + ports: + - name: http + port: {{ $.Values.port }} + protocol: TCP + targetPort: 80 diff --git a/charts/game-2048/values.yaml b/charts/game-2048/values.yaml new file mode 100644 index 0000000..c25378f --- /dev/null +++ b/charts/game-2048/values.yaml @@ -0,0 +1,20 @@ +name: game-2048 +image: devprofr/game-2048 +tag: "1.0.8328752292" +replicaCount: 1 +port: 80 +ingress: + enabled: false + className: "nginx" + host: "" + annotations: {} + # cert-manager.io/cluster-issuer: letsencrypt-prod + tls: + secretName: "game-2048-tls" +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 64Mi diff --git a/charts/letsencrypt/Chart.yaml b/charts/letsencrypt/Chart.yaml new file mode 100644 index 0000000..21b2f56 --- /dev/null +++ b/charts/letsencrypt/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: letsencrypt +description: Helm chart for managing Let's Encrypt +type: application +version: 0.1.0 +appVersion: "1.0.0" +home: https://github.com/SUSE/lab-setup/tree/main/charts/letsencrypt +maintainers: + - name: devpro + email: bertrand.thomas@suse.com diff --git a/charts/letsencrypt/README.md b/charts/letsencrypt/README.md new file mode 100644 index 0000000..4af112a --- /dev/null +++ b/charts/letsencrypt/README.md @@ -0,0 +1,38 @@ +# Let's Encrypt Helm Chart + +This Helm chart will install certificate issuers using [Let's Encrpyt](https://letsencrypt.org/). + +This chart must be installed after `cert-manager`, which is a requirement for the issuers to work and be used. + +## Quick start + +Install the app with minimal settings: + +```bash +# adds the repo +helm repo add devpro https://devpro.github.io/helm-charts +helm repo update + +# installs the chart (this examples assumes NGINX Ingress Controller is installed) +helm upgrade --install letsencrypt devpro/letsencrypt \ + --namespace cert-manager \ + --set registration.emailAddress=someuser@domain.com \ + --set ingress.className=nginx + +# checks installation is ok +kubectl get ClusterIssuers -n cert-manager +``` + +Clean-up: + +```bash +helm delete letsencrypt -n cert-manager +``` + +## Troubleshooting + +### Check existing resources + +```bash +kubectl get Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges --all-namespaces +``` diff --git a/charts/letsencrypt/templates/clusterissuer.yaml b/charts/letsencrypt/templates/clusterissuer.yaml new file mode 100644 index 0000000..93df939 --- /dev/null +++ b/charts/letsencrypt/templates/clusterissuer.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: {{ .Values.registration.emailAddress }} + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - http01: + ingress: + class: {{ .Values.ingress.className }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: {{ .Values.registration.emailAddress }} + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - http01: + ingress: + class: {{ .Values.ingress.className }} diff --git a/charts/letsencrypt/values.yaml b/charts/letsencrypt/values.yaml new file mode 100644 index 0000000..46f703e --- /dev/null +++ b/charts/letsencrypt/values.yaml @@ -0,0 +1,4 @@ +registration: + emailAddress: +ingress: + className: nginx diff --git a/charts/wordpress/Chart.lock b/charts/wordpress/Chart.lock new file mode 100644 index 0000000..2ad15f3 --- /dev/null +++ b/charts/wordpress/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: wordpress + repository: https://charts.bitnami.com/bitnami + version: 19.2.5 +digest: sha256:9ecd8b6020982dfb58440e219ed45aadb2856be4c8719b94b364f85fc079e557 +generated: "2024-09-04T14:30:06.1580989+02:00" diff --git a/charts/wordpress/Chart.yaml b/charts/wordpress/Chart.yaml new file mode 100644 index 0000000..c963914 --- /dev/null +++ b/charts/wordpress/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +name: wordpress +description: Helm chart for managing WordPress +type: application +version: 0.1.0 +appVersion: "6.4.3" +dependencies: + - name: wordpress + version: 19.2.5 + repository: https://charts.bitnami.com/bitnami +home: https://github.com/SUSE/lab-setup/tree/main/charts/wordpress +maintainers: + - name: devpro + email: bertrand.thomas@suse.com diff --git a/charts/wordpress/README.md b/charts/wordpress/README.md new file mode 100644 index 0000000..b227ed2 --- /dev/null +++ b/charts/wordpress/README.md @@ -0,0 +1,88 @@ +# WordPress Helm Chart + +This Helm chart will install [WordPress](https://wordpress.com/) in a Kubernetes cluster. + +## Quick start + +Install the app with default settings: + +```bash +# adds the repo +helm repo add devpro https://devpro.github.io/helm-charts +helm repo update + +# installs the chart +helm upgrade --install wordpress devpro/wordpress --namespace demo --create-namespace +``` + +Look at [values.yaml](values.yaml) for the configuration. + +Clean-up: + +```bash +helm delete wordpress +kubectl delete ns demo +``` + +## Configuration examples + +### Ingress (NGINX class with self-signed certificate) + WordPress password as secret + Azure storage class + +```yaml +secrets: + wordpressPassword: + encryptedValue: xxx +wordpress: + global: + storageClass: azureblob-fuse + wordpressUsername: myuser + wordpressBlogName: "My Wordpress!" + existingSecret: wordpress-credentials + ingress: + enabled: true + ingressClassName: nginx + hostname: wordpress.demo + tls: true + selfSigned: true + mariadb: + auth: + rootPassword: "xxx" + password: "xxx" +``` + +## Troubleshooting + +### MariaDB failing to start + +Check storage class compatibility + +### Empty website & incomplete template + +View pod logs + +Increase livenessProbe initialDelaySeconds as WordPress installation may take several minutes (see [Issue #9563](https://github.com/bitnami/charts/issues/9563)) + +### Error 503 + +Make sure Kubernetes `wordpress` service exists (may also be linked to long installation time and disabled probes) + +## Upstream version update + +- Look for the available versions: + +```bash +# adds bitnami helm chart repository +helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo update + +# lists available charts +helm search repo wordpress +``` + +- Update [Chart.yaml](Chart.yaml) + +- Update Chart.lock file: + +```bash +helm dependency update +``` diff --git a/charts/wordpress/templates/sealedsecret.yaml b/charts/wordpress/templates/sealedsecret.yaml new file mode 100644 index 0000000..1d5af80 --- /dev/null +++ b/charts/wordpress/templates/sealedsecret.yaml @@ -0,0 +1,16 @@ +{{- $sealedSecrets := list .Values.secrets.wordpressPassword -}} +{{ range $sealedSecrets }} +{{- if .encryptedValue }} +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: {{ .name }} +spec: + encryptedData: + {{ .key }}: {{ .encryptedValue }} + template: + metadata: + name: {{ .name }} +{{- end }} +{{ end }} diff --git a/charts/wordpress/values.yaml b/charts/wordpress/values.yaml new file mode 100644 index 0000000..5a451ef --- /dev/null +++ b/charts/wordpress/values.yaml @@ -0,0 +1,9 @@ +secrets: + wordpressPassword: + name: wordpress-credentials + key: wordpress-password + encryptedValue: "" +# https://github.com/bitnami/charts/blob/main/bitnami/wordpress/values.yaml +wordpress: + livenessProbe: + initialDelaySeconds: 600 # 10 minutes diff --git a/samples/scripting/rancher_installation.sh b/samples/scripting/rancher_installation.sh index 6560999..fed5ce7 100644 --- a/samples/scripting/rancher_installation.sh +++ b/samples/scripting/rancher_installation.sh @@ -2,8 +2,8 @@ # downloads and sources shared scripts SETUP_FOLDER=temp -curl -sfL https://raw.githubusercontent.com/SUSE/lab-setup/feature/init-solution/scripts/download.sh \ - | GIT_REVISION=refs/heads/feature/init-solution sh -s -- -o $SETUP_FOLDER +curl -sfL https://raw.githubusercontent.com/SUSE/lab-setup/develop/scripts/download.sh \ + | GIT_REVISION=refs/heads/develop sh -s -- -o $SETUP_FOLDER . $SETUP_FOLDER/scripts/index.sh # defines variables diff --git a/scripts/README.md b/scripts/README.md index 19e8c59..76bd98e 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -20,3 +20,7 @@ Name | Source `rancher_update_password` | [scripts/rancher/user-actions.sh](scripts/rancher/user-actions.sh) `rancher_update_serverurl` | [scripts/rancher/manager-settings.sh](scripts/rancher/manager-settings.sh) `rancher_wait_capiready` | [scripts/rancher/manager-lifecycle.sh](scripts/rancher/manager-lifecycle.sh) + +## Concrete examples + +- [Rancher installation with downstream cluster](../samples/scripting/rancher_installation.sh) diff --git a/scripts/kubernetes/cluster-status.sh b/scripts/kubernetes/cluster-status.sh index 846b3f2..634c6de 100644 --- a/scripts/kubernetes/cluster-status.sh +++ b/scripts/kubernetes/cluster-status.sh @@ -15,7 +15,7 @@ k8s_wait_fornodesandpods() { sleep 5 done while true; do - NOT_READY_NODES=$(kubectl get nodes --no-headers 2>/dev/null | grep -c " Ready") + NOT_READY_NODES=$(kubectl get nodes --no-headers 2>/dev/null | grep -v " Ready" | wc -l) if [ "$NOT_READY_NODES" -eq 0 ]; then echo "All nodes are ready." break