Convert to helm (#57)

* Convert to helm

* Add charts releaser wf

* Add small fixes

* Add refactoring

* Update readme

* Update readme part 2

Author: radu-catalina

.github/workflows/release-helm-chart.yaml

@@ -0,0 +1,25 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -9,7 +9,7 @@
 docker/
 
 # build artifacts
-cluster-registry*
+/cluster-registry*
 kubeconfig
 .dynamodb
 .hack*

helm-charts/README.md

@@ -0,0 +1,35 @@
+# Cluster Registry Client Chart
+
+Helm chart for Cluster Registry Client.
+
+## Prerequisites for installing the chart
+
+**Notes**
+> Secret management must be handled by the user. Secrets must be created (either by kubectl or by a secret management tool) beforehand in order for the chart deployment to be successful.
+> This step is mandatory for the application to run succesfully.
+
+Required secret name is `cluster-registry-aws` and required keys are: `AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, SQS_AWS_REGION, SQS_ENDPOINT, SQS_QUEUE_NAME`
+
+Example of a secret name and corresponding required keys (can also be found in [deployment.yaml](cluster-registry-client/templates/deployment.yaml) file):
+```yaml
+apiVersion: v1
+data:
+  AWS_ACCESS_KEY_ID: <AWS_ACCESS_KEY_ID_VALUE>
+  AWS_SECRET_ACCESS_KEY: <AWS_SECRET_ACCESS_KEY_VALUE>
+  SQS_AWS_REGION: <SQS_AWS_REGION_VALUE>
+  SQS_ENDPOINT: <SQS_ENDPOINT_VALUE>
+  SQS_QUEUE_NAME: <SQS_QUEUE_NAME_VALUE>
+kind: Secret
+metadata:
+  name: cluster-registry-aws
+  namespace: <namespace>
+type: Opaque
+```
+
+## Chart configuration
+To see a full list if configurable parameters, check the table generated in the [README.md](cluster-registry-client/README.md) file.
+
+### Deploying the chart locally
+```bash
+ helm install cluster-registry-client . --values values.yaml --namespace <namespace>
+```

helm-charts/cluster-registry-client/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm-charts/cluster-registry-client/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: cluster-registry-client
+description: Helm chart for Cluster Registry Client.
+type: application
+home: https://github.com/adobe/cluster-registry
+
+maintainers:
+- name: aalexandru
+  email: [email protected]
+- name: radu-catalina
+  email: [email protected]
+
+version: 0.1.0
+appVersion: "v1.4.0"

helm-charts/cluster-registry-client/README.md

@@ -0,0 +1,56 @@
+# cluster-registry-client
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square)
+
+Helm chart for Cluster Registry Client.
+
+**Homepage:** <https://github.com/adobe/cluster-registry>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| aalexandru | <[email protected]> |  |
+| radu-catalina | <[email protected]> |  |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| clusterRegistryClient.alertmanagerWebhook.alertMap | list | `[]` |  |
+| clusterRegistryClient.alertmanagerWebhook.bindAddress | string | `"0.0.0.0:9092"` |  |
+| clusterRegistryClient.health.healthProbeBindAddress | string | `":8081"` |  |
+| clusterRegistryClient.leaderElection.leaderElect | bool | `true` |  |
+| clusterRegistryClient.leaderElection.resourceName | string | `"0c4967d2.registry.ethos.adobe.com"` |  |
+| clusterRegistryClient.leaderElection.resourceNamespace | string | `"cluster-registry"` |  |
+| clusterRegistryClient.metrics.bindAddress | string | `"0.0.0.0:9090"` |  |
+| clusterRegistryClient.webhook.port | int | `9443` |  |
+| fullnameOverride | string | `"cluster-registry-client"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.registry | string | `"ghcr.io/adobe/cluster-registry-client"` |  |
+| livenessProbe.httpGet.path | string | `"/healthz"` |  |
+| livenessProbe.httpGet.port | int | `9091` |  |
+| livenessProbe.initialDelaySeconds | int | `15` |  |
+| livenessProbe.periodSeconds | int | `20` |  |
+| nameOverride | string | `"cluster-registry-client"` |  |
+| ports[0].containerPort | int | `9090` |  |
+| ports[0].name | string | `"metrics"` |  |
+| ports[1].containerPort | int | `9092` |  |
+| ports[1].name | string | `"amwebhook"` |  |
+| rbac.create | bool | `true` |  |
+| rbac.nameSuffix | string | `"cluster-client"` |  |
+| readinessProbe.httpGet.path | string | `"/readyz"` |  |
+| readinessProbe.httpGet.port | int | `9091` |  |
+| readinessProbe.initialDelaySeconds | int | `5` |  |
+| readinessProbe.periodSeconds | int | `10` |  |
+| replicaCount | int | `2` |  |
+| resources.limits.cpu | string | `"200m"` |  |
+| resources.limits.memory | string | `"400Mi"` |  |
+| resources.requests.cpu | string | `"100m"` |  |
+| resources.requests.memory | string | `"200Mi"` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `"cluster-registry-client"` |  |
+| terminationGracePeriodSeconds | int | `10` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

helm-charts/cluster-registry-client/templates/_helpers.tpl

@@ -0,0 +1,78 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cluster-registry-client.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cluster-registry-client.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cluster-registry-client.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cluster-registry-client.labels" -}}
+helm.sh/chart: {{ include "cluster-registry-client.chart" . }}
+{{ include "cluster-registry-client.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{ include "cluster-registry-client.appLabels" . }}
+{{ include "cluster-registry-client.componentLabels" . }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cluster-registry-client.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cluster-registry-client.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Cluster Registry client application label
+*/}}
+{{- define "cluster-registry-client.appLabels" -}}
+app: cluster-registry-client
+{{- end }}
+
+{{/*
+Cluster Registry component label
+*/}}
+{{- define "cluster-registry-client.componentLabels" -}}
+component: cluster-registry
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cluster-registry-client.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cluster-registry-client.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

helm-charts/cluster-registry-client/templates/configmap.yaml

@@ -0,0 +1,37 @@
+{{- if .Values.clusterRegistryClient }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "client-config"
+  labels:
+    {{- include "cluster-registry-client.labels" . | nindent 4 }}
+data:
+  config.yaml: |-
+    apiVersion: config.registry.ethos.adobe.com/v1
+    kind: ClientConfig
+    health:
+      healthProbeBindAddress: {{ .Values.clusterRegistryClient.health.healthProbeBindAddress }}
+    metrics:
+      bindAddress: {{ .Values.clusterRegistryClient.metrics.bindAddress }}
+    webhook:
+      port: {{ .Values.clusterRegistryClient.webhook.port }}
+    leaderElection:
+      leaderElect: {{ .Values.clusterRegistryClient.leaderElection.leaderElect }}
+      resourceNamespace: {{ .Release.Namespace }}
+      resourceName:  {{ .Values.clusterRegistryClient.leaderElection.resourceName }}
+    namespace: {{ .Release.Namespace }}
+    alertmanagerWebhook:
+      bindAddress: {{ .Values.clusterRegistryClient.alertmanagerWebhook.bindAddress }}
+      {{- if gt (len .Values.clusterRegistryClient.alertmanagerWebhook.alertMap) 0 }}
+      alertMap:
+      {{- range $_, $am := .Values.clusterRegistryClient.alertmanagerWebhook.alertMap }} 
+        - alertName: {{ $am.alertName }}
+          onFiring:
+          {{- toYaml $am.onFiring | nindent 12 }}
+          onResolved:
+          {{- toYaml $am.onResolved | nindent 12 }}
+      {{- end }}
+      {{- else }}
+      alertMap: []
+      {{- end }}
+{{- end }}

helm-charts/cluster-registry-client/templates/deployment.yaml

@@ -0,0 +1,84 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:   {{- include "cluster-registry-client.labels" . | nindent 4 }}
+  name: {{ include "cluster-registry-client.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.replicaCount | required ".Values.replicaCount is required" }}
+  selector:
+    matchLabels:
+      app: cluster-registry-client
+  template:
+    metadata:
+      labels:
+      {{- include "cluster-registry-client.appLabels" . | nindent 8 }}
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+    spec:
+      containers:
+        - args:
+            - --leader-elect
+            - --config=config.yaml
+          command:
+            - /bin/client
+          image: "{{ .Values.image.registry }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          volumeMounts:
+            - name: client-config
+              mountPath: /config.yaml
+              subPath: config.yaml
+          ports:
+            {{- toYaml .Values.ports | nindent 12 }}
+          env:
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  key: AWS_ACCESS_KEY_ID
+                  name: cluster-registry-aws
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: AWS_SECRET_ACCESS_KEY
+                  name: cluster-registry-aws
+            - name: SQS_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  key: SQS_ENDPOINT
+                  name: cluster-registry-aws
+            - name: SQS_QUEUE_NAME
+              valueFrom:
+                secretKeyRef:
+                  key: SQS_QUEUE_NAME
+                  name: cluster-registry-aws
+            - name: AWS_REGION
+              valueFrom:
+                secretKeyRef:
+                  key: SQS_AWS_REGION
+                  name: cluster-registry-aws
+            - name: SQS_AWS_REGION
+              valueFrom:
+                secretKeyRef:
+                  key: SQS_AWS_REGION
+                  name: cluster-registry-aws
+          {{- if .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.livenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml .Values.readinessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.resources }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          name: manager
+          securityContext:
+            allowPrivilegeEscalation: false
+      volumes:
+        - name: client-config
+          configMap:
+            name: client-config
+      serviceAccountName: {{ include "cluster-registry-client.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds | required ".Values.terminationGracePeriodSeconds is required"  }}