Update helm chart (#2)

* Some renaming to better align with our needs, make badges and hub launch in k8s

* Finish adding missing env vars for hub chart

* Align ports; remove container layer control across all

* Add hub env vars to grafana deployment

* Grafana updates complete; http port fixed

* coderabbit fixes

* Fix one secret inconsistency

* Add notes for external secrets? About as good as we can do since we don't generate the secrets.

* Coderabbit is super picky

Author: dchw

charts/lunar-hub/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: lunar
+description: A Helm chart for Earthly Lunar 🌙
+type: application
+version: 0.1.0

charts/lunar-hub/templates/hub-service.yaml

@@ -0,0 +1,38 @@
+🌙 Lunar has been installed!
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+The following Kubernetes secrets must exist in the target namespace
+before pods will start. Create them manually, or use an external
+secret manager (e.g. External Secrets Operator, Sealed Secrets, Vault).
+
+Secret names and keys are configurable in values.yaml.
+
+Hub (required):
+  {{ printf "%-30s" .Values.hub.db.user.secretName }}  key: {{ .Values.hub.db.user.secretKey }}
+  {{ printf "%-30s" .Values.hub.db.pass.secretName }}  key: {{ .Values.hub.db.pass.secretKey }}
+  {{ printf "%-30s" .Values.hub.auth.secretName }}  key: {{ .Values.hub.auth.secretKey }}
+  {{ printf "%-30s" .Values.hub.github.app.privateKey.secretName }}  key: {{ .Values.hub.github.app.privateKey.secretKey }}
+  {{ printf "%-30s" .Values.hub.github.token.secretName }}  key: {{ .Values.hub.github.token.secretKey }}
+  {{ printf "%-30s" .Values.hub.github.webhookSecret.secretName }}  key: {{ .Values.hub.github.webhookSecret.secretKey }}
+  {{ printf "%-30s" .Values.hub.secrets.collector.secretName }}  key: {{ .Values.hub.secrets.collector.secretKey }}
+  {{ printf "%-30s" .Values.hub.secrets.cataloger.secretName }}  key: {{ .Values.hub.secrets.cataloger.secretKey }}
+  {{ printf "%-30s" .Values.hub.secrets.policy.secretName }}  key: {{ .Values.hub.secrets.policy.secretKey }}
+{{- if .Values.hub.logging.elastic.url }}
+
+Elastic (when hub.logging.elastic.url is set):
+  {{ printf "%-30s" .Values.hub.logging.elastic.apiKeySecret.secretName }}  key: {{ .Values.hub.logging.elastic.apiKeySecret.secretKey }}
+{{- end }}
+{{- if .Values.badges.enabled }}
+
+Badges (when badges.enabled is true):
+  {{ printf "%-30s" .Values.badges.secret.name }}  key: {{ .Values.badges.secret.key }}
+{{- end }}
+{{- if .Values.grafana.enabled }}
+
+Grafana (when grafana.enabled is true):
+  {{ printf "%-30s" .Values.grafana.admin.user.secretName }}  key: {{ .Values.grafana.admin.user.secretKey }}
+  {{ printf "%-30s" .Values.grafana.admin.password.secretName }}  key: {{ .Values.grafana.admin.password.secretKey }}
+{{- end }}
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

charts/lunar/Chart.yaml

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "lunar-hub.name" -}}
+{{- define "lunar.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "lunar-hub.fullname" -}}
+{{- define "lunar.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "lunar-hub.chart" -}}
+{{- define "lunar.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "lunar-hub.labels" -}}
-helm.sh/chart: {{ include "lunar-hub.chart" . }}
-{{ include "lunar-hub.selectorLabels" . }}
+{{- define "lunar.labels" -}}
+helm.sh/chart: {{ include "lunar.chart" . }}
+{{ include "lunar.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "lunar-hub.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "lunar-hub.name" . }}
+{{- define "lunar.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "lunar.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "lunar-hub.serviceAccountName" -}}
+{{- define "lunar.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "lunar-hub.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "lunar.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

charts/lunar/templates/NOTES.txt

@@ -2,22 +2,22 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "lunar-hub.fullname" . }}-badges
+  name: {{ include "lunar.fullname" . }}-badges
   labels:
-    {{- include "lunar-hub.labels" . | nindent 4 }}
+    {{- include "lunar.labels" . | nindent 4 }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      {{- include "lunar-hub.selectorLabels" . | nindent 6 }}
+      {{- include "lunar.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       {{- with .Values.badges.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "lunar-hub.labels" . | nindent 8 }}
+        {{- include "lunar.labels" . | nindent 8 }}
         {{- with .Values.badges.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
@@ -26,7 +26,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "lunar-hub.serviceAccountName" . }}
+      serviceAccountName: {{ include "lunar.serviceAccountName" . }}
       {{- with .Values.badges.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
@@ -41,17 +41,18 @@ spec:
           imagePullPolicy: {{ .Values.badges.image.pullPolicy }}
           {{- with .Values.badges }}
           env:
-            - name: BADGES_PORT
-              value: {{ .port | quote }}
             - name: BADGES_SECRET
               valueFrom:
                 secretKeyRef:
                   name: {{ .secret.name }}
                   key: {{ .secret.key }}
           {{- end }}
+          {{- with .Values.badges.extraEnv }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           ports:
             - name: http
-              containerPort: {{ .Values.badges.port }}
+              containerPort: 8080
               protocol: TCP
           {{- with .Values.badges.resources }}
           resources:

charts/lunar-hub/templates/_helpers.tpl charts/lunar/templates/_helpers.tplcharts/lunar-hub/templates/_helpers.tpl renamed to charts/lunar/templates/_helpers.tpl

@@ -1,11 +1,11 @@
-{{- if .Values.hub.ingress.enabled -}}
+{{- if .Values.badges.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "lunar-hub.fullname" . }}-badges
+  name: {{ include "lunar.fullname" . }}-badges
   labels:
-    {{- include "lunar-hub.labels" . | nindent 4 }}
-  {{- with .Values.hub.ingress.annotations }}
+    {{- include "lunar.labels" . | nindent 4 }}
+  {{- with .Values.badges.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
@@ -35,7 +35,7 @@ spec:
             {{- end }}
             backend:
               service:
-                name: {{ include "lunar-hub.fullname" $ }}-badges
+                name: {{ include "lunar.fullname" $ }}-badges
                 port:
                   number: {{ $.Values.badges.service.port }}
           {{- end }}

…nar-hub/templates/badges-deployment.yaml …s/lunar/templates/badges-deployment.yamlcharts/lunar-hub/templates/badges-deployment.yaml renamed to charts/lunar/templates/badges-deployment.yaml charts/lunar-hub/templates/badges-deployment.yaml renamed to charts/lunar/templates/badges-deployment.yaml

@@ -2,16 +2,16 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "lunar-hub.fullname" . }}-badges
+  name: {{ include "lunar.fullname" . }}-badges
   labels:
-    {{- include "lunar-hub.labels" . | nindent 4 }}
+    {{- include "lunar.labels" . | nindent 4 }}
 spec:
   type: {{ .Values.badges.service.type }}
   ports:
     - port: {{ .Values.badges.service.port }}
-      targetPort: {{ .Values.badges.port }}
+      targetPort: http
       protocol: TCP
       name: badges-rest
   selector:
-    {{- include "lunar-hub.selectorLabels" . | nindent 4 }}
+    {{- include "lunar.selectorLabels" . | nindent 4 }}
 {{- end }}

…/lunar-hub/templates/badges-ingress.yaml …arts/lunar/templates/badges-ingress.yamlcharts/lunar-hub/templates/badges-ingress.yaml renamed to charts/lunar/templates/badges-ingress.yaml charts/lunar-hub/templates/badges-ingress.yaml renamed to charts/lunar/templates/badges-ingress.yaml

@@ -2,22 +2,22 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "lunar-hub.fullname" . }}-grafana
+  name: {{ include "lunar.fullname" . }}-grafana
   labels:
-    {{- include "lunar-hub.labels" . | nindent 4 }}
+    {{- include "lunar.labels" . | nindent 4 }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      {{- include "lunar-hub.selectorLabels" . | nindent 6 }}
+      {{- include "lunar.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       {{- with .Values.grafana.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "lunar-hub.labels" . | nindent 8 }}
+        {{- include "lunar.labels" . | nindent 8 }}
         {{- with .Values.grafana.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
@@ -26,7 +26,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "lunar-hub.serviceAccountName" . }}
+      serviceAccountName: {{ include "lunar.serviceAccountName" . }}
       {{- with .Values.grafana.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
@@ -57,15 +57,42 @@ spec:
                   key: {{ $.Values.hub.db.pass.secretKey }}
             - name: POSTGRES_DB
               value: {{ $.Values.hub.db.name | quote }}
+            - name: LUNAR_HUB_HOST
+              value: {{ include "lunar.fullname" $ }}-hub
+            - name: LUNAR_HUB_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $.Values.hub.auth.secretName }}
+                  key: {{ $.Values.hub.auth.secretKey }}
+            - name: GF_SECURITY_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .admin.user.secretName }}
+                  key: {{ .admin.user.secretKey }}
+            - name: GF_SECURITY_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .admin.password.secretName }}
+                  key: {{ .admin.password.secretKey }}
             - name: GF_INSTALL_PLUGINS
-              value: "yesoreyeram-infinity-datasource"
+              value: "yesoreyeram-infinity-datasource,marcusolsson-dynamictext-panel,volkovlabs-echarts-panel"
+            - name: GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS
+              value: "earthly-json-tree-panel"
+            - name: GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH
+              value: "/etc/grafana/provisioning/dashboards/home.json"
+            - name: GF_USERS_ALLOW_SIGN_UP
+              value: "false"
+            - name: GF_USERS_DEFAULT_THEME
+              value: "tron"
+            - name: GF_FEATURE_TOGGLES_ENABLE
+              value: "grafanaconThemes"
             {{- with .extraEnv }}
               {{- toYaml . | nindent 12 }}
             {{- end }}
           {{- end }}
           ports:
             - name: http
-              containerPort: {{ .Values.grafana.port }}
+              containerPort: 3000
               protocol: TCP
           {{- with .Values.grafana.resources }}
           resources:

…/lunar-hub/templates/badges-service.yaml …arts/lunar/templates/badges-service.yamlcharts/lunar-hub/templates/badges-service.yaml renamed to charts/lunar/templates/badges-service.yaml charts/lunar-hub/templates/badges-service.yaml renamed to charts/lunar/templates/badges-service.yaml

@@ -2,9 +2,9 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ include "lunar-hub.fullname" . }}-grafana
+  name: {{ include "lunar.fullname" . }}-grafana
   labels:
-    {{- include "lunar-hub.labels" . | nindent 4 }}
+    {{- include "lunar.labels" . | nindent 4 }}
   {{- with .Values.grafana.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
@@ -35,7 +35,7 @@ spec:
             {{- end }}
             backend:
               service:
-                name: {{ include "lunar-hub.fullname" $ }}-grafana
+                name: {{ include "lunar.fullname" $ }}-grafana
                 port:
                   number: {{ $.Values.grafana.service.port }}
           {{- end }}