Add a Helmchart for GeoHealthCheck

charts/geohealthcheck/.editorconfig

@@ -0,0 +1,12 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = true

charts/geohealthcheck/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/geohealthcheck/.yamllint

@@ -0,0 +1,8 @@
+---
+extends: 'default'
+ignore: []
+rules:
+  quoted-strings:
+    quote-type: 'single'
+    required: true
+    ignore: []

charts/geohealthcheck/Chart.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: 'v2'
+name: 'geohealthcheck'
+description: 'A Helm chart for GeoHealthCheck'
+type: 'application'
+version: '1.0.0'
+appVersion: '0.9.0'

charts/geohealthcheck/README.md

@@ -0,0 +1,81 @@
+# geohealthcheck
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square)
+
+A Helm chart for GeoHealthCheck
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| additionalCertificates | object | `{}` |  |
+| affinity | object | `{}` |  |
+| fullnameOverride | string | `""` | This is to override the release name. |
+| geohealthcheck.additionalConfigMaps | list | `[]` | additional configmaps additionalConfigMaps:   - 'foo'   - 'bar' |
+| geohealthcheck.additionalEnv | object | `{}` | additional env variables additionalEnv:   name1: 'value1'   name2: 'value2' |
+| geohealthcheck.additionalEnvSecrets | list | `[]` | additional envSecrets additionalEnvSecrets:   - 'foo'   - 'bar' |
+| geohealthcheck.adminEmail | string | `"[email protected]"` | email address of administrator / contact- notification emails will come from this address |
+| geohealthcheck.auth.secret | string | `"changeme"` | secret key to set when enabling authentication |
+| geohealthcheck.basicAuthDisabled | bool | `false` | disable Basic Authentication to access GHC webapp and APIs (default: False), |
+| geohealthcheck.databaseUri | string | `"sqlite:////data/data.db"` | database connection string for SQL-Alchemy valid examples are: SQLite: 'sqlite:///data.db' PostgreSQL: 'postgresql+psycopg2://scott:tiger@localhost:5432/mydatabase' |
+| geohealthcheck.largeXml | bool | `false` | allows GeoHealthCheck to receive large XML files from the servers under test (default False). Note: setting this to True might pose a security risk |
+| geohealthcheck.logLevel | string | `"30"` | logging level: 10=DEBUG 20=INFO 30=WARN(ING) 40=ERROR 50=FATAL/CRITICAL (default: 30, WARNING) |
+| geohealthcheck.metadataCacheSecs | string | `"900"` | metadata, “Capabilities Docs”, cache expiry time, default 900 secs, -1 to disable |
+| geohealthcheck.minimalRunFrequencyMins | int | `10` | minimal run frequency for Resource that can be set in web UI |
+| geohealthcheck.notifications | bool | `false` | turn on email and webhook notifications |
+| geohealthcheck.notificationsEmail | list | `[]` | list of email addresses that notifications should come to. Use a different address to GHC_ADMIN_EMAIL if you have trouble receiving notification emails. Also, you can set separate notification emails t specific resources. Failing resource will send notification to emails from GHC_NOTIFICATIONS_EMAIL value and emails configured for that specific resource altogether. notificationsEmail:   - '[email protected]'   - '[email protected]' |
+| geohealthcheck.notificationsVerbosity | bool | `false` | receive additional email notifications than just Failing and Fixed (default True) |
+| geohealthcheck.probeHttpTimeoutSecs | int | `30` | stop waiting for the first byte of a Probe response after the given number of seconds |
+| geohealthcheck.requireWebappAuth | bool | `false` | require authentication (login or Basic Auth) to access GHC webapp and APIs (default: False) |
+| geohealthcheck.retentionDays | int | `30` | the number of days to keep Run history |
+| geohealthcheck.runnerInWebapp | bool | `true` | should the GHC Runner Daemon be run in webapp (default: True) |
+| geohealthcheck.selfRegister | bool | `false` | allow registrations from users on the website |
+| geohealthcheck.siteTitle | string | `"GeoHealthCheck Demonstration"` | title used for installation / deployment |
+| geohealthcheck.siteUrl | string | `"http://host"` | full URL of the installation / deployment |
+| geohealthcheck.smtpEnabled | bool | `false` | enable/disable smtp |
+| geohealthcheck.smtpPassword | string | `nil` | SMTP server name or IP |
+| geohealthcheck.smtpPort | string | `nil` | SMTP port |
+| geohealthcheck.smtpServer | string | `nil` | SMTP server name or IP |
+| geohealthcheck.smtpUseTls | string | `nil` | whether or not to use StartTLS with SMTP |
+| geohealthcheck.smtpUsername | string | `nil` | SMTP server name or IP |
+| geohealthcheck.verifySsl | bool | `true` | perform SSL verification for Probe HTTPS requests (default: True) |
+| geohealthcheck.wwwLinkExceptionCheck | bool | `false` | turn on checking for OGC Exceptions in WWW:LINK Resource responses (default False) |
+| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image |
+| image.repository | string | `"geopython/geohealthcheck"` | image for GeoHealthCheck |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
+| imagePullSecrets | list | `[]` | This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
+| ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ |
+| ingress.annotations | object | `{}` | annotations for the ingress annotations:   kubernetes.io/ingress.class: nginx   kubernetes.io/tls-acme: "true" |
+| ingress.className | string | `""` | ingress class name |
+| ingress.enabled | bool | `false` | enable/disable ingress |
+| initContainer.pullPolicy | string | `"IfNotPresent"` | Pull policy for the image of the init container |
+| initContainer.repository | string | `"library/ubuntu"` | image for the init container |
+| initContainer.resources | object | `{}` | resource definitions for the init container |
+| initContainer.tag | string | `"jammy"` | tag for the init container |
+| livenessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ |
+| nameOverride | string | `""` | This is to override the chart name. |
+| networkPolicy.egressEnabled | bool | `true` | allow/deny external connections. This should be enabled if you want to monitor resources outside of this namespace |
+| networkPolicy.enabled | bool | `true` | Enable/disable network policy generation |
+| nodeSelector | object | `{}` |  |
+| persistence.enabled | bool | `true` | enable persistence when using an SQLite database |
+| persistence.size | string | `"1Gi"` | size of the data partition |
+| persistence.storageClassName | string | `""` |  |
+| podAnnotations | object | `{}` | This is for setting Kubernetes Annotations to a Pod. For more information checkout: yamllint disable-line rule:line-length https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
+| podLabels | object | `{}` | This is for setting Kubernetes Labels to a Pod. For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ |
+| podSecurityContext | object | `{}` |  |
+| readinessProbe.httpGet.path | string | `"/"` |  |
+| readinessProbe.httpGet.port | string | `"http"` |  |
+| resources | object | `{}` | resources for the main container We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits:   cpu: 100m   memory: 128Mi requests:   cpu: 100m   memory: 128Mi |
+| securityContext | object | `{}` |  |
+| service | object | `{"type":"ClusterIP"}` | This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/ |
+| service.type | string | `"ClusterIP"` | This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| tolerations | list | `[]` |  |
+| volumeMounts | list | `[]` | Additional volumeMounts on the output Deployment definition. volumeMounts:   - name: foo     mountPath: "/etc/foo"     readOnly: true |
+| volumes | list | `[]` | Additional volumes on the output Deployment definition. volumes:   - name: foo     secret:       secretName: mysecret       optional: false |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

charts/geohealthcheck/templates/NOTES.txt

@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "geohealthcheck.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "geohealthcheck.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "geohealthcheck.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "geohealthcheck.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

charts/geohealthcheck/templates/_helpers.tpl

@@ -0,0 +1,69 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "geohealthcheck.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "geohealthcheck.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "geohealthcheck.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "geohealthcheck.labels" -}}
+helm.sh/chart: {{ include "geohealthcheck.chart" . | squote }}
+{{ include "geohealthcheck.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | squote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service | squote }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "geohealthcheck.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "geohealthcheck.name" . | squote }}
+app.kubernetes.io/instance: {{ .Release.Name | squote }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "geohealthcheck.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "geohealthcheck.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Set the port to expose
+*/}}
+{{- define "geohealthcheck.containerPort" -}}
+{{- "80" }}
+{{- end }}

charts/geohealthcheck/templates/cm-ca-certs.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-certificates" (include "geohealthcheck.fullname" .) | squote }}
+  labels:
+    {{- include "geohealthcheck.labels" . | nindent 4 }}
+data:
+  {{- range $filename, $certificate := .Values.additionalCertificates }}
+  {{ $filename -}}: |
+    {{- $certificate | nindent 4 }}
+  {{- end -}}

charts/geohealthcheck/templates/cm-secrets-variables.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: 'v1'
+kind: 'Secret'
+metadata:
+  name: {{ printf "%s-secrets" (include "geohealthcheck.fullname" .) | squote }}
+  labels:
+    {{- include "geohealthcheck.labels" . | nindent 4 }}
+type: 'Opaque'
+data:
+  SECRET_KEY: {{ .Values.geohealthcheck.auth.secret | b64enc | squote }}
+  {{- if and .Values.geohealthcheck.smtpPassword .Values.geohealthcheck.smtpEnabled }}
+  GHC_SMTP_PASSWORD: {{ .Values.geohealthcheck.smtpPassword | b64enc | squote }}
+  {{- end }}
+  SQLALCHEMY_DATABASE_URI: {{ .Values.geohealthcheck.databaseUri | b64enc | squote }}

charts/geohealthcheck/templates/cm-variables.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-variables" (include "geohealthcheck.fullname" .) | squote }}
+  labels:
+    {{- include "geohealthcheck.labels" . | nindent 4 }}
+data:
+  GHC_RETENTION_DAYS: {{ .Values.geohealthcheck.retentionDays | squote }}
+  GHC_PROBE_HTTP_TIMEOUT_SECS: {{ .Values.geohealthcheck.probeHttpTimeoutSecs | squote }}
+  GHC_MINIMAL_RUN_FREQUENCY_MINS: {{ .Values.geohealthcheck.minimalRunFrequencyMins | squote }}
+  GHC_SELF_REGISTER: {{ .Values.geohealthcheck.selfRegister | toString | squote }}
+  GHC_NOTIFICATIONS: {{ .Values.geohealthcheck.notifications | toString | squote }}
+  GHC_NOTIFICATIONS_VERBOSITY: {{ .Values.geohealthcheck.notificationsVerbosity | toString | squote }}
+  GHC_WWW_LINK_EXCEPTION_CHECK: {{ .Values.geohealthcheck.wwwLinkExceptionCheck | toString | squote }}
+  GHC_LARGE_XML: {{ .Values.geohealthcheck.largeXml | toString | squote }}
+  GHC_ADMIN_EMAIL: {{ .Values.geohealthcheck.adminEmail | squote }}
+  GHC_NOTIFICATIONS_EMAIL: {{- " " -}}{{-  .Values.geohealthcheck.notificationsEmail  | toJson | squote }}
+  GHC_SITE_TITLE: {{ .Values.geohealthcheck.siteTitle | squote }}
+  GHC_SITE_URL: {{ .Values.geohealthcheck.siteUrl | squote }}
+  GHC_RUNNER_IN_WEBAPP: {{ .Values.geohealthcheck.runnerInWebapp | toString | squote }}
+  GHC_REQUIRE_WEBAPP_AUTH: {{ .Values.geohealthcheck.requireWebappAuth | toString | squote }}
+  GHC_BASIC_AUTH_DISABLED: {{ .Values.geohealthcheck.basicAuthDisabled | toString | squote }}
+  GHC_VERIFY_SSL: {{ .Values.geohealthcheck.verifySsl | toString | squote }}
+  GHC_LOG_LEVEL: {{ .Values.geohealthcheck.logLevel | squote }}
+  GHC_METADATA_CACHE_SECS: {{ .Values.geohealthcheck.metadataCacheSecs | squote }}
+  {{- if .Values.geohealthcheck.smtpEnabled }}
+  GHC_SMTP_SERVER: {{ .Values.geohealthcheck.smtpServer | squote }}
+  GHC_SMTP_PORT: {{ .Values.geohealthcheck.smtpPort | squote }}
+  GHC_SMTP_TLS: {{ .Values.geohealthcheck.smtpUseTls | squote }}
+  GHC_SMTP_SSL: 'False'
+  GHC_SMTP_USERNAME: {{ .Values.geohealthcheck.smtpUsername | squote }}
+  {{- end }}