From d82dfa5504026542bb77aaadaa2a4dba4e586f45 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 10:28:49 -0500 Subject: [PATCH 01/13] create helm repo install file --- helm-charts/README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 helm-charts/README.md diff --git a/helm-charts/README.md b/helm-charts/README.md new file mode 100644 index 0000000000..ffcef1a657 --- /dev/null +++ b/helm-charts/README.md @@ -0,0 +1,22 @@ +## Usage + +[Helm](https://helm.sh) must be installed to use the charts. Please refer to +Helm's [documentation](https://helm.sh/docs) to get started. + +Once Helm has been set up correctly, add the repo as follows: + +``` + helm repo add https://infisical.github.io/helm-charts +``` + +If you had already added this repo earlier, run `helm repo update` to retrieve +the latest versions of the packages. You can then run `helm search repo +` to see the charts. + +To install the chart: + + helm install my- / + +To uninstall the chart: + + helm delete my- From 0dd546813a302c8e462186c70969fe8a3ce4eaf3 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 10:37:33 -0500 Subject: [PATCH 02/13] Create helm-chart-release.yaml --- .github/workflows/helm-chart-release.yaml | 36 +++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 .github/workflows/helm-chart-release.yaml diff --git a/.github/workflows/helm-chart-release.yaml b/.github/workflows/helm-chart-release.yaml new file mode 100644 index 0000000000..5371848fb0 --- /dev/null +++ b/.github/workflows/helm-chart-release.yaml @@ -0,0 +1,36 @@ +name: Release Charts + +on: + push: + branches: + - main + +jobs: + release: + # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions + # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: v3.10.0 + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.4.1 + with: + charts_dir: helm-charts + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 2acea4f085757ca771c817a66d2a444eaf76d293 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 10:45:02 -0500 Subject: [PATCH 03/13] push new cli release to populate release page --- cli/packages/cmd/root.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/packages/cmd/root.go b/cli/packages/cmd/root.go index 826ccb4df6..42d85e5b25 100644 --- a/cli/packages/cmd/root.go +++ b/cli/packages/cmd/root.go @@ -15,7 +15,7 @@ var rootCmd = &cobra.Command{ Short: "Infisical CLI is used to inject environment variables into any process", Long: `Infisical is a simple, end-to-end encrypted service that enables teams to sync and manage their environment variables across their development life cycle.`, CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true}, - Version: "0.1.5", + Version: "0.1.6", } // Execute adds all child commands to the root command and sets flags appropriately. From e8e6b72422fc23f590cba43cf2658d6bb9fd4368 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 10:46:56 -0500 Subject: [PATCH 04/13] pause helm chart release --- .github/workflows/helm-chart-release.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/helm-chart-release.yaml b/.github/workflows/helm-chart-release.yaml index 5371848fb0..9145a38770 100644 --- a/.github/workflows/helm-chart-release.yaml +++ b/.github/workflows/helm-chart-release.yaml @@ -1,9 +1,9 @@ name: Release Charts -on: - push: - branches: - - main +# on: +# push: +# branches: +# - main jobs: release: From e67620c3ce2fc9d8d2cad54e781539e6c13b0643 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 10:48:18 -0500 Subject: [PATCH 05/13] helm release on dispatch --- .github/workflows/helm-chart-release.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/helm-chart-release.yaml b/.github/workflows/helm-chart-release.yaml index 9145a38770..e3a3e32bc8 100644 --- a/.github/workflows/helm-chart-release.yaml +++ b/.github/workflows/helm-chart-release.yaml @@ -1,9 +1,6 @@ name: Release Charts -# on: -# push: -# branches: -# - main +on: [workflow_dispatch] jobs: release: From 9ee5f3d41bbb19b74be9f5c3a2e3fcf2e83ab555 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 12:04:23 -0500 Subject: [PATCH 06/13] upload helm chart to cloudsmith --- .github/workflows/helm-chart-release.yaml | 25 ++++++++--------------- helm-charts/upload-to-cloudsmith.sh | 10 +++++++++ 2 files changed, 19 insertions(+), 16 deletions(-) create mode 100644 helm-charts/upload-to-cloudsmith.sh diff --git a/.github/workflows/helm-chart-release.yaml b/.github/workflows/helm-chart-release.yaml index e3a3e32bc8..b611dde890 100644 --- a/.github/workflows/helm-chart-release.yaml +++ b/.github/workflows/helm-chart-release.yaml @@ -1,33 +1,26 @@ -name: Release Charts +name: Release Helm Charts on: [workflow_dispatch] jobs: release: - # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions - # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token - permissions: - contents: write runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 with: fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Install Helm uses: azure/setup-helm@v3 with: version: v3.10.0 - - - name: Run chart-releaser + - name: Build helm package + run: cd helm-charts && helm package ./infisical uses: helm/chart-releaser-action@v1.4.1 - with: - charts_dir: helm-charts + - name: Install python and Cloudsmith CLI + uses: actions/setup-python@v4 + run: pip install --upgrade cloudsmith-cli + - name: Push helm package to Cloudsmith + run: cd helm-charts && sh upload-to-cloudsmith.sh env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} \ No newline at end of file diff --git a/helm-charts/upload-to-cloudsmith.sh b/helm-charts/upload-to-cloudsmith.sh new file mode 100644 index 0000000000..218c11149a --- /dev/null +++ b/helm-charts/upload-to-cloudsmith.sh @@ -0,0 +1,10 @@ +## Loop through each helm chart directoy and build each into helm package +for d in */ ; do + helm package $d +done + +## Upload each packaged helm chart +for i in *.tgz; do + [ -f "$i" ] || break + cloudsmith push helm --republish infisical/helm-charts $i +done \ No newline at end of file From 05a19a2201e4ddb132f589ce90803f0c3a1c6e6c Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 12:13:52 -0500 Subject: [PATCH 07/13] Rewrite upload steps action --- .../{helm-chart-release.yaml => helm-chart-release.yml} | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) rename .github/workflows/{helm-chart-release.yaml => helm-chart-release.yml} (69%) diff --git a/.github/workflows/helm-chart-release.yaml b/.github/workflows/helm-chart-release.yml similarity index 69% rename from .github/workflows/helm-chart-release.yaml rename to .github/workflows/helm-chart-release.yml index b611dde890..6372cc7738 100644 --- a/.github/workflows/helm-chart-release.yaml +++ b/.github/workflows/helm-chart-release.yml @@ -14,13 +14,11 @@ jobs: uses: azure/setup-helm@v3 with: version: v3.10.0 - - name: Build helm package - run: cd helm-charts && helm package ./infisical - uses: helm/chart-releaser-action@v1.4.1 - - name: Install python and Cloudsmith CLI + - name: Install python uses: actions/setup-python@v4 + - name: Install Cloudsmith CLI run: pip install --upgrade cloudsmith-cli - - name: Push helm package to Cloudsmith + - name: Build and push helm package to Cloudsmith run: cd helm-charts && sh upload-to-cloudsmith.sh env: CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} \ No newline at end of file From 6fb22b68dd0ede5b01c7af15b9e5d96d718e11fa Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 12:17:06 -0500 Subject: [PATCH 08/13] update workflow file name --- .../{helm-chart-release.yml => helm_chart_release.yml} | 2 -- .github/workflows/release_build.yml | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) rename .github/workflows/{helm-chart-release.yml => helm_chart_release.yml} (93%) diff --git a/.github/workflows/helm-chart-release.yml b/.github/workflows/helm_chart_release.yml similarity index 93% rename from .github/workflows/helm-chart-release.yml rename to .github/workflows/helm_chart_release.yml index 6372cc7738..8f47da69d0 100644 --- a/.github/workflows/helm-chart-release.yml +++ b/.github/workflows/helm_chart_release.yml @@ -8,8 +8,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 - with: - fetch-depth: 0 - name: Install Helm uses: azure/setup-helm@v3 with: diff --git a/.github/workflows/release_build.yml b/.github/workflows/release_build.yml index aea82a9d2b..695b0ea240 100644 --- a/.github/workflows/release_build.yml +++ b/.github/workflows/release_build.yml @@ -1,4 +1,4 @@ -name: goreleaser +name: Go releaser on: push: From 3e2ed62e50c6a07a20044ada5989b255227c957e Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 12:31:48 -0500 Subject: [PATCH 09/13] update readme of helm repo --- helm-charts/README.md | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/helm-charts/README.md b/helm-charts/README.md index ffcef1a657..0974640287 100644 --- a/helm-charts/README.md +++ b/helm-charts/README.md @@ -1,22 +1,16 @@ -## Usage - -[Helm](https://helm.sh) must be installed to use the charts. Please refer to -Helm's [documentation](https://helm.sh/docs) to get started. - -Once Helm has been set up correctly, add the repo as follows: +### helm repository Setup +Assuming you have helm already installed, it is straight-forward to add a Cloudsmith-based chart repository: ``` - helm repo add https://infisical.github.io/helm-charts +helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' + +helm repo update ``` -If you had already added this repo earlier, run `helm repo update` to retrieve -the latest versions of the packages. You can then run `helm search repo -` to see the charts. - -To install the chart: - - helm install my- / - -To uninstall the chart: +### Installing a Helm Chart +``` +helm install infisical-helm-charts/ +``` - helm delete my- +#### Available chart names +- infisical From e98b76cba5397318d542195e631cb63d5f57faf5 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 12:57:18 -0500 Subject: [PATCH 10/13] remove manual namespace --- helm-charts/infisical/templates/backend-deployment.yaml | 2 -- helm-charts/infisical/templates/frontend-deployment.yaml | 2 -- helm-charts/infisical/templates/ingress.yaml | 1 - helm-charts/infisical/templates/mongodb-deployment.yaml | 2 -- helm-charts/infisical/templates/namespace.yaml | 4 ---- 5 files changed, 11 deletions(-) delete mode 100644 helm-charts/infisical/templates/namespace.yaml diff --git a/helm-charts/infisical/templates/backend-deployment.yaml b/helm-charts/infisical/templates/backend-deployment.yaml index ca45c528b8..9bc72eaf53 100644 --- a/helm-charts/infisical/templates/backend-deployment.yaml +++ b/helm-charts/infisical/templates/backend-deployment.yaml @@ -4,7 +4,6 @@ metadata: name: {{ .Release.Name }}-backend-deployment labels: app: backend - namespace: {{ .Values.namespace }} spec: replicas: {{ .Values.backend.replicaCount }} selector: @@ -35,7 +34,6 @@ apiVersion: v1 kind: Service metadata: name: infisical-backend-service - namespace: {{ .Values.namespace }} spec: selector: app: backend diff --git a/helm-charts/infisical/templates/frontend-deployment.yaml b/helm-charts/infisical/templates/frontend-deployment.yaml index f19beaa3d4..e0dbdae0db 100644 --- a/helm-charts/infisical/templates/frontend-deployment.yaml +++ b/helm-charts/infisical/templates/frontend-deployment.yaml @@ -4,7 +4,6 @@ metadata: name: {{ .Release.Name }}-frontend-deployment labels: app: frontend - namespace: {{ .Values.namespace }} spec: replicas: {{ .Values.frontend.replicaCount }} selector: @@ -26,7 +25,6 @@ apiVersion: v1 kind: Service metadata: name: infisical-frontend-service - namespace: {{ .Values.namespace }} spec: selector: app: frontend diff --git a/helm-charts/infisical/templates/ingress.yaml b/helm-charts/infisical/templates/ingress.yaml index e8b0febb39..a987627f4b 100644 --- a/helm-charts/infisical/templates/ingress.yaml +++ b/helm-charts/infisical/templates/ingress.yaml @@ -3,7 +3,6 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: infisical-ingress - namespace: {{ .Values.namespace }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/helm-charts/infisical/templates/mongodb-deployment.yaml b/helm-charts/infisical/templates/mongodb-deployment.yaml index 02d380b1e2..90b755ad3e 100644 --- a/helm-charts/infisical/templates/mongodb-deployment.yaml +++ b/helm-charts/infisical/templates/mongodb-deployment.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: mongodb-deployment - namespace: {{ .Values.namespace }} labels: app: mongodb spec: @@ -30,7 +29,6 @@ apiVersion: v1 kind: Service metadata: name: mongodb-service - namespace: {{ .Values.namespace }} spec: selector: app: mongodb diff --git a/helm-charts/infisical/templates/namespace.yaml b/helm-charts/infisical/templates/namespace.yaml deleted file mode 100644 index 3f9c2c1ada..0000000000 --- a/helm-charts/infisical/templates/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: infisical \ No newline at end of file From afb374ff134f15d4fc9126587c1b10fd9172241a Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 14:32:16 -0500 Subject: [PATCH 11/13] Add docs for k8 support --- docs/mint.json | 7 ++- docs/self-hosting/deployments/kubernetes.mdx | 54 ++++++++++++++++++++ docs/self-hosting/overview.mdx | 11 ++-- 3 files changed, 67 insertions(+), 5 deletions(-) create mode 100644 docs/self-hosting/deployments/kubernetes.mdx diff --git a/docs/mint.json b/docs/mint.json index 4ff49b5b98..1d52466808 100644 --- a/docs/mint.json +++ b/docs/mint.json @@ -102,8 +102,11 @@ "pages": [ "self-hosting/overview", { - "group": "Deployments", - "pages": ["self-hosting/deployments/linux"] + "group": "Deployments options", + "pages": [ + "self-hosting/deployments/linux", + "self-hosting/deployments/kubernetes" + ] }, { "group": "Configuration", diff --git a/docs/self-hosting/deployments/kubernetes.mdx b/docs/self-hosting/deployments/kubernetes.mdx new file mode 100644 index 0000000000..4515aa667d --- /dev/null +++ b/docs/self-hosting/deployments/kubernetes.mdx @@ -0,0 +1,54 @@ +--- +title: "Kubernetes" +description: "Deploy with Kubernetes" +--- + + +Self-host vs. Infisical Cloud + +Self-hosting Infisical means managing the service yourself, taking care of upgrades, scaling, security, etc. + +If you're less technical and looking for a hands-free experience with minimal overhead then we recommend Infisical Cloud. + + + +**Prerequisites** +- You have understanding of [Kubernetes](https://kubernetes.io/) +- You have understanding of [Helm package manager](https://helm.sh/) +- You have [kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/) installed and connected to your kubernetes cluster + + +#### 1. Fill our environment variables + +Before you can deploy the Helm chart, you must fill out the required environment variables. To do so, please either download or copy the +contents of [this file](https://raw.githubusercontent.com/Infisical/infisical/main/helm-charts/infisical/values.yaml) to a `.yaml` file. +_Refer to the available [environment variables](../../self-hosting/configuration/envars)_ + +Once you have a local copy of the values file, fill our the required environment variables and save the file. + + +#### 2. Install Infisical Helm repository + +```bash +helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' + +helm repo update +``` + +#### 3. Install the Helm chart + +By default, the helm chart will be installed on your default namespace. If you wish to install the Chart on a different namespace, you may specify +that by adding the `--namespace ` to your `helm install` command. + +```bash +## Installs to default namespace +helm install infisical-helm-charts/infisical --values +``` + + +If you have not filled out all of the required environment variables, you will see an error message prompting you to +do so. + + +5. Your Infisical installation is complete and should be running on the host name you specified in Ingress in `values.yaml`. +Note: Please allow an additional time (2 minutes) for the frontend pods to be fully ready. \ No newline at end of file diff --git a/docs/self-hosting/overview.mdx b/docs/self-hosting/overview.mdx index 8f2df5c378..d4c2aa303e 100644 --- a/docs/self-hosting/overview.mdx +++ b/docs/self-hosting/overview.mdx @@ -17,9 +17,14 @@ Infisical Cloud also comes with some extra features unavailabe in the self-hoste Infisical can be deployed on a Linux VM with docker-compose. We're rolling out more specific deployment options for DigitalOcean, AWS, GCP, and Azure soon. -Options: - -- [Linux VM](/self-hosting/deployments/linux) + + + Deploy to any Linux with Docker + + + Deploy to your Kubernetes cluster + + ## Telemetry From 13f2ab9425b56bff6d3d942bfd8f779360d26624 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 14:41:09 -0500 Subject: [PATCH 12/13] update steps number --- docs/self-hosting/deployments/kubernetes.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-hosting/deployments/kubernetes.mdx b/docs/self-hosting/deployments/kubernetes.mdx index 4515aa667d..8ed2c0e056 100644 --- a/docs/self-hosting/deployments/kubernetes.mdx +++ b/docs/self-hosting/deployments/kubernetes.mdx @@ -50,5 +50,5 @@ If you have not filled out all of the required environment variables, you will s do so. -5. Your Infisical installation is complete and should be running on the host name you specified in Ingress in `values.yaml`. +4. Your Infisical installation is complete and should be running on the host name you specified in Ingress in `values.yaml`. Note: Please allow an additional time (2 minutes) for the frontend pods to be fully ready. \ No newline at end of file From c5a422fe640e4edb7ef3f015f9359d6de6dd5f4d Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Mon, 5 Dec 2022 15:26:20 -0500 Subject: [PATCH 13/13] update self host docs --- docs/self-hosting/overview.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/self-hosting/overview.mdx b/docs/self-hosting/overview.mdx index d4c2aa303e..b0729637cb 100644 --- a/docs/self-hosting/overview.mdx +++ b/docs/self-hosting/overview.mdx @@ -9,13 +9,13 @@ Self-hosting Infisical means managing the service yourself, taking care of upgra If you're less technical and looking for a hands-free experience with minimal overhead then we recommend Infisical Cloud. -Infisical Cloud also comes with some extra features unavailabe in the self-hosted edition. You can find more information about Infisical Cloud's offering on the pricing page. +Infisical Cloud also comes with some extra features unavailable in the self-hosted edition. You can find more information about Infisical Cloud's offering on the pricing page. ## Deployment options -Infisical can be deployed on a Linux VM with docker-compose. We're rolling out more specific deployment options for DigitalOcean, AWS, GCP, and Azure soon. +Infisical can be deployed on a Linux VM with docker-compose and Kubernetes. We're rolling out more specific deployment options for DigitalOcean, AWS, GCP, and Azure soon.