Skip to content

Commit

Permalink
Merge pull request #49 from xentra-ai/charts
Browse files Browse the repository at this point in the history
feat: add helm chart
  • Loading branch information
xunholy authored May 15, 2024
2 parents ed76302 + 3dc7ba8 commit 5380a4e
Show file tree
Hide file tree
Showing 23 changed files with 1,122 additions and 0 deletions.
51 changes: 51 additions & 0 deletions .github/workflows/charts-lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: Lint and Test Charts

on:
pull_request:
branches:
- main
paths:
- '.github/workflows/charts-lint.yaml'
- 'charts/**'

jobs:
lint-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up Helm
uses: azure/[email protected]
with:
version: v3.14.4

- uses: actions/setup-python@v4
with:
python-version: '3.x'
check-latest: true

- name: Set up chart-testing
uses: helm/[email protected]

- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Run chart-testing (lint)
if: steps.list-changed.outputs.changed == 'true'
run: ct lint --target-branch ${{ github.event.repository.default_branch }}

- name: Create kind cluster
if: steps.list-changed.outputs.changed == 'true'
uses: helm/[email protected]

- name: Run chart-testing (install)
if: steps.list-changed.outputs.changed == 'true'
run: ct install --target-branch ${{ github.event.repository.default_branch }}
39 changes: 39 additions & 0 deletions .github/workflows/charts-readme-docs.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: "Charts: Update README"

on:
pull_request:
branches:
- main
paths:
- '.github/workflows/charts-readme-docs.yaml'
- 'charts/**'

env:
HELM_DOCS_VERSION: 1.11.2

jobs:
chart-readme:
name: Update README
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.ref }}

- name: install helm-docs
run: |
cd /tmp
wget https://github.com/norwoodj/helm-docs/releases/download/v${{env.HELM_DOCS_VERSION}}/helm-docs_Linux_x86_64.tar.gz
tar -xvf helm-docs_Linux_x86_64.tar.gz
sudo mv helm-docs /usr/local/sbin
- name: run helm-docs
run: |
helm-docs -t README.md.gotmpl -o README.md
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action@v4
id: auto-commit
with:
branch: ${{ github.event.pull_request.head.ref }}
54 changes: 54 additions & 0 deletions .github/workflows/charts-release-ghpages.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: "Charts: Release to GHCR OCI"

on:
workflow_dispatch: {}
push:
branches:
- main
paths:
- '.github/workflows/charts-release-ghpages.yaml'
- 'charts/**'

env:
CHARTS_SRC_DIR: "charts"
TARGET_REGISTRY: ghcr.io

jobs:
release-charts:
name: Release Charts
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.TARGET_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Install Helm
uses: azure/setup-helm@v3

- name: Run chart-releaser
uses: helm/[email protected]
with:
charts_dir: ${{ env.CHARTS_SRC_DIR }}
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

- name: Publish Helm Chart to GHCR
run: |
helm package charts/kube-guardian
helm push kube-guardian-*.tgz oci://${{ env.TARGET_REGISTRY }}/${{ github.repository_owner }}/charts
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
23 changes: 23 additions & 0 deletions charts/kube-guardian/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
36 changes: 36 additions & 0 deletions charts/kube-guardian/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
apiVersion: v2
name: kube-guardian
description: A Helm chart for Kubernetes
home: https://xentra.ai/

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.8

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
kubeVersion: ">= 1.18.0-0"

keywords:
- BPF
- eBPF
- Kubernetes
- Networking
- Security
- Observability
- Troubleshooting

sources:
- https://github.com/xentra-ai/charts

maintainers:
# Mahesh Rayas
- name: maheshrayas
email: [email protected]
# Michael Fornaro
- name: xunholy
email: [email protected]
175 changes: 175 additions & 0 deletions charts/kube-guardian/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
# Xentra Helm Chart

This chart bootstraps the [Xentra]() controlplane onto a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.

![Version: 0.0.8](https://img.shields.io/badge/Version-0.0.8-informational?style=flat-square)

## Overview

This Helm chart deploys:

- A Xentra control plane configured to your specifications
- Additional features and components (optional)

## Prerequisites

- Kubernetes 1.19+
- Helm 3.0+

**Note:** *If you're using cilium ensure the following setting is set otherwise PodIPs are not correctly aggregated when determining traffic origin and desgination: `bpf.masquerade: false`*

## Install the Chart

To install the chart with the release name `my-release`:

Add the chart repo

```bash
helm repo add xentra https://xentra-ai.github.io/charts
```

You can then run `helm search repo xentra` to search the charts.

Install chart using Helm v3.0+

```bash
helm install kube-guardian xentra/kube-guardian --namespace kube-guardian --create-namespace
```

If you want to use the OCI variant of the helm chart, you can use the following command:

```bash
helm template kube-guardian oci://ghcr.io/xentra-ai/charts/kube-guardian --namespace kube-guardian --create-namespace
```

**Note:** *If you have the [Pod Securty Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) enabled for your cluster you will need to add the following annotation to the namespace that the chart is deployed*

Example:

```yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged
name: kube-guardian
```
## Directory Structure
The following shows the directory structure of the Helm chart.
```bash
charts/xentra/
├── .helmignore # Contains patterns to ignore when packaging Helm charts.
├── Chart.yaml # Information about your chart
├── values.yaml # The default values for your templates
├── charts/ # Charts that this chart depends on
└── templates/ # The template files
└── tests/ # The test files
```

## Configuration

The following table lists the configurable parameters of the Xentra chart and their default values.

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| broker.affinity | object | `{}` | |
| broker.autoscaling.enabled | bool | `false` | |
| broker.autoscaling.maxReplicas | int | `100` | |
| broker.autoscaling.minReplicas | int | `1` | |
| broker.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| broker.container.port | int | `9090` | |
| broker.fullnameOverride | string | `""` | |
| broker.image.pullPolicy | string | `"Always"` | |
| broker.image.repository | string | `"ghcr.io/xentra-ai/images/guardian-broker"` | |
| broker.image.sha | string | `""` | |
| broker.image.tag | string | `"latest"` | |
| broker.imagePullSecrets | list | `[]` | |
| broker.nameOverride | string | `""` | |
| broker.nodeSelector | object | `{"kubernetes.io/arch":"amd64"}` | Node labels for the kube-guardian broker pod assignment |
| broker.podAnnotations | object | `{}` | |
| broker.podSecurityContext | object | `{}` | |
| broker.priorityClassName | string | `""` | |
| broker.replicaCount | int | `1` | Number of broker replicas to deploy |
| broker.resources | object | `{}` | |
| broker.securityContext | object | `{}` | |
| broker.service.name | string | `"broker"` | |
| broker.service.port | int | `9090` | |
| broker.service.type | string | `"ClusterIP"` | |
| broker.serviceAccount.annotations | object | `{}` | |
| broker.serviceAccount.automountServiceAccountToken | bool | `false` | |
| broker.serviceAccount.create | bool | `true` | |
| broker.serviceAccount.name | string | `""` | |
| broker.tolerations | list | `[]` | Tolerations for the kube-guardian broker pod assignment |
| controller.affinity | object | `{}` | |
| controller.autoscaling.enabled | bool | `false` | |
| controller.autoscaling.maxReplicas | int | `100` | |
| controller.autoscaling.minReplicas | int | `1` | |
| controller.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| controller.fullnameOverride | string | `""` | |
| controller.image.pullPolicy | string | `"Always"` | |
| controller.image.repository | string | `"ghcr.io/xentra-ai/images/guardian-controller"` | |
| controller.image.sha | string | `""` | Overrides the image tag. |
| controller.image.tag | string | `"edge"` | |
| controller.imagePullSecrets | list | `[]` | |
| controller.nameOverride | string | `""` | |
| controller.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for the kube-guardian controller pod assignment |
| controller.podAnnotations | object | `{}` | |
| controller.podSecurityContext | object | `{}` | |
| controller.priorityClassName | string | `""` | Priority class to be used for the kube-guardian controller pods |
| controller.resources | object | `{}` | |
| controller.securityContext | object | `{}` | |
| controller.service.port | int | `80` | |
| controller.service.type | string | `"ClusterIP"` | |
| controller.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
| controller.serviceAccount.automountServiceAccountToken | bool | `false` | Automount API credentials for a service account |
| controller.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| controller.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| controller.tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"}]` | Tolerations for the kube-guardian controller pod assignment |
| database.affinity | object | `{}` | |
| database.autoscaling.enabled | bool | `false` | |
| database.autoscaling.maxReplicas | int | `100` | |
| database.autoscaling.minReplicas | int | `1` | |
| database.autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| database.container.port | int | `5432` | |
| database.fullnameOverride | string | `""` | |
| database.image.pullPolicy | string | `"Always"` | |
| database.image.repository | string | `"postgres"` | |
| database.image.sha | string | `""` | |
| database.image.tag | string | `"latest"` | |
| database.imagePullSecrets | list | `[]` | |
| database.name | string | `"guardian-db"` | |
| database.nameOverride | string | `""` | |
| database.nodeSelector | object | `{}` | Node labels for the kube-guardian database pod assignment |
| database.persistence.enabled | bool | `false` | |
| database.persistence.existingClaim | string | `""` | |
| database.podAnnotations | object | `{}` | |
| database.podSecurityContext | object | `{}` | |
| database.priorityClassName | string | `""` | Priority class to be used for the kube-guardian database pods |
| database.resources | object | `{}` | |
| database.securityContext | object | `{}` | |
| database.service.name | string | `"guardian-db"` | |
| database.service.port | int | `80` | |
| database.service.type | string | `"ClusterIP"` | |
| database.serviceAccount.annotations | object | `{}` | |
| database.serviceAccount.automountServiceAccountToken | bool | `false` | |
| database.serviceAccount.create | bool | `true` | |
| database.serviceAccount.name | string | `""` | |
| database.tolerations | list | `[]` | Tolerations for the kube-guardian database pod assignment |
| global.annotations | object | `{"foo":"bar"}` | Annotations to apply to all resources |
| global.labels | object | `{}` | Labels to apply to all resources |
| global.priorityClassName | string | `""` | Priority class to be used for the kube-guardian pods |
| namespace.annotations | object | `{}` | Annotations to add to the namespace |
| namespace.labels | object | `{}` | Labels to add to the namespace |
| namespace.name | string | `""` | |

## Uninstalling the Chart

To uninstall/delete the my-release deployment:

```bash
helm uninstall my-release
```
Loading

0 comments on commit 5380a4e

Please sign in to comment.