From 4005d924eef465a7b4bbee0bf35d4d39f8016ae1 Mon Sep 17 00:00:00 2001 From: XtremeOwnageDotCom <5262735+XtremeOwnageDotCom@users.noreply.github.com> Date: Sun, 30 Jun 2024 15:44:56 -0500 Subject: [PATCH] Moved charts to dedicated repo. --- .github/workflows/helm-release.yaml | 34 ++++++ charts/warbot/Chart.yaml | 6 + charts/warbot/_helpers.tpl | 35 ++++++ charts/warbot/cm-common.yaml | 11 ++ charts/warbot/cm-web.yaml | 11 ++ charts/warbot/deployment-bot.yaml | 78 ++++++++++++ charts/warbot/deployment-ui.yaml | 52 ++++++++ charts/warbot/ingress.yaml | 36 ++++++ charts/warbot/ingressroute.yaml | 21 ++++ charts/warbot/networkpolicy.yaml | 37 ++++++ charts/warbot/pvc-db-data.yaml | 15 +++ charts/warbot/pvc-ui.yaml | 15 +++ charts/warbot/secret-db.yaml | 14 +++ charts/warbot/secret-discord.yaml | 11 ++ charts/warbot/service-db.yaml | 18 +++ charts/warbot/service-ui.yaml | 19 +++ charts/warbot/service.yaml | 15 +++ charts/warbot/statefulset-db.yaml | 45 +++++++ charts/warbot/values.yaml | 181 ++++++++++++++++++++++++++++ 19 files changed, 654 insertions(+) create mode 100644 .github/workflows/helm-release.yaml create mode 100644 charts/warbot/Chart.yaml create mode 100644 charts/warbot/_helpers.tpl create mode 100644 charts/warbot/cm-common.yaml create mode 100644 charts/warbot/cm-web.yaml create mode 100644 charts/warbot/deployment-bot.yaml create mode 100644 charts/warbot/deployment-ui.yaml create mode 100644 charts/warbot/ingress.yaml create mode 100644 charts/warbot/ingressroute.yaml create mode 100644 charts/warbot/networkpolicy.yaml create mode 100644 charts/warbot/pvc-db-data.yaml create mode 100644 charts/warbot/pvc-ui.yaml create mode 100644 charts/warbot/secret-db.yaml create mode 100644 charts/warbot/secret-discord.yaml create mode 100644 charts/warbot/service-db.yaml create mode 100644 charts/warbot/service-ui.yaml create mode 100644 charts/warbot/service.yaml create mode 100644 charts/warbot/statefulset-db.yaml create mode 100644 charts/warbot/values.yaml diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml new file mode 100644 index 0000000..7ad04fc --- /dev/null +++ b/.github/workflows/helm-release.yaml @@ -0,0 +1,34 @@ +name: Release Helm Chart + +on: + push: + branches: + - main + - dev + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v4 + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + with: + charts_dir: charts + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/charts/warbot/Chart.yaml b/charts/warbot/Chart.yaml new file mode 100644 index 0000000..d9df6fe --- /dev/null +++ b/charts/warbot/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: warbot +description: A Helm chart for deploying WarBOT + +version: 0.1.0 +appVersion: "1.0" diff --git a/charts/warbot/_helpers.tpl b/charts/warbot/_helpers.tpl new file mode 100644 index 0000000..5cfc7a8 --- /dev/null +++ b/charts/warbot/_helpers.tpl @@ -0,0 +1,35 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "warbot.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "warbot.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else }} +{{- include "warbot.name" . }}-{{ .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "warbot.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +{{ include "warbot.selectorLabels" . }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "warbot.selectorLabels" -}} +app.kubernetes.io/name: {{ include "warbot.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/charts/warbot/cm-common.yaml b/charts/warbot/cm-common.yaml new file mode 100644 index 0000000..32b93fe --- /dev/null +++ b/charts/warbot/cm-common.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: common + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +data: + DB_HOST: {{ .Values.database.host | quote }} + DB_PORT: {{ .Values.database.port | quote }} + PUBLIC_URL: {{ .Values.publicUrl | quote }} diff --git a/charts/warbot/cm-web.yaml b/charts/warbot/cm-web.yaml new file mode 100644 index 0000000..a7bf9c1 --- /dev/null +++ b/charts/warbot/cm-web.yaml @@ -0,0 +1,11 @@ +{{- if .Values.ui.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: web-config + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +data: + PUBLIC_URL: {{ .Values.publicUrl | quote }} +{{- end }} diff --git a/charts/warbot/deployment-bot.yaml b/charts/warbot/deployment-bot.yaml new file mode 100644 index 0000000..0138c59 --- /dev/null +++ b/charts/warbot/deployment-bot.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "warbot.fullname" . }}-bot + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "warbot.selectorLabels" . | nindent 6 }} + role: bot + template: + metadata: + labels: + {{- include "warbot.selectorLabels" . | nindent 8 }} + role: bot + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: warbot + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: SUPERADMIN_USER_IDS + value: {{ .Values.env.SUPERADMIN_USER_IDS | quote }} + - name: ADMIN_GUILDS + value: {{ .Values.env.ADMIN_GUILDS | quote }} + - name: DB_HOST + value: {{ if .Values.database.enabled }}db{{ else }}{{ .Values.externalDatabase.host | quote }}{{ end }} + - name: DB_PORT + value: {{ if .Values.database.enabled }}3306{{ else }}{{ .Values.externalDatabase.port | quote }}{{ end }} + - name: DB_NAME + value: {{ if .Values.database.enabled }}warbot{{ else }}{{ .Values.externalDatabase.name | quote }}{{ end }} + - name: DB_USER + value: {{ if .Values.database.enabled }}warbot_user{{ else }}{{ .Values.externalDatabase.user | quote }}{{ end }} + - name: DB_PASS + value: {{ if .Values.database.enabled }}secret{{ else }}{{ .Values.externalDatabase.password | quote }}{{ end }} + - name: DISCORD_TOKEN + value: {{ .Values.discord.token | quote }} + - name: DISCORD_ID + value: {{ .Values.discord.id | quote }} + - name: DISCORD_SECRET + value: {{ .Values.discord.secret | quote }} + - name: PUBLIC_URL + value: {{ .Values.publicUrl | quote }} + ports: + - containerPort: 80 + name: http + livenessProbe: + exec: + command: + - /bin/bash + - -c + - "end=$(date -u +%s);start=$(stat -c %Z /proc/1 | awk '{print int($1)}'); test $(($end-$start)) -lt 172800" + readinessProbe: + httpGet: + path: /health + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/warbot/deployment-ui.yaml b/charts/warbot/deployment-ui.yaml new file mode 100644 index 0000000..f48f6af --- /dev/null +++ b/charts/warbot/deployment-ui.yaml @@ -0,0 +1,52 @@ +{{- if .Values.ui.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "warbot.fullname" . }}-ui + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "warbot.selectorLabels" . | nindent 6 }} + role: web + template: + metadata: + labels: + {{- include "warbot.selectorLabels" . | nindent 8 }} + role: web + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: web + image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}" + imagePullPolicy: {{ .Values.ui.image.pullPolicy }} + env: + - name: DB_HOST + value: {{ if .Values.database.enabled }}db{{ else }}{{ .Values.externalDatabase.host | quote }}{{ end }} + - name: DB_PORT + value: {{ if .Values.database.enabled }}3306{{ else }}{{ .Values.externalDatabase.port | quote }}{{ end }} + - name: DB_NAME + value: {{ if .Values.database.enabled }}warbot{{ else }}{{ .Values.externalDatabase.name | quote }}{{ end }} + - name: DB_USER + value: {{ if .Values.database.enabled }}warbot_user{{ else }}{{ .Values.externalDatabase.user | quote }}{{ end }} + - name: DB_PASS + value: {{ if .Values.database.enabled }}secret{{ else }}{{ .Values.externalDatabase.password | quote }}{{ end }} + - name: PUBLIC_URL + value: {{ .Values.publicUrl | quote }} + ports: + - containerPort: 80 + name: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} diff --git a/charts/warbot/ingress.yaml b/charts/warbot/ingress.yaml new file mode 100644 index 0000000..e3e848a --- /dev/null +++ b/charts/warbot/ingress.yaml @@ -0,0 +1,36 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "warbot.fullname" . }} + labels: + {{- include "warbot.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + pathType: ImplementationSpecific + backend: + service: + name: {{ include "warbot.fullname" $. }} + port: + number: {{ $.Values.service.port }} + {{- end }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/warbot/ingressroute.yaml b/charts/warbot/ingressroute.yaml new file mode 100644 index 0000000..63aca6b --- /dev/null +++ b/charts/warbot/ingressroute.yaml @@ -0,0 +1,21 @@ +{{- if .Values.ingressRoute.enabled -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "warbot.fullname" . }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + entryPoints: + {{- toYaml .Values.ingressRoute.entryPoints | nindent 4 }} + routes: + {{- range .Values.ingressRoute.routes }} + - match: {{ .match | quote }} + kind: {{ .kind }} + services: + {{- range .services }} + - name: {{ .name }} + port: {{ .port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/warbot/networkpolicy.yaml b/charts/warbot/networkpolicy.yaml new file mode 100644 index 0000000..2476756 --- /dev/null +++ b/charts/warbot/networkpolicy.yaml @@ -0,0 +1,37 @@ +{{- if .Values.networkPolicies.enabled -}} +{{- range .Values.networkPolicies.policies }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace }} + labels: + {{- include "warbot.labels" $ | nindent 4 }} +spec: + podSelector: + {{- toYaml .podSelector | nindent 4 }} + policyTypes: + {{- if .ingress }} + - Ingress + {{- end }} + {{- if .egress }} + - Egress + {{- end }} + {{- if .ingress }} + ingress: + {{- range .ingress }} + - from: + {{- toYaml .from | nindent 6 }} + {{- end }} + {{- end }} + {{- if .egress }} + egress: + {{- range .egress }} + - to: + {{- toYaml .to | nindent 6 }} + ports: + {{- toYaml .ports | nindent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/warbot/pvc-db-data.yaml b/charts/warbot/pvc-db-data.yaml new file mode 100644 index 0000000..cf9e6a7 --- /dev/null +++ b/charts/warbot/pvc-db-data.yaml @@ -0,0 +1,15 @@ +{{- if .Values.database.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: db-data + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +{{- end }} diff --git a/charts/warbot/pvc-ui.yaml b/charts/warbot/pvc-ui.yaml new file mode 100644 index 0000000..065e030 --- /dev/null +++ b/charts/warbot/pvc-ui.yaml @@ -0,0 +1,15 @@ +{{- if .Values.ui.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ui-data + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +{{- end }} diff --git a/charts/warbot/secret-db.yaml b/charts/warbot/secret-db.yaml new file mode 100644 index 0000000..8763293 --- /dev/null +++ b/charts/warbot/secret-db.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: db-secrets + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +stringData: + MYSQL_ROOT_PASSWORD: {{ .Values.database.password | quote }} + MYSQL_DATABASE: {{ .Values.database.name | quote }} + MYSQL_USER: {{ .Values.database.user | quote }} + MYSQL_PASSWORD: {{ .Values.database.password | quote }} + MARIADB_AUTO_UPGRADE: "1" + MARIADB_INITDB_SKIP_TZINFO: "1" diff --git a/charts/warbot/secret-discord.yaml b/charts/warbot/secret-discord.yaml new file mode 100644 index 0000000..1ac3829 --- /dev/null +++ b/charts/warbot/secret-discord.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: discord-secrets + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +stringData: + DISCORD_ID: {{ .Values.discord.id | quote }} + DISCORD_TOKEN: {{ .Values.discord.token | quote }} + DISCORD_SECRET: {{ .Values.discord.secret | quote }} diff --git a/charts/warbot/service-db.yaml b/charts/warbot/service-db.yaml new file mode 100644 index 0000000..cc92c15 --- /dev/null +++ b/charts/warbot/service-db.yaml @@ -0,0 +1,18 @@ +{{- if .Values.database.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: db + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + selector: + app: {{ include "warbot.name" . }} + role: db + ports: + - name: sql + port: 3306 + protocol: TCP + targetPort: sql +{{- end }} diff --git a/charts/warbot/service-ui.yaml b/charts/warbot/service-ui.yaml new file mode 100644 index 0000000..ac6f413 --- /dev/null +++ b/charts/warbot/service-ui.yaml @@ -0,0 +1,19 @@ +{{- if .Values.ui.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: ui + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + type: {{ .Values.uiService.type }} + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + {{- include "warbot.selectorLabels" . | nindent 4 }} + role: web +{{- end }} diff --git a/charts/warbot/service.yaml b/charts/warbot/service.yaml new file mode 100644 index 0000000..7d8ee62 --- /dev/null +++ b/charts/warbot/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "warbot.fullname" . }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "warbot.selectorLabels" . | nindent 4 }} diff --git a/charts/warbot/statefulset-db.yaml b/charts/warbot/statefulset-db.yaml new file mode 100644 index 0000000..ef82469 --- /dev/null +++ b/charts/warbot/statefulset-db.yaml @@ -0,0 +1,45 @@ +{{- if .Values.database.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: db + namespace: {{ .Release.Namespace }} + labels: + {{- include "warbot.labels" . | nindent 4 }} +spec: + replicas: 1 + serviceName: db + selector: + matchLabels: + role: db + template: + metadata: + labels: + app: {{ include "warbot.name" . }} + role: db + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: db + image: mariadb:latest + securityContext: + runAsNonRoot: true + allowPrivilegeEscalation: false + runAsUser: 30001 + runAsGroup: 30001 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + envFrom: + - secretRef: + name: db-secrets + volumeMounts: + - mountPath: /var/lib/mysql + name: db + ports: + - containerPort: 3306 + name: sql +{{- end }} diff --git a/charts/warbot/values.yaml b/charts/warbot/values.yaml new file mode 100644 index 0000000..5896cee --- /dev/null +++ b/charts/warbot/values.yaml @@ -0,0 +1,181 @@ +# Default values for WarBot. + +# Replica count for the deployment +replicaCount: 1 + +# Image configuration +image: + repository: git.kube.xtremeownage.com/xtremeownage.com/warbot + tag: latest + pullPolicy: IfNotPresent + +# UI settings +ui: + enabled: true + image: + repository: git.kube.xtremeownage.com/xtremeownage.com/warbot-ui + tag: latest + pullPolicy: IfNotPresent + +# Database settings +database: + enabled: true # Set to false if using an external database + host: db + port: 3306 + name: warbot + user: warbot_user + password: secret + +# External database configuration (if not using the provided database) +externalDatabase: + host: "" + port: 3306 + name: "" + user: "" + password: "" + +# Discord settings +discord: + id: "437983722193551363" + token: "your-discord-token" + secret: "your-discord-secret" + +# Public URL +publicUrl: "https://warbot.dev/" + +# Kubernetes service settings +service: + type: ClusterIP + port: 80 + +# UI service settings +uiService: + type: ClusterIP + port: 80 + +# Ingress settings +ingress: + enabled: false + annotations: {} + hosts: + - host: chart-example.local + paths: [] + tls: [] + +# Traefik IngressRoute settings +ingressRoute: + enabled: false + entryPoints: + - websecure + routes: + - match: Host(`warbot.dev`) + kind: Rule + services: + - name: web + port: http + +# NetworkPolicy settings +networkPolicies: + enabled: true + policies: + - name: default-policy + podSelector: + matchLabels: + app: warbot-prod + ingress: + - from: + - podSelector: + matchLabels: + app: warbot-prod + egress: + - to: + - podSelector: + matchLabels: + app: warbot-prod + - name: egress-allow-internet + podSelector: + matchLabels: + networking/allow-internet-egress: "true" + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 10.0.0.0/8 + - 192.168.0.0/16 + - 172.16.0.0/20 + - name: egress-web + podSelector: + matchLabels: + app: warbot-prod + role: web + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + podSelector: + matchLabels: + app.kubernetes.io/name: traefik + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: cloudflare + podSelector: + matchLabels: + app: cloudflared + - name: ingress-allow-traefik + podSelector: + matchLabels: + app: warbot-prod + role: web + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + podSelector: + matchLabels: + app.kubernetes.io/instance: traefik-traefik + app.kubernetes.io/name: traefik + - name: egress-allow-dns + podSelector: + matchLabels: + networking/allow-internet-egress: "true" + egress: + - to: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - protocol: TCP + port: 53 + - protocol: UDP + port: 53 + - name: ingress-allow-cloudflare + podSelector: + matchLabels: + app: warbot-prod + role: web + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: cloudflare + podSelector: + matchLabels: + app: cloudflared + +resources: {} +autoscaling: {} +nodeSelector: {} +tolerations: [] +affinity: {} + +# Environment variables +env: + SUPERADMIN_USER_IDS: "381654208073433091" + ADMIN_GUILDS: "458992709718245377,381654582444687370" + PUBLIC_URL: "https://warbot.dev/"