feat: add helm chart

Signed-off-by: Charles-Edouard Brétéché <[email protected]>

.github/workflows/ah-lint.yaml

@@ -0,0 +1,27 @@
+name: ArtifactHub Lint
+
+# permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - '*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  required:
+    runs-on: ubuntu-latest
+    container:
+      image: artifacthub/ah
+      options: --user root
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Run ah lint
+        working-directory: ./charts/
+        run: |
+          set -e
+          ah lint

.github/workflows/ct-lint.yaml

@@ -0,0 +1,47 @@
+name: CT Lint
+
+# permissions: {}
+
+on:
+  pull_request:
+    branches:
+      - '*'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  required:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+      - name: Set up Helm
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
+      - name: Setup python
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+        with:
+          python-version: 3.7
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
+      - name: Run chart-testing (lint)
+        run: |
+          set -e
+          ct lint --target-branch=main --check-version-increment=false
+
+  # ah-lint:
+  #   runs-on: ubuntu-latest
+  #   container:
+  #     image: artifacthub/ah
+  #     options: --user root
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+  #     - name: Run ah lint
+  #       working-directory: ./charts/
+  #       run: |
+  #         set -e
+  #         ah lint

.gitignore

@@ -1,6 +1,6 @@
 .DS_Store
 .tools
 .gopath
-kyverno-json
+/kyverno-json
 website/site
 playground/assets/main.wasm

Makefile

@@ -1,5 +1,14 @@
 .DEFAULT_GOAL := build
 
+##########
+# CONFIG #
+##########
+
+ORG                                ?= kyverno
+PACKAGE                            ?= github.com/$(ORG)/kyverno-json
+KIND_IMAGE                         ?= kindest/node:v1.28.0
+KIND_NAME                          ?= kind
+
 #########
 # TOOLS #
 #########
@@ -17,7 +26,9 @@ REFERENCE_DOCS                     := $(TOOLS_DIR)/genref
 REFERENCE_DOCS_VERSION             := latest
 KIND                               := $(TOOLS_DIR)/kind
 KIND_VERSION                       := v0.20.0
-TOOLS                              := $(CLIENT_GEN) $(LISTER_GEN) $(INFORMER_GEN) $(REGISTER_GEN) $(DEEPCOPY_GEN) $(CONTROLLER_GEN) $(REFERENCE_DOCS) $(KIND)
+HELM                               := $(TOOLS_DIR)/helm
+HELM_VERSION                       := v3.10.1
+TOOLS                              := $(CLIENT_GEN) $(LISTER_GEN) $(INFORMER_GEN) $(REGISTER_GEN) $(DEEPCOPY_GEN) $(CONTROLLER_GEN) $(REFERENCE_DOCS) $(KIND) $(HELM)
 PIP                                ?= "pip"
 ifeq ($(GOOS), darwin)
 SED                                := gsed
@@ -58,6 +69,10 @@ $(KIND):
 	@echo Install kind... >&2
 	@GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/kind@$(KIND_VERSION)
 
+$(HELM):
+	@echo Install helm... >&2
+	@GOBIN=$(TOOLS_DIR) go install helm.sh/helm/v3/cmd/helm@$(HELM_VERSION)
+
 .PHONY: install-tools
 install-tools: $(TOOLS) ## Install tools
 
@@ -108,13 +123,10 @@ serve: build-wasm ## Serve static files.
 # CODEGEN #
 ###########
 
-ORG                         ?= kyverno
-PACKAGE                     ?= github.com/$(ORG)/kyverno-json
 GOPATH_SHIM                 := ${PWD}/.gopath
 PACKAGE_SHIM                := $(GOPATH_SHIM)/src/$(PACKAGE)
 INPUT_DIRS                  := $(PACKAGE)/pkg/apis/v1alpha1
 CRDS_PATH                   := ${PWD}/config/crds
-KIND_IMAGE                  ?= kindest/node:v1.28.0
 INPUT_DIRS                  := $(PACKAGE)/pkg/apis/v1alpha1
 OUT_PACKAGE                 := $(PACKAGE)/pkg/client
 CLIENTSET_PACKAGE           := $(OUT_PACKAGE)/clientset
@@ -234,8 +246,13 @@ codegen-schema-json: codegen-schema-openapi ## Generate json schemas
 .PHONY: codegen-schema-all
 codegen-schema-all: codegen-schema-openapi codegen-schema-json ## Generate openapi and json schemas
 
+.PHONY: codegen-helm-docs
+codegen-helm-docs: ## Generate helm docs
+	@echo Generate helm docs... >&2
+	@docker run -v ${PWD}/charts:/work -w /work jnorwood/helm-docs:v1.11.0 -s file
+
 .PHONY: codegen
-codegen: codegen-crds codegen-deepcopy codegen-register codegen-client codegen-docs codegen-mkdocs codegen-schema-all ## Rebuild all generated code and docs
+codegen: codegen-crds codegen-deepcopy codegen-register codegen-client codegen-docs codegen-mkdocs codegen-schema-all codegen-helm-docs ## Rebuild all generated code and docs
 
 .PHONY: verify-codegen
 verify-codegen: codegen ## Verify all generated code and docs are up to date
@@ -258,10 +275,30 @@ tests: $(CLI_BIN) ## Run tests
 # KIND #
 ########
 
-.PHONY: kind-cluster
-kind-cluster: $(KIND) ## Create kind cluster
+.PHONY: kind-create
+kind-create: $(KIND) ## Create kind cluster
 	@echo Create kind cluster... >&2
-	@$(KIND) create cluster --image $(KIND_IMAGE)
+	@$(KIND) create cluster --name $(KIND_NAME) --image $(KIND_IMAGE)
+
+.PHONY: kind-delete
+kind-delete: $(KIND) ## Delete kind cluster
+	@echo Delete kind cluster... >&2
+	@$(KIND) delete cluster --name $(KIND_NAME)
+
+# .PHONY: kind-load
+# kind-load: $(KIND) ko-build ## Build playground image and load it in kind cluster
+# 	@echo Load image... >&2
+# 	@$(KIND) load docker-image --name $(KIND_NAME) ko.local/github.com/kyverno/playground/backend:$(GIT_SHA)
+
+# kind-install: $(HELM) kind-load ## Build image, load it in kind cluster and deploy playground helm chart
+
+.PHONY: kind-install
+kind-install: $(HELM) ## Build image, load it in kind cluster and deploy playground helm chart
+	@echo Install chart... >&2
+	@$(HELM) upgrade --install kyverno-json --namespace kyverno-json --create-namespace --wait ./charts/kyverno-json \
+		--set image.registry=$(KO_REGISTRY) \
+		--set image.repository=github.com/kyverno/playground/backend \
+		--set image.tag=$(GIT_SHA)
 
 ###########
 # INSTALL #

charts/kyverno-json/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/kyverno-json/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: kyverno-json
+type: application
+version: 0.1.0
+appVersion: v0.1.0
+icon: https://github.com/kyverno/kyverno-json/blob/main/website/docs/static/kyverno-json-logo.png
+description: Kyverno for JSON
+keywords:
+  - kubernetes
+  - policy agent
+sources:
+  - https://github.com/kyverno/kyverno-json
+maintainers:
+  - name: Nirmata
+    url: https://kyverno.io/
+kubeVersion: ">=1.16.0-0"

charts/kyverno-json/README.md

@@ -0,0 +1,93 @@
+# kyverno-json
+
+Kyverno for JSON
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
+
+## About
+
+TODO
+
+## Features
+
+TODO
+
+## Installing the Chart
+
+Add `kyverno-json` Helm repository:
+
+```shell
+helm repo add kyverno-json https://kyverno.github.io/kyverno-json/
+```
+
+Install `kyverno-json` Helm chart:
+
+```shell
+helm install kyverno-json --namespace kyverno --create-namespace kyverno-json/kyverno-json
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| nameOverride | string | `""` | Name override |
+| fullnameOverride | string | `""` | Full name override |
+| replicaCount | int | `1` | Number of pod replicas |
+| image.registry | string | `"ghcr.io"` | Image registry |
+| image.repository | string | `"kyverno/kyverno-json"` | Image repository |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.tag | string | `nil` | Image tag (will default to app version if not set) |
+| imagePullSecrets | list | `[]` | Image pull secrets |
+| priorityClassName | string | `""` | Priority class name |
+| serviceAccount.create | bool | `true` | Create service account |
+| serviceAccount.annotations | object | `{}` | Service account annotations |
+| serviceAccount.name | string | `""` | Service account name (required if `serviceAccount.create` is `false`) |
+| podAnnotations | object | `{}` | Pod annotations |
+| podSecurityContext | object | `{"fsGroup":2000}` | Pod security context |
+| securityContext | object | See [values.yaml](values.yaml) | Container security context |
+| service.type | string | `"ClusterIP"` | Service type |
+| service.port | int | `8080` | Service port |
+| livenessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | Liveness probe |
+| readinessProbe | object | `{"httpGet":{"path":"/","port":"http"}}` | Readiness probe |
+| ingress.enabled | bool | `false` | Enable ingress |
+| ingress.className | string | `""` | Ingress class name |
+| ingress.annotations | object | `{}` | Ingress annotations |
+| ingress.hosts | list | `[]` | Ingress hosts |
+| ingress.tls | list | `[]` | Ingress tls |
+| resources.limits | string | `nil` | Container resource limits |
+| resources.requests | string | `nil` | Container resource requests |
+| autoscaling.enabled | bool | `false` | Enable autoscaling |
+| autoscaling.minReplicas | int | `1` | Min number of replicas |
+| autoscaling.maxReplicas | int | `100` | Max number of replicas |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilisation |
+| autoscaling.targetMemoryUtilizationPercentage | string | `nil` | Target Memory utilisation |
+| nodeSelector | object | `{}` | Node selector |
+| tolerations | list | `[]` | Tolerations |
+| affinity | object | `{}` | Affinity |
+| clusterRoles | list | `[]` | Cluster roles |
+| roles | list | `[]` | Cluster roles |
+| extraArgs | object | `{}` | Additonal container arguments |
+| config.gin.mode | string | `"release"` | Gin mode (`release` or `debug`) |
+| config.gin.cors | bool | `false` | Gin cors middleware |
+| config.gin.logger | bool | `false` | Gin logger middleware |
+| config.gin.maxBodySize | int | `2097152` | Gin max body size |
+| config.server.host | string | `"0.0.0.0"` | Server host |
+| config.server.port | int | `8080` | Server port |
+| config.cluster.enabled | bool | `false` | Enable connected cluster mode |
+
+## Source Code
+
+* <https://github.com/kyverno/kyverno-json>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Nirmata |  | <https://kyverno.io/> |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/kyverno-json/README.md.gotmpl

@@ -0,0 +1,37 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.badgesSection" . }}
+
+## About
+
+TODO
+
+## Features
+
+TODO
+
+## Installing the Chart
+
+Add `kyverno-json` Helm repository:
+
+```shell
+helm repo add kyverno-json https://kyverno.github.io/kyverno-json/
+```
+
+Install `kyverno-json` Helm chart:
+
+```shell
+helm install kyverno-json --namespace kyverno --create-namespace kyverno-json/kyverno-json
+```
+
+{{ template "chart.valuesSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "helm-docs.versionFooter" . }}

charts/kyverno-json/templates/NOTES.txt

@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kyverno-json.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kyverno-json.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kyverno-json.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kyverno-json.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}