SRE-862 Publish helm chart (#8)

.github/workflows/release.yaml

@@ -0,0 +1,16 @@
+name: Release Charts
+on:
+  release:
+    types: [published]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Publish Helm charts
+        uses: stefanprodan/[email protected]
+        with:
+          token: ${{ secrets.CR_TOKEN }}
+          charts_dir: charts

.github/workflows/test.yaml

@@ -0,0 +1,42 @@
+name: Lint and Test Charts
+
+on:
+  push:
+    paths:
+      - 'charts/**'
+
+jobs:
+  lint-chart:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Run chart-testing (lint)
+        uses: helm/chart-testing-action@main
+        with:
+          command: lint --all
+          config: ./ct.yaml
+
+  install-chart:
+    name: install-chart
+    runs-on: ubuntu-latest
+    needs:
+      - lint-chart
+    strategy:
+      matrix:
+        k8s:
+          - v1.22.9
+          - v1.23.6
+          - v1.24.3
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Create kind ${{ matrix.k8s }} cluster
+        uses: helm/kind-action@main
+        with:
+          node_image: kindest/node:${{ matrix.k8s }}
+      - name: Run chart-testing (install)
+        uses: helm/chart-testing-action@main
+        with:
+          command: install --all
+          config: ./ct.yaml

README.md

@@ -18,7 +18,7 @@ You can then run `helm search repo nobl9` to see the charts.
 More information on each chart can be found in the chart's README.
 
 ## Available Charts
-- [Nobl9 Agent](https://github.com/nobl9/helm-charts/tree/main/charts/nobl9-agent). Some great description of what this is
+- [Nobl9 Agent](https://github.com/nobl9/helm-charts/tree/main/charts/nobl9-agent) - Agent to retrieve SLI metrics from configured data sources and send the data back to the Nobl9 backend.
 
 ## License
 

charts/nobl9-agent/Chart.yaml

@@ -8,4 +8,5 @@ sources:
   - https://github.com/nobl9/helm-charts/tree/main/charts/nobl9-agent
 maintainers:
   - name: nobl9
-    email: [email protected]
+    email: [email protected]
+    url: https://nobl9.com

charts/nobl9-agent/README.md

@@ -10,7 +10,7 @@ Agent to retrieve SLI metrics from configured data sources and send the data bac
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| nobl9 | <sre-team@nobl9.com> |  |
+| nobl9 | <support@nobl9.com> | <https://nobl9.com> |
 
 ## Source Code
 
@@ -20,31 +20,31 @@ Agent to retrieve SLI metrics from configured data sources and send the data bac
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| config.authServer | string | `"auseg9kiegWKEtJZC416"` |  |
-| config.clientId | string | `""` |  |
-| config.clientSecret | string | `""` |  |
-| config.datasourceName | string | `""` |  |
-| config.intakeUrl | string | `"https://nobl9.com/api/input"` |  |
-| config.oktaOrgUrl | string | `"https://accounts.nobl9.com"` |  |
-| config.organization | string | `""` |  |
-| config.project | string | `"default"` |  |
-| dataSourceAuthMethod | string | `nil` |  |
-| dataSourceAuthNames | string | `nil` |  |
-| dataSourceAuthSecrets | string | `nil` |  |
-| deployment.annotations | object | `{}` |  |
-| deployment.image | string | `"nobl9/agent"` |  |
-| deployment.pullPolicy | string | `"Always"` |  |
-| deployment.version | string | `"0.48.0"` |  |
-| extraLabels | object | `{}` |  |
-| podLabels | object | `{}` |  |
-| resources.limits.cpu | string | `"1.0"` |  |
-| resources.limits.memory | string | `"1Gi"` |  |
-| resources.requests.cpu | string | `"0.1"` |  |
-| resources.requests.memory | string | `"350Mi"` |  |
-| securityContext.allowPrivilegeEscalation | bool | `false` |  |
-| securityContext.readOnlyRootFilesystem | bool | `true` |  |
-| securityContext.runAsNonRoot | bool | `true` |  |
-| securityContext.runAsUser | int | `2000` |  |
+| config.allowedUrls | string | `nil` | Populates N9_ALLOWED_URLS that limits the URLs which an Agent is able to query |
+| config.authServer | string | `"auseg9kiegWKEtJZC416"` | Nobl9 Auth Server ID |
+| config.clientId | string | `""` | Nobl9 Client ID, creates secret with this value, leave empty and use deployment.extraEnvs to load from existing Secret |
+| config.clientSecret | string | `""` | Nobl9 Client secret, creates secret with this value, leave empty and use deployment.extraEnvs to load from existing Secret |
+| config.datasourceName | string | `""` | Nobl9 Data Source name |
+| config.intakeUrl | string | `"https://nobl9.com/api/input"` | Nobl9 API URL |
+| config.oktaOrgUrl | string | `"https://accounts.nobl9.com"` | Nobl9 Okta Organization URL |
+| config.organization | string | `""` | Nobl9 Organization name |
+| config.project | string | `"default"` | Nobl9 Project name |
+| deployment.annotations | object | `{}` | Custom annotations |
+| deployment.extraEnvs | string | `nil` | Additional Envs |
+| deployment.extraLabels | object | `{}` | Additional Labels |
+| deployment.image | string | `"nobl9/agent"` | Image used by chart |
+| deployment.pullPolicy | string | `"Always"` | Image Pull Policy |
+| deployment.version | string | `"0.48.0"` | Agent version (image tag) |
+| namespaceOverride | string | `nil` | Override the namespace |
+| resources.limits.cpu | string | `"1.0"` | CPU limit |
+| resources.limits.memory | string | `"1Gi"` | Memory limit |
+| resources.requests.cpu | string | `"0.1"` | CPU request |
+| resources.requests.memory | string | `"350Mi"` | Memory request |
+| secret.extraData | string | `nil` | Extra stringData to be included in secret, use deployment.extraEnvs to load as deployment Envs |
+| securityContext.allowPrivilegeEscalation | bool | `false` | Grants container a privileged status if set to true |
+| securityContext.readOnlyRootFilesystem | bool | `true` | ReadOnly file system mode if set to true |
+| securityContext.runAsNonRoot | bool | `true` | Runs the container as a root user if set to false |
+| securityContext.runAsUser | int | `2000` | Runs the container with specified PID |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/nobl9-agent/templates/_helpers.tpl

@@ -26,3 +26,14 @@ Create chart name and version as used by the chart label.
 {{- define "nobl9-agent.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "nobl9-agent.namespace" -}}
+  {{- if .Values.namespaceOverride -}}
+    {{- .Values.namespaceOverride -}}
+  {{- else -}}
+    {{- .Release.Namespace -}}
+  {{- end -}}
+{{- end -}}

charts/nobl9-agent/templates/deployment.yaml

@@ -2,14 +2,14 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ template "nobl9-agent.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ template "nobl9-agent.namespace" . }}
   labels:
     helm.sh/chart: {{ template "nobl9-agent.chart" . }}
     app.kubernetes.io/name: {{ template "nobl9-agent.name" . }}
     app.kubernetes.io/managed-by: {{ .Release.Service  | quote  }}
     app.kubernetes.io/instance: {{ .Release.Name  | quote  }}
     app.kubernetes.io/version: {{ .Chart.AppVersion  | quote  }}
-    {{- with .Values.podLabels }}
+    {{- with .Values.deployment.extraLabels }}
     {{ toYaml . | nindent 4 }}
     {{- end }}
 spec:
@@ -45,37 +45,35 @@ spec:
           imagePullPolicy: {{ .Values.deployment.pullPolicy }}
           {{- with .Values.resources }}
           resources:
-            {{ toYaml . | nindent 12 }}
+            {{- toYaml . | nindent 12 }}
           {{- end }}
           env:
+            {{- if .Values.config.clientId }}
             - name: N9_CLIENT_ID
               valueFrom:
                 secretKeyRef:
                   key: client_id
                   name: {{ template "nobl9-agent.fullname" . }}
+            {{- end }}
+            {{- if .Values.config.clientSecret }}
             - name: N9_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
                   key: client_secret
                   name: {{ template "nobl9-agent.fullname" . }}
-            {{- range $key, $value := .Values.dataSourceAuthMethod }}
-            - name: {{ $key }}
-              value: {{ $value }}
-            {{- end }}
-            {{- range $key, $value := .Values.dataSourceAuthName }}
-            - name: {{ $key }}
-              valueFrom:
-                secretKeyRef:
-                  key: {{ $value }}
-                  name: {{ template "nobl9-agent.fullname" $ }}
             {{- end }}
             - name: N9_INTAKE_URL
               value: {{ .Values.config.intakeUrl | quote  }}
             - name: N9_AUTH_SERVER
               value: {{ .Values.config.authServer | quote  }}
             - name: N9_OKTA_ORG_URL
               value: {{ .Values.config.oktaOrgUrl | quote  }}
+            {{- if .Values.config.allowedUrls }}
             - name: N9_ALLOWED_URLS
               value: {{ .Values.config.allowedUrls | quote  }}
+            {{- end }}
+            {{- with .Values.deployment.extraEnvs }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}

charts/nobl9-agent/templates/secret.yaml

@@ -1,8 +1,9 @@
+{{- if or (.Values.config.clientId) (.Values.config.clientSecret) (.Values.secret.extraData) }}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "nobl9-agent.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ template "nobl9-agent.namespace" . }}
   labels:
     helm.sh/chart: {{ template "nobl9-agent.chart" . }}
     app.kubernetes.io/name: {{ template "nobl9-agent.name" . }}
@@ -11,8 +12,13 @@ metadata:
     app.kubernetes.io/version: {{ .Chart.AppVersion  | quote  }}
 type: Opaque
 stringData:
+  {{- if .Values.config.clientId }}
   client_id: {{ .Values.config.clientId | quote }}
+  {{- end }}
+  {{- if .Values.config.clientSecret }}
   client_secret: {{ .Values.config.clientSecret | quote }}
-  {{- range $key, $value := .Values.dataSourceAuthSecrets }}
+  {{- end }}
+  {{- range $key, $value := .Values.secret.extraData }}
   {{ $key }}: {{ $value | quote }}
   {{- end }}
+{{- end }}

charts/nobl9-agent/values.yaml

@@ -1,56 +1,83 @@
+# -- Override the namespace
+namespaceOverride:
+
 deployment:
+  # -- Image used by chart
   image: "nobl9/agent"
+  # -- Agent version (image tag)
   version: "0.48.0"
+  # -- Image Pull Policy
   pullPolicy: Always
+  # -- Additional Envs
+  extraEnvs:
+  # - name: API_KEY
+  #   value: my-api-key
+  # - name: splunk_api_token
+  #   valueFrom:
+  #     secretKeyRef:
+  #       key: my-existing-secret-key
+  #       name: my-existing-secret
+  # - name: N9_CLIENT_ID
+  #   valueFrom:
+  #     secretKeyRef:
+  #       key: client_id
+  #       name: my-existing-secret
+  # - name: N9_CLIENT_SECRET
+  #   valueFrom:
+  #     secretKeyRef:
+  #       key: client_secret
+  #       name: my-existing-secret
+  # -- Custom annotations
   annotations: {}
+  # -- Additional Labels
+  extraLabels: {}
+
+secret:
+  # -- Extra stringData to be included in secret, use deployment.extraEnvs to load as deployment Envs
+  extraData:
+    # splunk_api_token: my-api-token
 
 resources:
-  limits:
-    cpu: "1.0"
-    memory: "1Gi"
   requests:
+    # -- CPU request
     cpu: "0.1"
+    # -- Memory request
     memory: "350Mi"
+  limits:
+    # -- CPU limit
+    cpu: "1.0"
+    # -- Memory limit
+    memory: "1Gi"
 
-## Security context
 securityContext:
+  # -- Grants container a privileged status if set to true
   allowPrivilegeEscalation: false
+  # -- ReadOnly file system mode if set to true
   readOnlyRootFilesystem: true
+  # -- Runs the container as a root user if set to false
   runAsNonRoot: true
+  # -- Runs the container with specified PID
   runAsUser: 2000
 
-## Authentification method environment variable required by some data sources
-dataSourceAuthMethod:
-#  AUTH_METHOD: api_token
-
-## Name of the secrets environment variables for authentification required by data source as NAME: key
-dataSourceAuthNames:
-#  API_TOKEN: instana_api_token
-
-## Secrets for authentification required by data source as key: value
-dataSourceAuthSecrets:
-#  instana_api_token: abcd1234!@#$
-
-## Navigate to the Integrations tab in Nobl9 UI to obtain below values
 config:
+  # -- Nobl9 Project name
   project: "default"
+  # -- Nobl9 Organization name
   organization: ""
+  # -- Nobl9 Data Source name
   datasourceName: ""
+  # -- Nobl9 Client ID, creates secret with this value, leave empty and use deployment.extraEnvs to load from existing Secret
   clientId: ""
+  # -- Nobl9 Client secret, creates secret with this value, leave empty and use deployment.extraEnvs to load from existing Secret
   clientSecret: ""
 
-  ## Values below should not be changed while working Nobl9 backend
+  # -- Nobl9 API URL
   intakeUrl: "https://nobl9.com/api/input"
+  # -- Nobl9 Auth Server ID
   authServer: "auseg9kiegWKEtJZC416"
+  # -- Nobl9 Okta Organization URL
   oktaOrgUrl: "https://accounts.nobl9.com"
 
-  ## N9_ALLOWED_URLS is an optional safety parameter that limits the URLs that an Agent is able to query
-  ## for metrics. URLs defined in the Nobl9 app are prefix-compared against the N9_ALLOWED_URLS list of
-  ## comma separated URLs.
-  # allowedUrls:
-
-## Apply additional container labels
-extraLabels: {}
+  # -- Populates N9_ALLOWED_URLS that limits the URLs which an Agent is able to query
+  allowedUrls:
 
-## Pod Labels
-podLabels: {}

ct.yaml

@@ -0,0 +1,3 @@
+chart-dirs:
+  - charts
+helm-extra-args: --timeout 600s