netboxlabs · mfiedorowicz · Oct 15, 2024 · Oct 3, 2024 · Oct 3, 2024 · Oct 15, 2024
@@ -74,14 +74,6 @@ diode-server:
           - 'diode-server/*'
           - 'diode-server/**/*'
 
-diode-distributor:
-  - changed-files:
-      - any-glob-to-any-file:
-          - 'diode-server/cmd/distributor/*'
-          - 'diode-server/cmd/distributor/**/*'
-          - 'diode-server/distributor/*'
-          - 'diode-server/distributor/**/*'
-
 diode-ingester:
   - changed-files:
       - any-glob-to-any-file:
@@ -97,3 +89,9 @@ diode-reconciler:
           - 'diode-server/cmd/reconciler/**/*'
           - 'diode-server/reconciler/*'
           - 'diode-server/reconciler/**/*'
+
+diode-chart:
+  - changed-files:
+      - any-glob-to-any-file:
+          - 'charts/*'
+          - 'charts/**/*'
@@ -3,7 +3,11 @@ on:
   push:
     branches:
       - "!release"
+    paths:
+      - "diode-server/**"
   pull_request:
+    paths:
+      - "diode-server/**"
 
 concurrency:
   group: ${{ github.workflow }}

@@ -3,7 +3,11 @@ on:
   push:
     branches:
       - "!release"
+    paths:
+      - "diode-server/**"
   pull_request:
+    paths:
+      - "diode-server/**"
 
 permissions:
   contents: read

@@ -0,0 +1,35 @@
+name: Helm - lint
+on:
+  push:
+    branches:
+      - "!release"
+    paths:
+      - "charts/**"
+  pull_request:
+    paths:
+      - "charts/**"
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  helm-lint:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    defaults:
+      run:
+        working-directory: charts
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Helm
+        uses: azure/[email protected]
+      - name: Update helm dependencies
+        run: helm dependency update diode
+      - name: Run helm lint
+        run: helm lint diode
@@ -0,0 +1,45 @@
+name: Helm - release
+on:
+  workflow_dispatch:
+  push:
+    branches: [ release ]
+    paths:
+      - "charts/**"
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
+permissions:
+  contents: write
+
+jobs:
+  helm-release:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    defaults:
+      run:
+        working-directory: charts
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+      - name: Setup Helm
+        uses: azure/[email protected]
+      - name: Update helm dependencies
+        run: |
+          helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+          helm repo add jetstack https://charts.jetstack.io
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Name }}-{{ .Version }}
+          CR_INDEX_PATH: charts/index.yaml
+          CR_PAGES_INDEX_PATH: charts/index.yaml
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,12 @@
+dependencies:
+- name: ingress-nginx
+  repository: https://kubernetes.github.io/ingress-nginx
+  version: 4.11.2
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: v1.16.1
+- name: redis
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 20.1.4
+digest: sha256:f89ee5fc93ebfc48d7566073c20cbe8ab7b632e73f2fbd860b84d1b7a01ecf48
+generated: "2024-10-14T19:29:43.398885+01:00"
@@ -0,0 +1,26 @@
+apiVersion: v2
+name: diode
+description: A Helm chart for Diode
+type: application
+version: 0.1.0
+appVersion: "0.6.0"
+home: https://github.com/netboxlabs/diode
+sources:
+  - https://github.com/netboxlabs/diode
+maintainers:
+  - name: NetBox Labs
+    email: [email protected]
+    url: https://github.com/netboxlabs
+dependencies:
+  - name: ingress-nginx
+    version: 4.11.2
+    repository: https://kubernetes.github.io/ingress-nginx
+    condition: ingress-nginx.enabled
+  - name: cert-manager
+    version: 1.16.1
+    repository: https://charts.jetstack.io
+    condition: cert-manager.enabled
+  - name: redis
+    version: 20.1.4
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: redis.enabled
@@ -0,0 +1,118 @@
+# diode
+
+A Helm chart for Diode
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
+
+## Installing the Chart
+
+Install custom resource definitions for cert-manager (if enabled):
+
+```console
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.crds.yaml
+```
+
+Create namespaces for ingress-nginx and cert-manager:
+
+```console
+kubectl create namespace diode-ingress
+kubectl create namespace diode-cert-manager
+```
+
+Install the chart with the release name `my-release`:
+
+```console
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo add jetstack https://charts.jetstack.io
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo add diode https://netboxlabs.github.io/diode/charts
+helm install my-release diode/diode --namespace my-namespace --create-namespace
+```
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.jetstack.io | cert-manager | 1.16.1 |
+| https://kubernetes.github.io/ingress-nginx | ingress-nginx | 4.11.2 |
+| oci://registry-1.docker.io/bitnamicharts | redis | 20.1.4 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| cert-manager | object | `{"enabled":false,"namespace":"diode-cert-manager"}` | ref: https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml |
+| cert-manager.enabled | bool | `false` | cert-manager enabled |
+| cert-manager.namespace | string | `"diode-cert-manager"` | cert-manager namespace |
+| certIssuer.email | string | `""` | email address for ACME registration |
+| certIssuer.enabled | bool | `false` | enable certificate issuer creation |
+| certIssuer.kind | string | `"Issuer"` | issuer kind (Issuer or ClusterIssuer) ref: https://cert-manager.io/docs/configuration/acme/ |
+| certIssuer.name | string | `""` | issuer name |
+| certIssuer.prod | bool | `false` | determines whether to use Let's Encrypt production or staging environment |
+| certIssuer.solvers | list | `[{"http01":{"ingress":{"ingressClassName":"nginx"}}}]` | solvers for the issuer |
+| diodeIngester.affinity | object | `{}` | custom affinity rules for the pod |
+| diodeIngester.config.reconcilerGrpcHost | string | `"diode-reconciler"` | diode-reconciler gRPC host |
+| diodeIngester.config.reconcilerGrpcPort | int | `8081` | diode-reconciler gRPC port |
+| diodeIngester.config.sentryDsn | string | `""` | sentry DSN |
+| diodeIngester.containerPort | int | `8081` | port to listen on |
+| diodeIngester.existingSecret | string | `""` | existing secret for diode-ingester |
+| diodeIngester.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| diodeIngester.image.repository | string | `"netboxlabs/diode-ingester"` | image repository |
+| diodeIngester.image.securityContext | object | `{}` | security context for the container |
+| diodeIngester.image.tag | string | `"v0.6.0"` | image tag |
+| diodeIngester.nodeSelector | object | `{}` | node selector for the pod |
+| diodeIngester.podAnnotations | object | `{}` | additional pod annotations |
+| diodeIngester.podLabels | object | `{}` | additional pod labels |
+| diodeIngester.podSecurityContext | object | `{}` | additional pod security context |
+| diodeIngester.replicas | int | `1` | number of replicas |
+| diodeIngester.resources | object | `{}` | resources to allocate for the container |
+| diodeIngester.secrets.ingesterToReconcilerAPIKey | string | `""` | API key for authentication between diode-ingester and diode-reconciler |
+| diodeIngester.secrets.redisPassword | string | `""` | redis password, must match the password in the redis chart or external redis |
+| diodeIngester.serviceAccount.create | bool | `true` | create service account |
+| diodeIngester.serviceAccount.name | string | `"diode-ingester"` | service account name |
+| diodeIngester.serviceName | string | `"diode-ingester"` | service name |
+| diodeIngester.tolerations | list | `[]` | tolerations to use with node taints |
+| diodeReconciler.affinity | object | `{}` | custom affinity rules for the pod |
+| diodeReconciler.config.loggingLevel | string | `"DEBUG"` | logging level |
+| diodeReconciler.config.migrationEnabled | bool | `true` | migration enabled |
+| diodeReconciler.config.netboxDiodePluginAPIBaseURL | string | `"https://<NETBOX_BASE_URL>/api/plugins/diode"` | NetBox plugin API base URL |
+| diodeReconciler.config.netboxDiodePluginSkipTLSVerify | bool | `false` | NetBox plugin skip TLS verify |
+| diodeReconciler.config.sentryDsn | string | `""` | sentry DSN |
+| diodeReconciler.containerPort | int | `8081` | port to listen on |
+| diodeReconciler.existingSecret | string | `""` | existing secret for diode-ingester |
+| diodeReconciler.image.pullPolicy | string | `"IfNotPresent"` | image pull policy |
+| diodeReconciler.image.repository | string | `"netboxlabs/diode-reconciler"` | image repository |
+| diodeReconciler.image.securityContext | object | `{}` | security context for the container |
+| diodeReconciler.image.tag | string | `"v0.6.0"` | image tag |
+| diodeReconciler.nodeSelector | object | `{}` | node selector for the pod |
+| diodeReconciler.podAnnotations | object | `{}` | additional pod annotations |
+| diodeReconciler.podLabels | object | `{}` | additional pod labels |
+| diodeReconciler.podSecurityContext | object | `{}` | additional pod security context |
+| diodeReconciler.replicas | int | `1` | number of replicas |
+| diodeReconciler.resources | object | `{}` |  |
+| diodeReconciler.secrets.diodeAPIKey | string | `""` | API key for authentication of diode ingestion requests |
+| diodeReconciler.secrets.diodeToNetboxAPIKey | string | `""` | API key for authentication between diode and NetBox API |
+| diodeReconciler.secrets.ingesterToReconcilerAPIKey | string | `""` | API key for authentication between diode-ingester and diode-reconciler |
+| diodeReconciler.secrets.netboxToDiodeAPIKey | string | `""` | API key for authentication between NetBox API and diode |
+| diodeReconciler.secrets.redisPassword | string | `""` | redis password, must match the password in the redis chart or external redis |
+| diodeReconciler.serviceAccount.create | bool | `true` | create service account |
+| diodeReconciler.serviceAccount.name | string | `"diode-reconciler"` | service account name |
+| diodeReconciler.serviceName | string | `"diode-reconciler"` | service name |
+| diodeReconciler.tolerations | list | `[]` | tolerations to use with node taints |
+| externalRedis.host | string | `""` | external redis host |
+| externalRedis.port | int | `6379` | external redis port |
+| ingress-nginx | object | `{"controller":{"allowSnippetAnnotations":true},"enabled":true,"hostname":"","ingressClass":"nginx","namespaceOverride":"diode-ingress"}` | ref: https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml |
+| ingress-nginx.controller.allowSnippetAnnotations | bool | `true` | allow snippet annotations |
+| ingress-nginx.enabled | bool | `true` | ingress-nginx enabled |
+| ingress-nginx.hostname | string | `""` | hostname |
+| ingress-nginx.ingressClass | string | `"nginx"` | ingress class |
+| ingress-nginx.namespaceOverride | string | `"diode-ingress"` | override ingress-nginx namespace |
+| redis | object | `{"auth":{"existingSecret":"diode-ingester-secret","existingSecretPasswordKey":"REDIS_PASSWORD"},"commonConfiguration":"appendonly yes\nsave 60 1\nloadmodule /opt/redis-stack/lib/rejson.so\nloadmodule /opt/redis-stack/lib/redisearch.so","enabled":true,"image":{"pullPolicy":"IfNotPresent","repository":"redis/redis-stack-server","tag":"latest"},"replica":{"replicaCount":1}}` | ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml |
+| redis.auth.existingSecret | string | `"diode-ingester-secret"` | existing secret for redis password, either diodeIngester.existingSecret, diode-ingester-secret (created from diodeIngester.secrets) or your custom secret |
+| redis.auth.existingSecretPasswordKey | string | `"REDIS_PASSWORD"` | existing secret key for redis password |
+| redis.commonConfiguration | string | `"appendonly yes\nsave 60 1\nloadmodule /opt/redis-stack/lib/rejson.so\nloadmodule /opt/redis-stack/lib/redisearch.so"` | redis configuration |
+| redis.enabled | bool | `true` | redis enabled |
+| redis.image.pullPolicy | string | `"IfNotPresent"` | redis image pull policy |
+| redis.image.repository | string | `"redis/redis-stack-server"` | redis image repository |
+| redis.image.tag | string | `"latest"` | redis image tag |
+| redis.replica.replicaCount | int | `1` | number of redis replicas |
@@ -0,0 +1,41 @@
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+## Installing the Chart
+
+{{- define "cert-manager-version" }}
+{{- range .Dependencies }}
+{{- if eq .Name "cert-manager" }}
+{{- .Version }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+Install custom resource definitions for cert-manager (if enabled):
+
+```console
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v{{ template "cert-manager-version" . }}/cert-manager.crds.yaml
+```
+
+Create namespaces for ingress-nginx and cert-manager:
+
+```console
+kubectl create namespace diode-ingress
+kubectl create namespace diode-cert-manager
+```
+
+Install the chart with the release name `my-release`:
+
+```console
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm repo add jetstack https://charts.jetstack.io
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo add diode https://netboxlabs.github.io/diode/charts
+helm install my-release diode/{{ template "chart.name" . }} --namespace my-namespace --create-namespace
+```
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
@@ -0,0 +1,4 @@
+CHART NAME: {{ .Chart.Name  }}
+CHART VERSION: {{ .Chart.Version  }}
+APP VERSION: {{ .Chart.AppVersion  }}
+DESCRIPTION: {{ .Chart.Description  }}