Create 'circle-webhook-proxy' Helm chart (#14)

indiegogo · Sep 1, 2021 · 2f4b7dd · 2f4b7dd
1 parent f8775f0
commit 2f4b7dd
Show file tree

Hide file tree

Showing 8 changed files with 538 additions and 0 deletions.
diff --git a/charts/circle-webhook-proxy/.helmignore b/charts/circle-webhook-proxy/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/circle-webhook-proxy/Chart.yaml b/charts/circle-webhook-proxy/Chart.yaml
@@ -0,0 +1,26 @@
+apiVersion: v2
+name: circle-webhook-proxy
+version: 0.1.0
+description: A Helm chart for our CircleCI webhook proxy
+type: application
+keywords:
+  - circle-ci
+  - webhook
+  - proxy
+home: https://github.com/indiegogo/ops_tools/tree/main/docker/circle-webhook-proxy
+sources:
+  - https://github.com/indiegogo/ops_tools/tree/main/docker/circle-webhook-proxy
+dependencies:
+  - name: common
+    version: "0.1.2"
+    repository: https://charts.indiegogo.com/
+    tags:
+      - indiegogo-common
+  - name: redis
+    version: "0.4.6"
+    repository: https://groundhog2k.github.io/helm-charts/
+    condition: redis.chartEnabled
+maintainers:
+  - name: DevOps
+    email: [email protected]
+appVersion: "a834b72"
diff --git a/charts/circle-webhook-proxy/README.md b/charts/circle-webhook-proxy/README.md
@@ -0,0 +1,154 @@
+# CircleCI webhook proxy Chart packaged by Indiegogo
+
+The CircleCI webhook proxy intercepts GitHub webhook events of type 'push' which represent a newly pushed commit. It will store the request headers and body into Redis for persistence with a TTL of 7 days by default. Users can have the proxy submit the intercepted 'push' webhook to the upstream CircleCI instance.  For more information, see the readme [here](https://github.com/indiegogo/ops_tools/tree/main/docker/circle-webhook-proxy).
+
+## TL;DR
+
+```bash
+$ helm repo add indiegogo https://charts.indiegogo.com
+$ helm install my-release indiegogo/circle-webhook-proxy
+```
+
+## Introduction
+
+This chart bootstraps a CircleCI webhook proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.12+
+- Helm 3.6.2
+
+## Getting started with default values
+
+To get you started with modifying the default values to your liking/needs, use the below command to grab the latest `values.yaml` file:
+
+```bash
+$ helm show values indiegogo/circle-webhook-proxy > values.yaml
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+$ helm install my-release indiegogo/circle-webhook-proxy
+```
+
+The command deploys CircleCI webhook proxy on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm uninstall my-release
+```
+
+> NOTE: If you used `-n namespace` when you installed the chart, be sure to use it again when you uninstall the chart, otherwise the associated dependency Kubernetes resources will not be deleted:
+
+```bash
+$ helm uninstall -n namespace my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Parameters
+
+
+### Common parameters
+
+| Name               | Type   | Description                                                      | Default |
+| ------------------ | ------ | ---------------------------------------------------------------- | ------- |
+| `kubeVersion`      | string | Override Kubernetes version                                      | `nil`   |
+| `nameOverride`     | string | Partially override names.fullname                                | `nil`   |
+| `fullnameOverride` | string | Fully override names.fullname                                    | `nil`   |
+| `commonLabels`     | object | Labels to add to all deployed objects                            | `{}`    |
+| `networkPort`      | int    | Deployment container, Deployment livenessProbe, and Service port | `8080`  |
+
+
+### Deployment parameters
+
+| Name                                | Type    | Description                                                    | Default                                    |
+| ----------------------------------- | ------- | -------------------------------------------------------------- | ------------------------------------------ |
+| `image.registry`                    | string  | The Docker image registry                                      | `"gcr.io"`                                 |
+| `image.repository`                  | string  | The Docker image repository                                    | `"indiegogo-staging/circle-webhook-proxy"` |
+| `image.tag`                         | string  | The Docker image tag                                           | `'latest'`                                 |
+| `image.pullPolicy`                  | string  | The Docker image pull policy                                   | `"IfNotPresent"`                           |
+| `environmentIncludeDefault`         | boolean | Include/don't include the default environment variables        | `true`                                     |
+| `environment`                       | object  | Custom/extra environment variables                             | `{}`                                       |
+| `containerPort`                     | int     | Circle webhook proxy container port (overrides `networkPort`)  | `nil`                                      |
+| `replicaCount`                      | int     | Number of Circle webhook proxy replicas to deploy              | `1`                                        |
+| `strategy.type`                     | string  | Deployment strategy type                                       | `"RollingUpdate"`                          |
+| `strategy.rollingUpdate`            | object  | Rolling update deployment strategy options                     | `{}`                                       |
+| `resources.requests`                | object  | CPU/memory resource requests                                   | `{}`                                       |
+| `resources.limits`                  | object  | CPU/memory resource limits                                     | `{}`                                       |
+| `livenessProbe.enabled`             | boolean | Enable/Disable the default tcpSocket livenessProbe             | `true`                                     |
+| `livenessProbe.port`                | int     | Default livenessProbe tcpSocket port (overrides `networkPort`) | `nil`                                      |
+| `livenessProbe.initialDelaySeconds` | int     | Initial delay seconds for livenessProbe                        | `nil`                                      |
+| `livenessProbe.periodSeconds`       | int     | Period seconds for livenessProbe                               | `nil`                                      |
+| `livenessProbe.timeoutSeconds`      | int     | Timeout seconds for livenessProbe                              | `nil`                                      |
+| `livenessProbe.successThreshold`    | int     | Success threshold for livenessProbe                            | `nil`                                      |
+| `livenessProbe.failureThreshold`    | int     | Failure threshold for livenessProbe                            | `nil`                                      |
+| `customLivenessProbe`               | object  | Custom livenessProbe that overrides the default one            | `{}`                                       |
+| `readinessProbeEnabled`             | boolean | Enable the custom readinessProbe                               | `false`                                    |
+| `readinessProbe`                    | object  | Write your custom readiness probe here                         | `{}`                                       |
+
+
+### Service parameters
+
+| Name           | Type   | Description                                                 | Default      |
+| ---------------| ------ | ----------------------------------------------------------- | ------------ |
+| `service.port` | int    | Circle webhook proxy Service port (overrides `networkPort`) | `nil`        |
+| `service.type` | string | Circle webhook proxy Service Type                           | `"NodePort"` |
+
+
+### Ingress parameters
+
+| Name                        | Type    | Description                | Default           |
+| --------------------------- | ------- | -------------------------- | ----------------- |
+| `ingress.enabled`           | boolean | Enable/Disable Ingress     | `true`            |
+| `ingress.tls.enabled`       | boolean | Enable/Disable Ingress TLS | `false`           |
+| `ingress.tls.hosts`         | list    | Ingress TLS host(s)        | see `values.yaml` |
+| `ingress.tls.secretName`    | string  | Ingress TLS Secret name    | `nil`             |
+| `ingress.rules.hosts`       | list    | Ingress rules host(s)      | see `values.yaml` |
+| `ingress.customAnnotations` | object  | Ingress custom annotations | `{}`              |
+
+
+### Redis storage parameters
+
+| Name                             | Type    | Description                                     | Default    |
+| -------------------------------- | ------- | ----------------------------------------------- | ---------- |
+| `persistentVolume.enabled`       | boolean | Enable to use an existing Redis persistent disk | `false`    |
+| `persistentVolume.pdName`        | string  | Name of the existing persistent disk            | `nil`      |
+| `persistentVolume.reclaimPolicy` | string  | Reclamation of the persistent disk resources    | `"Retain"` |
+
+
+### Redis chart parameters
+
+| Name                                      | Type    | Description                                    | Default      |
+| ----------------------------------------- | ------- | ---------------------------------------------- | ------------ |
+| `redis.chartEnabled`                      | boolean | Enable the Redis chart dependency              | `true`       |
+| `redis.fullnameOverride`                  | string  | Fully override the default Redis instance name | `"redis"`    |
+| `redis.args`                              | list    | Add extra Redis command arguments              | `[]`         |
+| `redis.storage.persistentVolumeClaimName` | string  | Set to use an existing Persistent Volume Claim | `nil`        |
+| `redis.storage.requestedSize`             | string  | Set to create a new Persistent Volume Claim    | `"10Gi"`     |
+| `redis.storage.className`                 | string  | Type of storage (standard/ssd)                 | `"standard"` |
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```bash
+$ helm install my-release \
+  --set replicaCount=1 \
+    indiegogo/circle-webhook-proxy
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```bash
+$ helm install my-release -f values.yaml indiegogo/circle-webhook-proxy
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
diff --git a/charts/circle-webhook-proxy/templates/deployment.yaml b/charts/circle-webhook-proxy/templates/deployment.yaml
@@ -0,0 +1,62 @@
+kind: Deployment
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplValues.render" ( dict "value" .Values.commonLabels "scope" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ include "common.names.fullname" . }}
+  replicas: {{ .Values.replicaCount }}
+  {{- if .Values.strategy }}
+  strategy: {{- toYaml .Values.strategy | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "common.names.fullname" . }}
+    spec:
+      containers:
+        - name: {{ include "common.names.fullname" . }}
+          {{- with .Values.image }}
+          image: "{{- if contains ":" .repository -}}{{ .repository }}{{- else -}}{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}:{{ default $.Chart.AppVersion .tag }}{{- end -}}"
+          {{- end }}
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          {{- if or .Values.environmentIncludeDefault .Values.environment }}
+          env:
+            {{- if .Values.environmentIncludeDefault }}
+            - name: APP_ENV
+              value: production
+            - name: REDIS_URL
+              value: redis://redis
+            {{- end }}
+
+            {{- range $key, $value := .Values.environment }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- end }}
+          ports:
+            - containerPort: {{ default .Values.networkPort .Values.containerPort }}
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ default .Values.networkPort .Values.livenessProbe.port }}
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+          {{- else if .Values.customLivenessProbe }}
+          livenessProbe: {{- toYaml .Values.customLivenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbeEnabled }}
+          readinessProbe: {{- toYaml .Values.readinessProbe | nindent 12 }}
+          {{- end }}
diff --git a/charts/circle-webhook-proxy/templates/ingress.yaml b/charts/circle-webhook-proxy/templates/ingress.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.ingress.enabled }}
+kind: Ingress
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonLabels }}
+    {{- include "common.tplValues.render" ( dict "value" .Values.commonLabels "scope" $ ) | nindent 4 }}
+  {{- end }}
+{{- if .Values.ingress.customAnnotations }}
+  annotations: {{- toYaml .Values.ingress.customAnnotations | nindent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls.enabled }}
+  tls:
+  - hosts:
+    {{- range .Values.ingress.tls.hosts }}
+    - {{ . }}
+    {{- end }}
+    secretName: {{ printf "%s-tls" (default (index (required "You must add a host in the 'ingress.tls.hosts' list in values.yaml" .Values.ingress.tls.hosts) 0) .Values.ingress.tls.secretName) | replace "." "-" }}
+{{- end }}
+  rules:
+    {{- range .Values.ingress.rules.hosts }}
+    - host: {{ .host }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ .service.name }}
+                port:
+                  number: {{ .service.port.number }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/charts/circle-webhook-proxy/templates/redis-pv.yaml b/charts/circle-webhook-proxy/templates/redis-pv.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.persistentVolume.enabled (not .Values.redis.storage.persistentVolumeClaimName) }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: {{ printf "%s-redis-data" (include "common.names.fullname" .) }}
+spec:
+  capacity:
+    storage: {{ .Values.redis.storage.requestedSize }}
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: {{ .Values.persistentVolume.reclaimPolicy }}
+  gcePersistentDisk:
+    pdName: {{ required "To use an existing persistent disk, please set a persistent disk name in values.yaml (persistentVolume.pdName)" .Values.persistentVolume.pdName }}
+    fsType: ext4
+  storageClassName: {{ .Values.redis.storage.className }}
+  claimRef:
+    name: redis-data-redis-0
+    namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/charts/circle-webhook-proxy/templates/service.yaml b/charts/circle-webhook-proxy/templates/service.yaml
@@ -0,0 +1,17 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplValues.render" ( dict "value" .Values.commonLabels "scope" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  ports:
+  - name: {{ include "common.names.fullname" . }}
+    port: {{ default .Values.networkPort .Values.service.port }}
+    protocol: TCP
+  selector:
+    app: {{ include "common.names.fullname" . }}
+  type: {{ .Values.service.type }}