Merge branch 'dev'

Author: fl0ppy-d1sk

.github/workflows/dev.yml

@@ -20,7 +20,6 @@ jobs:
       run: |
         cd ./charts
         helm package ./bunkerweb/
-        helm repo index . --url https://repo.bunkerweb.io/charts-dev
 
     - name: Upload files via SSH
       env:
@@ -32,5 +31,9 @@ jobs:
         echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
         chmod 600 ~/.ssh/id_ed25519
         ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts
-        scp -r ./charts/bunkerweb-*.tgz $SSH_USERNAME@$SSH_HOST:/var/www/html/charts-dev
-        scp ./charts/index.yaml $SSH_USERNAME@$SSH_HOST:/var/www/html/charts-dev
+        cd charts
+        scp *.tgz $SSH_USERNAME@$SSH_HOST:/var/www/html/charts-dev
+        scp $SSH_USERNAME@$SSH_HOST:/var/www/html/charts-dev/* .
+        helm repo index . --url https://repo.bunkerweb.io/charts-dev
+        scp *.tgz $SSH_USERNAME@$SSH_HOST:/var/www/html/charts-dev
+        scp index.yaml $SSH_USERNAME@$SSH_HOST:/var/www/html/charts-dev

.github/workflows/prod.yml

@@ -0,0 +1,39 @@
+name: Deploy helm chart to prod
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - uses: azure/setup-helm@v4.2.0
+      id: install
+    
+    - name: Package chart
+      run: |
+        cd ./charts
+        helm package ./bunkerweb/
+
+    - name: Upload files via SSH
+      env:
+        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+        SSH_HOST: ${{ secrets.SSH_HOST }}
+        SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
+      run: |
+        mkdir -p ~/.ssh
+        echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+        chmod 600 ~/.ssh/id_ed25519
+        ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts
+        cd charts
+        scp *.tgz $SSH_USERNAME@$SSH_HOST:/var/www/html/charts
+        scp $SSH_USERNAME@$SSH_HOST:/var/www/html/charts/* .
+        helm repo index . --url https://repo.bunkerweb.io/charts
+        scp *.tgz $SSH_USERNAME@$SSH_HOST:/var/www/html/charts
+        scp index.yaml $SSH_USERNAME@$SSH_HOST:/var/www/html/charts

README.md

@@ -1,2 +1,23 @@
-# bunkerweb-helm
-BunkerWeb Kubernetes helm charts.
+# BunkerWeb Kubernetes Helm chart
+
+Official [Helm chart](https://helm.sh/docs/) to deploy [BunkerWeb](https://www.bunkerweb.io/?utm_campaign=self&utm_source=github) on Kubernetes.
+
+## Prerequisites
+
+Please first refer to the [BunkerWeb documentation](https://docs.bunkerweb.io/latest/?utm_campaign=self&utm_source=github), particularly the [Kubernetes integration](https://docs.bunkerweb.io/latest/integrations/?utm_campaign=self&utm_source=bunkerwebio#kubernetes) section.
+
+## Helm repository
+
+The BunkerWeb Helm chart repository is available at `https://repo.bunkerweb.io/charts` : 
+```bash
+helm repo add bunkerweb https://repo.bunkerweb.io/charts
+```
+
+You can then use the `bunkerweb` helm chart from that repository :
+```bash
+helm install -f myvalues.yaml mybunkerweb bunkerweb/bunkerweb
+```
+
+## Values
+
+The full list of values are listed in the `charts/bunkerweb/values.yaml` file.

charts/bunkerweb/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.2
+version: 0.0.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.6.0"
+appVersion: "1.6.0-rc2"

charts/bunkerweb/templates/_helpers.tpl

@@ -58,6 +58,12 @@ Allows overriding it for multi-namespace deployments in combined charts.
 {{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+UI_HOST setting
+*/}}
+{{- define "bunkerweb.uiHost" -}}
+{{- printf "http://ui-%s.%s.svc.%s:7000" (include "bunkerweb.fullname" .) (include "bunkerweb.namespace" .) .Values.settings.kubernetes.domainName -}}
+{{- end -}}
 
 {{/*
 DATABASE_URI setting
@@ -66,8 +72,8 @@ DATABASE_URI setting
 {{- if .Values.mariadb.enabled -}}
   {{- $user := .Values.mariadb.config.user -}}
   {{- $password := .Values.mariadb.config.password -}}
-  {{- $host := printf "mariadb-%s" (include "bunkerweb.fullname" .) -}}
-  {{- $db := .Values.mariadb.config.db -}}
+  {{- $host := printf "mariadb-%s.%s.svc.%s" (include "bunkerweb.fullname" .) (include "bunkerweb.namespace" .) .Values.settings.kubernetes.domainName -}}
+  {{- $db := .Values.mariadb.config.database -}}
   {{- printf "mariadb+pymysql://%s:%s@%s:3306/%s" $user $password $host $db -}}
 {{- else -}}
   {{- .Values.settings.misc.databaseUri -}}
@@ -84,13 +90,34 @@ REDIS settings
 - name: REDIS_USERNAME
   value: ""
 - name: REDIS_PASSWORD
+    {{- if not (empty .Values.settings.existingSecret) }}
+  valueFrom:
+    secretKeyRef:
+      name: "{{ .Values.settings.existingSecret }}"
+      key: redis-password
+    {{- else }}
   value: "{{ .Values.redis.config.password }}"
+    {{- end }}
   {{- else }}
 - name: REDIS_HOST
   value: "{{ .Values.settings.redis.redisHost }}"
 - name: REDIS_USERNAME
+    {{- if not (empty .Values.settings.existingSecret) }}
+  valueFrom:
+    secretKeyRef:
+      name: "{{ .Values.settings.existingSecret }}"
+      key: redis-username
+    {{- else }}
   value: "{{ .Values.settings.redis.redisUsername }}"
+    {{- end }}
 - name: REDIS_PASSWORD
+    {{- if not (empty .Values.settings.existingSecret) }}
+  valueFrom:
+    secretKeyRef:
+      name: "{{ .Values.settings.existingSecret }}"
+      key: redis-password
+    {{- else }}
   value: "{{ .Values.settings.redis.redisPassword }}"
+    {{- end }}
   {{- end }}
 {{- end }}

charts/bunkerweb/templates/bunkerweb-daemonset.yaml

@@ -11,10 +11,10 @@ spec:
       {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.bunkerweb.podAnnotations }}
       annotations:
         # mandatory annotation
         bunkerweb.io/INSTANCE: "yes"
+      {{- with .Values.bunkerweb.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
@@ -58,4 +58,9 @@ spec:
           {{- with .Values.bunkerweb.readinessProbe }}
           readinessProbe:
             {{- toYaml . | nindent 12}}
-          {{- end }}
+          {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    

charts/bunkerweb/templates/bunkerweb-service-external.yaml

@@ -0,0 +1,26 @@
+
+{{- if .Values.service.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "bunkerweb.fullname" . }}-external
+  namespace: {{ include "bunkerweb.namespace" . }}
+  labels:
+    {{- include "bunkerweb.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.service.annotations | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  selector:
+    bunkerweb.io/component: "bunkerweb"
+  ports:
+    - port: 80
+      targetPort: 8080
+      protocol: TCP
+      name: http
+    - port: 443
+      targetPort: 8443
+      protocol: TCP
+      name: https
+{{- end }}  

…nkerweb/templates/bunkerweb-service.yaml …emplates/bunkerweb-service-internal.yamlcharts/bunkerweb/templates/bunkerweb-service.yaml renamed to charts/bunkerweb/templates/bunkerweb-service-internal.yaml charts/bunkerweb/templates/bunkerweb-service.yaml renamed to charts/bunkerweb/templates/bunkerweb-service-internal.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "bunkerweb.fullname" . }}
+  name: {{ include "bunkerweb.fullname" . }}-internal
   namespace: {{ include "bunkerweb.namespace" . }}
   labels:
     {{- include "bunkerweb.labels" . | nindent 4 }}

charts/bunkerweb/templates/controller-deployment.yaml

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-{{ include "bunkerweb.fullname" . }}
+  namespace: {{ include "bunkerweb.namespace" . }}
+  labels:
+    {{- include "bunkerweb.labels" . | nindent 4 }}
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "bunkerweb.labels" . | nindent 8 }}
+        {{- with .Values.controller.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        bunkerweb.io/component: "controller"
+    spec:
+      serviceAccountName: {{ include "bunkerweb.fullname" . }}
+      containers:
+        - name: bunkerweb-controller
+          image: {{ .Values.controller.repository }}:{{ .Values.controller.tag }}
+          imagePullPolicy: {{ .Values.controller.pullPolicy }}
+          {{- with .Values.controller.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12}}
+          {{- end }}
+          env:
+            # Mandatory for k8s integration
+            - name: KUBERNETES_MODE
+              value: "yes"
+            - name: DATABASE_URI
+              {{- if not (empty .Values.settings.existingSecret) }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.settings.existingSecret }}
+                  key: database-uri
+              {{- else }}
+              value: "{{ include "bunkerweb.databaseUri" . }}"
+              {{- end }}
+            - name: NAMESPACES
+              value: "{{ .Values.settings.kubernetes.namespaces }}"
+            - name: KUBERNETES_INGRESS_CLASS
+              value: "{{ .Values.settings.kubernetes.ingressClass }}"
+            - name: KUBERNETES_DOMAIN_NAME
+              value: "{{ .Values.settings.kubernetes.domainName }}"
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/bunkerweb/templates/mariadb-deployment.yaml

@@ -21,19 +21,37 @@ spec:
           image: mariadb:11
           imagePullPolicy: Always
           env:
-            - name: MYSQL_RANDOM_ROOT_PASSWORD
+            - name: MARIADB_RANDOM_ROOT_PASSWORD
               value: "{{ .Values.mariadb.config.randomRootPassword }}"
-            - name: MYSQL_DATABASE
-              value: "{{ .Values.mariadb.config.db }}"
-            - name: MYSQL_USER
+            - name: MARIADB_DATABASE
+              value: "{{ .Values.mariadb.config.database }}"
+            - name: MARIADB_USER
+              {{- if not (empty .Values.settings.existingSecret) }}
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.settings.existingSecret }}"
+                  key: mariadb-user
+              {{- else }}
               value: "{{ .Values.mariadb.config.user }}"
-            - name: MYSQL_PASSWORD
+              {{- end }}
+            - name: MARIADB_PASSWORD
+              {{- if not (empty .Values.settings.existingSecret) }}
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.settings.existingSecret }}"
+                  key: mariadb-password
+              {{- else }}
               value: "{{ .Values.mariadb.config.password }}"
+              {{- end }}
           volumeMounts:
             - mountPath: "/var/lib/mysql"
               name: vol-db
       volumes:
         - name: vol-db
           persistentVolumeClaim:
             claimName: mariadb-{{ include "bunkerweb.fullname" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
 {{- end }}