From 3884c15d1b232ad6eae49772c20405531ce504da Mon Sep 17 00:00:00 2001 From: friedrich goerz Date: Tue, 25 Oct 2022 10:38:58 +0200 Subject: [PATCH] DEV-636: added helm-secret test case for debugging --- .sops.yaml | 13 ++++++ Chart.yaml | 23 ++++++++++ secrets.yaml | 92 +++++++++++++++++++++++++++++++++++++++ templates/_helpers.tpl | 32 ++++++++++++++ templates/deployment.yaml | 41 +++++++++++++++++ templates/service.yaml | 19 ++++++++ values.yaml | 14 ++++++ 7 files changed, 234 insertions(+) create mode 100644 .sops.yaml create mode 100644 Chart.yaml create mode 100644 secrets.yaml create mode 100644 templates/_helpers.tpl create mode 100644 templates/deployment.yaml create mode 100644 templates/service.yaml create mode 100644 values.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..565c8d7 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,13 @@ +# Fingerprint | User ID +# A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 | smardigo automation DEV +# 890B2EB48F343D4C6DB9DA0916826F30002D3C1D | smardigo automation QA +# E5B4FE1E0209DFFE320D2A2E47087747D89B72EC | smardigo automation PRODNSO +# D65D400040387210377B6A71DFD775644EAAC77B | Friedrich Goerz +# BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 | GPG DevOps +creation_rules: + # list of keys for encryption in __DEV__ stage + - pgp: >- + A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439, + E5B4FE1E0209DFFE320D2A2E47087747D89B72EC, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..43f9c80 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: helm-guestbook +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: "1.0" diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..1add7e0 --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,92 @@ +testsecret: ENC[AES256_GCM,data:BUkgforjcfRxtZwzJPWGDw==,iv:SrKPqOb4lEWyBcHJ1dWCbjBJP559iAeONrO48HCp5w4=,tag:OY7ZqELbAkxYpVNlhXF0yA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-10-25T08:38:04Z" + mac: ENC[AES256_GCM,data:U2KmAV9c4AFzc0syNWpcb1LDnVTi1MN8/LvDbeNyk+hv4mGGSCXSoyfcS56+Eo8SpbW11FyMtgi10fdkKe9XxNiycxwny022IE240YYUPb7OTwZLUr+fquJZvaditVojvBIQF5r3MWhaiJyNzfckxpjjg3AlviKt6u8uxCpm4Qk=,iv:vsRoFRUQZ+tbctV4j3SaRWQkSNFjs7Gwg4+yRkYsauw=,tag:MfxosMZgY0kgNDdhdMKSkw==,type:str] + pgp: + - created_at: "2022-10-25T08:38:04Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/3nDyRfgQqhAQ/+N0gzX/y5NO1Dkm+MocxSTQGx3BpaqeiwBDXNMAluO+zw + aJGFpngRNyelbcRh41aPiwALq1fm1Z215QULKHNGMmURgG14xNhHjVMpljKSouEx + JZB1MczHUldrNzHgvtPH37RaqyuIhm9wnJazyAdrMI6ZcfJ+EwaFva3kwEs/2fRk + NTrGltUcHpVtu0dk5m7HxxpiAytigaFZQUeSus6HePmwCCUzNN+b85oDD4i2WRBC + QOkTjMQMeFbbkRPqhmuygDNkhhC5RGaGKA0P7a4VhypWGPSoU6su8Zg+fv06g0E4 + UYJL3Q3Aw70liNbjbRd/Vq/4D+lNUd/NUo1WEr1VErZX2xLTDnEWWsX/7HKRspLA + +lRPooDOidDfdsMcfXFscGNiGyBE1oTDYLl9I3OWF/EWr69Xf+1fvk59b7U0b22F + YW1qv+iY2Ej0Qzgs/k080RJIs3e2Fz6v31CvEsSM+hDzB8WaBKaRsQfTodg7Q7wd + i6uLA2FOOvxDBuxhKBUzuOQTvMkpLANmjwUq47z0iYn+Wn9Ifs2UznbqIAbB2H6k + uNi1Bwy1G7dYrQQR9SJwEenjUNYRr/YWkRbGBy6xpmsEguvix25kcecpPzIIAcxW + erqW0vnxDlEvDclR7XMjjMPpdj6Y4EqRIsQrwz8uf49ppidqeUSTOwyas1GcAffS + XgGOoqJ3enSPf5vqXQltMDzp6AzYFEWuUeKc1pJOWY2OCibvUm0Vry5P2HYJFjHh + rmjTl7NX0ZXmyNMPx23+vsfi3VJJLPDpfuKuW3W98aSi3kYGuP0HIjDOb1KsvEI= + =KCgn + -----END PGP MESSAGE----- + fp: A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 + - created_at: "2022-10-25T08:38:04Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nAQ//bVPRY1pC+rQpuIrUj6cQOQqoFCucE8KqhsppuW6W/vTI + 7zNzH6O75zIgMdhSjGY6WHQzq0EM2cNDLMZVDbLb8B7LV34umE9SwG0SNMWvq7EN + wzMPyweMhEB1hJdbNJ48PmCtyu46efqW2RC06IKs06Tk7KfAbPAPC9tWBGb6gl5E + 50LBldHWp+VxGcOpFOq0bkbFU5w5R7t78K4EfS19DwKiH2e3PNth2A6baTxDaQ9T + iGY25+gNZhLXTaU+HbACs+KvbfsVk/T4fajLH5HJGQRCsVyParXyO+H6uskbnfX3 + 75gvRhh5Yu6wo3vn6+0o7fchGZY6OEt6vjQN3qsnB693XrgSBQ0cuLK7KFNIsXvo + ZBhdDXnB8QZvcdKex6uuLF6sCzjODv6X4F437WS0LeurI2U5TniAuMLEQbJFRdT4 + nopXHLAwSeaL3bgwToEi5bmYCDGHgOKUDW7Y0Mh3drXIO1VXgEZe/Hk4G8x94sR3 + LSeilY1Fyd3HjG0v4SvLcuJKrdE966ogCoWLRrStFPqnK6L+UYw1MJ/EX3Z54HQD + GdhDl9DqePJni0TYi9qD6UFx9vvSoMZ5wN49hSWToOtvcni469taKZxidd0GvYHM + kaEkvbzP+XhOi43Q68g6BpPpEvXu7uNipqqmMHllCbcs1C2J/55lV2Vvf7x6XUbS + XgEs5vC8fwdLcw7hr+lrkSsLwirAm7Advh1/ZXvVCK6Byu1RgQ05Sw+CvJrMJakS + MeI2znyQREVQU2rXS4in4204C3tUdZVOrhgtdW1OT323mKQe7+Pt70q+MMRz7sI= + =CBOi + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-10-25T08:38:04Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ/+IgbRcUC2/dk8Xw+XTWFPEL/NmssM4J1x1dRNY2o5J2o/ + fzzMQnEwQpoZgYmBIqD9eZa8E1+SjjuV8cG5Gj4pcc2o62eoNIHeup1BproEdf61 + ctJmsrZQbjdUvqYXokfcug9rrxr2twtgLQwFzG5Qxp7sL/crJgtQoopNPLbAt09q + 749zzRPb8DMsxtPNOFQVEZQr0s5JOqjNB/X3e/GC8w1qpHibxvEoZr5m2xoI4sg1 + S4nfQMz7b+XgOcMza1HOfoyonnNjL0Wfrx/zQG7GehR3yaPkLc16hAdiccdFuEd/ + k6jXqNwR06Hem+yv6growU5O9NZ1Om6Xv0G92t+PreniK/dPGgenSfn88hWFq7uO + cW1mWIL4T6jY3Ma0OCaCZoe4jhNWngUoNnGWCQj6+e0yfI6C4iCL0BHwrJOKJtlk + YnG/M+O1uyO7X3I9djFvxOez8CYrMYuy5xAVAea1z/H6aCScndR9uBIpI9SVkWsj + LjMS8nJJgMB8p8DEVUvJCfuNeyGaYlw4vq9iKBRaRzAePHGvZT+RPqH+RIEGYl6T + 0zajZ6SAnq6StZQ0k0nBZFCd8Jiw8/tjc5nqi8v3P61A8YHS6SmuRQg1r+o0ZCLq + FNmo0xHRlWjAT3WVT3Ye3lDFZtbXh0NAAO5fjHt0A9VyoHOMvDPuC3ANFRf0tRLS + XgFzZOzrVSbTnRX4vZng1QDS8CV7EvaR71xNlt0+wi+WTvuFsRyaAy7So1y9JmLT + 20xfIvtydFo7oVYTYQM3ZbEIzQp2e3hRoKo6DmgQJ5XCAvPeolb/BNGZCwFkh7w= + =Mdug + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-10-25T08:38:04Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bARAA5JtpTYRXDYToSbyg07vyOUicgfizgYX/ARTjYZubzdyc + oNP+OURRorq0SoAWGKkC+8yRhqEWFRfuslyfZFSUCuKKq8962Wq+vqbPAWhiN5o1 + E108MVTK+SrKwPuTEWyOaqDEFEUgxZVoioI3GU3bblOlLGE5oi3hEIOW3FPr/qwj + 0Du4+Aao9Nxm4G69XD54ZGnnaNVjhBMDvSvXL7MW/Oa2tqRzRzjsDQC/bMekgnEv + UD4p85Ii7WTETUziDVCfGE53m7VTkNMJzh+7plVcWdu7H+ZfLUuJbVeZ1BPb8cKT + 4pdUgGchithThoTi9CuPZlDIChHUsDb8ianKbryFXTQZN6I1+KiPcCnEr3g6TweJ + 2oCzMdBGTnXgAw5+LNAUF/vyrR94S3WJmDoYcGdlEj507znFxCJ9dsTXuxPpXHsT + 5efxIThEOoQ+pJcZJVw/Fb4hkssPZxceKs+eLY5jmSF6f4i9gXW5Yo1qZOGMhVJZ + /2EYvn+VvUZ69MHoCTHllVjBdeFZjt6T51uuy5JnNcbCP27JPKDqpfPfH2b6b2aD + e0/nKSGETxlfhFZhv9Rv/ANNzp/xCSbxexUQ4hsAQyX0oGJqQJzRYGn67mY+xY/M + f5aXMCJZJZsIe7FyArJVEDxU1mdT0hmaytBPFmsXvLDoOkPP0KTidGHoYSzxvevS + XgEcSsomvkTKhuPJ9al0dg8w3kTKH90R/carhV3uZGXqcr9mxJgOLM+oZ/goktSA + q30JcD7UogQTXAcjvPK7Sf9p0+vb2O36QrNWWPJD4+7u0/+3OHcswGV4yoz/re8= + =Szvr + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..20f5d8e --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "helm-guestbook.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm-guestbook.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm-guestbook.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/templates/deployment.yaml b/templates/deployment.yaml new file mode 100644 index 0000000..432ab6a --- /dev/null +++ b/templates/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "helm-guestbook.fullname" . }} + labels: + app: {{ template "helm-guestbook.name" . }} + chart: {{ template "helm-guestbook.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: 3 + selector: + matchLabels: + app: {{ template "helm-guestbook.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "helm-guestbook.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: SECRET_VAL + value: {{ .Values.testsecret }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http diff --git a/templates/service.yaml b/templates/service.yaml new file mode 100644 index 0000000..b7aab0b --- /dev/null +++ b/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "helm-guestbook.fullname" . }} + labels: + app: {{ template "helm-guestbook.name" . }} + chart: {{ template "helm-guestbook.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "helm-guestbook.name" . }} + release: {{ .Release.Name }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..a60a2f0 --- /dev/null +++ b/values.yaml @@ -0,0 +1,14 @@ + +replicaCount: 5 + +image: + repository: gcr.io/heptio-images/ks-guestbook-demo + tag: 0.1 + pullPolicy: IfNotPresent + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false