diff --git a/kubernetes/chart/vault-ui/.helmignore b/kubernetes/chart/vault-ui/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/kubernetes/chart/vault-ui/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/chart/vault-ui/Chart.yaml b/kubernetes/chart/vault-ui/Chart.yaml new file mode 100644 index 0000000..d802b2f --- /dev/null +++ b/kubernetes/chart/vault-ui/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: A Helm chart for Vault-ui +name: vault-ui +version: 0.1.0 diff --git a/kubernetes/chart/vault-ui/README.md b/kubernetes/chart/vault-ui/README.md new file mode 100644 index 0000000..1a635de --- /dev/null +++ b/kubernetes/chart/vault-ui/README.md @@ -0,0 +1,19 @@ +# Helm chart + +[Helm](chart) to deploy `vault-ui` in a kubernetes cluster. To run this chart you need to have a kubernetes cluster and helm installed and configured properly. To install `vault-ui` you just need to execute the following `helm` command: + +``` +helm install ./chart/vault-ui +``` + +To run this chart you need 2 settings: + +* VAULT_URL_DEFAULT: http://vault-service-name:8200 +* VAULT_AUTH_DEFAULT: by default is token, but you can use any of the 4 options provided. + + +``` +helm install ./chart/vault-ui --set vault.url=http://MY_RELEASE-vault:8200" +``` + +The `vault.url` parameter is the value of your kubernetes `vault` service. diff --git a/kubernetes/chart/vault-ui/templates/NOTES.txt b/kubernetes/chart/vault-ui/templates/NOTES.txt new file mode 100644 index 0000000..d11f00e --- /dev/null +++ b/kubernetes/chart/vault-ui/templates/NOTES.txt @@ -0,0 +1,17 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.hostname }} + http://{{- .Values.ingress.hostname }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }} +{{- end }} diff --git a/kubernetes/chart/vault-ui/templates/_helpers.tpl b/kubernetes/chart/vault-ui/templates/_helpers.tpl new file mode 100644 index 0000000..f0d83d2 --- /dev/null +++ b/kubernetes/chart/vault-ui/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kubernetes/chart/vault-ui/templates/deployment.yaml b/kubernetes/chart/vault-ui/templates/deployment.yaml new file mode 100644 index 0000000..a127066 --- /dev/null +++ b/kubernetes/chart/vault-ui/templates/deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: VAULT_URL_DEFAULT + value: {{ .Values.vault.url }} + - name: VAULT_AUTH_DEFAULT + value: {{ .Values.vault.auth }} + + ports: + - containerPort: {{ .Values.service.internalPort }} + livenessProbe: + httpGet: + path: / + port: {{ .Values.service.internalPort }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.service.internalPort }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} diff --git a/kubernetes/chart/vault-ui/templates/ingress.yaml b/kubernetes/chart/vault-ui/templates/ingress.yaml new file mode 100644 index 0000000..b09eb90 --- /dev/null +++ b/kubernetes/chart/vault-ui/templates/ingress.yaml @@ -0,0 +1,32 @@ +{{- if .Values.ingress.enabled -}} +{{- $serviceName := include "fullname" . -}} +{{- $servicePort := .Values.service.externalPort -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range $host := .Values.ingress.hosts }} + - host: {{ $host }} + http: + paths: + - path: / + backend: + serviceName: {{ $serviceName }} + servicePort: {{ $servicePort }} + {{- end -}} + {{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/chart/vault-ui/templates/service.yaml b/kubernetes/chart/vault-ui/templates/service.yaml new file mode 100644 index 0000000..f311d10 --- /dev/null +++ b/kubernetes/chart/vault-ui/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + protocol: TCP + name: {{ .Values.service.name }} + selector: + app: {{ template "name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/chart/vault-ui/values.yaml b/kubernetes/chart/vault-ui/values.yaml new file mode 100644 index 0000000..9b00561 --- /dev/null +++ b/kubernetes/chart/vault-ui/values.yaml @@ -0,0 +1,42 @@ +# Default values for vault-ui. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +replicaCount: 1 +image: + repository: djenriquez/vault-ui + tag: latest + pullPolicy: IfNotPresent +service: + name: vault-ui + type: ClusterIP + externalPort: 8000 + internalPort: 8000 +ingress: + enabled: true + # Used to create Ingress record (should used with service.type: ClusterIP). + hosts: + - vault-ui.example.com + annotations: + # AWS --> redirect http to https + kubernetes.io/ingress.class: nginx + ingress.kubernetes.io/force-ssl-redirect: "true" + tls: + # Secrets must be manually created in the namespace. + # - secretName: chart-example-tls + # hosts: + # - chart-example.local +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + #requests: + # cpu: 100m + # memory: 128Mi + +vault: + auth: TOKEN + url: http://vault:8200