Merge pull request #12 from kir4h/develop

v1.2.0
kir4h · Apr 11, 2021 · 79fbae9 · 79fbae9
2 parents e109bfc + c3aa346
commit 79fbae9
Show file tree

Hide file tree

Showing 14 changed files with 152 additions and 100 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
@@ -0,0 +1,47 @@
+name: Lint and Test Charts
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.1
+
+      # Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and
+      # yamllint (https://github.com/adrienverge/yamllint) which require Python
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+        with:
+          version: v3.3.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --config ct.yaml)
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+          fi
+
+      - name: Run chart-testing (lint)
+        run: ct lint --config ct.yaml
+
+      - name: Create kind cluster
+        uses: helm/[email protected]
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install)
+        run: ct install --config ct.yaml
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,37 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.1
+
+      - name: Add dependency chart repos
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        with:
+          charts_dir: charts
+          config: cr.yaml
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/README.md b/README.md
@@ -10,5 +10,4 @@ since Helm hub was announced having separate repositories aggregated by the hub
 
 ## Acknowledgements
 
-[Hidetake Iwata](https://github.com/int128) since I've borrowed his `publish.sh`and `.circleci/config.yml` to have
-a functional initial version
+[charts-repo-actions-demo](https://github.com/helm/charts-repo-actions-demo), used to produce this CI flow
diff --git a/charts/registry-creds/Chart.yaml b/charts/registry-creds/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.9"
 description: A Helm chart for registry creds
 name: registry-creds
-version: 1.1.3
+version: 1.2.0
 home: https://hub.docker.com/r/upmcenterprises/registry-creds
 sources:
   - https://github.com/upmc-enterprises/registry-creds

diff --git a/charts/registry-creds/README.md b/charts/registry-creds/README.md
@@ -47,7 +47,7 @@ helm install --name registry-creds --set dpr.enabled=true --set-string dpr.user=
 
 #### From AWS
 
-Ensure your EC2 instances have the appropriate permissions as described in 
+Ensure your EC2 instances have the appropriate permissions as described in
 [registry-creds](https://github.com/upmc-enterprises/registry-creds) documentation.
 
 ```console
@@ -69,7 +69,7 @@ Create a `custom-values.yaml` file:
 
 ```yaml
 gcr:
-  enabled: false  
+  enabled: false
   applicationDefaultCredentialsJson: |
   {
     "client_id": "myID",
@@ -148,6 +148,11 @@ Parameter | Description | Default
 `gcr.existingSecretName` | defines an existing secret (in kube-system namespace) containing the credentials| `""`
 `gcr.applicationDefaultCredentialsJson` | JSON representing google cloud credentials. Only applicable if gcr.existingSecretName is empty | `""`
 `gcr.url` | URL for google container registry. Only applicable if gcr.existingSecretName is empty | `"https://gcr.io"`
+`acr.enabled` | enables the injection of azure container registry credentials | `false`
+`acr.existingSecretName` | defines an existing secret (in kube-system namespace) containing the credentials| `""`
+`acr.url` | defines the url of azure container registry| Only applicable if acr.existingSecretName is empty | `""`
+`acr.clientId` | is the client id used to access azure container registry | Only applicable if acr.existingSecretName is empty | `""`
+`acr.password` | is the client password used to access azure container registry | Only applicable if acr.existingSecretName is empty | `""`
 `rbac.enabled` | enables the usage of RBAC for registry-creds (needed for clusters with RBAC enabled) | `true`
 `rbac.existingServiceAccountName` | name of an existing service account to be used for RBAC permissions. If not defined a new service account will be created by the chart | `""`
 `resources.limits`.memory | memory resource limit | `"100Mi"`

diff --git a/charts/registry-creds/templates/NOTES.txt b/charts/registry-creds/templates/NOTES.txt
@@ -3,4 +3,4 @@ registry-creds is now installed on your Kubernetes cluster
 If everything is ok, you should see one or more secrets (depending on the enabled types) created on every existing
 namespace (except for kube-system):
 
-kubectl get secret | egrep "(dpr|ecr|gcr)-secret"
+kubectl get secret | egrep "(dpr|ecr|gcr|acr)-secret"
diff --git a/charts/registry-creds/templates/deployment.yaml b/charts/registry-creds/templates/deployment.yaml
@@ -89,6 +89,23 @@ spec:
                   name: {{ default (include "registry-creds.name" . | printf "%s-dpr") .Values.dpr.existingSecretName }}
                   key: DOCKER_PRIVATE_REGISTRY_USER
             {{- end }}
+            {{- if .Values.acr.enabled }}
+            - name: ACR_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ default (include "registry-creds.name" . | printf "%s-acr") .Values.acr.existingSecretName }}
+                  key: ACR_URL
+            - name: ACR_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ default (include "registry-creds.name" . | printf "%s-acr") .Values.acr.existingSecretName }}
+                  key: ACR_CLIENT_ID
+            - name: ACR_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ default (include "registry-creds.name" . | printf "%s-acr") .Values.acr.existingSecretName }}
+                  key: ACR_PASSWORD
+            {{- end }}
           {{- if .Values.gcr.enabled }}
           volumeMounts:
             - name: {{ template "registry-creds.name" . }}-gcr

diff --git a/charts/registry-creds/templates/rbac.yaml b/charts/registry-creds/templates/rbac.yaml
@@ -27,7 +27,7 @@ rules:
           - get
           - update
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
     name: {{ template "registry-creds.name" . }}
@@ -45,4 +45,4 @@ kind: ServiceAccount
 metadata:
     name: {{ template "registry-creds.name" . }}
     namespace: kube-system
-{{- end }}
+{{- end }}
diff --git a/charts/registry-creds/templates/secrets_acr.yaml b/charts/registry-creds/templates/secrets_acr.yaml
@@ -0,0 +1,15 @@
+{{- if and .Values.acr.enabled (not .Values.acr.existingSecretName) }}
+apiVersion: v1
+kind: Secret
+metadata:
+    name: {{ template "registry-creds.name" . }}-acr
+    namespace: kube-system
+    labels:
+        app: registry-creds
+        cloud: acr
+data:
+    ACR_URL: {{ .Values.acr.url | b64enc | quote }}
+    ACR_CLIENT_ID: {{ .Values.acr.clientId | b64enc | quote }}
+    ACR_PASSWORD: {{ .Values.acr.password | b64enc | quote }}
+type: Opaque
+{{- end }}
diff --git a/charts/registry-creds/values.yaml b/charts/registry-creds/values.yaml
@@ -2,7 +2,7 @@ replicaCount: 1
 
 image:
   name: "upmcenterprises/registry-creds"
-  tag: "1.9"
+  tag: "1.10"
   pullPolicy: "IfNotPresent"
 
 nameOverride: ""
@@ -51,6 +51,18 @@ gcr:
   # gcr.url is the URL for google container registry. Only applicable if gcr.existingSecretName is empty
   url: "https://gcr.io"
 
+acr:
+  # acr.enabled enables the injection of azure container registry credentials
+  enabled: false
+  # acr.existingSecretName defines an existing secret (in kube-system namespace) containing the credentials
+  existingSecretName: ""
+  # acr.url defines the url of azure container registry. Only applicable if acr.existingSecretName is empty
+  url: ""
+  # acr.clientId is the client id used to access azure container registry. Only applicable if acr.existingSecretName is empty
+  clientId: ""
+  # acr.password is the client password used to access azure container registry. Only applicable if acr.existingSecretName is empty
+  password: ""
+
 rbac:
   # rbac.enabled enables the usage of RBAC for registry-creds
   enabled: true

diff --git a/cr.yaml b/cr.yaml
@@ -0,0 +1,4 @@
+# Set to true for GPG signing
+sign: false
+# UID of the GPG key to use
+key: Chart Releaser Test Key
diff --git a/ct.yaml b/ct.yaml
@@ -0,0 +1,7 @@
+# See https://github.com/helm/chart-testing#configuration
+remote: origin
+chart-dirs:
+  - charts
+chart-repos:
+  - bitnami=https://charts.bitnami.com/bitnami
+helm-extra-args: --timeout 600s
diff --git a/publish.sh b/publish.sh