ci: fix config, add env, add proxy np, pre-commit helm

telekom · Dec 4, 2023 · ec82c66 · ec82c66
1 parent 543861a
commit ec82c66
Show file tree

Hide file tree

Showing 6 changed files with 102 additions and 61 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,7 @@
+repos:
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: "v1.11.3"
+    hooks:
+      - id: helm-docs
+        args:
+          - --chart-search-root=chart
diff --git a/chart/README.md b/chart/README.md
@@ -20,12 +20,12 @@ A Helm chart to install Sparrow
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` |  |
-| extraArgs.loaderFilePath | string | `"/runconfig/checks.yaml"` |  |
-| extraArgs.loaderType | string | `"file"` |  |
+| env | object | `{}` |  |
+| extraArgs | object | `{"loaderFilePath":"/runconfig/checks.yaml","loaderType":"file"}` | extra command line start parameters see: https://github.com/caas-team/sparrow/blob/main/docs/sparrow_run.md |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/caas-team/sparrow"` |  |
-| image.tag | string | `""` |  |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` |  |
 | ingress.annotations | object | `{}` |  |
 | ingress.className | string | `""` |  |
@@ -35,22 +35,15 @@ A Helm chart to install Sparrow
 | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
 | ingress.tls | list | `[]` |  |
 | nameOverride | string | `""` |  |
+| networkPolicies | object | `{"proxy":{"enabled":false}}` | define a network policy that will open egress traffic to a proxy |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
 | podSecurityContext.fsGroup | int | `1000` |  |
 | podSecurityContext.supplementalGroups[0] | int | `1000` |  |
 | replicaCount | int | `1` |  |
 | resources | object | `{}` |  |
-| runtimeConfig.enabled | bool | `true` |  |
-| runtimeConfig.healthEndpoint | bool | `false` |  |
-| runtimeConfig.latency.enabled | bool | `true` |  |
-| runtimeConfig.latency.interval | int | `1` |  |
-| runtimeConfig.latency.retry.count | int | `3` |  |
-| runtimeConfig.latency.retry.delay | int | `1` |  |
-| runtimeConfig.latency.timeout | int | `3` |  |
-| runtimeConfig.targets[0] | string | `"https://www.example.com/"` |  |
-| runtimeConfig.targets[1] | string | `"https://www.google.com/"` |  |
+| runtimeConfig | object | `{"health":{"enabled":true,"healthEndpoint":false,"targets":["https://www.example.com/","https://www.google.com/"]}}` | runtime configuration of the Sparrow see: https://github.com/caas-team/sparrow#runtime |
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | securityContext.privileged | bool | `false` |  |
@@ -59,10 +52,10 @@ A Helm chart to install Sparrow
 | securityContext.runAsUser | int | `1000` |  |
 | service.port | int | `8080` |  |
 | service.type | string | `"ClusterIP"` |  |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.automount | bool | `true` |  |
-| serviceAccount.create | bool | `true` |  |
-| serviceAccount.name | string | `""` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` |  |
 
 ----------------------------------------------

diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml
@@ -10,20 +10,26 @@ data:
     apiVersion: 0.0.1
     kind: Config
     checks:
+      {{- if .Values.runtimeConfig.health}}
       health:
-        enabled: {{ .Values.runtimeConfig.enabled  }}
+        enabled: {{ .Values.runtimeConfig.health.enabled }}
         targets:
-        {{- with .Values.runtimeConfig.targets }}
-        {{- toYaml . | nindent 10 }}
+        {{- with .Values.runtimeConfig.health.targets }}
+          {{- toYaml . | nindent 10 }}
         {{- end }}
-        healthEndpoint: {{ .Values.runtimeConfig.healthEndpoint  }}
-        {{- if .Values.runtimeConfig.latency.enabled}}
-        latency:
-          enabled: true
-          interval: {{ .Values.runtimeConfig.latency.interval | default 1 }}
-          timeout: {{ .Values.runtimeConfig.latency.timeout | default 3 }}
-          retry:
-            count: {{ .Values.runtimeConfig.latency.retry.count | default 3 }}
-            delay: {{ .Values.runtimeConfig.latency.retry.delay | default 1 }}
+        healthEndpoint: {{ .Values.runtimeConfig.health.healthEndpoint  }}
+      {{- end }}
+      {{- if .Values.runtimeConfig.latency }}
+      latency:
+        enabled: true
+        interval: {{ .Values.runtimeConfig.latency.interval | default 1 }}
+        timeout: {{ .Values.runtimeConfig.latency.timeout | default 3 }}
+        retry:
+          count: {{ .Values.runtimeConfig.latency.retry.count | default 3 }}
+          delay: {{ .Values.runtimeConfig.latency.retry.delay | default 1 }}
+        targets:
+        {{- with .Values.runtimeConfig.latency.targets }}
+          {{- toYaml . | nindent 10 }}
         {{- end }}
+      {{- end }}
 {{- end }}
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -41,6 +41,13 @@ spec:
           - --{{ $key }}
           - {{ $value }}
           {{- end }}
+          {{- if .Values.env }}
+          env:
+          {{- range $key, $val := .Values.env }}
+            - name: {{ $key }}
+              value: {{ $val | quote }}
+          {{- end }}
+          {{- end }}
           name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}

diff --git a/chart/templates/networkpolicy.yaml b/chart/templates/networkpolicy.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.networkPolicies.proxy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "sparrow.fullname" . }}-proxy-np
+  labels:
+    {{- include "sparrow.labels" . | nindent 4 }}
+spec:
+  egress:
+  - ports:
+    - port: {{ .Values.networkPolicies.proxy.port }}
+      protocol: TCP
+    to:
+    - ipBlock:
+        cidr: {{ .Values.networkPolicies.proxy.ip }}/32
+  podSelector: {}
+  policyTypes:
+  - Egress
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -7,21 +7,21 @@ replicaCount: 1
 image:
   repository: ghcr.io/caas-team/sparrow
   pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
+  # -- Overrides the image tag whose default is the chart appVersion.
   tag: ""
 
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
 serviceAccount:
-  # Specifies whether a service account should be created
+  # -- Specifies whether a service account should be created
   create: true
-  # Automatically mount a ServiceAccount's API credentials?
+  # -- Automatically mount a ServiceAccount's API credentials?
   automount: true
-  # Annotations to add to the service account
+  # -- Annotations to add to the service account
   annotations: {}
-  # The name of the service account to use.
+  # -- The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
@@ -31,13 +31,13 @@ podLabels: {}
 podSecurityContext:
   fsGroup: 1000
   supplementalGroups:
-  - 1000
+    - 1000
 
 securityContext:
   allowPrivilegeEscalation: false
   capabilities:
     drop:
-    - ALL
+      - ALL
   privileged: false
   readOnlyRootFilesystem: true
   runAsUser: 1000
@@ -50,7 +50,8 @@ service:
 ingress:
   enabled: false
   className: ""
-  annotations: {}
+  annotations:
+    {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   hosts:
@@ -63,6 +64,20 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
+env:
+  {}
+  # HTTP_PROXY:
+  # HTTPS_PROXY:
+  # NO_PROXY:
+
+# -- define a network policy that will
+# open egress traffic to a proxy
+networkPolicies:
+  proxy:
+    enabled: false
+    # ip: 1.2.3.4
+    # port: 8080
+
 resources: {}
 # resources:
 #   limits:
@@ -78,37 +93,31 @@ tolerations: []
 
 affinity: {}
 
-# extra command line start parameters
+# -- extra command line start parameters
 # see: https://github.com/caas-team/sparrow/blob/main/docs/sparrow_run.md
 extraArgs:
   loaderFilePath: /runconfig/checks.yaml
   loaderType: file
 
-# startup configuration of the Sparrow
+# -- startup configuration of the Sparrow
 # see: https://github.com/caas-team/sparrow/blob/main/docs/sparrow_run.md
-#startupConfig:
-  #apiAddress:
-  #loaderFilePath: /runconfig/checks.yaml
-  #loaderHttpRetryCount:
-  #loaderHttpRetryDelay:
-  #loaderHttpTimeout:
-  #loaderHttpToken:
-  #loaderHttpUrl:
-  #loaderInterval:
-  #loaderType: file
-
-# runtime configuration of the Sparrow
+# startupConfig:
+#   apiAddress:
+#   loaderFilePath: /runconfig/checks.yaml
+#   loaderHttpRetryCount:
+#   loaderHttpRetryDelay:
+#   loaderHttpTimeout:
+#   loaderHttpToken:
+#   loaderHttpUrl:
+#   loaderInterval:
+#   loaderType: http | file
+
+# -- runtime configuration of the Sparrow
 # see: https://github.com/caas-team/sparrow#runtime
 runtimeConfig:
-  enabled: true
-  healthEndpoint: false
-  latency:
+  health:
     enabled: true
-    interval: 1
-    timeout: 3
-    retry:
-      count: 3
-      delay: 1
-  targets:
-    - "https://www.example.com/"
-    - "https://www.google.com/"
+    targets:
+      - "https://www.example.com/"
+      - "https://www.google.com/"
+    healthEndpoint: false