ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GHP publish

Browse Source
This commit is contained in:
ace
2021-01-17 04:09:41 +03:00
commit 9fe2c2adf2
457 changed files with 40068 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pypiserver/.helmignore Normal file
View File

@ -0,0 +1,2 @@
.git
OWNERS

69
pypiserver/CHANGELOG.md Normal file
View File

@ -0,0 +1,69 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2.2.1]
### Fixed
- Can now pass in empty `auth.actions` without pypiserver erroring
## [2.2.0]
### Changed
- Allowed configuration of user and group
- Allowed mountPropagation field configuration for a PV
## [2.1.0]
### Changed
- Changed apiVersion of Deployment from extensions/v1beta1 to apps/v1 (not considered a breaking change as it's availble since v1.9)
- Changed apiVersion of Ingress from extensions/v1beta1 to networking.k8s.io/v1beta1 (not considered a breaking change as it's availble since v1.14)
- Fixing continuous integration
## [2.0.0]
### Breaking Changes
- `podLabels` replaces `deployment.labels`
### Added
- Added `podAnnotations` and `podLabels` to deployment template
- Added `apiVersion` to `Chart.yaml`
### Changed
- Bumped application version to `1.3.2`
- Changed comment in `values.yaml`
## [1.1.0]
### Added
- Ability to add labels to deployments/pods:
The deployment.labels map is applied to the deployment and the pods
- Ability supply additional command line arguments to pypiserver:
The pypiserver.extraArgs list is added to the pypiserver startup command
### Changed
- Default appVersion (version of pypiserver) is now 1.3.0
### Removed
## [1.0.1]
### Added
- Bug fix: Setting fsGroup to 1000 in case of enabled persistence
(due to possibly missing write permissions as volumes are mounted as root owned folder by docker)
### Changed
### Removed

14
pypiserver/Chart.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
appVersion: 1.3.2
description: PyPI compatible server for pip or easy_install.
home: https://github.com/pypiserver/pypiserver
icon: https://raw.githubusercontent.com/pypiserver/pypiserver/master/pypiserver_logo.png
maintainers:
- email: clement@gautier.im
name: ClementGautier
name: pypiserver
sources:
- https://github.com/owkin/charts/tree/master/pypiserver
- https://github.com/pypiserver/pypiserver
- https://pypi.org/project/pypiserver/
version: 2.2.1

85
pypiserver/README.md Normal file
View File

@ -0,0 +1,85 @@
# PyPi Sever Helm Chart
This chart installs a PyPI server
## Prerequisites Details
- Kubernetes 1.6+
- PV dynamic provisioning support on the underlying infrastructure
## Todo
- Document a setup using a `ReadWriteMany` storage that is resilient and scallable.
- Maybe use part of pypicloud in order to use S3 or GCS backend storage.
## Adding the repo
To add the repo to helm with the name `owkin`:
```bash
$ helm repo add owkin https://owkin.github.io/charts
```
## Installing the Chart
To install the chart with the release name `my-release`:
```bash
$ helm install --name my-release owkin/pypiserver
```
## Upgrading the Charts
Updating the chart is as straightforward as updating the helm release
```bash
$ helm upgrade my-release owkin/pypiserver
```
## Configuration
The following tables lists the configurable parameters of the PyPI server chart and their default values.
| Parameter | Description | Default |
| ---------------------------------- | ---------------------------------------------------------------------------------------- | ----------------------- |
| `replicaCount` | Deployment replica count | `1` |
| `image.repository` | Container image repository | `pypiserver/pypiserver` |
| `image.tag` | Container image name | `v1.3.2` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.pullSecrets` | Container pull secrets | `[]` |
| `pypiserver.extraArgs` | Additional arguments (beside -P, -p, -a) to be passed to the underyling pypiserver image | `[]` |
| `auth.actions` | Actions requiring authentication (comma separated list) | `update` |
| `auth.credentials` | Map of username / encoded password to write in a htpasswd file | `{}` |
| `ingress.enabled` | Ingress configuration flag | `false` |
| `ingress.labels` | Ingress labels | `{}` |
| `ingress.annotations` | Ingress annotations | `{}` |
| `ingress.path` | Ingress path | `nil` |
| `ingress.hosts` | Ingress hosts | `nil` |
| `ingress.tls` | Ingress TLS configuration | `[]` |
| `service.type` | Service type | `ClusterIP` |
| `service.port` | Service port | `8080` |
| `service.annotations` | Service annotations | `{}` |
| `service.labels` | Service labels | `{}` |
| `service.clusterIP` | Service cluster IP | `""` |
| `service.externalIPs` | Service external IPs | `[]` |
| `service.loadBalancerIP` | Service load balancer IP | `""` |
| `service.loadBalancerSourceRanges` | Service load balancer CIDR ranges | `[]` |
| `service.nodePort` | Service node port | `nil` |
| `persistence.enabled` | Persistence configuration flag | `false` |
| `persistence.storageClass` | Persistence storage class | `nil` |
| `persistence.existingClaim` | Persistent volume claim static name | `nil` |
| `persistence.accessMode` | Persistence access mode | `ReadWriteOnce` |
| `persistence.size` | Persistence volume size | `5Gi` |
| `persistence.mountPropagation` | Mount propagation method | `nil` |
| `securityContext.enabled` | Security context configuration flag | `true` |
| `securityContext.runAsUser` | User ID to run as | `0` |
| `securityContext.runAsGroup` | Group ID to run as | `0` |
| `securityContext.fsGroup` | Filesystem volume owner | `1000` |
| `resources` | Resources configuration bloc | `{}` |
| `nodeSelector` | Node selector of the deployment | `{}` |
| `tolerations` | Tolerations configuration for the deployment | `[]` |
| `affinity` | Affinity of the deployment | `{}` |
| `podLabels` | Extra labels applied to the pod | `{}` |
| `podAnnotations` | Extra annotations applied to the pod | `{}` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.

19
pypiserver/templates/NOTES.txt Normal file
View File

@ -0,0 +1,19 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "pypiserver.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ template "pypiserver.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "pypiserver.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "pypiserver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:{{ .Values.service.port }}
{{- end }}

16
pypiserver/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,16 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "pypiserver.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "pypiserver.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}

107
pypiserver/templates/deployment.yaml Normal file
View File

@ -0,0 +1,107 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "pypiserver.fullname" . }}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app.kubernetes.io/name: {{ template "pypiserver.name" . }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "pypiserver.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "pypiserver.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.podAnnotations }}
{{- range $key, $value := .Values.podAnnotations }}
{{$key|quote}}: {{$value|quote}}
{{- end }}
{{- end }}
spec:
{{- with .Values.image.pullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
containers:
- name: {{ template "pypiserver.name" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["pypi-server"]
args:
- --passwords={{ if .Values.auth.actions }}/config/.htpasswd{{ else }}.{{ end }}
- --authenticate={{ .Values.auth.actions | default "." }}
- --port=8080
{{- range .Values.pypiserver.extraArgs }}
- {{ . }}
{{- end }}
- /data/packages
ports:
- name: http
containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /data/packages
name: packages
mountPropagation: {{ .Values.persistence.mountPropagation }}
- mountPath: /config
name: secrets
readOnly: true
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
timeoutSeconds: 5
failureThreshold: 6
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 5
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
- name: secrets
secret:
secretName: {{ template "pypiserver.fullname" . }}
- name: packages
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "pypiserver.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{ end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

39
pypiserver/templates/ingress.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "pypiserver.fullname" . -}}
{{- $servicePort := .Values.service.port -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
app.kubernetes.io/name: {{ template "pypiserver.name" . }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end }}

26
pypiserver/templates/pvc.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.persistence.enabled -}}
{{- if not .Values.persistence.existingClaim -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "pypiserver.fullname" . }}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app.kubernetes.io/name: {{ template "pypiserver.name" . }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}

15
pypiserver/templates/secret.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Secret
type: Opaque
stringData:
.htpasswd: |-
{{- range $key, $value := .Values.auth.credentials }}
{{ $key }}:{{ $value }}
{{- end }}
metadata:
name: {{ template "pypiserver.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "pypiserver.name" . }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}

49
pypiserver/templates/service.yaml Normal file
View File

@ -0,0 +1,49 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "pypiserver.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "pypiserver.name" . }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.service.labels }}
{{- toYaml .Values.service.labels | nindent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
annotations:
{{- toYaml .Values.service.annotations | nindent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
type: ClusterIP
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.service.type }}
{{- end }}
{{- if .Values.service.externalIPs }}
externalIPs:
{{ toYaml .Values.service.externalIPs | indent 4 }}
{{- end }}
ports:
- name: http
port: {{ .Values.service.port }}
protocol: TCP
targetPort: 8080
{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
nodePort: {{.Values.service.nodePort}}
{{ end }}
selector:
app.kubernetes.io/name: {{ template "pypiserver.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

97
pypiserver/values.yaml Normal file
View File

@ -0,0 +1,97 @@
## If you want more than 1 replica you will have to use a ReadWriteMany volume
replicaCount: 1
image:
repository: pypiserver/pypiserver
tag: v1.3.2
pullPolicy: IfNotPresent
pullSecrets: []
pypiserver:
# for a list of options see: https://github.com/pypiserver/pypiserver
extraArgs: []
# - --disable-fallback
# - --log-conf=/path/to/file
auth:
## comma-separated list of (case-insensitive) actions to authenticate
## Use '.' or '' for empty. Requires to have set the password (option below).
## Available actions are update, download and list
actions: update
## Map of username / encoded passwords that will be put to the htpasswd file
## use `htpasswd -n -b username password` to generate them
credentials: {}
podAnnotations: {}
podLabels: {}
ingress:
enabled: false
labels: {}
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# path: "/pypiserver"
tls: []
# - secretName: pypiserver.cluster.local
# hosts:
# - pypiserver.cluster.local
service:
type: ClusterIP
port: 8080
annotations: {}
labels: {}
clusterIP: ""
## List of IP addresses at which the pypiserver service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
externalIPs: []
loadBalancerIP: ""
loadBalancerSourceRanges: []
# nodePort: 30000
persistence:
enabled: false
## PyPi server packages Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC
## using the existingClaim variable
# existingClaim: your-claim
##
## The Access mode should be ReadWriteMany if you decide to scale up to more
## than one replica
accessMode: ReadWriteOnce
size: 5Gi
mountPropagation: None
securityContext:
enabled: true
runAsUser: 0
runAsGroup: 0
fsGroup: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}