Add nfs-ganesha chart (#30)

* Improve doc for Hobbyfarm chart Dump version to 0.1.4 * Improve doc of GitLab runner chart Dump version to 0.1.2 * Retrieve existing doc on Concourse chart * Add nfs-ganesha chart
devpro · Feb 2, 2024 · 9f07fe2 · 9f07fe2
1 parent a8fd63e
commit 9f07fe2
Show file tree

Hide file tree

Showing 16 changed files with 241 additions and 23 deletions.
diff --git a/README.md b/README.md
@@ -69,6 +69,7 @@ Helm charts to ease the deployment of containers on Kubernetes clusters and get
   * [Longhorn](charts/longhorn/README.md) 🗸
   * [MinIO](charts/minio/README.md) 🗸
   * [s3gw](charts/s3gw/README.md) 🗸
+  * [NFS-Ganesha](charts/nfs-ganesha/README.md) 🗸
 * Supply Chain (Software Factory)
   * [ArgoCD](charts/argo-cd/README.md) 🗸
   * [Argo Rollouts](charts/argo-rollouts/README.md)

diff --git a/charts/concourse/README.md b/charts/concourse/README.md
@@ -2,3 +2,61 @@
 
 This Helm chart will install [Concourse](https://concourse-ci.org/) ([docs](https://concourse-ci.org/docs.html))
 and is based from the [official Helm chart](https://github.com/concourse/concourse-chart).
+
+## Chart
+
+```bash
+helm repo add concourse https://concourse-charts.storage.googleapis.com/
+helm repo update
+
+# helm template concourse/concourse --namespace my_namespace -f values.yaml > temp.yaml
+
+helm install my-name concourse/concourse --set concourse.web.externalUrl=my-domain.com --set web.ingress.enabled=true --set web.ingress.hosts[0]=my-domain.com --set web.ingress.tls[0].secretName=domain-web-tls --set web.ingress.tls[0].hosts[0]=my-domain.com
+
+# (Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: [unknown object type "nil" in ConfigMap.data.config-rbac.yml, unknown object type "nil" in ConfigMap.data.main-team.yml])
+```
+
+## Stable chart (deprecated)
+
+See [helm/chart](https://github.com/helm/charts/tree/master/stable/concourse) ([values.yaml](https://github.com/helm/charts/blob/master/stable/concourse/values.yaml))
+
+This is the old version but it works on AKS (just need to wait for all pods to be green, with attachment to pvc and startup).
+
+```bash
+# create or configure the concourse ingress (edit the service name)
+kubectl apply -f ingress.yaml
+
+# check the ingress
+kubectl get ingress
+
+# check the secret
+kubectl get secrets
+
+# wait for the certificate to be ready
+kubectl get certificate domain-web-tls
+
+# activate ingress
+helm install my-name stable/concourse --set concourse.web.externalUrl=https://my-domain.com/ --set web.ingress.enabled=true --set web.ingress.hosts[0]=my-domain.com --set web.ingress.tls[0].secretName=domain-web-tls --set web.ingress.tls[0].hosts[0]=my-domain.com --set secrets.localUsers="test:mysecretpassword" --set web.resources.requests.cpu="200m" --set web.resources.requests.memory="256Mi"
+
+# wait for the web pod to be ready
+kubectl get pods
+
+# login
+fly --target localhost login --concourse-url https://my-domain.com/
+
+# uninstall the chart
+helm delete my-name
+
+# clean-up the persistant volumes
+kubectl delete pvc ...
+
+# delete the auth namespaces
+kubectl delete namespace my-name-main
+```
+
+## Known issues
+
+https://discuss.concourse-ci.org/t/concourse-installed-by-helm-chart/1819/5
+https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#gzip-types
+https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml
+https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
diff --git a/charts/concourse/templates/ingress.yaml b/charts/concourse/templates/ingress.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: concourse-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/issuer: letsencrypt-poc
+spec:
+  tls:
+    - hosts:
+        - my-domain.com
+      secretName: domain-web-tls
+  rules:
+    - host: my-domain.com
+      http:
+        paths:
+          - path: /
+            backend:
+              serviceName: concourse-stable-web
+              servicePort: 8080
diff --git a/charts/gitlab-runner/Chart.yaml b/charts/gitlab-runner/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: gitlab-runner
 description: Helm chart for managing GitLab Runner
 type: application
-version: "0.1.1"
+version: "0.1.2"
 appVersion: "15.6.1"
 dependencies:
   - name: gitlab-runner

diff --git a/charts/gitlab-runner/README.md b/charts/gitlab-runner/README.md
@@ -32,12 +32,12 @@ helm template gitlab-runner . -f values.yaml \
 
 # creates helm release to have ubuntu/docker runners
 helm upgrade --install gitlab-runner-ubuntu-docker . -f values.yaml \
-  --set gitlab-runner.gitlabUrl=https://gitlab.${NGINX_PUBLIC_IP}.sslip.io/ \
-  --set gitlab-runner.runnerRegistrationToken=**** \
-  --set gitlab-runner.runners.executor=kubernetes \
-  --set gitlab-runner.runners.tags="docker" \
-  --set gitlab-runner.runners.name="Ubuntu Docker image" \
-  --namespace supply-chain
+--set gitlab-runner.gitlabUrl=https://gitlab.${NGINX_PUBLIC_IP}.sslip.io/ \
+--set gitlab-runner.runnerRegistrationToken=**** \
+--set gitlab-runner.runners.executor=kubernetes \
+--set gitlab-runner.runners.tags="docker" \
+--set gitlab-runner.runners.name="Ubuntu 20.04 Docker Runner (<project name>)" \
+--namespace supply-chain
 
 # docker executor doesn't seem to work even with privileged set to true (can be checked by looking at the /configmaps/config.template.toml file)
 # from GitLab run: ERROR: Failed to remove network for build ERROR: Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (docker.go:739:0s)

diff --git a/charts/hobbyfarm/Chart.yaml b/charts/hobbyfarm/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: hobbyfarm
 description: Helm chart for managing HobbyFarm
 type: application
-version: "0.1.3"
+version: "0.1.4"
 appVersion: "2.0.8"
 dependencies:
   - name: hobbyfarm

diff --git a/charts/hobbyfarm/README.md b/charts/hobbyfarm/README.md
@@ -53,20 +53,21 @@ helm template hobbyfarm . -f values.yaml \
 NGINX_PUBLIC_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].ip}'`
 
 # applies the manifest (add "--debug > output.yaml" in case of issue)
+# password: admin (Sup3r@dmin)
 helm upgrade --install hobbyfarm-beta . -f values.yaml --create-namespace \
-  --set hobbyfarm.ingress.enabled=true \
-  --set hobbyfarm.ingress.annotations.'cert-manager\.io/cluster-issuer'=letsencrypt-prod \
-  --set hobbyfarm.ingress.className=nginx \
-  --set hobbyfarm.ingress.tls.enabled=true \
-  --set hobbyfarm.ingress.tls.secrets.admin=hf-admin-tls \
-  --set hobbyfarm.ingress.tls.secrets.backend=hf-backend-tls \
-  --set hobbyfarm.ingress.tls.secrets.shell=hf-shell-tls \
-  --set hobbyfarm.ingress.tls.secrets.ui=hf-ui-tls \
-  --set hobbyfarm.ingress.hostnames.admin=admin.hf.${NGINX_PUBLIC_IP}.sslip.io \
-  --set hobbyfarm.ingress.hostnames.backend=api.hf.${NGINX_PUBLIC_IP}.sslip.io \
-  --set hobbyfarm.ingress.hostnames.shell=shell.hf.${NGINX_PUBLIC_IP}.sslip.io \
-  --set hobbyfarm.ingress.hostnames.ui=learn.hf.${NGINX_PUBLIC_IP}.sslip.io \
-  --set hobbyfarm.terraform.enabled=false \
-  --set hobbyfarm.users.admin.enabled=true \
-  --namespace hobbyfarm-beta
+--set hobbyfarm.ingress.enabled=true \
+--set hobbyfarm.ingress.annotations.'cert-manager\.io/cluster-issuer'=letsencrypt-prod \
+--set hobbyfarm.ingress.className=nginx \
+--set hobbyfarm.ingress.tls.enabled=true \
+--set hobbyfarm.ingress.tls.secrets.admin=hf-admin-tls \
+--set hobbyfarm.ingress.tls.secrets.backend=hf-backend-tls \
+--set hobbyfarm.ingress.tls.secrets.shell=hf-shell-tls \
+--set hobbyfarm.ingress.tls.secrets.ui=hf-ui-tls \
+--set hobbyfarm.ingress.hostnames.admin=admin.hf.${NGINX_PUBLIC_IP}.sslip.io \
+--set hobbyfarm.ingress.hostnames.backend=api.hf.${NGINX_PUBLIC_IP}.sslip.io \
+--set hobbyfarm.ingress.hostnames.shell=shell.hf.${NGINX_PUBLIC_IP}.sslip.io \
+--set hobbyfarm.ingress.hostnames.ui=learn.hf.${NGINX_PUBLIC_IP}.sslip.io \
+--set hobbyfarm.terraform.enabled=false \
+--set hobbyfarm.users.admin.enabled=true \
+--namespace hobbyfarm-beta
 ```
diff --git a/charts/nfs-ganesha/.helmignore b/charts/nfs-ganesha/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/nfs-ganesha/CONTRIBUTING.md b/charts/nfs-ganesha/CONTRIBUTING.md
@@ -0,0 +1,18 @@
+# Contribute
+
+## How to check the manifest before deployment
+
+```bash
+# checks the Kubernetes objects generated from the chart
+helm template nfs-ganesha . -f values.yaml \
+--namespace nfs-ganesha > temp.yaml
+```
+
+## How to check the chart
+
+```bash
+# applies the manifest on a cluster
+helm upgrade --install nfs-ganesha . -f values.yaml --create-namespace \
+--namespace nfs-ganesha
+# --debug > output.yaml
+```
diff --git a/charts/nfs-ganesha/Chart.yaml b/charts/nfs-ganesha/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: nfs-ganesha
+description: Helm chart for managing NFS-Ganesha
+type: application
+version: "0.1.0"
+appVersion: "1.0.0"
+dependencies: []
+maintainers:
+  - name: devpro
+    email: bertrand@devpro.fr
+home: https://github.com/devpro/helm-charts/tree/main/charts/nfs-ganesha
diff --git a/charts/nfs-ganesha/README.md b/charts/nfs-ganesha/README.md
@@ -0,0 +1,14 @@
+# Helm chart for NFS-Ganesha
+
+This Helm chart will install [NFS-Ganesha](https://nfs-ganesha.github.io/) ([code](https://github.com/nfs-ganesha/nfs-ganesha)) on a Kubernetes cluster.
+
+## Installation
+
+```bash
+# installs the chart with default parameters
+helm upgrade --install nfs-ganesha devpro/nfs-ganesha --create-namespace --namespace nfs-ganesha
+```
+
+## Open collaboration
+
+Look at the [contributing guide](CONTRIBUTING.md).
diff --git a/charts/nfs-ganesha/templates/NOTES.txt b/charts/nfs-ganesha/templates/NOTES.txt
diff --git a/charts/nfs-ganesha/templates/_helpers.tpl b/charts/nfs-ganesha/templates/_helpers.tpl
diff --git a/charts/nfs-ganesha/templates/deployment.yaml b/charts/nfs-ganesha/templates/deployment.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ .Values.name }}
+  name: {{ .Values.name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.name }}
+  template:
+    metadata:
+      labels:
+        app: nfs-ganesha
+    spec:
+      containers:
+        - name: container-0
+          image: {{ .Values.image }}:{{ .Values.tag }}
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 2049
+              name: nfsv4
+              protocol: TCP
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+                - DAC_READ_SEARCH
+            privileged: true
+          volumeMounts:
+            - mountPath: /data/nfs
+              name: share
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      volumes:
+        - emptyDir: {}
+          name: share
diff --git a/charts/nfs-ganesha/templates/service.yaml b/charts/nfs-ganesha/templates/service.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.name }}-nodeport
+spec:
+  selector:
+    app: {{ .Values.name }}
+  type: NodePort
+  ports:
+    - name: nfsv4
+      nodePort: 32049
+      port: 2049
+      protocol: TCP
+      targetPort: 2049
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.name }}
+spec:
+  selector:
+    app: {{ .Values.name }}
+  type: ClusterIP
+  ports:
+    - name: nfsv4
+      port: 2049
+      protocol: TCP
+      targetPort: 2049
diff --git a/charts/nfs-ganesha/values.yaml b/charts/nfs-ganesha/values.yaml
@@ -0,0 +1,3 @@
+name: nfs-ganesha
+image: janeczku/nfs-ganesha
+tag: latest