Skip to content

Commit

Permalink
Feat/readme rewrite (nixys#54)
Browse files Browse the repository at this point in the history 
* Readme rewrite to improve readability
  • Loading branch information
@artemdanielyan
artemdanielyan authored Sep 13, 2023
1 parent c897f1d commit 6193449
Show file tree
Hide file tree
Showing 10 changed files with 603 additions and 560 deletions.
635 changes: 225 additions & 410 deletions README.md
View file

Large diffs are not rendered by default.

210 changes: 210 additions & 0 deletions docs/ADDITIONAL_FEATURES.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,210 @@
## Configuration and installation details

### Using private registries

To use images from private registers, add your ".dockerauthconfig" to `imagePullSecrets` in the common block. This will
create secrets that include auth from the register and will be used in all workloads.

```yaml
imagePullSecrets:
my-registry: |
{"auths":{"registry.org":{"auth":"cnd1c2VyOnNlY3VyZVBANXM="}}}
some-private-hub: b64:eyJhdXRocyI6eyJyZWdpc3RyeS5vcmciOnsiYXV0aCI6ImNuZDFjMlZ5T25ObFkzVnlaVkJBTlhNPSJ9fX0=
```
If a secrets with registry credentials already was added to namespace, you can use `generic.extraImagePullSecrets` to
add pull secrets to all your workloads or `extraImagePullSecrets` directly in the workload like in Kubernetes manifest
by specifying names of the corresponding secrets.

```yaml
generic:
extraImagePullSecrets:
- name: my-registry-secret-name
```

```yaml
deployments:
my-app:
...
extraImagePullSecrets:
- name: my-registry-secret-name
...
```

### Secrets features

Working with the secrets data you can use values with the next types:

* string - usual string values will be encoded to base64 string
* base64 encoded string with `b64:` prefix - value will be used as is without prefix
* json - json will be encoded to base64 string

#### Secret from string

Values file:

```yaml
secrets:
secret-file:
data:
api.key: "JFczZwReBkJFczZwReBkJFczZwReBkJFczZwReBk"
extra-envs:
data:
BAR: foo
```

`--set` analog:

```bash
--set "secrets.secret-file.data.api\.key=$SOME_ENV_WITH_STRING"
--set "secrets.extra-envs.data.BAR=foo"
```

#### Secret from base64 encoded string

Values file:

```yaml
secrets:
secret-file:
data:
api.key: "b64:SkZjelp3UmVCa0pGY3pad1JlQmtKRmN6WndSZUJrSkZjelp3UmVCaw=="
```

`--set` analog:

```bash
--set "secrets.secret-file.data.api\.key=b64:$(echo -n $SOME_ENV|base64 -w0)"
```

#### Secret from json

Values file:

```yaml
secrets:
json-file:
data:
file.json: {
"arg": "value"
}
```

`--set` analog:

```bash
--set "secrets.json-file.data.file\.json=$(printf %q $(cat file.json))"
```

or

```bash
--set-file "secrets.json-file.data.file\.json=path/to/file.json"
```

### Values Templating features

You can use go-templates as part of your values.

> **Note**
> Use single quotes to escape strings containing templates to avoid manifest generation errors.

#### Example 1

Add a pod annotation wih the check sum of the application configuration.

```yaml
deployments:
api:
podAnnotations:
checksum/app-cfg: '{{ include "helpers.workload.checksum" (index $.Values.configMaps "app-config") }}'
```

#### Example 2

Specify docker images via the `--set` flag for multiple deployments.

```yaml
deployments:
app1:
containers:
- name: app1
image: '{{ $.Values.imageRepo1 }}/{{ $.Values.imageApp1 }}'
imageTag: '{{ $.Values.imageTagApp1 }}'
...
app2:
containers:
- name: app1
image: '{{ $.Values.imageRepo2 }}/{{ $.Values.imageApp2 }}'
imageTag: '{{ $.Values.imageTagApp2 }}'
```

Create release with `--set` flag

```bash
helm install my-apps nixys/universal-chart -f values.yaml --set imageRepo1=reg.app.com,imageRepo2=reg.app.net,imageApp1=my-app1,imageTagApp1=v1,imageApp2=my-app2,imageTagApp2=v2
```

#### Example 3

Add `defaultURL` parameter to values and use it in ingress template.

```yaml
ingresses:
my-app:
...
hosts:
- hostname: '{{ $.Values.defaultURL }}'
paths:
- serviceName: nginx
servicePort: 8080
```

Create release with `--set` flag

```bash
helm install my-app nixys/universal-chart -f values.yaml --set defaultURL=demo.my-app.com
```

#### Example 4

Deploy of `NetworkPolicy` using `extraDeploy`.

```yaml
extraDeploy:
net-pol: |-
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "helpers.app.fullname" (dict "name" "nw-policy" "context" $) }}
namespace: {{ .Release.Namespace | quote }}
spec:
podSelector:
matchLabels:
role: db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
project: myproject
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
egress:
- to:
- ipBlock:
cidr: 10.0.0.0/24
ports:
- protocol: TCP
port: 5978
```
0 samples/cron-jobs.values.yml → docs/samples/cronjobs.values.yml
View file
File renamed without changes.
71 changes: 38 additions & 33 deletions samples/web-app.values.yml → docs/samples/web-app.values.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,30 @@ generic:
defaultImage: registry.org/my-app
defaultImageTag: latest

configMaps:
main-nginx-config:
data:
nginx.conf: |
worker_processes 1;
load_module modules/ngx_http_js_module.so;
events {
worker_connections 1024;
}
ingresses:
web.app.ru:
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "128m"
certManager:
issuerType: cluster-issuer
issuerName: letsencrypt
hosts:
- paths:
- serviceName: nginx
servicePort: 8080

services:
nginx:
type: "NodePort"
ports:
- name: api
protocol: TCP
port: 8080
nodePort: 30036
extraSelectorLabels:
app: my-app


deploymentsGeneral:
extraVolumes:
Expand Down Expand Up @@ -98,29 +112,16 @@ deployments:
- key: nginx.conf
path: nginx.conf

services:
nginx:
type: "NodePort"
ports:
- name: api
protocol: TCP
port: 8080
nodePort: 30036
extraSelectorLabels:
app: my-app

ingresses:
web.app.ru:
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "128m"
certManager:
issuerType: cluster-issuer
issuerName: letsencrypt
hosts:
- paths:
- serviceName: nginx
servicePort: 8080
configMaps:
main-nginx-config:
data:
nginx.conf: |
worker_processes 1;
load_module modules/ngx_http_js_module.so;
events {
worker_connections 1024;
}

secrets:
# --set "secrets.secret-files.data.api\.key=$SOME_ENV"
Expand All @@ -137,6 +138,10 @@ pvcs:
- ReadWriteMany
size: 1Gi


serviceAccount:
deployer: {}

#servicemonitors:
#- endpoints:
# - interval: 30s
Expand Down
22 changes: 11 additions & 11 deletions samples/whoami.values.yml → .../samples/whoami/app-deployment.values.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,20 @@
services:
app-web:
type: ClusterIP
ports:
- name: web
protocol: TCP
port: 80
targetPort: 8080

deployments:
whoami:
app:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- name: whoami
- name: app
image: containous/whoami
imageTag: v1.5.0
resources:
Expand All @@ -24,12 +33,3 @@ deployments:
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true

services:
whoami-web:
type: ClusterIP
ports:
- name: web
protocol: TCP
port: 80
targetPort: 8080
23 changes: 12 additions & 11 deletions samples/whoami-sts.values.yml → ...samples/whoami/app-statefulset.values.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
statefulSetsGeneral:
usePredefinedAffinity: false

services:
app-web:
type: ClusterIP
ports:
- name: web
protocol: TCP
port: 80
targetPort: 8080

statefulSets:
whoami:
serviceName: whoami-web
app:
serviceName: app-web
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- name: whoami
- name: app
image: containous/whoami
imageTag: v1.5.0
resources:
Expand All @@ -29,11 +38,3 @@ statefulSets:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true

services:
whoami-web:
type: ClusterIP
ports:
- name: web
protocol: TCP
port: 80
targetPort: 8080
Loading

0 comments on commit 6193449

Please sign in to comment.