diff --git a/charts/geoipupdates/Chart.yaml b/charts/geoipupdates/Chart.yaml new file mode 100644 index 000000000..828ef1d80 --- /dev/null +++ b/charts/geoipupdates/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +description: MaxMind GeoIP database updater +name: geoipupdates +version: 0.0.1 +appVersion: "v7.0.1" +maintainers: +- email: jenkins-infra-team@googlegroups.com + name: jenkins-infra-team diff --git a/charts/geoipupdates/templates/_helpers.tpl b/charts/geoipupdates/templates/_helpers.tpl new file mode 100644 index 000000000..569ff3f01 --- /dev/null +++ b/charts/geoipupdates/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "geoipupdate.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "geoipupdate.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "geoipupdate.selectorLabels" -}} +app.kubernetes.io/name: geoipupdate +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "geoipupdate.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "geoipupdate.labels" -}} +{{ include "geoipupdate.selectorLabels" . }} +helm.sh/chart: {{ include "geoipupdate.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/charts/geoipupdates/templates/deployment.yaml b/charts/geoipupdates/templates/deployment.yaml new file mode 100644 index 000000000..9e482a44f --- /dev/null +++ b/charts/geoipupdates/templates/deployment.yaml @@ -0,0 +1,74 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "geoipupdate.fullname" . }} + labels: +{{ include "geoipupdate.labels" . | indent 4 }} +spec: + replicas: 1 # Do not scale up or you will run in trouble + selector: + matchLabels: +{{ include "geoipupdate.selectorLabels" . | indent 6 }} + template: + metadata: + labels: +{{ include "geoipupdate.selectorLabels" . | indent 8 }} + spec: + automountServiceAccountToken: false + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: geoipupdate + image: "{{ .Values.image }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- with .Values.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: geoipdata + mountPath: /usr/share/GeoIP + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: GEOIPUPDATE_EDITION_IDS + value: {{ .Values.geoipupdate.editions }} + - name: GEOIPUPDATE_FREQUENCY + value: {{ .Values.geoipupdate.update_frequency | quote }} + envFrom: + - secretRef: + name: {{ include "geoipupdate.fullname" . }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: geoipdata + {{- if .Values.dataVolume }} + {{- toYaml .Values.dataVolume | nindent 10 }} + {{- else }} + emptyDir: {} + {{- end }} + - name: tmpdir + emptyDir: + medium: "Memory" +... diff --git a/charts/geoipupdates/templates/secret.yaml b/charts/geoipupdates/templates/secret.yaml new file mode 100644 index 000000000..056a7fa95 --- /dev/null +++ b/charts/geoipupdates/templates/secret.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.geoipupdate.account_id .Values.geoipupdate.license_key }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "geoipupdate.fullname" . }} +type: Opaque +data: + GEOIPUPDATE_ACCOUNT_ID: {{ .Values.geoipupdate.account_id | b64enc }} + GEOIPUPDATE_LICENSE_KEY: {{ .Values.geoipupdate.license_key | b64enc }} +{{- end }} diff --git a/charts/geoipupdates/tests/defaults_test.yaml b/charts/geoipupdates/tests/defaults_test.yaml new file mode 100644 index 000000000..ad56a7bbd --- /dev/null +++ b/charts/geoipupdates/tests/defaults_test.yaml @@ -0,0 +1,52 @@ +suite: default tests +templates: + - deployment.yaml +tests: + - it: should define the default "mirrorbits" deployment with default imagePullPolicy and metadata labels + template: deployment.yaml + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Deployment + - equal: + path: spec.template.metadata.labels["app.kubernetes.io/name"] + value: "geoipupdate" + - equal: + path: spec.template.metadata.labels["app.kubernetes.io/instance"] + value: "RELEASE-NAME" + - equal: + path: "spec.template.spec.containers[*].imagePullPolicy" + value: IfNotPresent + - equal: + path: spec.replicas + value: 1 + # GeoIP is an emptyDir, with default mountpath + - equal: + path: spec.template.spec.volumes[0].name + value: geoipdata + - equal: + path: spec.template.spec.volumes[0].emptyDir + value: {} + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].name + value: geoipdata + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].mountPath + value: /usr/share/GeoIP + - equal: + path: spec.template.spec.containers[0].volumeMounts[0].readOnly + value: false + # Env. variables + - equal: + path: spec.template.spec.containers[0].env[0].name + value: GEOIPUPDATE_EDITION_IDS + - equal: + path: spec.template.spec.containers[0].env[0].value + value: GeoLite2-ASN GeoLite2-City GeoLite2-Country + - equal: + path: spec.template.spec.containers[0].env[1].name + value: GEOIPUPDATE_FREQUENCY + - equal: + path: spec.template.spec.containers[0].env[1].value + value: "24" diff --git a/charts/geoipupdates/values.yaml b/charts/geoipupdates/values.yaml new file mode 100644 index 000000000..538ebb86e --- /dev/null +++ b/charts/geoipupdates/values.yaml @@ -0,0 +1,39 @@ +image: ghcr.io/maxmind/geoipupdate +imagePullSecrets: [] +imagePullPolicy: IfNotPresent +# securityContext: +# Secret values, set to empty below for reference: +geoipupdate: + account_id: "" + license_key: "" + editions: GeoLite2-ASN GeoLite2-City GeoLite2-Country + update_frequency: 24 +podSecurityContext: {} +# fsGroup: 2000 +containerSecurityContext: {} +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true +# runAsNonRoot: true +# runAsUser: 1000 +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +nodeSelector: {} +tolerations: [] +affinity: {} + +## Defines the geoipdata volume +## Example with a statically provisionned PVC; +# dataVolume: +# persistentVolumeClaim: +# claimName: existing-pvc