feat(deploy): Create Helm charts

Author: korewaChino

charts/chisel-operator/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/chisel-operator/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: chisel-operator
+description: Kubernetes Operator for deploying Chisel reverse proxies
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.3.0"

charts/chisel-operator/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chisel-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chisel-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chisel-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "chisel-operator.labels" -}}
+helm.sh/chart: {{ include "chisel-operator.chart" . }}
+{{ include "chisel-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "chisel-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "chisel-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "chisel-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "chisel-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/chisel-operator/templates/crds/exit-node-provisioner.yaml

@@ -0,0 +1,101 @@
+
+
+{{- if .Values.createCrds }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: exitnodeprovisioners.chisel-operator.io
+spec:
+  group: chisel-operator.io
+  names:
+    categories: []
+    kind: ExitNodeProvisioner
+    plural: exitnodeprovisioners
+    shortNames: []
+    singular: exitnodeprovisioner
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns: []
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: Auto-generated derived type for ExitNodeProvisionerSpec via `CustomResource`
+        properties:
+          spec:
+            description: ExitNodeProvisioner is a custom resource that represents a Chisel exit node provisioner on a cloud provider.
+            oneOf:
+            - required:
+              - DigitalOcean
+            - required:
+              - Linode
+            - required:
+              - AWS
+            properties:
+              AWS:
+                properties:
+                  auth:
+                    description: Reference to a secret containing the AWS access key ID and secret access key, under the `access_key_id` and `secret_access_key` secret keys
+                    type: string
+                  region:
+                    description: Region ID for the AWS region to provision the exit node in See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
+                    type: string
+                  security_group:
+                    description: Security group name to use for the exit node, uses the default security group if not specified
+                    nullable: true
+                    type: string
+                  size:
+                    default: t2.micro
+                    description: Size for the EC2 instance See https://aws.amazon.com/ec2/instance-types/
+                    type: string
+                required:
+                - auth
+                - region
+                type: object
+              DigitalOcean:
+                properties:
+                  auth:
+                    description: Reference to a secret containing the DigitalOcean API token, under the `DIGITALOCEAN_TOKEN` secret key
+                    type: string
+                  region:
+                    default: ''
+                    description: Region ID of the DigitalOcean datacenter to provision the exit node in If empty, DigitalOcean will randomly select a region for you, which might not be what you want See https://slugs.do-api.dev/
+                    type: string
+                  size:
+                    default: s-1vcpu-1gb
+                    description: Size for the DigitalOcean droplet See https://slugs.do-api.dev/
+                    type: string
+                  ssh_fingerprints:
+                    default: []
+                    description: SSH key fingerprints to add to the exit node
+                    items:
+                      type: string
+                    type: array
+                required:
+                - auth
+                type: object
+              Linode:
+                properties:
+                  auth:
+                    description: Name of the secret containing the Linode API token, under the `LINODE_TOKEN` secret key
+                    type: string
+                  region:
+                    description: Region ID of the Linode datacenter to provision the exit node in See https://api.linode.com/v4/regions
+                    type: string
+                  size:
+                    default: g6-nanode-1
+                    description: Size for the Linode instance See https://api.linode.com/v4/linode/
+                    type: string
+                required:
+                - auth
+                - region
+                type: object
+            type: object
+        required:
+        - spec
+        title: ExitNodeProvisioner
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+
+{{- end }}

charts/chisel-operator/templates/crds/exit-node.yaml

@@ -0,0 +1,95 @@
+{{- if .Values.createCrds -}}
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: exitnodes.chisel-operator.io
+spec:
+  group: chisel-operator.io
+  names:
+    categories: []
+    kind: ExitNode
+    plural: exitnodes
+    shortNames: []
+    singular: exitnode
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns: []
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: Auto-generated derived type for ExitNodeSpec via `CustomResource`
+        properties:
+          spec:
+            description: ExitNode is a custom resource that represents a Chisel exit node. It will be used as the reverse proxy for all services in the cluster.
+            properties:
+              auth:
+                description: Optional authentication secret name to connect to the control plane
+                nullable: true
+                type: string
+              chisel_image:
+                description: Optional value for the chisel client image used to connect to the chisel server If not provided, jpillora/chisel:latest is used
+                nullable: true
+                type: string
+              default_route:
+                default: false
+                description: Optional boolean value for whether to make the exit node the default route for the cluster If true, the exit node will be the default route for the cluster default value is false
+                type: boolean
+              external_host:
+                description: Optional real external hostname/IP of exit node If not provided, the host field will be used
+                nullable: true
+                type: string
+              fingerprint:
+                description: Optional but highly recommended fingerprint to perform host-key validation against the server's public key
+                nullable: true
+                type: string
+              host:
+                description: Hostname or IP address of the chisel server
+                type: string
+              port:
+                description: Control plane port of the chisel server
+                format: uint16
+                minimum: 0.0
+                type: integer
+            required:
+            - host
+            - port
+            type: object
+          status:
+            nullable: true
+            properties:
+              id:
+                nullable: true
+                type: string
+              ip:
+                type: string
+              name:
+                type: string
+              provider:
+                type: string
+              service_binding:
+                nullable: true
+                properties:
+                  name:
+                    type: string
+                  namespace:
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+            required:
+            - ip
+            - name
+            - provider
+            type: object
+        required:
+        - spec
+        title: ExitNode
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+
+{{- end -}}

charts/chisel-operator/templates/deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "chisel-operator.fullname" . }}
+  labels:
+    name: {{- include "chisel-operator.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount}}
+  selector:
+    matchLabels:
+      {{- include "chisel-operator.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "chisel-operator.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.serviceAccount.create }}
+      serviceAccountName: {{ include "chisel-operator.serviceAccountName" . }}
+      automountServiceAccountToken: true # This is required
+      {{- end }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "chisel-operator.serviceAccountName" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+