Merge pull request #1 from opsta/replace-with-onechart

Sync onechart&cnpg template

Author: poomdech-opsta

.github/workflows/build.yml

@@ -0,0 +1,43 @@
+name: Build
+on:
+  push:
+    branches:
+      - '*'
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.16
+        cache: false
+
+    - name: Deps
+      run: |
+        curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+        chmod 700 get_helm.sh
+        ./get_helm.sh
+
+        wget https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz
+        tar xf kubeval-linux-amd64.tar.gz
+        sudo cp kubeval /usr/local/bin
+
+        helm plugin install https://github.com/helm-unittest/helm-unittest
+
+    - name: Check out
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 1
+
+    - name: Test
+      run: |
+        make lint
+        make kubeval
+        make test

.github/workflows/release.yml

@@ -0,0 +1,122 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+
+    - name: Checkout main
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Extract tag version
+      id: versioning
+      run: |
+        tag=${GITHUB_REF/refs\/tags\//}
+        tag=${tag#v}
+        echo "tag_version=$tag" >> $GITHUB_OUTPUT
+
+    - name: Extract chart versions
+      id: chart_versions
+      run: |
+        ONECHART_VERSION=$(grep '^version:' charts/onechart/Chart.yaml | awk '{print $2}')
+        CRON_JOB_VERSION=$(grep '^version:' charts/cron-job/Chart.yaml | awk '{print $2}')
+        STATIC_SITE_VERSION=$(grep '^version:' charts/static-site/Chart.yaml | awk '{print $2}')
+
+        echo "onechart_version=$ONECHART_VERSION" >> $GITHUB_OUTPUT
+        echo "cron_job_version=$CRON_JOB_VERSION" >> $GITHUB_OUTPUT
+        echo "static_site_version=$STATIC_SITE_VERSION" >> $GITHUB_OUTPUT
+
+    - name: Ensure tag and chart versions match
+      run: |
+        echo "Tag version: $TAG_VERSION"
+        echo "onechart version: $ONECHART_VERSION"
+        echo "cron-job version: $CRON_JOB_VERSION"
+        echo "static-site version: $STATIC_SITE_VERSION"
+
+        if [ "$TAG_VERSION" != "$ONECHART_VERSION" ]; then
+            echo "::error::Tag version ($TAG_VERSION) does not match onechart version ($ONECHART_VERSION)"
+            exit 1
+        fi
+        if [ "$TAG_VERSION" != "$CRON_JOB_VERSION" ]; then
+            echo "::error::Tag version ($TAG_VERSION) does not match cron-job version ($CRON_JOB_VERSION)"
+            exit 1
+        fi
+        if [ "$TAG_VERSION" != "$STATIC_SITE_VERSION" ]; then
+            echo "::error::Tag version ($TAG_VERSION) does not match static-site version ($STATIC_SITE_VERSION)"
+            exit 1
+        fi
+        echo "All versions match!"
+      env:
+        TAG_VERSION: ${{ steps.versioning.outputs.tag_version }}
+        ONECHART_VERSION: ${{ steps.chart_versions.outputs.onechart_version }}
+        CRON_JOB_VERSION: ${{ steps.chart_versions.outputs.cron_job_version }}
+        STATIC_SITE_VERSION: ${{ steps.chart_versions.outputs.static_site_version }}
+
+    - name: Create a Release
+      uses: elgohr/Github-Release-Action@v5
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        title: Release ${{ github.ref }}
+
+    - name: Publishing to the Helm repository
+      run: |
+        git config --global user.email "action@github.com"
+        git config --global user.name "Github Action"
+        git checkout main
+        make package
+        git add .
+        git commit -m "Publishing $TAG_VERSION to the Helm repository"
+        git push origin main
+      env:
+        TAG_VERSION: ${{ steps.versioning.outputs.tag_version }}
+
+    - name: Publish to GHCR
+      run: |
+        echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io \
+          --username ${{ github.repository_owner }} \
+          --password-stdin
+
+        helm push docs/cnpg-chart-${{ env.TAG_VERSION }}.tgz oci://ghcr.io/${{ github.repository_owner }}
+
+      env:
+        TAG_VERSION: ${{ steps.versioning.outputs.tag_version }}
+
+    - name: Preparing the next release version
+      run: |
+        git config --global user.email "action@github.com"
+        git config --global user.name "Github Action"
+        git checkout main
+
+        CURRENT_VERSION=${{ env.TAG_VERSION }}
+        NEW_VERSION=$(echo $CURRENT_VERSION | awk -F. '{printf "%d.%d.0", $1, $2+1}')
+
+        echo "Current version: $CURRENT_VERSION"
+        echo "New version will be $NEW_VERSION"
+
+        sed -i "s/^\(version:\s*\)$CURRENT_VERSION/\1$NEW_VERSION/" charts/onechart/Chart.yaml
+        sed -i "s/^\(version:\s*\)$CURRENT_VERSION/\1$NEW_VERSION/" charts/cron-job/Chart.yaml
+        sed -i "s/^\(version:\s*\)$CURRENT_VERSION/\1$NEW_VERSION/" charts/static-site/Chart.yaml
+
+        sed -i "s/$CURRENT_VERSION/$NEW_VERSION/" README.md
+        sed -i "s/$CURRENT_VERSION/$NEW_VERSION/" docs/onechart.md
+
+        git status
+        git add .
+        git commit -m "Prepare next release version $NEW_VERSION"
+        git push origin main
+      env:
+        TAG_VERSION: ${{ steps.versioning.outputs.tag_version }}

.gitignore

@@ -0,0 +1,4 @@
+.idea/
+manifests
+website/site
+website/awesome_venv

.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

README.md

@@ -14,30 +14,30 @@ OneChart is a generic Helm Chart for web applications. The idea is that most Kub
 
 You can also template and install onechart from an OCI repository as follows:
 
-> **Note:** The examples use version `0.77.0`. This will be the unreleased version if you are at the `main` branch.
+> **Note:** The examples use version `0.80.0`. This will be the unreleased version if you are at the `main` branch.
 
 > You can find the latest released version in the [releases](https://github.com/opsta/onechart/releases) page.
 
 Check the generated Kubernetes yaml:
 
 ```bash
-helm template my-release oci://ghcr.io/opsta/onechart --version 0.77.0 \
+helm template my-release oci://ghcr.io/opsta/onechart --version 0.80.0 \
   --set image.repository=nginx \
   --set image.tag=1.19.3
 ```
 
 Deploy with Helm:
 
 ```bash
-helm install my-release oci://ghcr.io/opsta/onechart --version 0.77.0 \
+helm install my-release oci://ghcr.io/opsta/onechart --version 0.80.0 \
   --set image.repository=nginx \
   --set image.tag=1.19.3
 ```
 
 The example below deploys your application image, sets environment variables and configures the Kubernetes Ingress domain name:
 
 ```bash
-helm template my-release oci://ghcr.io/opsta/onechart --version 0.77.0 -f values.yaml
+helm template my-release oci://ghcr.io/opsta/onechart --version 0.80.0 -f values.yaml
 
 # values.yaml
 image:

charts/cnpg/Chart.yaml

@@ -1,9 +1,8 @@
 apiVersion: v1
-description: CNPG (China Postgres)
+description: Cloud Native Postgres
 name: cnpg
 version: 0.1.0
 appVersion: 0.1.0
-home: /
 maintainers:
   - name: Developer
     email: dev@opsta.in.th

charts/cnpg/templates/cluster.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.enabled -}}
+{{- if .Values.enabled }}
 #{{- $cnpg := .Values.cnpg -}}
 {{- $backup := .Values.backup -}}
 {{- $bos := $backup.barmanObjectStore -}}
@@ -10,7 +10,7 @@
 
 {{- if and $backup.enabled (not $s3SecretName) -}}
 {{- fail "backup.enabled=true but S3 secret name resolved empty (unexpected)" -}}
-{{- end -}}
+{{ end }}
 
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
@@ -23,13 +23,13 @@ spec:
   {{- if .Values.superuser.enabled }}
   enableSuperuserAccess: true
   superuserSecret:
-    name: {{ printf "%s-cnpg-admin-creds" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
-  {{- end }}
+    name: {{ printf "%s-cnpg-superuser-secret" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+  {{ end }}
 
   {{- with .Values.cluster.resources }}
   resources:
     {{- toYaml . | nindent 4 }}
-  {{- end }}
+  {{ end }}
 
   storage:
     size: {{ .Values.cluster.storage.size | quote }}
@@ -57,13 +57,13 @@ spec:
         compression: {{ $bos.compression.data | quote }}
       wal:
         compression: {{ $bos.compression.wal | quote }}
-  {{- end }}
+  {{ end }}
 
   {{- if .Values.bootstrap.enabled }}
   bootstrap:
     initdb:
-{{- toYaml .Values.bootstrap.initdb | nindent 6 }}
-      secretName:
+      {{- toYaml .Values.bootstrap.initdb | nindent 6 }}
+      secret:
         name: {{ printf "%s-cnpg-app-creds" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
-  {{- end }}
-{{- end -}}
+  {{ end }}
+{{ end }}

charts/cnpg/templates/secret-admin-postgres.yaml

@@ -1,9 +1,18 @@
-{{- if and .Values.enabled .Values.superuser.enabled (.Values.superuser.secretName) }}
+{{- if and .Values.enabled .Values.superuser.enabled }}
+{{- $secretName := printf "%s-cnpg-superuser-secret" .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- $existing := lookup "v1" "Secret" .Release.Namespace $secretName }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ printf "%s-cnpg-admin-creds" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
-type: kubernetes.io/basic-auth
+  name: {{ $secretName | quote }}
+type: {{ default "kubernetes.io/basic-auth" }}
 stringData:
-  password: {{ randAlphaNum 16 | quote }}
+  username: postgres
+  password: {{- if .Values.superuser.password }}
+    {{ .Values.superuser.password | quote }}
+  {{- else if $existing }}
+    {{ index $existing.data "password" | b64dec | quote }}
+  {{- else }}
+    {{ randAlphaNum 32 | quote }}
+  {{- end }}
 {{- end }}

charts/cnpg/templates/secret-postgres.yaml

@@ -1,10 +1,18 @@
 {{- if and .Values.enabled .Values.postgresAuth.create }}
+{{- $secretName := printf "%s-cnpg-app-creds" .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- $existing := lookup "v1" "Secret" .Release.Namespace $secretName }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ printf "%s-cnpg-app-creds" .Release.Name | trunc 63 | trimSuffix "-" | quote }}
+  name: {{ $secretName | quote }}
 type: {{ .Values.postgresAuth.type | default "kubernetes.io/basic-auth" }}
 stringData:
   username: {{ .Values.postgresAuth.username | quote }}
-  password: {{ .Values.postgresAuth.password | quote }}
+  password: {{- if .Values.postgresAuth.password }}
+    {{ .Values.postgresAuth.password | quote }}
+  {{- else if $existing }}
+    {{ index $existing.data "password" | b64dec | quote }}
+  {{- else }}
+    {{ randAlphaNum 32 | quote }}
+  {{- end }}
 {{- end }}

charts/cnpg/values.yaml

@@ -22,19 +22,19 @@ cluster:
 
 postgresAuth:
   create: true
-  username: cnpg
-  password: ch@ngem3#
+  username: 
+  password: 
 
 backup:
   enabled: true
   retentionPolicy: "7d"
   barmanObjectStore:
-    destinationPath: s3://postgres-backup/
-    endpointURL: https://seaweed-dso.mea-poc.opsta.in.th/buckets/
+    destinationPath: s3://postgres-backups/
+    endpointURL: https://opsta.in.th/buckets/
     s3Credentials:
-      create: true
-      accessKeyValue: admin
-      secretKeyValue: ch@ngem3#
+      create: false
+      accessKeyValue: 
+      secretKeyValue: 
     compression:
       data: gzip
       wal: gzip
@@ -50,10 +50,4 @@ bootstrap:
   initdb: 
     database: cnpg
     owner: cnpg
-    localeCollate: 'en_US'
-    localeCType: 'en_US'
-    encoding: 'UTF8'
-    postInitSQL:
-    postInitApplicationSQLRefs:
-      secretRefs:
-      configMapRefs:
+