Giter VIP home page Giter VIP logo

charts's Introduction

⚠️  This repo contains Helm charts for components of the Brigade v1.x ecosystem. Brigade v1.x reached end-of-life on June 1, 2022 and as a result, this repository is no longer maintained.

Note that each Brigade v2.x-compatible component now keeps its chart source with the rest of its source code and uses OCI registries to host the charts.

Brigade Charts

Helm charts for the Brigade project.

Note: the charts in this repo are for Brigade v1. For Brigade v2 charts, see the charts directory in the v2 branch of the main brigadecore/brigade repository.

Contributing Guidelines

This Brigade project accepts contributions via GitHub pull requests. This section outlines the process to help get your contribution accepted.

Versioning

Do not include changes to the version field of any chart's Chart.yaml file in your PRs. This field is set automatically through this project's release process.

Signed commits

A DCO sign-off is required for contributions to repos in the brigadecore org. See the documentation in Brigade's Contributing guide for how this is done.

Release Process

Experience has demonstrated that automatically publishing updated charts upon every merge to the master branch while simmultaneously respecting the immutability of existing (i.e. previously published), semantically versioned charts can be challenging. In such a scheme, every PR effectively represents a release, which then requires the version field to be appropriately incremented in the Chart.yaml file of any chart modified by a given PR. This requirement promotes race conditions dependent on the order in which PRs are merged and is onerous both for contributors to comply with and for maintainers to enforce. A particularly undesirable consequence of mis-managing this requirement (i.e. forgetting to increment the version number) is that an existing (i.e. previously published), semantically versioned chart may be overwritten violating any reasonable expectation of its immutability. These challenges aside, such a scheme is also inflexible, as it prevents maintainers from arbitrarily grouping multiple discrete changes to a single chart into a single release.

For the reasons stated above, the maintainers have elected not to continuously publish the charts in this repository. Instead, as is common for many projects (though less common for chart projects), releases are facilitated through the application of git tags to a specific commit.

Since this repository contains the source code for multiple charts which are versioned independently of one another, the tags that are applied to effect releases must include not only the semantic version we wish to assign to the release, but must also contain the name of the chart which is to be released (published). Tags therefore take the form <chart name>-v<semantic version>.

To effect the release of Kashti 1.0.0 from the head of the master branch, for example:

$ git checkout master
$ git pull upstream master
$ git tag kashti-v1.0.0
$ git push upstream --tags

Note that only a project maintainer is able to perform the steps above.

Note also that the semantic version extracted from the tag will be automatically inserted into the version field of the indicated chart's Chart.yaml file when the chart is packaged for release. Effectively, this absolves contributors and maintainers from ever manually modifying that field, however, it does require that maintainers conducting a release take great care to be aware of what the latest release of a given chart was and whether the changes staged for release necessitate incrementing the major, minor, or patch components of the previous version to arrive at the new version.

Maintainers might utilize a workflow such as that shown below to facilitate a release. Here, we imagine a scenario where the most recent release of the Kashti chart was semantically versioned 1.1.0 and the maintainer is aware that the release they are conducting contains new features, but no breaking changes:

$ helm repo up
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "brigade" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈ 
$ helm search kashti
NAME          	CHART VERSION	APP VERSION	DESCRIPTION                
brigade/kashti	1.1.0        	           	A Helm chart for Kashti
$ git checkout master
$ git pull upstream master
$ git tag kashti-v1.2.0
$ git push upstream --tags

charts's People

Contributors

adamreese avatar alxandr avatar czunker avatar dgkanatsios avatar krancour avatar microsoftopensource avatar msftgits avatar mumoshu avatar radu-matei avatar rmb938 avatar s33kman avatar vdice avatar willie-yao avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

vdice radu-matei radu-codrin olsove adamreese sapna-upreti skomma vmasutin s33kman ntuangiang simonransom-dan willie-yao czunker

charts's Issues

Charts should not use latest tag

Most of the charts in this repo use images tagged with latest or do not specify a tag-- which, to Docker, implies latest.

This is not a good practice as it creates the possibility that, depending on the image pull policy, a newer version of an image that was perhaps not desired can be pulled and used. Even worse, the newer image in question could be incompatible with the chart. Worse still, different versions of the image could exist on different nodes in the cluster...

Going forward, could I propose that we only use images with immutable semver tags?

generic service should allow setting annotations

Hey all 👋

Currently, the brigade chart doesn't allow setting custom annotations on the generic gateway service (and maybe other services as well). The general use case I see for this is for those of us who are running ambassador on our clusters and want to handle ingress using it.

It would be a nice QoL addition for this to be a configuration option for the chart rather than an extra manual step via kubectl annotate or similar.

proposal: convention for comments in values.yaml files

A convention I have frequently observed in values.yaml files (or in YAML files in general) is that when you have explanatory comments positioned above commented YAML (such as an optional setting with no default value), ## is used for the free form text while # is used for the YAML. This convention visually distinguishes things that can be safely uncommented from things than cannot.

Example:

# Set a defaultSharedSecret if you want to use this one instance of the
# Github gateway with multiple Brigade projects. Leave the shared secret field
# blank in project-level configuration and this default will be used.
# defaultSharedSecret:

vs

## Set a defaultSharedSecret if you want to use this one instance of the
## Github gateway with multiple Brigade projects. Leave the shared secret field
## blank in project-level configuration and this default will be used.
# defaultSharedSecret:

Here's a values.yaml from kubernetes/charts chosen at random to demonstrate that this is an existing convention:

https://github.com/helm/charts/blob/master/stable/wordpress/values.yaml

[proposal]: flatten the chart

Currently, brigade-github-app and kashti each have their own discrete charts and both of these are used as subcharts of the brigade chart.

I'm beginning to question whether this is sensible. As far as I am able to discern, there is no reason to ever install either Kashti or the GitHub gateway without Brigade itself. If that is the case, what is gained by these components being independently installable?

The big benefit of collapsing these two subcharts into the main chart is a simplified release process.

For most releases of Brigade, we release new versions of Kashti and the GitHub gateway simultaneously. This is the process we end up following to update and release all corresponding charts:

  1. PR to rev Kashti app version in kashti chart
  2. Apply tag to kick of release of kashti chart
  3. PR to rev GH gateway version in brigade-github-app chart
  4. Apply tag to kick of release of brigade-github-app chart
  5. PR to rev Brigade app version and rev versions of kashti and brigade-github-app charts that main brigade chart depends on
  6. Apply tag to kick of release of main brigade chart

Considering that PRs require reviews-- this can take longer than should.

If we collapse the two subcharts into the main chart, the process is streamlined to just this:

  1. PR to rev Brigade, Kashti, and GH gateway app versions
  2. Apply tag to kick of release of brigade chart

The shorter, simpler process is also less prone to human error.

I anticipate that this is probably a breaking change (i.e. I don't know how Helm would deal with this on helm upgrade quite well enough to claim it wouldn't be), so I'm going to propose this as a change for the 2.0 time frame.

brigade-github-app.key ignored with helm template

When using the chart, the key for brigade-github-app is ignored completely making the chart unusable.

To reproduce:

helm template brigade/brigade --name-template brigade --namespace brigade --version 1.6.0 --values values.yaml

---
brigade-github-app:
  enabled: true
  key: |
    -----BEGIN RSA PRIVATE KEY-----
    REDACTED KEY
    -----END RSA PRIVATE KEY-----

Update charts for K8s >= v1.16.x compatibility

As of Kubernetes version v1.16.0, there are a handful of API deprecations which require Brigade chart updates if they are to be installed on a cluster of the aforementioned version or greater.

In order to maintain compatibility for older clusters (it looks like < 1.14.x) not serving the updated API versions, we can add some templating logic similar to the example seen here.

AC:

  • All charts are updated such that they install properly on K8s clusters >= v1.16.x
  • All charts continue to install properly on K8s clusters < v1.16.x (Pay special attention to < v1.14.x)

Add ingress templates

Some of the endpoints that are intended to be exposed (such as gateways) lack an ingress resource.

This issue tracks the addition of ingress templates for all gateways.

cc @dgkanatsios for the generic gateway.

Should use a secret for sensitive brigade-github-app configuration

Currently, the brigade-github-app chart creates a config map that includes a sensitive key.pem field. The deployment mounts this config map to /etc/brigade-github-app and, in turn, the containerized brigade-github-app process in each pod consumes /etc/brigade-github-app/key.pem.

Since the contents of key.pem are sensitive, it would be more proper and more safe to store this in a secret.

This can be accomplished pretty easily with changes to the chart and no changes to the brigade-github-app software itself.

This is not a breaking change:

  1. Eliminate the brigade-github-app config map (since key.pem) is its only field anyway.

  2. Add key.pem field to the existing brigade-github-app secret.

  3. In the deployment, mount the brigade-github-app secret to /etc/brigade-github-app in place of the brigade-github-app config map.

Secret Name Value

This is a small request, however having option to define a secret name for the chart instead of passing defaultSharedSecret and key values would be really nice. This is useful in case of following GitOps approach, Flux with Helm Operator and storing secrets in Git with Sealed Secrets.

Namespace setting in project values file seems to be ignored

I tried to use the 'namespace' feature, but it did not seem to work. The feature where builds get deployed into the specified namespace.
I researched why and it seems that namespace field in the project's values.yaml file is ignored.
Specifically, the helm template which constructs the project secret does not use the namespace value in the project's values.yaml.
The only way that I can determine to use this feature is to create a custom gateway that sets the namespace on the store object. I have not verified this yet though.
Consequently, this line of code in kube/project.go - NewProjectFromSecret
proj.Kubernetes.Namespace = def(secret.Data["namespace"], namespace)
can never use the value from the secret because it's never there.

unable to set vacuum job history limits to 0

Setting vacuum.successfulJobsHistoryLimit to 0 upon install/upgrade has no effect, but setting it to any positive value has the intended effect.

These lines appear in the template for the vacuum CronJob:

spec:
  # ...
  successfulJobsHistoryLimit: {{ default 10 .Values.vacuum.successfulJobsHistoryLimit }}
  failedJobsHistoryLimit: {{ default 10 .Values.vacuum.failedJobsHistoryLimit }}

Per sprig documentation, for numeric types, the default function considers 0 as unset-- hence, explicitly providing the value 0 results in getting the default-- 10.

I propose adding defaults to values.yaml and removing use of the default function here.

Use chart-testing to test prs

Use https://github.com/helm/chart-testing to test prs and updates to charts.

This is a very simple tool that can automatically test charts when they are updated via a pr.

This includes checking for valid authors, requiring version bumps for all changes (like the official helm repo) and linting the charts.

How to use:

test/ci.yaml

remote: origin
target-branch: master
chart-dirs:
  - charts
excluded-charts: []
chart-repos: []
helm-extra-args: --timeout 600

Commands to run:

ct version
ct lint --config test/ct.yaml

For output see any pr in the official helm repo i.e for this pr helm/charts#10151 the output is https://circleci.com/gh/helm/charts/45660?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link

Spurious message telling me my Brigade repo is wrong

Helm version: version.BuildInfo{Version:"v3.0.0-beta.3", GitCommit:"5cb923eecbe80d1ad76399aee234717c11931d9a", GitTreeState:"clean", GoVersion:"go1.12.5"}

Doing a fresh install of Brigade, I did the following:

$ helm repo add brigade https://brigadecore.github.io/charts
$ helm repo list
NAME   	URL
brigade	https://brigadecore.github.io/charts
stable 	https://kubernetes-charts.storage.googleapis.com/
$ helm install brigade brigade/brigade
NAME: brigade
LAST DEPLOYED: 2019-11-04 16:38:12.298867 -0700 MST m=+1.685438437
NAMESPACE: default
STATUS: deployed
NOTES:
Brigade is now installed!

To find out about your newly configured system, run:

  $ helm status brigade

NOTE: The Helm repo URL serving this chart has changed to: https://brigadecore.github.io/charts

All subsequent chart releases will be served at this URL.

Please update your local Helm repo:

  helm repo remove brigade
  helm repo add brigade https://brigadecore.github.io/charts

The NOTE at the bottom seems spurious. The URL it recommends is the URL I used.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.