diff --git a/.github/workflows/helm-charts-test.yaml b/.github/workflows/helm-charts-test.yaml index dbe1011..df84b90 100644 --- a/.github/workflows/helm-charts-test.yaml +++ b/.github/workflows/helm-charts-test.yaml @@ -14,9 +14,10 @@ jobs: - name: Lint charts id: lint - uses: helm/chart-testing-action@v1.0.0 + uses: helm/chart-testing-action@v1.1.0 with: command: lint + config: ct.yaml test: diff --git a/charts/default-backend/Chart.lock b/charts/default-backend/Chart.lock new file mode 100644 index 0000000..83c67bb --- /dev/null +++ b/charts/default-backend/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: cron-jobs + repository: https://helm.wyrihaximus.net/ + version: 0.1.2 +digest: sha256:b2f8a780f27427de0b317c3a6d816e404a2b375bfc9d0110f7091849113db031 +generated: "2020-10-16T20:22:03.626863683+02:00" diff --git a/charts/default-backend/Chart.yaml b/charts/default-backend/Chart.yaml index e7c9d55..489b68d 100644 --- a/charts/default-backend/Chart.yaml +++ b/charts/default-backend/Chart.yaml @@ -4,8 +4,12 @@ description: A Helm chart for Kubernetes home: https://github.com/wyrihaximusnet/docker-default-backend icon: https://helm.wyrihaximus.net/images/charts/default-backend.png type: application -version: 0.1.1 +version: 0.2.0 appVersion: random maintainers: - name: WyriHaximus email: helm@wyrihaximus.net +dependencies: + - name: cron-jobs + version: ^0.1 + repository: https://helm.wyrihaximus.net/ diff --git a/charts/default-backend/README.md b/charts/default-backend/README.md index 8f20b28..50332e5 100644 --- a/charts/default-backend/README.md +++ b/charts/default-backend/README.md @@ -13,20 +13,27 @@ Opinionated helm chart for [`wyrihaximusnet/default-backend`](https://github.com ## Configuration -This chart has very little configuration, it runs without any. But it is reccomended to set the number of replica's +This chart has very little configuration, it runs without any. But it is recommended to set the number of replica's (until autoscaling support has been added), and optionally configure ingress hosts. Listed below is my personal configuration. Both [`k8s.wyrihaximus.net`](https://k8s.wyrihaximus.net/) and [`default-backend.k8s.wyrihaximus.net`](https://default-backend.k8s.wyrihaximus.net/) are active, refresh the pages a -few times. +few times. This configuration example also enables the cronjob that replaces the oldest pod, and forces the latest, +hourly retagged, Docker image to be used. + ```yaml replicas: 3 +cron: + replaceOldestPodHourly: true + ingress: hosts: - k8s.wyrihaximus.net - default-backend.k8s.wyrihaximus.net ``` +### + ## Opinionated decisions * Ports are hardcoded to `6969` for the service, and `9696` for the metrics. @@ -35,4 +42,5 @@ ingress: * Prometheus export annotations are added for metric scraping. * The default tag is random to randomly cycle through the different `404` pages. * Comes with a pod +* Replace oldest pod every hour to hook into the hourly random image retagging diff --git a/charts/default-backend/templates/cronjob-role-binding.yaml b/charts/default-backend/templates/cronjob-role-binding.yaml new file mode 100644 index 0000000..95ff32e --- /dev/null +++ b/charts/default-backend/templates/cronjob-role-binding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.cron.replaceOldestPodHourly -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "default-backend.fullname" . }}-recycle-cronjob + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "default-backend.fullname" . }} + appRevision: {{ template "default-backend.nameRevision" . }} + release: {{ include "default-backend.fullname" . }} + releaseRevision: {{ .Release.Revision | quote }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "default-backend.fullname" . }}-recycle-cronjob +subjects: + - kind: ServiceAccount + name: {{ include "default-backend.fullname" . }}-recycle-cronjob + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/charts/default-backend/templates/cronjob-role.yaml b/charts/default-backend/templates/cronjob-role.yaml new file mode 100644 index 0000000..cd2f3b2 --- /dev/null +++ b/charts/default-backend/templates/cronjob-role.yaml @@ -0,0 +1,16 @@ +{{- if .Values.cron.replaceOldestPodHourly -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "default-backend.fullname" . }}-recycle-cronjob + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "default-backend.fullname" . }} + appRevision: {{ template "default-backend.nameRevision" . }} + release: {{ include "default-backend.fullname" . }} + releaseRevision: {{ .Release.Revision | quote }} +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["list", "delete"] +{{ end }} diff --git a/charts/default-backend/templates/cronjob-service-account.yaml b/charts/default-backend/templates/cronjob-service-account.yaml new file mode 100644 index 0000000..ef379d2 --- /dev/null +++ b/charts/default-backend/templates/cronjob-service-account.yaml @@ -0,0 +1,13 @@ +{{- if .Values.cron.replaceOldestPodHourly -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "default-backend.fullname" . }}-recycle-cronjob + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "default-backend.fullname" . }} + appRevision: {{ template "default-backend.nameRevision" . }} + release: {{ include "default-backend.fullname" . }} + releaseRevision: {{ .Release.Revision | quote }} + {{- include "default-backend.labels" . | nindent 4 }} +{{ end }} diff --git a/charts/default-backend/templates/cronjob.yaml b/charts/default-backend/templates/cronjob.yaml new file mode 100644 index 0000000..095a9ac --- /dev/null +++ b/charts/default-backend/templates/cronjob.yaml @@ -0,0 +1,3 @@ +{{- if .Values.cron.replaceOldestPodHourly -}} +{{- include "cron-jobs.cronjob" (fromYaml (.Files.Get "values/cronjob.yaml" | replace "[[fullname]]" (include "default-backend.fullname" .) | replace "[[app]]" (include "default-backend.name" .) | replace "[[release]]" .Release.Name | replace "[[namespace]]" .Release.Namespace)) -}} +{{ end }} diff --git a/charts/default-backend/values.yaml b/charts/default-backend/values.yaml index 5f6bdc8..bee6b05 100644 --- a/charts/default-backend/values.yaml +++ b/charts/default-backend/values.yaml @@ -11,6 +11,9 @@ ingress: replicas: 2 +cron: + replaceOldestPodHourly: false + resources: limits: cpu: 75m diff --git a/charts/default-backend/values/cronjob.yaml b/charts/default-backend/values/cronjob.yaml new file mode 100644 index 0000000..9805b98 --- /dev/null +++ b/charts/default-backend/values/cronjob.yaml @@ -0,0 +1,19 @@ +name: replace-oldest-pod-in-deployment +schedule: "3 * * * *" +container: + command: + - /bin/sh + args: + - -c + - kubectl delete pod $(kubectl get pods --selector=app=[[app]] --selector=release=[[release]] -n [[namespace]] --sort-by=.status.startTime --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' | head -n 1) -n [[namespace]] +image: + repository: bitnami/kubectl + tag: 1.19 + pullPolicy: IfNotPresent +spec: + serviceAccountName: [[fullname]]-recycle-cronjob +labels: + cronjob: + purpose: housekeeping + jobTemplate: + purpose: housekeeping diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 0000000..843e003 --- /dev/null +++ b/ct.yaml @@ -0,0 +1,7 @@ +remote: origin +target-branch: master +chart-dirs: + - charts +chart-repos: + - "WyriHaximusNet=https://helm.wyrihaximus.net" +debug: true