Merge pull request #12 from kir4h/develop

v1.2.0

Author: kir4h

.circleci/config.yml

@@ -0,0 +1,47 @@
+name: Lint and Test Charts
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.1
+
+      # Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and
+      # yamllint (https://github.com/adrienverge/yamllint) which require Python
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+        with:
+          version: v3.3.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --config ct.yaml)
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+          fi
+
+      - name: Run chart-testing (lint)
+        run: ct lint --config ct.yaml
+
+      - name: Create kind cluster
+        uses: helm/[email protected]
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install)
+        run: ct install --config ct.yaml

.github/workflows/lint-test.yaml

@@ -0,0 +1,37 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.1
+
+      - name: Add dependency chart repos
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        with:
+          charts_dir: charts
+          config: cr.yaml
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/release.yaml

@@ -10,5 +10,4 @@ since Helm hub was announced having separate repositories aggregated by the hub
 
 ## Acknowledgements
 
-[Hidetake Iwata](https://github.com/int128) since I've borrowed his `publish.sh`and `.circleci/config.yml` to have
-a functional initial version
+[charts-repo-actions-demo](https://github.com/helm/charts-repo-actions-demo), used to produce this CI flow

README.md

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.9"
 description: A Helm chart for registry creds
 name: registry-creds
-version: 1.1.3
+version: 1.2.0
 home: https://hub.docker.com/r/upmcenterprises/registry-creds
 sources:
   - https://github.com/upmc-enterprises/registry-creds

charts/registry-creds/Chart.yaml

@@ -47,7 +47,7 @@ helm install --name registry-creds --set dpr.enabled=true --set-string dpr.user=
 
 #### From AWS
 
-Ensure your EC2 instances have the appropriate permissions as described in 
+Ensure your EC2 instances have the appropriate permissions as described in
 [registry-creds](https://github.com/upmc-enterprises/registry-creds) documentation.
 
 ```console
@@ -69,7 +69,7 @@ Create a `custom-values.yaml` file:
 
 ```yaml
 gcr:
-  enabled: false  
+  enabled: false
   applicationDefaultCredentialsJson: |
   {
     "client_id": "myID",
@@ -148,6 +148,11 @@ Parameter | Description | Default
 `gcr.existingSecretName` | defines an existing secret (in kube-system namespace) containing the credentials| `""`
 `gcr.applicationDefaultCredentialsJson` | JSON representing google cloud credentials. Only applicable if gcr.existingSecretName is empty | `""`
 `gcr.url` | URL for google container registry. Only applicable if gcr.existingSecretName is empty | `"https://gcr.io"`
+`acr.enabled` | enables the injection of azure container registry credentials | `false`
+`acr.existingSecretName` | defines an existing secret (in kube-system namespace) containing the credentials| `""`
+`acr.url` | defines the url of azure container registry| Only applicable if acr.existingSecretName is empty | `""`
+`acr.clientId` | is the client id used to access azure container registry | Only applicable if acr.existingSecretName is empty | `""`
+`acr.password` | is the client password used to access azure container registry | Only applicable if acr.existingSecretName is empty | `""`
 `rbac.enabled` | enables the usage of RBAC for registry-creds (needed for clusters with RBAC enabled) | `true`
 `rbac.existingServiceAccountName` | name of an existing service account to be used for RBAC permissions. If not defined a new service account will be created by the chart | `""`
 `resources.limits`.memory | memory resource limit | `"100Mi"`

charts/registry-creds/README.md

@@ -3,4 +3,4 @@ registry-creds is now installed on your Kubernetes cluster
 If everything is ok, you should see one or more secrets (depending on the enabled types) created on every existing
 namespace (except for kube-system):
 
-kubectl get secret | egrep "(dpr|ecr|gcr)-secret"
+kubectl get secret | egrep "(dpr|ecr|gcr|acr)-secret"

charts/registry-creds/templates/NOTES.txt

@@ -89,6 +89,23 @@ spec:
                   name: {{ default (include "registry-creds.name" . | printf "%s-dpr") .Values.dpr.existingSecretName }}
                   key: DOCKER_PRIVATE_REGISTRY_USER
             {{- end }}
+            {{- if .Values.acr.enabled }}
+            - name: ACR_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ default (include "registry-creds.name" . | printf "%s-acr") .Values.acr.existingSecretName }}
+                  key: ACR_URL
+            - name: ACR_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ default (include "registry-creds.name" . | printf "%s-acr") .Values.acr.existingSecretName }}
+                  key: ACR_CLIENT_ID
+            - name: ACR_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ default (include "registry-creds.name" . | printf "%s-acr") .Values.acr.existingSecretName }}
+                  key: ACR_PASSWORD
+            {{- end }}
           {{- if .Values.gcr.enabled }}
           volumeMounts:
             - name: {{ template "registry-creds.name" . }}-gcr

charts/registry-creds/templates/deployment.yaml

@@ -27,7 +27,7 @@ rules:
           - get
           - update
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
     name: {{ template "registry-creds.name" . }}
@@ -45,4 +45,4 @@ kind: ServiceAccount
 metadata:
     name: {{ template "registry-creds.name" . }}
     namespace: kube-system
-{{- end }}
+{{- end }}

charts/registry-creds/templates/rbac.yaml

@@ -0,0 +1,15 @@
+{{- if and .Values.acr.enabled (not .Values.acr.existingSecretName) }}
+apiVersion: v1
+kind: Secret
+metadata:
+    name: {{ template "registry-creds.name" . }}-acr
+    namespace: kube-system
+    labels:
+        app: registry-creds
+        cloud: acr
+data:
+    ACR_URL: {{ .Values.acr.url | b64enc | quote }}
+    ACR_CLIENT_ID: {{ .Values.acr.clientId | b64enc | quote }}
+    ACR_PASSWORD: {{ .Values.acr.password | b64enc | quote }}
+type: Opaque
+{{- end }}

charts/registry-creds/templates/secrets_acr.yaml

@@ -2,7 +2,7 @@ replicaCount: 1
 
 image:
   name: "upmcenterprises/registry-creds"
-  tag: "1.9"
+  tag: "1.10"
   pullPolicy: "IfNotPresent"
 
 nameOverride: ""
@@ -51,6 +51,18 @@ gcr:
   # gcr.url is the URL for google container registry. Only applicable if gcr.existingSecretName is empty
   url: "https://gcr.io"
 
+acr:
+  # acr.enabled enables the injection of azure container registry credentials
+  enabled: false
+  # acr.existingSecretName defines an existing secret (in kube-system namespace) containing the credentials
+  existingSecretName: ""
+  # acr.url defines the url of azure container registry. Only applicable if acr.existingSecretName is empty
+  url: ""
+  # acr.clientId is the client id used to access azure container registry. Only applicable if acr.existingSecretName is empty
+  clientId: ""
+  # acr.password is the client password used to access azure container registry. Only applicable if acr.existingSecretName is empty
+  password: ""
+
 rbac:
   # rbac.enabled enables the usage of RBAC for registry-creds
   enabled: true

charts/registry-creds/values.yaml

@@ -0,0 +1,4 @@
+# Set to true for GPG signing
+sign: false
+# UID of the GPG key to use
+key: Chart Releaser Test Key

cr.yaml

@@ -0,0 +1,7 @@
+# See https://github.com/helm/chart-testing#configuration
+remote: origin
+chart-dirs:
+  - charts
+chart-repos:
+  - bitnami=https://charts.bitnami.com/bitnami
+helm-extra-args: --timeout 600s