Skip to content

Latest commit

 

History

History
74 lines (51 loc) · 2.9 KB

README.md

File metadata and controls

74 lines (51 loc) · 2.9 KB
Raw

Charts

Artifact Hub OpenSSF Scorecard

A collection of Helm charts

helm repo add chgl https://chgl.github.io/charts
helm repo update

Note

Also available as OCI artifacts: https://github.com/chgl?tab=packages&repo_name=charts.

Compliance Reports

Each update to the charts is scanned using Kubescape against several security frameworks. The reports are published online at:

Development

  1. (Optional) Install the pre-commit hooks

    pip install pre-commit
pre-commit install

  2. (Optional) Setup a KinD cluster with Nginx ingress

    # configures kind to listen on port 80 and 443 and make nodes ingress-ready
kind create cluster --config=hack/kind-config.yaml
# setup NGINX Ingress controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml
# (optional) install metrics-server to test VPA & HPA
helm repo add metrics-server -n kube-system https://kubernetes-sigs.github.io/metrics-server/
helm upgrade --install --set="args[0]=--kubelet-insecure-tls" metrics-server metrics-server/metrics-server

  3. Make changes to the charts

  4. Mount the folder in the kube-powertools container to easily run linters and checks

    docker run --rm -it -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.27@sha256:2d1a6a5c0c42a29219550a616c5eeaa5ef9d057f28c40c9d83d048f73d57794b

  5. Run chart-testing and the chart-powerlint.sh script to lint the chart

    chart-powerlint.sh

  6. (Optional) View the results of the polaris audit check in your browser

    $ docker run --rm -it -p 9090:8080 -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.27@sha256:2d1a6a5c0c42a29219550a616c5eeaa5ef9d057f28c40c9d83d048f73d57794b
bash-5.0: helm template charts/fhir-server/ | polaris dashboard --config=.polaris.yaml --audit-path=-

    You can now open your browser at http://localhost:9090 and see the results and recommendations.

  7. Bump the version in the changed Chart.yaml according to SemVer (The ct lint step above will complain if you forget to update the version.)

  8. Run generate-docs.sh to auto-generate an updated README

    generate-docs.sh