diff --git a/Makefile b/Makefile index 32ce75f..aec684f 100644 --- a/Makefile +++ b/Makefile @@ -158,14 +158,25 @@ codegen-helm-docs: ## Generate helm docs codegen-install-manifest: $(HELM) ## Create install manifest @echo Generate latest install manifest... >&2 @$(HELM) template reports-server --namespace reports-server ./charts/reports-server/ \ + --set templating.enabled=true \ | $(SED) -e '/^#.*/d' \ > ./config/install.yaml +codegen-install-manifest-inmemory: $(HELM) ## Create install manifest without postgres + @echo Generate latest install manifest... >&2 + @$(HELM) template reports-server --namespace reports-server ./charts/reports-server/ \ + --set config.debug=true \ + --set postgresql.enabled=false \ + --set templating.enabled=true \ + | $(SED) -e '/^#.*/d' \ + > ./config/install-inmemory.yaml + .PHONY: codegen codegen: ## Rebuild all generated code and docs codegen: codegen-helm-docs codegen: codegen-openapi codegen: codegen-install-manifest +codegen: codegen-install-manifest-inmemory .PHONY: verify-codegen verify-codegen: codegen ## Verify all generated code and docs are up to date @@ -205,6 +216,16 @@ kind-install: $(HELM) kind-load ## Build image, load it in kind cluster and depl --set image.repository=$(PACKAGE) \ --set image.tag=$(GIT_SHA) +.PHONY: kind-install-inmemory +kind-install-inmemory: $(HELM) kind-load ## Build image, load it in kind cluster and deploy helm chart + @echo Install chart... >&2 + @$(HELM) upgrade --install reports-server --namespace reports-server --create-namespace --wait ./charts/reports-server \ + --set image.registry=$(KO_REGISTRY) \ + --set config.debug=true \ + --set postgresql.enabled=false \ + --set image.repository=$(PACKAGE) \ + --set image.tag=$(GIT_SHA) + ######## # HELP # ######## diff --git a/charts/reports-server/templates/namespace.yaml b/charts/reports-server/templates/namespace.yaml new file mode 100644 index 0000000..b071097 --- /dev/null +++ b/charts/reports-server/templates/namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.templating.enabled -}} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ $.Release.Namespace }} +{{- end -}} diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml index 811db77..4e31e48 100644 --- a/charts/reports-server/values.yaml +++ b/charts/reports-server/values.yaml @@ -1,3 +1,8 @@ +# -- Internal settings used with `helm template` to generate install manifest +# @ignored +templating: + enabled: false + postgresql: # -- Deploy postgresql dependency chart diff --git a/config/install-inmemory.yaml b/config/install-inmemory.yaml new file mode 100644 index 0000000..5120923 --- /dev/null +++ b/config/install-inmemory.yaml @@ -0,0 +1,259 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: reports-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: reports-server + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: reports-server + labels: + rbac.authorization.k8s.io/aggregate-to-admin: 'true' + rbac.authorization.k8s.io/aggregate-to-edit: 'true' + rbac.authorization.k8s.io/aggregate-to-view: 'true' + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +rules: +- apiGroups: + - reports.kyverno.io + resources: + - ephemeralreports + - clusterephemeralreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection +- apiGroups: + - wgpolicyk8s.io + resources: + - policyreports + - policyreports/status + - clusterpolicyreports + - clusterpolicyreports/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - deletecollection +- apiGroups: + - '' + - events.k8s.io + resources: + - events + verbs: + - create + - patch +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: reports-server +subjects: +- kind: ServiceAccount + name: reports-server + namespace: reports-server +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: reports-server + namespace: kube-system + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: reports-server + namespace: reports-server +--- +apiVersion: v1 +kind: Service +metadata: + name: reports-server + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: reports-server + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm +spec: + strategy: + rollingUpdate: + maxUnavailable: 0 + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + template: + metadata: + labels: + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + spec: + priorityClassName: system-cluster-critical + serviceAccountName: reports-server + securityContext: + fsGroup: 2000 + containers: + - name: reports-server + args: + - --debug + - --cert-dir=/tmp + - --secure-port=4443 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + image: "ghcr.io/kyverno/reports-server:v0.1.0-alpha.1" + imagePullPolicy: IfNotPresent + ports: + - name: https + containerPort: 4443 + protocol: TCP + volumeMounts: + - mountPath: /tmp + name: tmp-dir + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + limits: null + requests: null + volumes: + - emptyDir: {} + name: tmp-dir +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha2.wgpolicyk8s.io + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm + kube-aggregator.kubernetes.io/automanaged: "false" +spec: + group: wgpolicyk8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: reports-server + namespace: reports-server + version: v1alpha2 + versionPriority: 100 +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1.reports.kyverno.io + namespace: reports-server + labels: + helm.sh/chart: reports-server-0.1.0-alpha.1 + app.kubernetes.io/name: reports-server + app.kubernetes.io/instance: reports-server + app.kubernetes.io/version: "v0.1.0-alpha.1" + app.kubernetes.io/managed-by: Helm + kube-aggregator.kubernetes.io/automanaged: "false" +spec: + group: reports.kyverno.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: reports-server + namespace: reports-server + version: v1 + versionPriority: 100 diff --git a/config/install.yaml b/config/install.yaml index 7716790..dabb240 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -1,5 +1,10 @@ --- apiVersion: v1 +kind: Namespace +metadata: + name: reports-server +--- +apiVersion: v1 kind: ServiceAccount metadata: name: reports-server-postgresql