From 47c42f043020ccc0e7b983e65d0a6f1eaacd1497 Mon Sep 17 00:00:00 2001 From: Rebecca Valente Date: Mon, 22 Sep 2025 19:03:15 -0300 Subject: [PATCH] initial commit --- .../publish-new-helm-chart-version.yaml | 34 +++++ charts/.helmignore | 23 ++++ charts/Chart.yaml | 6 + charts/templates/_helpers.tpl | 62 +++++++++ charts/templates/deployment.yaml | 118 ++++++++++++++++++ charts/templates/ingress.yaml | 41 ++++++ charts/templates/postgresql-statefulset.yaml | 95 ++++++++++++++ charts/templates/pvc.yaml | 37 ++++++ charts/templates/secret.yaml | 9 ++ charts/templates/service.yaml | 15 +++ charts/values.yaml | 91 ++++++++++++++ 11 files changed, 531 insertions(+) create mode 100644 .gitea/workflows/publish-new-helm-chart-version.yaml create mode 100644 charts/.helmignore create mode 100644 charts/Chart.yaml create mode 100644 charts/templates/_helpers.tpl create mode 100644 charts/templates/deployment.yaml create mode 100644 charts/templates/ingress.yaml create mode 100644 charts/templates/postgresql-statefulset.yaml create mode 100644 charts/templates/pvc.yaml create mode 100644 charts/templates/secret.yaml create mode 100644 charts/templates/service.yaml create mode 100644 charts/values.yaml diff --git a/.gitea/workflows/publish-new-helm-chart-version.yaml b/.gitea/workflows/publish-new-helm-chart-version.yaml new file mode 100644 index 0000000..ddc1d12 --- /dev/null +++ b/.gitea/workflows/publish-new-helm-chart-version.yaml @@ -0,0 +1,34 @@ +name: package-helm-chart + +on: + push: + branches: + - trunk + paths: + - 'charts/**' + +jobs: + package-helm-chart: + runs-on: ubuntu-latest + container: + image: rbvtopudding/devops:latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Package and push helm chart + run: | + export VERSION=$(cat ./charts/${{ vars.REPOSITORY_NAME }}/Chart.yaml | grep -m 1 version | cut -d: -f2 | tr -d '[:space:]') + helm plugin install https://github.com/chartmuseum/helm-push + + helm package \ + ./charts/${{ vars.REPOSITORY_NAME }} \ + --version $VERSION + + helm repo add \ + --username ${{ secrets.HELM_REGISTRY_PUBLISH_USERNAME }} \ + --password ${{ secrets.HELM_REGISTRY_PUBLISH_TOKEN }} \ + default \ + https://git.puddi.ng/api/packages/public-templates/helm + + helm cm-push ./${{ vars.REPOSITORY_NAME }}-${VERSION}.tgz default diff --git a/charts/.helmignore b/charts/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/Chart.yaml b/charts/Chart.yaml new file mode 100644 index 0000000..840ae66 --- /dev/null +++ b/charts/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: wordpress-website +description: A Helm chart for WordPress website deployment by Pudding Panda +type: application +version: 1.0.0 +appVersion: "1.0.0" diff --git a/charts/templates/_helpers.tpl b/charts/templates/_helpers.tpl new file mode 100644 index 0000000..4af0715 --- /dev/null +++ b/charts/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "wordpress-website.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "wordpress-website.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "wordpress-website.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "wordpress-website.labels" -}} +helm.sh/chart: {{ include "wordpress-website.chart" . }} +{{ include "wordpress-website.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "wordpress-website.selectorLabels" -}} +app.kubernetes.io/name: {{ include "wordpress-website.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "wordpress-website.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "wordpress-website.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml new file mode 100644 index 0000000..71c1b5e --- /dev/null +++ b/charts/templates/deployment.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "wordpress-website.fullname" . }} + labels: + {{- include "wordpress-website.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "wordpress-website.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "wordpress-website.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "wordpress-website.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + env: + - name: WORDPRESS_DB_HOST + value: {{ .Values.postgresql.host }} + - name: WORDPRESS_DB_NAME + value: {{ .Values.postgresql.database }} + - name: WORDPRESS_DB_USER + value: {{ .Values.postgresql.username }} + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress-website.fullname" . }}-postgresql + key: postgresql-password + - name: WORDPRESS_TABLE_PREFIX + value: {{ .Values.wordpress.tablePrefix }} + {{- if .Values.wordpress.authKey }} + - name: WORDPRESS_AUTH_KEY + value: {{ .Values.wordpress.authKey }} + {{- end }} + {{- if .Values.wordpress.secureAuthKey }} + - name: WORDPRESS_SECURE_AUTH_KEY + value: {{ .Values.wordpress.secureAuthKey }} + {{- end }} + {{- if .Values.wordpress.loggedInKey }} + - name: WORDPRESS_LOGGED_IN_KEY + value: {{ .Values.wordpress.loggedInKey }} + {{- end }} + {{- if .Values.wordpress.nonceKey }} + - name: WORDPRESS_NONCE_KEY + value: {{ .Values.wordpress.nonceKey }} + {{- end }} + {{- if .Values.wordpress.authSalt }} + - name: WORDPRESS_AUTH_SALT + value: {{ .Values.wordpress.authSalt }} + {{- end }} + {{- if .Values.wordpress.secureAuthSalt }} + - name: WORDPRESS_SECURE_AUTH_SALT + value: {{ .Values.wordpress.secureAuthSalt }} + {{- end }} + {{- if .Values.wordpress.loggedInSalt }} + - name: WORDPRESS_LOGGED_IN_SALT + value: {{ .Values.wordpress.loggedInSalt }} + {{- end }} + {{- if .Values.wordpress.nonceSalt }} + - name: WORDPRESS_NONCE_SALT + value: {{ .Values.wordpress.nonceSalt }} + {{- end }} + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: wordpress-data + mountPath: /var/www/html + volumes: + - name: wordpress-data + persistentVolumeClaim: + claimName: {{ include "wordpress-website.fullname" . }}-data + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/templates/ingress.yaml b/charts/templates/ingress.yaml new file mode 100644 index 0000000..d1d1d03 --- /dev/null +++ b/charts/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "wordpress-website.fullname" . }} + labels: + {{- include "wordpress-website.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ include "wordpress-website.fullname" . }} + port: + number: {{ .Values.service.port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/templates/postgresql-statefulset.yaml b/charts/templates/postgresql-statefulset.yaml new file mode 100644 index 0000000..8b29cd5 --- /dev/null +++ b/charts/templates/postgresql-statefulset.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "wordpress-website.fullname" . }}-postgresql + labels: + {{- include "wordpress-website.labels" . | nindent 4 }} + app.kubernetes.io/component: database +spec: + serviceName: {{ include "wordpress-website.fullname" . }}-postgresql + replicas: 1 + selector: + matchLabels: + {{- include "wordpress-website.selectorLabels" . | nindent 6 }} + app.kubernetes.io/component: database + template: + metadata: + labels: + {{- include "wordpress-website.selectorLabels" . | nindent 8 }} + app.kubernetes.io/component: database + spec: + securityContext: + {{- toYaml .Values.postgresql.podSecurityContext | nindent 8 }} + containers: + - name: postgresql + image: "{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}" + imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }} + ports: + - name: postgresql + containerPort: 5432 + protocol: TCP + env: + - name: POSTGRES_DB + value: {{ .Values.postgresql.database }} + - name: POSTGRES_USER + value: {{ .Values.postgresql.username }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress-website.fullname" . }}-postgresql + key: postgresql-password + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: PGUSER + value: {{ .Values.postgresql.username }} + - name: PGDATABASE + value: {{ .Values.postgresql.database }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB" -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "$POSTGRES_USER" -d "$POSTGRES_DB" -h 127.0.0.1 -p 5432 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + {{- toYaml .Values.postgresql.resources | nindent 12 }} + volumeMounts: + - name: postgresql-data + mountPath: /var/lib/postgresql/data + volumes: + - name: postgresql-data + persistentVolumeClaim: + claimName: {{ include "wordpress-website.fullname" . }}-postgresql-data +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "wordpress-website.fullname" . }}-postgresql + labels: + {{- include "wordpress-website.labels" . | nindent 4 }} + app.kubernetes.io/component: database +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: postgresql + protocol: TCP + name: postgresql + selector: + {{- include "wordpress-website.selectorLabels" . | nindent 4 }} + app.kubernetes.io/component: database diff --git a/charts/templates/pvc.yaml b/charts/templates/pvc.yaml new file mode 100644 index 0000000..66a3fee --- /dev/null +++ b/charts/templates/pvc.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "wordpress-website.fullname" . }}-data + labels: + {{- include "wordpress-website.labels" . | nindent 4 }} + app.kubernetes.io/component: storage +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} + {{- end }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "wordpress-website.fullname" . }}-postgresql-data + labels: + {{- include "wordpress-website.labels" . | nindent 4 }} + app.kubernetes.io/component: database-storage +spec: + accessModes: + {{- range .Values.postgresql.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.postgresql.persistence.size | quote }} + {{- if .Values.postgresql.persistence.storageClass }} + storageClassName: {{ .Values.postgresql.persistence.storageClass }} + {{- end }} diff --git a/charts/templates/secret.yaml b/charts/templates/secret.yaml new file mode 100644 index 0000000..1a6455e --- /dev/null +++ b/charts/templates/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "wordpress-website.fullname" . }}-postgresql + labels: + {{- include "wordpress-website.labels" . | nindent 4 }} +type: Opaque +data: + postgresql-password: {{ .Values.postgresql.password | b64enc | quote }} diff --git a/charts/templates/service.yaml b/charts/templates/service.yaml new file mode 100644 index 0000000..1dbb67c --- /dev/null +++ b/charts/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "wordpress-website.fullname" . }} + labels: + {{- include "wordpress-website.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "wordpress-website.selectorLabels" . | nindent 4 }} diff --git a/charts/values.yaml b/charts/values.yaml new file mode 100644 index 0000000..e07eb62 --- /dev/null +++ b/charts/values.yaml @@ -0,0 +1,91 @@ +replicaCount: 1 + +image: + repository: wordpress + pullPolicy: IfNotPresent + tag: "6.4.0-php8.2-apache" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podAnnotations: {} + +podSecurityContext: {} + +securityContext: {} + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + hosts: + - host: chart-example.local + paths: + - path: / + pathType: Prefix + tls: [] + +resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi + +autoscaling: + enabled: true + minReplicas: 2 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +wordpress: + tablePrefix: "wp_" + authKey: "" + secureAuthKey: "" + loggedInKey: "" + nonceKey: "" + authSalt: "" + secureAuthSalt: "" + loggedInSalt: "" + nonceSalt: "" + +postgresql: + host: "wordpress-website-postgresql" + database: "wordpress" + username: "wordpress" + password: "changeme" + image: + repository: postgres + tag: "15-alpine" + pullPolicy: IfNotPresent + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 500m + memory: 512Mi + podSecurityContext: {} + persistence: + enabled: true + size: 20Gi + accessModes: + - ReadWriteOnce + storageClass: "" + +persistence: + size: 20Gi + accessModes: + - ReadWriteOnce + storageClass: "" \ No newline at end of file