Helm chart (#5)

* Dec-4 create docker compose test locally

* dec-5 adding helm chart

Author: shree007

helm/charts/project-ipv6/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: project-ipv6
+description: Helm chart for Kubernetes deployment
+version: 0.1.0
+appVersion: 1.0.0
+

helm/charts/project-ipv6/templates/_helpers.tpl

@@ -0,0 +1,5 @@
+{{- define "project-ipv6.labels" -}}
+app: {{ .Chart.Name }}
+chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+release: {{ .Release.Name }}
+{{- end -}}

helm/charts/project-ipv6/templates/deployment.yaml

@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}-deployment
+  namespace: {{ .Values.namespace.name }}
+  labels:
+     app: {{ .Release.Name }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+       app: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Release.Name }}
+    spec:
+     securityContext:
+      runAsUser: {{ .Values.securityContext.runAsUser | default 999 }}
+      runAsGroup: {{ .Values.securityContext.runAsGroup | default 999 }}
+     automountServiceAccountToken: {{ .Values.automountServiceAccountToken | default false }}
+     containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: {{ .Values.service.targetPort }}
+          {{- if .Values.env.enabled }}
+          env:
+            - name: APP_ENV
+              value: "{{ .Values.env.value }}"
+          {{- end }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser | default 999 }}
+            runAsGroup: {{ .Values.securityContext.runAsGroup | default 999 }}
+            allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation | default false }}
+            readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem | default true }}
+            capabilities:
+              drop:
+                {{- range .Values.securityContext.capabilities.drop }}
+                - {{ . }}
+                {{- end }}
+            seccompProfile:
+              type: RuntimeDefault
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          {{- if .Values.probes.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.probes.path }}
+              port: {{ .Values.service.targetPort }}
+            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
+            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+          readinessProbe:
+            httpGet:
+              path: {{ .Values.probes.path }}
+              port: {{ .Values.service.targetPort }}
+            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
+            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+          {{- end }}

helm/charts/project-ipv6/templates/networkpolicy.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.networkPolicy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: restrict-application-01-to-application-02
+  namespace: project-ipv6
+spec:
+  podSelector:
+    matchLabels:
+      app: application-02
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app: application-02
+        - podSelector:
+            matchExpressions:
+              - key: app
+                operator: NotIn
+                values:
+                  - application-01
+{{- end }}

helm/charts/project-ipv6/templates/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-service
+  namespace: {{ .Values.namespace.name }}
+  labels:
+    app: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+  selector:
+    app: {{ .Release.Name }}

helm/charts/project-ipv6/values.yaml

@@ -0,0 +1,37 @@
+replicaCount: 1
+env:
+  enabled: false
+automountServiceAccountToken: false
+resources:
+  limits:
+    memory: "256Mi"
+    cpu: "500m"
+  requests:
+    memory: "128Mi"
+    cpu: "250m"
+networkPolicy:
+  enabled: false
+securityContext:
+  runAsUser: 10000
+  runAsGroup: 10000
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  capabilities:
+    drop:
+      - ALL
+
+probes:
+  enabled: false
+  liveness:
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    failureThreshold: 3
+    path: /
+  readiness:
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    failureThreshold: 3 
+    path: /
+
+volumeMounts:
+  appDataPath: /data/app