Skip to content

Commit 8b0d461

Browse files
authored
Merge pull request #1 from kdwils/feature/init-charts
Feature/init charts
2 parents fe2a225 + 0e7a7b4 commit 8b0d461

19 files changed

Lines changed: 1599 additions & 1 deletion

.github/workflows/ci.yml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
name: Lint and Test Charts
2+
3+
on:
4+
push:
5+
branches:
6+
- "**"
7+
8+
jobs:
9+
lint-test:
10+
runs-on: ubuntu-latest
11+
steps:
12+
- name: Checkout
13+
uses: actions/checkout@v3
14+
with:
15+
fetch-depth: 0
16+
17+
- name: Set up Helm
18+
uses: azure/setup-helm@v4.2.0
19+
with:
20+
version: v3.17.0
21+
22+
- uses: actions/setup-python@v5.3.0
23+
with:
24+
python-version: "3.x"
25+
check-latest: true
26+
27+
- name: Set up chart-testing
28+
uses: helm/chart-testing-action@v2.7.0
29+
30+
- name: Run chart-testing (list-changed)
31+
id: list-changed
32+
run: |
33+
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
34+
if [[ -n "$changed" ]]; then
35+
echo "changed=true" >> "$GITHUB_OUTPUT"
36+
fi
37+
38+
- name: Run chart-testing (lint)
39+
if: steps.list-changed.outputs.changed == 'true'
40+
run: ct lint --config=ct.yaml --target-branch ${{ github.event.repository.default_branch }}
41+
42+
- name: Create kind cluster
43+
if: steps.list-changed.outputs.changed == 'true'
44+
uses: helm/kind-action@v1.12.0
45+
46+
- name: Run chart-testing (install)
47+
if: steps.list-changed.outputs.changed == 'true'
48+
run: ct install --config=ct.yaml --target-branch ${{ github.event.repository.default_branch }}

.github/workflows/release.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
name: Release Charts
2+
3+
on:
4+
push:
5+
tags:
6+
- "*"
7+
8+
jobs:
9+
release:
10+
permissions:
11+
contents: write
12+
runs-on: ubuntu-latest
13+
steps:
14+
- name: Checkout
15+
uses: actions/checkout@v4
16+
with:
17+
fetch-depth: 0
18+
19+
- name: Run chart-releaser
20+
uses: helm/chart-releaser-action@v1.7.0
21+
env:
22+
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

README.md

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,40 @@
11
# Tinyauth helm
22

3-
A helm chart for running Tinyauth in a kubernetes environment.
3+
A helm chart for running Tinyauth in a Kubernetes cluster.
4+
5+
## Development
6+
7+
Documentation and values schema generation is powered by:
8+
- [helm-docs](https://github.com/norwoodj/helm-docs) for generating chart documentation
9+
- [helm-values-schema-json](https://github.com/losisin/helm-values-schema-json) for JSON schema validation
10+
11+
### Generating Chart READMEs
12+
13+
Install tools:
14+
```bash
15+
go install github.com/norwoodj/helm-docs/cmd/helm-docs@latest
16+
```
17+
18+
Generate README:
19+
```bash
20+
cd charts/tinyauth && helm-docs
21+
```
22+
### Generating JSON Schema
23+
24+
Install tools:
25+
```bash
26+
helm plugin install https://github.com/losisin/helm-values-schema-json.git
27+
```
28+
29+
Generate schema:
30+
```bash
31+
cd charts/tinyauth && helm schema
32+
```
33+
34+
### CI Testing
35+
36+
CI uses [chart-testing-action](https://github.com/helm/chart-testing-action) to lint charts and test deployment. Creates a kind cluster and installs tinyauth to verify everything works. Configuration is in `ct.yaml`.
37+
38+
### Releasing
39+
40+
To release a new chart version, create and push a git tag. The release workflow uses [chart-releaser-action](https://github.com/helm/chart-releaser-action) to package and publish charts to GitHub Pages.

charts/tinyauth/.helmignore

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
# Patterns to ignore when building packages.
2+
# This supports shell glob matching, relative path matching, and
3+
# negation (prefixed with !). Only one pattern per line.
4+
.DS_Store
5+
# Common VCS dirs
6+
.git/
7+
.gitignore
8+
.bzr/
9+
.bzrignore
10+
.hg/
11+
.hgignore
12+
.svn/
13+
# Common backup files
14+
*.swp
15+
*.bak
16+
*.tmp
17+
*.orig
18+
*~
19+
# Various IDEs
20+
.project
21+
.idea/
22+
*.tmproj
23+
.vscode/

charts/tinyauth/Chart.yaml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
apiVersion: v2
2+
name: tinyauth
3+
description: The simplest way to protect your apps with a login screen.
4+
5+
# A chart can be either an 'application' or a 'library' chart.
6+
#
7+
# Application charts are a collection of templates that can be packaged into versioned archives
8+
# to be deployed.
9+
#
10+
# Library charts provide useful utilities or functions for the chart developer. They're included as
11+
# a dependency of application charts to inject those utilities and functions into the rendering
12+
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
13+
type: application
14+
15+
# This is the chart version. This version number should be incremented each time you make changes
16+
# to the chart and its templates, including the app version.
17+
# Versions are expected to follow Semantic Versioning (https://semver.org/)
18+
version: 0.1.0
19+
20+
# This is the version number of the application being deployed. This version number should be
21+
# incremented each time you make changes to the application. Versions are not expected to
22+
# follow Semantic Versioning. They should reflect the version the application is using.
23+
# It is recommended to use it with quotes.
24+
appVersion: "v4.0.0"

charts/tinyauth/README.md

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
# tinyauth
2+
3+
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.0.0](https://img.shields.io/badge/AppVersion-v4.0.0-informational?style=flat-square)
4+
5+
The simplest way to protect your apps with a login screen.
6+
7+
## Values
8+
9+
| Key | Type | Default | Description |
10+
|-----|------|---------|-------------|
11+
| affinity | object | `{}` | |
12+
| autoscaling.enabled | bool | `false` | |
13+
| autoscaling.maxReplicas | int | `10` | |
14+
| autoscaling.minReplicas | int | `1` | |
15+
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
16+
| autoscaling.targetMemoryUtilizationPercentage | int | `80` | |
17+
| env | list | `[]` | |
18+
| fullnameOverride | string | `""` | |
19+
| httpRoute.annotations | object | `{}` | |
20+
| httpRoute.enabled | bool | `false` | |
21+
| httpRoute.hostnames[0] | string | `"chart-example.local"` | |
22+
| httpRoute.parentRefs[0].name | string | `"my-gateway"` | |
23+
| httpRoute.rules[0].matches[0].path.type | string | `"Prefix"` | |
24+
| httpRoute.rules[0].matches[0].path.value | string | `"/"` | |
25+
| image.pullPolicy | string | `"IfNotPresent"` | |
26+
| image.repository | string | `"ghcr.io/steveiliop56/tinyauth"` | |
27+
| image.tag | string | `""` | |
28+
| imagePullSecrets | list | `[]` | |
29+
| ingress.annotations | object | `{}` | |
30+
| ingress.className | string | `""` | |
31+
| ingress.enabled | bool | `false` | |
32+
| ingress.hosts[0].host | string | `"chart-example.local"` | |
33+
| ingress.hosts[0].paths[0].path | string | `"/"` | |
34+
| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
35+
| ingress.tls | list | `[]` | |
36+
| livenessProbe.httpGet.path | string | `"/api/health"` | |
37+
| livenessProbe.httpGet.port | string | `"http"` | |
38+
| nameOverride | string | `""` | |
39+
| nodeSelector | object | `{}` | |
40+
| persistence.accessMode | string | `"ReadWriteOnce"` | |
41+
| persistence.annotations | object | `{}` | |
42+
| persistence.enabled | bool | `false` | |
43+
| persistence.mountPath | string | `"/data"` | |
44+
| persistence.size | string | `"1Gi"` | |
45+
| persistence.storageClass | string | `""` | |
46+
| podAnnotations | object | `{}` | |
47+
| podLabels | object | `{}` | |
48+
| podSecurityContext | object | `{}` | |
49+
| readinessProbe.httpGet.path | string | `"/api/health"` | |
50+
| readinessProbe.httpGet.port | string | `"http"` | |
51+
| replicaCount | int | `1` | |
52+
| resources | object | `{}` | |
53+
| securityContext | object | `{}` | |
54+
| service.port | int | `80` | |
55+
| service.type | string | `"ClusterIP"` | |
56+
| serviceAccount.annotations | object | `{}` | |
57+
| serviceAccount.automount | bool | `true` | |
58+
| serviceAccount.create | bool | `true` | |
59+
| serviceAccount.name | string | `""` | |
60+
| tinyauth.general.address | string | `"0.0.0.0"` | |
61+
| tinyauth.general.appTitle | string | `""` | |
62+
| tinyauth.general.appUrl | string | `""` | |
63+
| tinyauth.general.backgroundImage | string | `""` | |
64+
| tinyauth.general.disableContinue | bool | `false` | |
65+
| tinyauth.general.forgotPasswordMessage | string | `""` | |
66+
| tinyauth.general.logLevel | string | `"info"` | |
67+
| tinyauth.general.loginMaxRetries | int | `5` | |
68+
| tinyauth.general.loginTimeout | int | `300` | |
69+
| tinyauth.general.oauthAutoRedirect | string | `""` | |
70+
| tinyauth.general.oauthWhitelist | string | `""` | |
71+
| tinyauth.general.port | int | `3000` | |
72+
| tinyauth.general.secureCookie | bool | `false` | |
73+
| tinyauth.general.sessionExpiry | int | `86400` | |
74+
| tinyauth.general.users | string | `""` | |
75+
| tinyauth.general.usersFile | string | `""` | |
76+
| tinyauth.ldap.address | string | `""` | |
77+
| tinyauth.ldap.baseDn | string | `""` | |
78+
| tinyauth.ldap.bindDn | string | `""` | |
79+
| tinyauth.ldap.bindPassword | string | `""` | |
80+
| tinyauth.ldap.bindPasswordSecretRef.key | string | `""` | |
81+
| tinyauth.ldap.bindPasswordSecretRef.name | string | `""` | |
82+
| tinyauth.ldap.enabled | bool | `false` | |
83+
| tinyauth.ldap.insecure | bool | `false` | |
84+
| tinyauth.ldap.searchFilter | string | `"(uid=%s)"` | |
85+
| tinyauth.providers[0].authUrl | string | `""` | |
86+
| tinyauth.providers[0].clientId | string | `""` | |
87+
| tinyauth.providers[0].clientSecret | string | `""` | |
88+
| tinyauth.providers[0].clientSecretFile | string | `""` | |
89+
| tinyauth.providers[0].clientSecretSecretRef.key | string | `""` | |
90+
| tinyauth.providers[0].clientSecretSecretRef.name | string | `""` | |
91+
| tinyauth.providers[0].id | string | `""` | |
92+
| tinyauth.providers[0].name | string | `""` | |
93+
| tinyauth.providers[0].scopes | string | `""` | |
94+
| tinyauth.providers[0].skipSsl | bool | `false` | |
95+
| tinyauth.providers[0].tokenUrl | string | `""` | |
96+
| tinyauth.providers[0].userInfoUrl | string | `""` | |
97+
| tolerations | list | `[]` | |
98+
| volumeMounts | list | `[]` | |
99+
| volumes | list | `[]` | |
100+
101+
----------------------------------------------
102+
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
Lines changed: 119 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,119 @@
1+
replicaCount: 1
2+
3+
env:
4+
- name: CUSTOM_VAR
5+
values: "custom-value"
6+
7+
image:
8+
pullPolicy: IfNotPresent
9+
10+
serviceAccount:
11+
create: true
12+
automount: true
13+
annotations:
14+
example.com/managed-by: "helm"
15+
name: ""
16+
17+
podAnnotations:
18+
app.kubernetes.io/component: "auth-server"
19+
20+
podLabels:
21+
app.kubernetes.io/component: "auth-server"
22+
23+
podSecurityContext:
24+
fsGroup: 2000
25+
26+
securityContext:
27+
capabilities:
28+
drop:
29+
- ALL
30+
readOnlyRootFilesystem: false
31+
runAsNonRoot: true
32+
runAsUser: 1000
33+
34+
service:
35+
type: ClusterIP
36+
port: 80
37+
38+
tinyauth:
39+
general:
40+
port: 3000
41+
address: "0.0.0.0"
42+
appUrl: "http://tinyauth-test.local"
43+
users: "user:$$2a$$10$$UdLYoJ5lgPsC0RKqYH/jMua7zIn0g9kPqWmhYayJYLaZQ/FTmH2/u"
44+
secureCookie: false
45+
disableContinue: false
46+
oauthWhitelist: "*"
47+
sessionExpiry: 3600
48+
logLevel: info
49+
appTitle: "TinyAuth Test"
50+
loginMaxRetries: 3
51+
loginTimeout: 300
52+
forgotPasswordMessage: "Contact admin for password reset"
53+
oauthAutoRedirect: "github"
54+
backgroundImage: "/static/bg.jpg"
55+
56+
providers:
57+
- id: github
58+
clientId: "test-github-client-id"
59+
clientSecret: "test-github-client-secret"
60+
- id: google
61+
clientId: "test-google-client-id"
62+
clientSecret: "test-google-client-secret"
63+
- id: custom
64+
clientId: "test-custom-client-id"
65+
clientSecret: "test-custom-client-secret"
66+
authUrl: "https://example.com/oauth/authorize"
67+
tokenUrl: "https://example.com/oauth/token"
68+
userInfoUrl: "https://example.com/oauth/user"
69+
scopes: "openid profile email"
70+
name: "Custom OAuth"
71+
skipSsl: false
72+
73+
ldap:
74+
enabled: true
75+
address: "ldap://test-ldap:389"
76+
bindDn: "cn=admin,dc=example,dc=com"
77+
bindPassword: "test-ldap-password"
78+
baseDn: "ou=users,dc=example,dc=com"
79+
insecure: true
80+
searchFilter: "(uid=%s)"
81+
82+
ingress:
83+
enabled: true
84+
className: "nginx"
85+
annotations:
86+
kubernetes.io/ingress.class: nginx
87+
kubernetes.io/tls-acme: "true"
88+
hosts:
89+
- host: tinyauth-test.local
90+
paths:
91+
- path: /
92+
pathType: ImplementationSpecific
93+
94+
livenessProbe:
95+
httpGet:
96+
path: /api/health
97+
port: http
98+
initialDelaySeconds: 30
99+
periodSeconds: 10
100+
101+
readinessProbe:
102+
httpGet:
103+
path: /api/health
104+
port: http
105+
initialDelaySeconds: 5
106+
periodSeconds: 5
107+
108+
autoscaling:
109+
enabled: true
110+
minReplicas: 1
111+
maxReplicas: 1
112+
targetCPUUtilizationPercentage: 70
113+
targetMemoryUtilizationPercentage: 80
114+
115+
httpRoute:
116+
enabled: false
117+
118+
persistence:
119+
enabled: false

0 commit comments

Comments
 (0)