Add Helm Chart

README.md

@@ -25,6 +25,7 @@ This repository contains a controller that allows you to operate a [Varnish cach
 - [Detailed how-tos](#detailed-how-tos)
   - [Using built in signaller component](#using-built-in-signaller-component)
   - [Proxying to external services](#proxying-to-external-services)
+- [Helm Chart Intallation](#helm-chart-installation)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
@@ -384,3 +385,50 @@ data:
 ```
 
 When starting kube-httpcache, remember to set the `--backend-watch=false` flag to disable watching the (non-existent) backend endpoints.
+
+## Helm Chart installation
+
+Using [HELM](chart/) to rollout an instance of kube-httpcache.
+
+Ensure your defined backen services have a port
+name `http`:
+
+```
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-service
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  type: ClusterIP
+```
+
+An ingress points to the kube-httpcache service which cached 
+your backend service:
+
+```
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: example-ingress
+spec:
+  rules:
+  - host: www.example.com
+    http:
+      paths:
+      - backend:
+          service:
+            name: kube-httpcache
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+```
+
+Look at the `vclTemplate` property in [chart/values.yaml](chart/values.yaml) to define
+your own Varnish cluster rules or load with `extraVolume` an extra file
+as initContainer if your ruleset is really big.

chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/Chart.yaml

@@ -0,0 +1,8 @@
+name: kube-httpcache
+description: Varnish on Kubernetes Helm Chart
+version: 0.0.1
+appVersion: 0.0.1
+home: https://varnish-cache.org
+icon: https://varnish-cache.org/_static/varnish-bunny.png
+sources:
+  - https://github.com/mittwald/kube-httpcache

chart/templates/NOTES.txt

@@ -0,0 +1,3 @@
+Ensure your backend-service has a port name 'http' and create an ingress
+point to the kube-httpcache service. Enjoy your Varnish cache!
+

chart/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-httpcache.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kube-httpcache.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kube-httpcache.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kube-httpcache.labels" -}}
+helm.sh/chart: {{ include "kube-httpcache.chart" . }}
+{{ include "kube-httpcache.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kube-httpcache.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kube-httpcache.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kube-httpcache.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled }}
+{{- default (include "kube-httpcache.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

chart/templates/configmap.yaml

@@ -0,0 +1,9 @@
+{{- if .Values.configmap.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "kube-httpcache.fullname" . }}
+data:
+  default.vcl.tmpl: |
+{{ .Values.vclTemplate | indent 4}}
+{{- end }}

chart/templates/deployment.yaml

@@ -0,0 +1,112 @@
+{{- if not .Values.useStatefulset.enabled -}}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kube-httpcache.fullname" . }}
+  labels:
+    {{- include "kube-httpcache.labels" . | nindent 4 }}
+spec:
+{{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+{{- end }}
+  selector:
+    matchLabels:
+      {{- include "kube-httpcache.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+    {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      labels:
+        {{- include "kube-httpcache.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "kube-httpcache.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if .Values.initContainers }}
+      initContainers:
+        {{- with .Values.initContainers }}
+        {{- tpl . $ | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml .Values.livenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml .Values.readinessProbe | nindent 12 }}
+          {{- end }}
+          args:
+          - -admin-addr=0.0.0.0
+          - -admin-port=6083
+          - -signaller-enable
+          - -signaller-port=8090
+          - -frontend-watch
+          - -frontend-namespace={{ "$(NAMESPACE)" }}
+          - -frontend-service={{ include "kube-httpcache.fullname" . }}
+          - -backend-watch
+          - -backend-service={{ .Values.cache.backendService }}
+          - -backend-namespace={{ .Values.cache.backendServiceNamespace | default "$(NAMESPACE)" }}
+          - -varnish-secret-file=/etc/varnish/k8s-secret/secret
+          - -varnish-vcl-template=/etc/varnish/tmpl/default.vcl.tmpl
+          - -varnish-storage={{ .Values.cache.varnishStorage }},{{ .Values.cache.storageSize }}
+          {{- if .Values.cacheExtraArgs }}
+            {{- with .Values.cacheExtraArgs }}
+            {{- tpl . $ | trim | nindent 10 }}
+            {{- end }}
+          {{- end }}
+          env:
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          volumeMounts:
+          - name: template
+            mountPath: /etc/varnish/tmpl
+          - name: secret
+            mountPath: /etc/varnish/k8s-secret
+          {{- if .Values.extraMounts }}
+            {{- toYaml .Values.extraMounts | nindent 10 }}
+          {{- end }}
+          {{- if .Values.resources }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+      volumes:
+      {{- if .Values.configmap.enabled }}
+      - name: template
+        configMap:
+          name: {{ include "kube-httpcache.fullname" . }}
+      {{- end }}
+      - name: secret
+        secret:
+          secretName: {{ include "kube-httpcache.fullname" . }}
+      {{- if .Values.extraVolumes -}}
+      {{- toYaml .Values.extraVolumes | nindent 6 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}

chart/templates/hpa.yaml

@@ -0,0 +1,30 @@
+{{- if not .Values.useStatefulset.enabled -}}
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "kube-httpcache.fullname" . }}
+  labels:
+    {{- include "kube-httpcache.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "kube-httpcache.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+{{- end }}
+{{- end }}

chart/templates/ingress.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "kube-httpcache.fullname" . }}
+  labels:
+    {{- include "kube-httpcache.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host }}
+      http:
+        paths: {{ .paths | toYaml | nindent 10 }}
+    {{- end }}
+  {{- end }}

chart/templates/rbac.yaml

@@ -0,0 +1,48 @@
+{{- if .Values.rbac.enabled -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "kube-httpcache.fullname" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - pods
+  verbs:
+  - watch
+  - get
+{{- if .Values.podSecurityPolicy.enabled -}}
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  - pods
+  verbs:
+  - watch
+  - get
+- apiGroups:
+  - extensions
+  resourceNames:
+  - {{ .Values.podSecurityPolicy.name }}
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "kube-httpcache.labels" . | nindent 4 }}
+  name: {{ include "kube-httpcache.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kube-httpcache.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "kube-httpcache.serviceAccountName" . }}
+{{- end }}