diff --git a/.gitignore b/.gitignore index 5afbeb2..e4a8dae 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ urls.sqlite .env cookie* .idea/ +.DS_Store diff --git a/README.md b/README.md index ec0dcff..aa33c6d 100644 --- a/README.md +++ b/README.md @@ -156,6 +156,20 @@ to send your desired headers. It must be a comma separated list of valid you can set it to `no-cache, private` to disable caching. It might help during testing if served through a proxy. +## Deploying in your Kubernetes cluster with Helm +The helm values are very sparse to keep it simple. If you need more values to be variable, feel free to adjust. + +The PVC allocates 100Mi and the PV is using a host path volume. + +The helm chart assumes you have [cert manager](https://github.com/jetstack/cert-manager) deployed to have TLS certificates managed easily in your cluster. Feel free to remove the issuer and adjust the ingress if you're on AWS with EKS for example. To install cert-manager, I recommend using the ["kubectl apply" way](https://cert-manager.io/docs/installation/kubectl/) to install cert-manager. + +To get started, `cp helm-chart/values.yaml helm-chart/my-values.yaml` and adjust `password`, `fqdn` and `letsencryptmail` in your new `my-values.yaml`, then just run + +``` bash +cd helm-chart +helm upgrade --install chhoto-url . -n chhoto-url --create-namespace -f my-values.yaml +``` + ## Instructions for CLI usage The application can be used from the terminal using something like `curl`. In all the examples below, replace `http://localhost:4567` with where your instance of `chhoto-url` is accessible. diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml new file mode 100644 index 0000000..a98014f --- /dev/null +++ b/helm-chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: chhoto-url +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm-chart/templates/ingress.yml b/helm-chart/templates/ingress.yml new file mode 100644 index 0000000..c57207d --- /dev/null +++ b/helm-chart/templates/ingress.yml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: chhoto-url + annotations: + cert-manager.io/issuer: "letsencrypt" + acme.cert-manager.io/http01-edit-in-place: "true" +spec: + tls: + - hosts: + - {{ .Values.fqdn }} + secretName: my-tls + rules: + - host: {{ .Values.fqdn }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: chhoto-url + port: + number: 80 diff --git a/helm-chart/templates/issuer.yml b/helm-chart/templates/issuer.yml new file mode 100644 index 0000000..43a74c5 --- /dev/null +++ b/helm-chart/templates/issuer.yml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: letsencrypt +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: {{ .Values.letsencryptmail }} + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + ingressClassName: nginx \ No newline at end of file diff --git a/helm-chart/templates/pv.yml b/helm-chart/templates/pv.yml new file mode 100644 index 0000000..2992e3f --- /dev/null +++ b/helm-chart/templates/pv.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: chhoto-pv + labels: + app: chhoto-url +spec: + capacity: + storage: 100Mi + accessModes: + - ReadWriteOnce + hostPath: + path: {{ .Values.persistence.hostPath.path }} diff --git a/helm-chart/templates/secret.yml b/helm-chart/templates/secret.yml new file mode 100644 index 0000000..f5c684f --- /dev/null +++ b/helm-chart/templates/secret.yml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret +type: Opaque +data: + password: {{ .Values.password }} + {{- if .Values.api_key }} + api_key: {{ .Values.api_key }} + {{- end }} diff --git a/helm-chart/templates/sts.yml b/helm-chart/templates/sts.yml new file mode 100644 index 0000000..87d142b --- /dev/null +++ b/helm-chart/templates/sts.yml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: chhoto-url +spec: + replicas: 1 + selector: + matchLabels: + app: chhoto-url + template: + metadata: + labels: + app: chhoto-url + spec: + containers: + - name: chhoto-url + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + ports: + - containerPort: 4567 + env: + - name: password + valueFrom: + secretKeyRef: + name: secret + key: password + {{- if .Values.api_key }} + - name: api_key + valueFrom: + secretKeyRef: + name: secret + key: api_key + {{- end }} + - name: db_url + value: /db/urls.sqlite + - name: site_url + value: "{{ .Values.protocol }}://{{ .Values.fqdn }}" + - name: redirect_method + value: {{ .Values.redirect_method }} + - name: slug_style + value: {{ .Values.slug_style }} + - name: slug_length + value: "{{ .Values.slug_length }}" + - name: public_mode + value: {{ .Values.public_mode }} + - name: disable_frontend + value: {{ .Values.disable_frontend }} + {{- if .Values.cache_control_header }} + - name: cache_control_header + value: {{ .Values.cache_control_header }} + {{- end }} + volumeMounts: + - name: data + mountPath: /db + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 100Mi diff --git a/helm-chart/templates/svc.yml b/helm-chart/templates/svc.yml new file mode 100644 index 0000000..a14f91c --- /dev/null +++ b/helm-chart/templates/svc.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: chhoto-url + labels: + app: chhoto-url +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 4567 + protocol: TCP + selector: + app: chhoto-url diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml new file mode 100644 index 0000000..6687b33 --- /dev/null +++ b/helm-chart/values.yaml @@ -0,0 +1,28 @@ +# Default values for chhoto-url. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: sintan1729/chhoto-url + pullPolicy: IfNotPresent + tag: "5.4.6" + +# please use a better password in your values and base64 encode it +password: cGFzc3dvcmQ= +# if used, needs to be base64 encoded as well +# api_key: U0VDVVJFX0FQSV9LRVk= + +persistence: + hostPath: + path: /mnt/data/chhoto-data + +redirect_method: PERMANENT +slug_style: Pair +slug_length: 8 +public_mode: Disable +disable_frontend: False +# cache_control_header: "no-cache, private" + +protocol: https +fqdn: your.short.link.url.com +letsencryptmail: your.mail@address.com