Add Helm chart

st8ed · Jun 15, 2022 · 170f3a7 · 170f3a7
1 parent e41a1d9
commit 170f3a7
Show file tree

Hide file tree

Showing 11 changed files with 450 additions and 88 deletions.
diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
@@ -1,89 +1,123 @@
 name: "Build & Publish"
-on: [ pull_request, push ]
+on: [pull_request, push]
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+      - uses: actions/checkout@v3
 
-    - uses: cachix/install-nix-action@v17
-      with:
-        nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/install-nix-action@v17
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
 
-    - uses: cachix/cachix-action@v10
-      with:
-        name: st8ed-oss
-        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - uses: cachix/cachix-action@v10
+        with:
+          name: st8ed-oss
+          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
 
-    - run: nix build .#package
-    - run: echo "PACKAGE_PATH=$(readlink -f result)" >>$GITHUB_ENV
-    - run: nix build .#dockerImage
-    - run: echo "IMAGE_PATH=$(readlink -f result)" >>$GITHUB_ENV
+      - name: Build
+      - run: |
+          nix build .#package
+          echo "PACKAGE_PATH=$(readlink -f result)" >>$GITHUB_ENV
 
-    - uses: actions/upload-artifact@v3
-      with:
-        name: aws-cost-exporter
-        path: ${{ env.PACKAGE_PATH }}
+          nix build .#dockerImage
+          echo "IMAGE_PATH=$(readlink -f result)" >>$GITHUB_ENV
 
-    - uses: actions/upload-artifact@v3
-      with:
-        name: aws-cost-exporter-image
-        path: ${{ env.IMAGE_PATH }}
+          nix build .#helmChart
+          echo "CHART_PATH=$(readlink -f result)" >>$GITHUB_ENV
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: aws-cost-exporter
+          path: ${{ env.PACKAGE_PATH }}
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: aws-cost-exporter-image
+          path: ${{ env.IMAGE_PATH }}
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: aws-cost-exporter-chart
+          path: ${{ env.CHART_PATH }}
 
   publish:
     needs: build
     if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-latest
     permissions:
-      packages: write # For GitHub Container Registry
-      contents: write # For GitHub Releases
+      packages: write     # For GitHub Container Registry
+      contents: write     # For GitHub Releases
     steps:
-    - uses: actions/download-artifact@v3
-      with:
-        name: aws-cost-exporter
-        path: ./dist/release
-
-    - uses: actions/download-artifact@v3
-      with:
-        name: aws-cost-exporter-image
-        path: ./dist/image
-
-    - name: Retrieve version
-      run: |
-        VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-        VERSION=$(echo $VERSION | sed -e 's/^v//')
-        # [ "$VERSION" == "master" ] && VERSION=latest
-
-        echo "VERSION=$VERSION" >>$GITHUB_ENV
-        echo "VERSION=$VERSION"
-
-    - name: Package release
-      run: |
-        tar cf ./dist/aws-exporter-$VERSION.linux-amd64.tar.gz -C ./dist/release .
-
-    - name: Push image
-      run: |
-        IMAGE_SRC=st8ed/aws-cost-exporter
-        IMAGE_DEST=ghcr.io/st8ed/aws-cost-exporter
-
-        echo IMAGE_SRC=$IMAGE_SRC
-        echo IMAGE_DEST=$IMAGE_DEST
-
-        echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
-
-        docker load -i ./dist/image/*.tar.gz
-
-        docker tag $IMAGE_SRC:$VERSION $IMAGE_DEST:$VERSION
-        docker push $IMAGE_DEST:$VERSION
-
-        docker tag $IMAGE_SRC:$VERSION $IMAGE_DEST:latest
-        docker push $IMAGE_DEST:latest
-
-    - name: Create release
-      uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
-      with:
-        name: Release ${{ env.VERSION }}
-        files: ./dist/aws-exporter-*.tar.gz
-        fail_on_unmatched_files: true
-        generate_release_notes: true
+      - uses: actions/download-artifact@v3
+        with:
+          name: aws-cost-exporter
+          path: ./dist/release
+
+      - uses: actions/download-artifact@v3
+        with:
+          name: aws-cost-exporter-image
+          path: ./dist/image
+
+      - uses: actions/download-artifact@v3
+        with:
+          name: aws-cost-exporter-chart
+          path: ./dist/chart
+
+      - name: Retrieve version
+        run: |
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          VERSION=$(echo $VERSION | sed -e 's/^v//')
+          # [ "$VERSION" == "master" ] && VERSION=latest
+
+          IMAGE_REPOSITORY=st8ed/aws-cost-exporter
+
+          echo "VERSION=$VERSION" >>$GITHUB_ENV
+          echo "VERSION=$VERSION"
+
+          echo "IMAGE_REPOSITORY=$IMAGE_REPOSITORY" >>$GITHUB_ENV
+          echo "IMAGE_REPOSITORY=$IMAGE_REPOSITORY"
+
+      - name: Package release
+        run: |
+          tar cf ./dist/aws-exporter-$VERSION.linux-amd64.tar.gz \
+            -C ./dist/release .
+
+      - name: Load image
+        run: |
+          docker load -i ./dist/image/*.tar.gz
+          docker tag $IMAGE_REPOSITORY:$VERSION $IMAGE_REPOSITORY:latest
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push image
+        run:
+          docker push $IMAGE_REPOSITORY:$VERSION
+          docker push $IMAGE_REPOSITORY:$VERSION $IMAGE_REPOSITORY:latest
+
+          docker push $IMAGE_REPOSITORY:$VERSION \
+            ghcr.io/$IMAGE_REPOSITORY:$VERSION
+          docker push $IMAGE_REPOSITORY:$VERSION \
+            ghcr.io/$IMAGE_REPOSITORY:latest
+
+      - name: Create release
+        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
+        with:
+          name: Release ${{ env.VERSION }}
+          files: |
+            ./dist/aws-exporter-*.tar.gz
+            ./dist/chart/*.tgz
+          fail_on_unmatched_files: true
+          generate_release_notes: true
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: aws-cost-exporter
+description: An exporter for AWS Cost and Usage Reports
+type: application
+version: 0.0.0
+appVersion: "0.0.0"
diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt
@@ -0,0 +1,16 @@
+1. Get the application URL by running these commands:
+{{- if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "aws-cost-exporter.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "aws-cost-exporter.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "aws-cost-exporter.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aws-cost-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:9100 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9100:$CONTAINER_PORT
+{{- end }}
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "aws-cost-exporter.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "aws-cost-exporter.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "aws-cost-exporter.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "aws-cost-exporter.labels" -}}
+helm.sh/chart: {{ include "aws-cost-exporter.chart" . }}
+{{ include "aws-cost-exporter.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "aws-cost-exporter.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "aws-cost-exporter.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "aws-cost-exporter.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "aws-cost-exporter.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -0,0 +1,81 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "aws-cost-exporter.fullname" . }}
+  labels:
+    {{- include "aws-cost-exporter.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "aws-cost-exporter.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "aws-cost-exporter.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "aws-cost-exporter.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image }}"
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          args:
+            - --bucket
+            - {{ .Values.aws.bucket }}
+            - --report
+            - {{ .Values.aws.report }}
+          env:
+            - name: AWS_REGION
+              value: {{ .Values.aws.region }}
+            - name: AWS_SHARED_CREDENTIALS_FILE
+              value: /etc/aws/credentials
+          ports:
+            - name: http-metrics
+              containerPort: 9100
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http-metrics
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http-metrics
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: aws-secrets
+              mountPath: /etc/aws
+            - name: data
+              mountPath: /var/lib/aws-cost-exporter
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: aws-secrets
+          secret:
+            secretName: {{ include "aws-cost-exporter.fullname" . }}-aws
+            defaultMode: 111
+        - name: data
+          emptyDir: {}
diff --git a/chart/templates/secret-aws.yaml b/chart/templates/secret-aws.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "aws-cost-exporter.fullname" . }}-aws
+  labels:
+    {{- include "aws-cost-exporter.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  credentials: |
+    [default]
+    aws_access_key_id={{ .Values.aws.access_key_id }}
+    aws_secret_access_key={{ .Values.aws.secret_access_key }}
diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "aws-cost-exporter.fullname" . }}
+  labels:
+    {{- include "aws-cost-exporter.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http-metrics
+      protocol: TCP
+      name: http-metrics
+  selector:
+    {{- include "aws-cost-exporter.selectorLabels" . | nindent 4 }}