cleanup (#2)

Fully working helm chart
cresta · Mar 26, 2021 · 1258799 · 1258799
1 parent 3591c6b
commit 1258799
Show file tree

Hide file tree

Showing 10 changed files with 192 additions and 188 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml
@@ -29,11 +29,11 @@ jobs:
         uses: helm/[email protected]
       - name: Install helm chart
         run:  helm install varnish ./charts/varnish
-        #      - name: Wait for deployment to finish
-        #        timeout-minutes: 1
-        #        run:  kubectl rollout status --watch deployment/varnish
-        #      - name: Test helm chart
-        #        run:  helm test varnish
+      - name: Wait for deployment to finish
+        timeout-minutes: 1
+        run:  kubectl rollout status --watch deployment/varnish
+      - name: Test helm chart
+        run:  helm test varnish
       - name: Remove helm chart
         run:  helm uninstall varnish
       - name: Run chart-releaser

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -0,0 +1,28 @@
+name: Release Charts
+
+on: [push, pull_request]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Run chart-testing (lint)
+        id: lint
+        uses: helm/[email protected]
+        with:
+          command: lint
+      - name: Create kind cluster
+        uses: helm/[email protected]
+      - name: Install helm chart
+        run:  helm install varnish ./charts/varnish
+      - name: Wait for deployment to finish
+        timeout-minutes: 1
+        run:  kubectl rollout status --watch deployment/varnish
+      - name: Test helm chart
+        run:  helm test varnish
+      - name: Remove helm chart
+        run:  helm uninstall varnish
diff --git a/Dockerfile b/Dockerfile
diff --git a/README.md b/README.md
@@ -1,3 +1,30 @@
 # varnish
-Custom varnish install
-# varnish
+Custom varnish helm chart for Cresta.
+
+This chart is intended to have varnish forward to nginx, which
+can forward downstream.  Nginx is used so that we can connect to SSL
+backends and do dynamic DNS resolution with the free version of varnish.
+
+## Dynamic DNS
+
+This is libvmod-dynamic in the free version, but we can get this with the core
+nginx version via proxy_pass
+
+See the following for more information:
+* https://github.com/nigoroll/libvmod-dynamic
+
+## SSL Backends
+
+This is only in the paid version of varnish.  Some people use stunnel, but we
+want dynamic SSL backends (changing hostnames), and stunnel only supports
+static hostnames.  We can again get this in nginx with proxy_pass variables.
+
+See the following for more information:
+* https://www.stunnel.org/
+* https://docs.varnish-software.com/varnish-cache-plus/features/backend-ssl/
+
+
+# This chart
+
+This chart assumes you want to configure your varnish and nginx config via helm.
+It also adds a third docker container for varnishncsa so you can get access logs.
diff --git a/charts/varnish/Chart.yaml b/charts/varnish/Chart.yaml
@@ -1,9 +1,14 @@
 apiVersion: v2
 name: varnish
 description: A Helm chart for varnish on Kubernetes
+home: https://github.com/cresta/varnish
 
 type: application
 
-version: 0.1.0
+version: 0.2.0
 
 appVersion: "6.5.1-a"
+
+maintainers:
+  - name: cep21
+    url: https://github.com/cep21
diff --git a/charts/varnish/templates/configmap-vcl.yaml b/charts/varnish/templates/configmap-vcl.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "varnish.fullname" . }}
+  name: {{ include "varnish.fullname" . }}-varnish
   labels:
     {{- include "varnish.labels" . | nindent 4 }}
 data:
-{{ toYaml .Values.vcl | indent 2 }}
+{{ toYaml .Values.varnish.vcl | indent 2 }}
diff --git a/charts/varnish/templates/deployment.yaml b/charts/varnish/templates/deployment.yaml
@@ -13,8 +13,10 @@ spec:
       {{- include "varnish.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
       annotations:
+        checksum/varnish: {{ include (print $.Template.BasePath "/configmap-vcl.yaml") . | sha256sum }} 
+        checksum/nginx: {{ include (print $.Template.BasePath "/configmap-nginx.yaml") . | sha256sum }} 
+      {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
@@ -26,26 +28,30 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "varnish.serviceAccountName" . }}
       volumes:
+        - name: shared-varnish
+          emptyDir: {}
         - name: vcl
           configMap:
-            name: {{ include "varnish.fullname" . }}
+            name: {{ include "varnish.fullname" . }}-varnish
         - name: nginx
           configMap:
             name: {{ include "varnish.fullname" . }}-nginx
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
-        - name: {{ .Chart.Name }}-varnish
+        - name: varnish
           securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+            {{- toYaml .Values.varnish.securityContext | nindent 12 }}
+          image: "{{ .Values.varnish.image.repository }}:{{ .Values.varnish.image.tag }}"
+          imagePullPolicy: {{ .Values.varnish.image.pullPolicy }}
           volumeMounts:
             - mountPath: /etc/varnish
               name: vcl
+            - mountPath: /var/lib/varnish
+              name: shared-varnish
           env:
             - name: VARNISH_SIZE
-              value: {{ .Values.varnishSize | quote }}
+              value: {{ .Values.varnish.varnishSize | quote }}
           ports:
             - name: http
               containerPort: 80
@@ -60,11 +66,22 @@ spec:
               port: http
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-        - name: {{ .Chart.Name }}-nginx
+        - name: varnishncsa
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.varnishncsa.image.repository }}:{{ .Values.varnishncsa.image.tag }}"
+          command: ["varnishncsa"]
+          imagePullPolicy: {{ .Values.varnishncsa.image.pullPolicy }}
+          volumeMounts:
+            - mountPath: /var/lib/varnish
+              name: shared-varnish
+          resources:
+            {{- toYaml .Values.varnishncsa.resources | nindent 12 }}
+        - name: nginx
+          securityContext:
+            {{- toYaml .Values.nginx.securityContext | nindent 12 }}
           image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          imagePullPolicy: {{ .Values.nginx.image.pullPolicy }}
           volumeMounts:
             - mountPath: /etc/nginx
               name: nginx
@@ -81,7 +98,7 @@ spec:
               path: /health
               port: http
           resources:
-            {{- toYaml .Values.resources | nindent 12 }}
+            {{- toYaml .Values.nginx.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}