From f00fef03b6d96896a0a5cd57f4c7e30a79e1eb5e Mon Sep 17 00:00:00 2001 From: nolte Date: Mon, 14 Sep 2020 21:33:18 +0200 Subject: [PATCH] Adding a option for a git init container. Signed-off-by: nolte --- charts/esphome/Chart.yaml | 4 +- charts/esphome/README.md | 125 ++++++++++++----------- charts/esphome/templates/deployment.yaml | 57 +++++++++++ charts/esphome/values.yaml | 24 ++++- 4 files changed, 148 insertions(+), 62 deletions(-) diff --git a/charts/esphome/Chart.yaml b/charts/esphome/Chart.yaml index a57d092e..c7a5045d 100644 --- a/charts/esphome/Chart.yaml +++ b/charts/esphome/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: 1.14.5 +appVersion: 1.15.2 description: ESPHome name: esphome -version: 2.0.0 +version: 2.2.0 keywords: - esphome home: https://github.com/k8s-at-home/charts/tree/master/charts/esphome diff --git a/charts/esphome/README.md b/charts/esphome/README.md index 21f42f57..8abac49b 100644 --- a/charts/esphome/README.md +++ b/charts/esphome/README.md @@ -34,65 +34,72 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of the ESPHome chart and their default values. -| Parameter | Description | Default | -|----------------------------|-------------------------------------|---------------------------------------------------------| -| `image.repository` | Image repository | `esphome/esphome` | -| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/esphome/esphome/tags/).| `0.14.5`| -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Secrets to use when pulling the image | `[]` | -| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | -| `probes.liveness.enabled` | Use the livenessProbe? | `true` | -| `probes.liveness.scheme ` | Specify liveness `scheme` parameter for the deployment | `HTTP` | -| `probes.liveness.initialDelaySeconds` | Specify liveness `initialDelaySeconds` parameter for the deployment | `60` | -| `probes.liveness.failureThreshold` | Specify liveness `failureThreshold` parameter for the deployment | `5` | -| `probes.liveness.timeoutSeconds` | Specify liveness `timeoutSeconds` parameter for the deployment | `10` | -| `probes.readiness.enabled` | Use the readinessProbe? | `true` | -| `probes.readiness.scheme ` | Specify readiness `scheme` parameter for the deployment | `HTTP` | -| `probes.readiness.initialDelaySeconds` | Specify readiness `initialDelaySeconds` parameter for the deployment | `60` | -| `probes.readiness.failureThreshold` | Specify readiness `failureThreshold` parameter for the deployment | `5` | -| `probes.readiness.timeoutSeconds` | Specify readiness `timeoutSeconds` parameter for the deployment | `10` | -| `probes.startup.enabled` | Use the startupProbe? (new in kubernetes 1.16) | `false` | -| `probes.startup.scheme ` | Specify startup `scheme` parameter for the deployment | `HTTP` | -| `probes.startup.failureThreshold` | Specify startup `failureThreshold` parameter for the deployment | `5` | -| `probes.startup.periodSeconds` | Specify startup `periodSeconds` parameter for the deployment | `10` | -| `service.type` | Kubernetes service type for the esphome GUI | `ClusterIP` | -| `service.port` | Kubernetes port where the esphome GUI is exposed| `6052` | -| `service.portName` | Kubernetes port name where the esphome GUI is exposed | `api` | -| `service.additionalPorts` | Add additional ports exposed by the esphome container integrations. Example homematic needs to expose a proxy port | `{}` | -| `service.annotations` | Service annotations for the esphome GUI | `{}` | -| `service.clusterIP` | Cluster IP for the esphom GUI | `` | -| `service.externalIPs` | External IPs for the esphome GUI | `[]` | -| `service.loadBalancerIP` | Loadbalancer IP for the esphome GUI | `` | -| `service.loadBalancerSourceRanges` | Loadbalancer client IP restriction range for the esphome GUI | `[]` | -| `service.publishNotReadyAddresses` | Set to true if the notReadyAddresses should be published | `false` | -| `service.externalTrafficPolicy` | Loadbalancer externalTrafficPolicy | `` | -| `hostNetwork` | Enable hostNetwork - might be needed for discovery to work | `false` | -| `service.nodePort` | nodePort to listen on for the esphome GUI | `` | -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.path` | Ingress path | `/` | -| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `persistence.enabled` | Use persistent volume to store data | `true` | -| `persistence.size` | Size of persistent volume claim | `5Gi` | -| `persistence.existingClaim`| Use an existing PVC to persist data | `nil` | -| `persistence.hostPath`| The path to the config directory on the host, instead of a PVC | `nil` | -| `persistence.storageClass` | Type of persistent volume claim | `-` | -| `persistence.accessMode` | Persistence access modes | `ReadWriteMany` | -| `hostMounts` | Array of host directories to mount; can be used for devices | [] | -| `hostMounts.name` | Name of the volume | `nil` | -| `hostMounts.hostPath` | The path on the host machine | `nil` | -| `hostMounts.mountPath` | The path at which to mount (optional; assumed same as hostPath) | `nil` | -| `hostMounts.type` | The type to mount (optional, i.e., `Directory`) | `nil` | -| `extraEnv` | Extra ENV vars to pass to the esphome container | `{}` | -| `extraEnvSecrets` | Extra env vars to pass to the esphome container from k8s secrets - see `values.yaml` for an example | `{}` | -| `resources` | CPU/Memory resource requests/limits or the esphome GUI | `{}` | -| `nodeSelector` | Node labels for pod assignment or the esphome GUI | `{}` | -| `tolerations` | Toleration labels for pod assignment or the esphome GUI | `[]` | -| `affinity` | Affinity settings for pod assignment or the esphome GUI | `{}` | -| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | -| `extraVolumes` | Any extra volumes to define for the pod | `{}` | -| `extraVolumeMounts` | Any extra volumes mounts to define for each container of the pod | `{}` | +| Parameter | Description | Default | +|----------------------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------| +| `image.repository` | Image repository | `esphome/esphome` | +| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/esphome/esphome/tags/). | `0.14.5` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Secrets to use when pulling the image | `[]` | +| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | +| `probes.liveness.enabled` | Use the livenessProbe? | `true` | +| `probes.liveness.scheme ` | Specify liveness `scheme` parameter for the deployment | `HTTP` | +| `probes.liveness.initialDelaySeconds` | Specify liveness `initialDelaySeconds` parameter for the deployment | `60` | +| `probes.liveness.failureThreshold` | Specify liveness `failureThreshold` parameter for the deployment | `5` | +| `probes.liveness.timeoutSeconds` | Specify liveness `timeoutSeconds` parameter for the deployment | `10` | +| `probes.readiness.enabled` | Use the readinessProbe? | `true` | +| `probes.readiness.scheme ` | Specify readiness `scheme` parameter for the deployment | `HTTP` | +| `probes.readiness.initialDelaySeconds` | Specify readiness `initialDelaySeconds` parameter for the deployment | `60` | +| `probes.readiness.failureThreshold` | Specify readiness `failureThreshold` parameter for the deployment | `5` | +| `probes.readiness.timeoutSeconds` | Specify readiness `timeoutSeconds` parameter for the deployment | `10` | +| `probes.startup.enabled` | Use the startupProbe? (new in kubernetes 1.16) | `false` | +| `probes.startup.scheme ` | Specify startup `scheme` parameter for the deployment | `HTTP` | +| `probes.startup.failureThreshold` | Specify startup `failureThreshold` parameter for the deployment | `5` | +| `probes.startup.periodSeconds` | Specify startup `periodSeconds` parameter for the deployment | `10` | +| `service.type` | Kubernetes service type for the esphome GUI | `ClusterIP` | +| `service.port` | Kubernetes port where the esphome GUI is exposed | `6052` | +| `service.portName` | Kubernetes port name where the esphome GUI is exposed | `api` | +| `service.additionalPorts` | Add additional ports exposed by the esphome container integrations. Example homematic needs to expose a proxy port | `{}` | +| `service.annotations` | Service annotations for the esphome GUI | `{}` | +| `service.clusterIP` | Cluster IP for the esphom GUI | `` | +| `service.externalIPs` | External IPs for the esphome GUI | `[]` | +| `service.loadBalancerIP` | Loadbalancer IP for the esphome GUI | `` | +| `service.loadBalancerSourceRanges` | Loadbalancer client IP restriction range for the esphome GUI | `[]` | +| `service.publishNotReadyAddresses` | Set to true if the notReadyAddresses should be published | `false` | +| `service.externalTrafficPolicy` | Loadbalancer externalTrafficPolicy | `` | +| `hostNetwork` | Enable hostNetwork - might be needed for discovery to work | `false` | +| `service.nodePort` | nodePort to listen on for the esphome GUI | `` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.path` | Ingress path | `/` | +| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `persistence.enabled` | Use persistent volume to store data | `true` | +| `persistence.size` | Size of persistent volume claim | `5Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.hostPath` | The path to the config directory on the host, instead of a PVC | `nil` | +| `persistence.storageClass` | Type of persistent volume claim | `-` | +| `persistence.accessMode` | Persistence access modes | `ReadWriteMany` | +| `git.enabled` | Use git-sync in init container | `false` | +| `git.secret` | Git secret to use for git-sync | `git-creds` | +| `git.syncPath` | Git sync path | `/config` | +| `git.keyPath` | Git ssh key path | `/root/.ssh` | +| `git.user.name` | Human-readable name in the “committer” and “author” fields | `` | +| `git.user.email` | Email address for the “committer” and “author” fields | `` | +| `hostMounts` | Array of host directories to mount; can be used for devices | [] | +| `hostMounts.name` | Name of the volume | `nil` | +| `hostMounts.hostPath` | The path on the host machine | `nil` | +| `hostMounts.mountPath` | The path at which to mount (optional; assumed same as hostPath) | `nil` | +| `hostMounts.type` | The type to mount (optional, i.e., `Directory`) | `nil` | +| `extraEnv` | Extra ENV vars to pass to the esphome container | `{}` | +| `extraEnvSecrets` | Extra env vars to pass to the esphome container from k8s secrets - see `values.yaml` for an example | `{}` | +| `resources` | CPU/Memory resource requests/limits or the esphome GUI | `{}` | +| `nodeSelector` | Node labels for pod assignment or the esphome GUI | `{}` | +| `tolerations` | Toleration labels for pod assignment or the esphome GUI | `[]` | +| `affinity` | Affinity settings for pod assignment or the esphome GUI | `{}` | +| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | +| `extraVolumes` | Any extra volumes to define for the pod | `{}` | +| `extraVolumeMounts` | Any extra volumes mounts to define for each container of the pod | `{}` | + diff --git a/charts/esphome/templates/deployment.yaml b/charts/esphome/templates/deployment.yaml index c0162468..1b5ed0bd 100644 --- a/charts/esphome/templates/deployment.yaml +++ b/charts/esphome/templates/deployment.yaml @@ -37,6 +37,56 @@ spec: hostNetwork: {{ .Values.hostNetwork }} dnsPolicy: ClusterFirstWithHostNet {{- end }} + initContainers: + {{- if .Values.git.enabled }} + - name: git-sync + image: "{{ .Values.git.image.repository }}:{{ .Values.git.image.tag }}" + imagePullPolicy: {{ .Values.git.image.pullPolicy }} + {{- if .Values.git.command }} + command: + {{- range .Values.git.command }} + - {{ . | quote }} + {{- end }} + {{- else }} + command: ["/bin/sh", "-c"] + args: + - set -e; + if [ -d "{{ .Values.git.syncPath }}/.git" ]; + then + git -C "{{ .Values.git.syncPath }}" pull || true; + else + if [ "$(ls -A {{ .Values.git.syncPath }})" ]; + then + git clone --depth 2 "{{ .Values.git.repo }}" /tmp/repo; + cp -rf /tmp/repo/.git "{{ .Values.git.syncPath }}"; + cd "{{ .Values.git.syncPath }}"; + git checkout -f; + else + git clone --depth 2 "{{ .Values.git.repo }}" "{{ .Values.git.syncPath }}"; + fi; + fi; + if [ -f "{{ .Values.git.keyPath }}/git-crypt-key" ]; + then + cd {{ .Values.git.syncPath }}; + git-crypt unlock "{{ .Values.git.keyPath }}/git-crypt-key"; + fi; + {{- end }} + volumeMounts: + - mountPath: /config + name: config + - mountPath: {{ .Values.git.keyPath }} + name: git-secret + {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }}{{ end }} + {{- if .Values.usePodSecurityContext }} + securityContext: + runAsUser: {{ default 0 .Values.runAsUser }} + {{- if and (.Values.runAsUser) (.Values.fsGroup) }} + {{- if not (eq .Values.runAsUser 0.0) }} + fsGroup: {{ .Values.fsGroup }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -144,6 +194,13 @@ spec: type: {{ .type }} {{- end }} {{- end }} + {{- if .Values.git.enabled }} + - name: git-secret + secret: + defaultMode: 256 + secretName: {{ .Values.git.secret }} + optional: true + {{ end }} {{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 6 }}{{ end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/charts/esphome/values.yaml b/charts/esphome/values.yaml index cfcf6053..c8ecc2a1 100644 --- a/charts/esphome/values.yaml +++ b/charts/esphome/values.yaml @@ -4,7 +4,7 @@ image: repository: esphome/esphome - tag: 1.14.5 + tag: 1.15.2 pullPolicy: IfNotPresent pullSecrets: [] @@ -152,3 +152,25 @@ extraVolumes: [] extraVolumeMounts: [] # - name: example-name # mountPath: /path/in/container + + +git: + enabled: false + + image: + repository: k8sathome/git-crypt + tag: 2020.09.07 + pullPolicy: IfNotPresent + + ## Specify the command that runs in the git-sync container to pull in configuration. + # command: [] + + # Committer settings + user: + name: "" + email: "" + + repo: "" + secret: git-creds + syncPath: /config + keyPath: /root/.ssh