feat(kitchenowl): add kitchenowl (#3353)

* feat(kitchenowl): add kitchenowl

* feat(kitchenowl): add kitchenowl

* try rootless

* runas root
This commit is contained in:
Stavros Kois
2022-07-30 16:18:35 +03:00
committed by GitHub
parent eba18d73fe
commit 92f6a4e879
8 changed files with 400 additions and 0 deletions

View File

@@ -0,0 +1,30 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS
# helm-docs templates
*.gotmpl
# docs folder
/docs
# icon
icon.png

View File

@@ -0,0 +1,29 @@
apiVersion: v2
appVersion: "0.20.1466"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.4.8
deprecated: false
description: KitchenOwl is a smart self-hosted grocery list and recipe manager.
home: https://github.com/truecharts/charts/tree/master/charts/incubator/kitchenowl
icon: https://truecharts.org/img/chart-icons/kitchenowl.png
keywords:
- recipes
- kitchen
- grocery
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: kitchenowl
sources:
- https://tombursch.github.io/kitchenowl
type: application
version: 0.0.1
annotations:
truecharts.org/catagories: |
- utilities
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

View File

Binary file not shown.

After

Width:  |  Height:  |  Size: 102 KiB

View File

@@ -0,0 +1,261 @@
# Include{groups}
portals:
open:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
- "$kubernetes-resource_configmap_portal_host"
ports:
- "$kubernetes-resource_configmap_portal_port"
questions:
- variable: portal
group: "Container Image"
label: "Configure Portal Button"
schema:
type: dict
hidden: true
attrs:
- variable: enabled
label: "Enable"
description: "enable the portal button"
schema:
hidden: true
editable: false
type: boolean
default: true
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "deployment"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "Recreate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
# Include{containerConfig}
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 10246
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: enabled
label: "Enable the port"
schema:
type: boolean
default: true
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 80
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
- variable: persistence
label: "Integrated Persistent Storage"
description: "Integrated Persistent Storage"
group: "Storage and Persistence"
schema:
additional_attrs: true
type: dict
attrs:
- variable: data
label: "App Data Storage"
description: "Stores the Application Data."
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
# Include{persistenceList}
- variable: ingress
label: ""
group: "Ingress"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Ingress"
schema:
additional_attrs: true
type: dict
attrs:
# Include{ingressDefault}
# Include{ingressTLS}
# Include{ingressTraefik}
# Include{ingressExpert}
# Include{ingressList}
# Include{security}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: false
# Include{securityContextAdvanced}
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 0
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}

View File

@@ -0,0 +1,20 @@
{{/* Define the secrets */}}
{{- define "kitchenowl.secrets" -}}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: kitchenowl-secrets
{{- $kitchenowlprevious := lookup "v1" "Secret" .Release.Namespace "kitchenowl-secrets" }}
{{- $jwt_secret := "" }}
data:
{{- if $kitchenowlprevious}}
JWT_SECRET_KEY: {{ index $kitchenowlprevious.data "JWT_SECRET_KEY" }}
{{- else }}
{{- $jwt_secret := randAlphaNum 32 }}
JWT_SECRET_KEY: {{ $jwt_secret | b64enc }}
{{- end }}
{{- end -}}

View File

@@ -0,0 +1,5 @@
{{- include "tc.common.loader.init" . }}
{{ include "kitchenowl.secrets" . }}
{{ include "tc.common.loader.apply" . }}

View File

@@ -0,0 +1,55 @@
image:
repository: tccr.io/truecharts/kitchenowl-web
pullPolicy: IfNotPresent
tag: beta@sha256:98bd597b1f863f76339b6debec17d6e4a4c8d7b7288a4de11d86f3042d1b85d0
backendImage:
repository: tccr.io/truecharts/kitchenowl-backend
pullPolicy: IfNotPresent
tag: beta@sha256:dd34ca9627b295dbd39bc25bc91cd4afa134ca66d094de1a51cb7b2bbdf4a861
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
env:
FRONT_URL: "http://localhost:10246"
# Backend listens on 5000 websockets.
BACK_URL: "localhost:5000"
service:
main:
ports:
main:
protocol: HTTP
targetPort: 80
port: 10246
additionalContainers:
backend:
name: backend
image: "{{ .Values.backendImage.repository }}:{{ .Values.backendImage.tag }}"
env:
- name: FRONT_URL
value: "{{ .Values.env.FRONT_URL }}"
# Backend also listens on 80, but afaik there is no use as of now
# Changed port to 81 to avoid conflict with frontend
- name: HTTP_PORT
value: "81"
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: kitchenowl-secrets
key: JWT_SECRET_KEY
volumeMounts:
- name: data
mountPath: "/data"
persistence:
data:
enabled: true
mountPath: "/data"