Helm3 e2e. Helm-docs. Api v2 support. Add clamav chart.

.circleci/config.yml

@@ -2,7 +2,6 @@ version: 2.1
 
 orbs:
   rok8s11: fairwinds/rok8s-scripts@11
-  rok8s10: fairwinds/rok8s-scripts@10
 
 references:
   setup_environment: &setup_environment
@@ -14,33 +13,37 @@ references:
         pip install awscli
         echo 'Install needed packages'
         apk --update add bash jq
-# TODO: Once a newer verions of chart-testing with helm 3.1.0 comes out, revisit this
-#  kind_configuration_helm3: &kind_configuration_helm3
-#    pre_script: scripts/circle-pre-e2e.sh
-#    script: scripts/circle-e2e.sh
-#    command_runner_image: quay.io/helmpack/chart-testing:v3.0.0-beta.1
-#    requires:
-#      - lint-scripts
-#      - lint-charts
-#    filters:
-#      branches:
-#        only: /.*/
-#      tags:
-#        ignore: /.*/
-  kind_configuration_helm2: &kind_configuration_helm2
+  kind_configuration_helm3: &kind_configuration_helm3
     pre_script: scripts/circle-pre-e2e.sh
     script: scripts/circle-e2e.sh
-    command_runner_image: quay.io/helmpack/chart-testing:v2.4.0
+    command_runner_image: quay.io/helmpack/chart-testing:v3.0.0-beta.2
     requires:
       - lint-scripts
       - lint-charts
+      - check-helm-docs
     filters:
       branches:
         only: /.*/
       tags:
         ignore: /.*/
-
 jobs:
+  check-helm-docs:
+    executor: rok8s11/ci-images
+    steps:
+      - checkout
+      - run:
+          name: Install helm-docs
+          command: |
+            cd /tmp
+            curl -LO https://github.com/norwoodj/helm-docs/releases/download/v0.9.0/helm-docs_0.9.0_Linux_x86_64.tar.gz
+            tar -zxvf helm-docs_0.9.0_Linux_x86_64.tar.gz
+            mv helm-docs /usr/local/bin/helm-docs
+            chmod +x /usr/local/bin/helm-docs
+      - run:
+          name: Check Docs for Changes
+          command: |
+            helm-docs
+            git diff --exit-code
   lint-scripts:
     docker:
       - image: koalaman/shellcheck-alpine:v0.7.0
@@ -60,7 +63,7 @@ jobs:
             done
   lint-charts:
     docker:
-      - image: quay.io/helmpack/chart-testing:v2.4.0
+      - image: quay.io/helmpack/chart-testing:v3.0.0-beta.2
     steps:
       - checkout
       - *setup_environment
@@ -69,10 +72,10 @@ jobs:
           command: |
             git remote add ro https://github.com/fairwindsops/charts
             git fetch ro master
-            ct lint --config scripts/ct.yaml  --chart-yaml-schema scripts/schema.yaml
+            ct lint --config scripts/ct.yaml --chart-yaml-schema scripts/schema.yaml --debug
   sync:
     docker:
-      - image: quay.io/helmpack/chart-testing:v2.4.0
+      - image: quay.io/helmpack/chart-testing:v3.0.0-beta.2
     steps:
       - checkout
       - *setup_environment
@@ -86,45 +89,30 @@ workflows:
   version: 2
   test-and-sync:
     jobs:
+      - check-helm-docs
       - lint-scripts
       - lint-charts
-# TODO: Once a newer verions of chart-testing with helm 3.1.0 comes out, revisit this
-#      - rok8s11/kubernetes_e2e_tests:
-#          name: "End-To-End Kubernetes 1.14.10 - Helm 3"
-#          kind_node_image: "kindest/node:v1.14.10@sha256:81ae5a3237c779efc4dda43cc81c696f88a194abcc4f8fa34f86cf674aa14977"
-#          <<: *kind_configuration_helm3
-#      - rok8s11/kubernetes_e2e_tests:
-#          name: "End-To-End Kubernetes 1.15.7 - Helm 3"
-#          kind_node_image: "kindest/node:v1.15.7@sha256:e2df133f80ef633c53c0200114fce2ed5e1f6947477dbc83261a6a921169488d"
-#          <<: *kind_configuration_helm3
-#      - rok8s11/kubernetes_e2e_tests:
-#          name: "End-To-End Kubernetes 1.16.4 - Helm 3"
-#          kind_node_image: "kindest/node:v1.16.4@sha256:b91a2c2317a000f3a783489dfb755064177dbc3a0b2f4147d50f04825d016f55"
-#          <<: *kind_configuration_helm3
-#      - rok8s11/kubernetes_e2e_tests:
-#          name: "End-To-End Kubernetes 1.17.0 - Helm 3"
-#          kind_node_image: "kindest/node:v1.17.0@sha256:9512edae126da271b66b990b6fff768fbb7cd786c7d39e86bdf55906352fdf62"
-#          <<: *kind_configuration_helm3
-      - rok8s10/kubernetes_e2e_tests:
-          name: "End-To-End Kubernetes 1.14.10 - Helm 2"
+      - rok8s11/kubernetes_e2e_tests:
+          name: "End-To-End Kubernetes 1.14.10 - Helm 3"
           kind_node_image: "kindest/node:v1.14.10@sha256:81ae5a3237c779efc4dda43cc81c696f88a194abcc4f8fa34f86cf674aa14977"
-          <<: *kind_configuration_helm2
-      - rok8s10/kubernetes_e2e_tests:
-          name: "End-To-End Kubernetes 1.15.7 - Helm 2"
+          <<: *kind_configuration_helm3
+      - rok8s11/kubernetes_e2e_tests:
+          name: "End-To-End Kubernetes 1.15.7 - Helm 3"
           kind_node_image: "kindest/node:v1.15.7@sha256:e2df133f80ef633c53c0200114fce2ed5e1f6947477dbc83261a6a921169488d"
-          <<: *kind_configuration_helm2
-      - rok8s10/kubernetes_e2e_tests:
-          name: "End-To-End Kubernetes 1.16.4 - Helm 2"
+          <<: *kind_configuration_helm3
+      - rok8s11/kubernetes_e2e_tests:
+          name: "End-To-End Kubernetes 1.16.4 - Helm 3"
           kind_node_image: "kindest/node:v1.16.4@sha256:b91a2c2317a000f3a783489dfb755064177dbc3a0b2f4147d50f04825d016f55"
-          <<: *kind_configuration_helm2
-      - rok8s10/kubernetes_e2e_tests:
-          name: "End-To-End Kubernetes 1.17.0 - Helm 2"
+          <<: *kind_configuration_helm3
+      - rok8s11/kubernetes_e2e_tests:
+          name: "End-To-End Kubernetes 1.17.0 - Helm 3"
           kind_node_image: "kindest/node:v1.17.0@sha256:9512edae126da271b66b990b6fff768fbb7cd786c7d39e86bdf55906352fdf62"
-          <<: *kind_configuration_helm2
+          <<: *kind_configuration_helm3
       - sync:
           requires:
             - lint-scripts
             - lint-charts
+            - check-helm-docs
           filters:
             branches:
               only:

.helmdocsignore

@@ -0,0 +1,23 @@
+incubator/letsencrypt-setup
+incubator/fairwinds-metrics
+incubator/basic-demo
+incubator/custom-iptables
+incubator/route53sync
+incubator/stackdriver-metrics-adapter
+incubator/gke-node-termination-handler
+incubator/capsize
+incubator/logentries
+incubator/kubebench
+incubator/opa
+stable/polaris
+stable/insights-agent
+incubator/ro-cert-manager
+incubator/imagepullsecret-deploy
+incubator/autospotting
+stable/astro
+incubator/load-generator
+incubator/fluentd
+incubator/helm-release-pruner
+stable/ecr-cleanup
+stable/aws-iam-authenticator
+stable/rbac-manager

.pre-commit-config.yaml

@@ -22,7 +22,7 @@ repos:
      - id: pretty-format-json
        args: ['--autofix']
   - repo: https://github.com/jumanjihouse/pre-commit-hooks
-    sha: 1.11.0
+    rev: 1.11.0
     hooks:
       - id: forbid-binary
         exclude: >
@@ -34,3 +34,7 @@ repos:
     rev: v0.0.9
     hooks:
       - id: helmlint
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v0.8.0
+    hooks:
+      - id: helm-docs

CONTRIBUTING.md

@@ -326,6 +326,8 @@ spec:
 
 `README.md` and `NOTES.txt` are mandatory. `README.md` should contain a table listing all configuration options. `NOTES.txt` should provide accurate and useful information how the chart can be used/accessed.
 
+If you would like to use [helm-docs](https://github.com/norwoodj/helm-docs), it is included in the pre-commit file. Just make sure your chart is not in the `.helmdocsignore` file.
+
 ### CODEOWNERS
 
 Please create a github-style CODEOWNERS file in your chart folder and add your name to it.  This will ensure that you are asked to review PRs that involve your chart.

README.md

@@ -24,7 +24,7 @@ To install a chart from this repo, you can add it as a [helm repository](https:/
 
 ```
 helm repo add fairwinds-stable https://charts.fairwinds.com/stable
-helm search fairwinds-stable
+helm search repo fairwinds-stable
 ```
 
 ## Organization

incubator/clamav/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

incubator/clamav/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: clamav
+description: |
+    A Helm chart to install ClamAV on a cluster. This chart will run a single deployment
+    as the clamd server with a configurable number of replicas. Then, a daemonset that
+    mounts the host file system scans using clamdscan and the remote server.
+type: application
+version: 0.0.1
+appVersion: v0.0.3
+maintainers:
+  - name: sudermanjr

incubator/clamav/README.md

@@ -0,0 +1,35 @@
+# ClamAV
+
+A Helm chart to install ClamAV on a cluster. This chart will run a single deployment
+as the clamd server with a configurable number of replicas. Then, a daemonset that
+mounts the host file system scans using clamdscan and the remote server.
+
+
+## Chart Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| fullnameOverride | string | `""` |  |
+| imagePullSecrets | list | `[]` | A list of image pull secrets to use in both the server and scanner |
+| nameOverride | string | `""` |  |
+| scanner.image.pullPolicy | string | `"Always"` |  |
+| scanner.image.repository | string | `"quay.io/fairwinds/clamav"` |  |
+| scanner.resources | object | `{"limits":{"cpu":"100m","memory":"50Mi"},"requests":{"cpu":"100m","memory":"50Mi"}}` | The resources block for the scanner daemonset pods |
+| scanner.serviceAccount.annotations | object | `{}` | Annotations to add to the service account if it is created |
+| scanner.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| scanner.serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| scanner.tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"}]` | A list of tolerations for the scanner daemonset pods. |
+| server.affinity | object | `{}` |  |
+| server.image.pullPolicy | string | `"Always"` | The imagePullPolicy for the server image |
+| server.image.repository | string | `"quay.io/fairwinds/clamav"` | The image repository to use for the server deployment. Version will be the application version in Chart.yaml |
+| server.nodeSelector | object | `{}` | A nodeSelector block for the server pods. |
+| server.podSecurityContext | object | `{}` |  |
+| server.replicaCount | int | `2` | The number of replicas to run in the server deployment |
+| server.resources | object | `{"limits":{"cpu":"1000m","memory":"2Gi"},"requests":{"cpu":"1000m","memory":"2Gi"}}` | The resources block for the server deployment pods |
+| server.securityContext | object | `{}` |  |
+| server.service.port | int | `3310` | The port number to expose the service on |
+| server.service.type | string | `"ClusterIP"` | The type of service to run for the deployment |
+| server.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| server.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| server.serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| server.tolerations | list | `[]` |  |

incubator/clamav/README.md.gotmpl

@@ -0,0 +1,5 @@
+# ClamAV
+
+{{ template "chart.description" . }}
+
+{{ template "chart.valuesSection" . }}

incubator/clamav/ci/test-values.yaml

@@ -0,0 +1,17 @@
+server:
+  replicaCount: 1
+  service:
+    type: ClusterIP
+    port: 3310
+  resources:
+    requests:
+      cpu: 10m
+      memory: 10Mi
+scanner:
+  tolerations:
+    - key: node-role.kubernetes.io/master
+      effect: NoSchedule
+  resources:
+    requests:
+      cpu: 10m
+      memory: 10Mi

incubator/clamav/templates/NOTES.txt

@@ -0,0 +1 @@
+Clamav should now be running in your cluster. Happy hunting!

incubator/clamav/templates/_helpers.tpl

@@ -0,0 +1,96 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "clamav.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "clamav.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "clamav.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common Server Labels
+*/}}
+{{- define "clamav.server.labels" -}}
+helm.sh/chart: {{ include "clamav.chart" . }}
+{{ include "clamav.server.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Common Scanner Labels
+*/}}
+{{- define "clamav.scanner.labels" -}}
+helm.sh/chart: {{ include "clamav.chart" . }}
+{{ include "clamav.scanner.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- end -}}
+
+
+{{/*
+Server Selector labels
+*/}}
+{{- define "clamav.server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "clamav.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}-server
+{{- end -}}
+
+{{/*
+Scanner Selector labels
+*/}}
+{{- define "clamav.scanner.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "clamav.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}-scanner
+{{- end -}}
+
+
+{{/*
+Create the name of the service account to use for the server
+*/}}
+{{- define "clamav.server.serviceAccountName" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "clamav.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use for the scanner
+*/}}
+{{- define "clamav.scanner.serviceAccountName" -}}
+{{- if .Values.scanner.serviceAccount.create -}}
+    {{ default (include "clamav.fullname" .) .Values.scanner.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.scanner.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+