mirror/canine
1
0
Fork 0
mirror of https://github.com/czhu12/canine.git synced 2025-12-16 16:35:10 -06:00
Code Issues Packages Projects Releases Wiki Activity

added helm chart for canine

Browse Source
This commit is contained in:
Chris
2025-08-13 15:01:38 -07:00
parent 46211a9f67
commit 45c6d4ca64
14 changed files with 1754 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
**/charts/*.tgz
.vscode/
coverage/
workdir/

17
config/environments/production.rb
View File

@@ -101,8 +101,21 @@ Rails.application.configure do
config.active_record.attributes_for_inspect = [ :id ]
# Enable DNS rebinding protection and other `Host` header attacks.
config.hosts << "0.0.0.0"
config.hosts << "localhost"
if ENV['ALLOWED_HOSTNAME'] == '*'
# Allow all hosts (useful for Kubernetes deployments with dynamic IPs)
config.hosts.clear
elsif ENV['ALLOWED_HOSTNAME'].present?
# Allow specific hostname(s)
config.hosts << "0.0.0.0"
config.hosts << "localhost"
ENV['ALLOWED_HOSTNAME'].split(',').each do |host|
config.hosts << host.strip
end
else
# Default: only allow localhost
config.hosts << "0.0.0.0"
config.hosts << "localhost"
end
# Skip DNS rebinding protection for the default health check endpoint.
# config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
end

23
helm/canine/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
helm/canine/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 16.3.1
digest: sha256:8c0d91a52fe4a8ccd2def0d94f7b5d8c4b37ac9fae3652adcd09e0ebc1ed80d7
generated: "2025-08-10T17:37:10.824749-07:00"

30
helm/canine/Chart.yaml Normal file
View File

@@ -0,0 +1,30 @@
apiVersion: v2
name: canine
description: The Helm chart for Canine - the easiest way to deploy apps to the cloud.
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.0.0"
dependencies:
- name: postgresql
version: 16.3.1
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled

119
helm/canine/README.md Normal file
View File

@@ -0,0 +1,119 @@
# Canine Helm Chart
This Helm chart deploys Canine - a Rails-based Kubernetes deployment platform.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
- PV provisioner support in the underlying infrastructure (for PostgreSQL and Redis persistence)
## Installation
### Add Bitnami repository (for PostgreSQL and Redis dependencies)
```bash
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
```
### Install the chart
```bash
# From the helm/canine directory
helm dependency update
helm install canine . --namespace canine --create-namespace
```
### Install with custom values
```bash
helm install canine . --namespace canine --create-namespace -f custom-values.yaml
```
## Configuration
The following table lists the configurable parameters and their default values:
### Canine Application
| Parameter | Description | Default |
|-----------|-------------|---------|
| `replicaCount` | Number of replicas | `1` |
| `image.repository` | Canine image repository | `czhu12/canine` |
| `image.tag` | Canine image tag | `latest` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `canine.port` | Application port | `3000` |
| `canine.localMode` | Enable local mode | `true` |
| `canine.appHost` | Application host URL | `http://localhost:3000` |
| `canine.secretKeyBase` | Rails secret key base | `<generated>` |
| `canine.auth.username` | Admin username | `admin` |
| `canine.auth.password` | Admin password | `changeme` |
| `canine.mountDockerSocket` | Mount Docker socket | `true` |
| `canine.dockerSocketPath` | Docker socket path | `/var/run/docker.sock` |
### Service Configuration
| Parameter | Description | Default |
|-----------|-------------|---------|
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.port` | Service port | `3000` |
### Ingress Configuration
| Parameter | Description | Default |
|-----------|-------------|---------|
| `ingress.enabled` | Enable ingress | `false` |
| `ingress.className` | Ingress class name | `""` |
| `ingress.hosts[0].host` | Hostname | `canine.local` |
### PostgreSQL (Bitnami)
| Parameter | Description | Default |
|-----------|-------------|---------|
| `postgresql.enabled` | Enable PostgreSQL | `true` |
| `postgresql.auth.username` | PostgreSQL username | `postgres` |
| `postgresql.auth.password` | PostgreSQL password | `password` |
| `postgresql.auth.database` | PostgreSQL database | `canine_production` |
| `postgresql.primary.persistence.size` | PVC size | `8Gi` |
### Redis (Bitnami)
| Parameter | Description | Default |
|-----------|-------------|---------|
| `redis.enabled` | Enable Redis | `true` |
| `redis.architecture` | Redis architecture | `standalone` |
| `redis.auth.enabled` | Enable Redis auth | `false` |
| `redis.master.persistence.size` | PVC size | `2Gi` |
## Uninstalling the Chart
```bash
helm uninstall canine --namespace canine
```
## Upgrading the Chart
```bash
helm upgrade canine . --namespace canine
```
## Development
To use a local Docker image:
1. Build your Docker image locally
2. Update the values:
```yaml
image:
repository: canine
tag: dev
pullPolicy: Never
```
## Notes
- The chart includes Bitnami's PostgreSQL and Redis as dependencies
- Docker socket mounting is enabled by default for local mode operations
- Persistence is enabled for both PostgreSQL and Redis by default
- The SECRET_KEY_BASE should be changed in production deployments

1120
helm/canine/output.txt Normal file
View File

File diff suppressed because it is too large Load Diff

74
helm/canine/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,74 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "canine.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "canine.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "canine.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
To access Canine locally, you have two options:
Option 1: Port Forwarding (Simple)
------------------------------------
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "canine.fullname" . }} 3000:{{ .Values.service.port }}
Then open: http://localhost:3000
Option 2: Telepresence (Recommended for Development)
----------------------------------------------------
# Install telepresence if you haven't already:
# macOS: brew install telepresence
# Linux: https://www.telepresence.io/docs/latest/install/
# Connect to your cluster
telepresence connect
# Access the service directly
telepresence intercept {{ include "canine.fullname" . }} --namespace {{ .Release.Namespace }} --port 3000:{{ .Values.service.port }}
Then open: http://localhost:3000
{{- end }}
2. Login Credentials:
-----------------
Username: {{ .Values.canine.auth.username }}
Password: {{ .Values.canine.auth.password }}
⚠️ SECURITY WARNING: These are default credentials. Please change them immediately after first login!
3. Check Application Status:
------------------------
# Check if pods are running
kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "canine.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
# Check logs for the web application
kubectl logs --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "canine.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -c {{ .Chart.Name }}
# Check logs for the background worker
kubectl logs --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "canine.name" . }},app.kubernetes.io/component=worker" -c {{ .Chart.Name }}-worker
4. Database Access (if needed):
---------------------------
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "canine.fullname" . }}-postgresql 5432:5432
Then connect with:
psql -h localhost -U {{ .Values.postgresql.auth.username }} -d {{ .Values.postgresql.auth.database }}
Password: {{ .Values.postgresql.auth.password }}
5. Troubleshooting:
---------------
# If pods are not starting, check events:
kubectl describe pod --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "canine.name" . }}"
# If liveness probes are failing due to host authorization:
# Ensure ALLOWED_HOSTNAME is set to "*" in your values.yaml or deployment

53
helm/canine/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,53 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "canine.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "canine.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "canine.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "canine.labels" -}}
helm.sh/chart: {{ include "canine.chart" . }}
{{ include "canine.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "canine.selectorLabels" -}}
app.kubernetes.io/name: {{ include "canine.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}

89
helm/canine/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,89 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "canine.fullname" . }}
labels:
{{- include "canine.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "canine.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "canine.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.canine.port }}
protocol: TCP
env:
- name: DATABASE_URL
value: "postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ include "canine.fullname" . }}-postgresql:{{ .Values.postgresql.primary.service.ports.postgresql }}/{{ .Values.postgresql.auth.database }}"
- name: PORT
value: "{{ .Values.canine.port }}"
- name: CANINE_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "canine.fullname" . }}
key: canine-username
- name: CANINE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "canine.fullname" . }}
key: canine-password
- name: LOCAL_MODE
value: "{{ .Values.canine.localMode }}"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: {{ include "canine.fullname" . }}
key: secret-key-base
- name: ALLOWED_HOSTNAME
value: "{{ .Values.canine.allowedHostname }}"
livenessProbe:
httpGet:
path: /up
port: http
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /up
port: http
initialDelaySeconds: 10
periodSeconds: 5
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

11
helm/canine/templates/secret.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "canine.fullname" . }}
labels:
{{- include "canine.labels" . | nindent 4 }}
type: Opaque
data:
canine-username: {{ .Values.canine.auth.username | b64enc | quote }}
canine-password: {{ .Values.canine.auth.password | b64enc | quote }}
secret-key-base: {{ .Values.canine.secretKeyBase | b64enc | quote }}

15
helm/canine/templates/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "canine.fullname" . }}
labels:
{{- include "canine.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.canine.port }}
protocol: TCP
name: http
selector:
{{- include "canine.selectorLabels" . | nindent 4 }}

77
helm/canine/templates/worker-deployment.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "canine.fullname" . }}-worker
labels:
{{- include "canine.labels" . | nindent 4 }}
app.kubernetes.io/component: worker
spec:
replicas: {{ .Values.worker.replicaCount | default 1 }}
selector:
matchLabels:
{{- include "canine.selectorLabels" . | nindent 6 }}
app.kubernetes.io/component: worker
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "canine.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: worker
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-worker
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["bundle", "exec", "good_job", "start"]
env:
- name: DATABASE_URL
value: "postgres://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ include "canine.fullname" . }}-postgresql:{{ .Values.postgresql.primary.service.ports.postgresql }}/{{ .Values.postgresql.auth.database }}"
- name: CANINE_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "canine.fullname" . }}
key: canine-username
- name: CANINE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "canine.fullname" . }}
key: canine-password
- name: LOCAL_MODE
value: "{{ .Values.canine.localMode }}"
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: {{ include "canine.fullname" . }}
key: secret-key-base
- name: ALLOWED_HOSTNAME
value: "{{ .Values.canine.allowedHostname }}"
- name: GOOD_JOB_MAX_THREADS
value: "{{ .Values.worker.maxThreads | default 5 }}"
- name: GOOD_JOB_QUEUES
value: "{{ .Values.worker.queues | default "*" }}"
resources:
{{- toYaml .Values.worker.resources | default .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

121
helm/canine/values.yaml Normal file
View File

@@ -0,0 +1,121 @@
# Default values for canine.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: chriszhu12/canine
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# Canine-specific configuration
canine:
port: 3000
localMode: true
secretKeyBase: "a38fcb39d60f9d146d2a0053a25024b9"
auth:
username: "admin"
password: "changeme"
# Allowed hostnames for Rails host authorization
# Use "*" to allow all hosts (useful for Kubernetes with dynamic IPs)
# Use comma-separated list for specific hosts: "example.com,api.example.com"
# Leave empty to only allow localhost (default)
allowedHostname: "*"
# Worker configuration for GoodJob background jobs
worker:
enabled: true
replicaCount: 1
maxThreads: 5
queues: "*"
resources: {}
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 256Mi
# Service configuration
service:
type: ClusterIP
port: 3000
# Ingress configuration
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: canine.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: canine-tls
# hosts:
# - canine.local
# Resource limits and requests
resources: {}
# limits:
# cpu: 1000m
# memory: 1024Mi
# requests:
# cpu: 500m
# memory: 512Mi
# Autoscaling configuration
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Pod configuration
podAnnotations: {}
podLabels: {}
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
nodeSelector: {}
tolerations: []
affinity: {}
# PostgreSQL configuration (Bitnami PostgreSQL chart)
postgresql:
enabled: true
auth:
username: postgres
password: password
database: canine_production
# You can also create additional databases
postgresPassword: password
primary:
service:
ports:
postgresql: 5432
persistence:
enabled: true
size: 8Gi
# Additional PostgreSQL configuration
# See: https://github.com/bitnami/charts/tree/main/bitnami/postgresql
initdbScripts:
init.sql: |
CREATE DATABASE IF NOT EXISTS canine_development;
GRANT ALL PRIVILEGES ON DATABASE canine_development TO postgres;