[Feature] Helm chart (#26)

* create Helm chart

* add end2end test

* generate helm-docs for chart

* feat: update readme, codeowners

---------
Signed-off-by: Frank Kloeker <[email protected]>
Co-authored-by: [email protected] <[email protected]>

.github/workflows/ci.yml

@@ -39,12 +39,12 @@ jobs:
 
       - name: Get Version
         id: version
-        run: jq -r '.version' ./dist/metadata.json | { read value; echo "value=$value"; } >> "$GITHUB_OUTPUT"
+        run: echo "value=commit-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: "ghcr.io/caas-team/sparrow:v${{ steps.version.outputs.value }}"
+          image-ref: "ghcr.io/caas-team/sparrow:${{ steps.version.outputs.value }}"
           format: "sarif"
           output: "trivy-results.sarif"
 
@@ -61,4 +61,4 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Push snapshot container image
-        run: docker push ghcr.io/caas-team/sparrow:v${{ steps.version.outputs.value }}
+        run: docker push ghcr.io/caas-team/sparrow:${{ steps.version.outputs.value }}

.github/workflows/end2end.yml

@@ -0,0 +1,84 @@
+# This workflow installs 1 instance of sparrow and
+# verify the API output
+
+name: End2End Testing
+on:
+  push:
+    paths:
+    - 'chart/**'
+
+jobs:
+  end2end:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@v4
+    - name: Set up K3S
+      uses: debianmaster/actions-k3s@master
+      id: k3s
+      with:
+        version: 'v1.26.9-k3s1'
+    - name: Check Cluster
+      run: |
+        kubectl get nodes
+    - name: Check Coredns Deployment
+      run: |
+        kubectl -n kube-system rollout status deployment/coredns --timeout=60s
+        STATUS=$(kubectl -n kube-system get deployment coredns -o jsonpath={.status.readyReplicas})
+        if [[ $STATUS  -ne  1 ]]
+        then
+          echo "Deployment coredns not ready"
+          kubectl -n kube-system get events
+          exit 1
+        else
+          echo "Deployment coredns OK"
+        fi
+    - name: Check Metricsserver Deployment
+      run: |
+        kubectl -n kube-system rollout status deployment/metrics-server --timeout=60s
+        STATUS=$(kubectl -n kube-system get deployment metrics-server -o jsonpath={.status.readyReplicas})
+        if [[ $STATUS  -ne  1 ]]
+        then
+          echo "Deployment metrics-server not ready"
+          kubectl -n kube-system get events
+          exit 1
+        else
+          echo "Deployment metrics-server OK"
+        fi
+    - name: Setup Helm
+      run: |
+        curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+        helm version
+    - name: Get Image Tag
+      id: version
+      run: echo "value=commit-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+    - name: Install Sparrow
+      run: |
+        helm upgrade -i sparrow \
+          --atomic \
+          --timeout 300s \
+          --set extraArgs.loaderType=file \
+          --set extraArgs.loaderFilePath=/runconfig/checks.yaml \
+          --set image.tag=${{ steps.version.outputs.value }} \
+          chart
+    - name: Check Pods
+      run: |
+        kubectl get pods
+    - name: Wait for Sparrow
+      run: |
+        sleep 60
+    - name: Healthcheck
+      run: |
+        kubectl create job curl --image=quay.io/curl/curl:latest -- curl -f -v -H 'Content-Type: application/json'  http://sparrow:8080/v1/metrics/health
+        kubectl wait --for=condition=complete job/curl
+        STATUS=$(kubectl get job curl -o jsonpath={.status.succeeded})
+        if [[ $STATUS  -ne  1 ]]
+        then
+          echo "Job failed"
+          kubectl logs -ljob-name=curl
+          kubectl delete job curl
+          exit 1
+        else
+          echo "Job OK"
+          kubectl delete job curl
+        fi

.github/workflows/release.yml

@@ -10,7 +10,7 @@ permissions:
   packages: write
 
 jobs:
-  rel:
+  main:
     name: Release Sparrow
     runs-on: ubuntu-latest
     steps:
@@ -35,4 +35,22 @@ jobs:
           version: latest
           args: release --clean
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  helm:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - name: Registry login
+        run: helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Helm lint
+        run: helm lint ./chart
+
+      - name: Helm package
+        run: helm package ./chart -d ./chart
+
+      - name: Push helm package
+        run: helm push $(ls ./chart/*.tgz| head -1) oci://ghcr.io/${{ github.repository_owner }}/charts

.goreleaser-ci.yaml

@@ -1,8 +1,10 @@
 project_name: sparrow
+snapshot:
+  name_template: "commit-{{ .ShortCommit }}"
 builds:
   - env: [CGO_ENABLED=0]
     ldflags:
-      - -s -w -X main.version=v{{ .Version }}
+      - -s -w -X main.version={{ .Version }}
       - -extldflags "-static"
     goos:
       - linux
@@ -11,7 +13,7 @@ builds:
       - arm64
 dockers:
   - image_templates:
-      - "ghcr.io/caas-team/sparrow:v{{ .Version }}"
+      - "ghcr.io/caas-team/sparrow:{{ .Version }}"
     dockerfile: Dockerfile
     build_flag_templates:
       - --label=org.opencontainers.image.title={{ .ProjectName }}

.pre-commit-config.yaml

@@ -0,0 +1,7 @@
+repos:
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: "v1.11.3"
+    hooks:
+      - id: helm-docs
+        args:
+          - --chart-search-root=chart

CODEOWNERS

@@ -1 +1 @@
-* @y-eight @NiklasTreml @puffitos @nico151999 @lvlcn-t
+* @y-eight @NiklasTreml @puffitos @nico151999 @lvlcn-t @eumel8

NOTICE

@@ -10,4 +10,5 @@ Maximilian Schubert [y-eight], Deutsche Telekom IT GmbH
 Niklas Treml [niklastreml], Deutsche Telekom IT GmbH
 Bruno Bressi [puffitos], Deutsche Telekom IT GmbH
 Nico Feulner [nico151999], Deutsche Telekom IT GmbH
-Tom Vendolsky [lvlcn-t], Deutsche Telekom IT GmbH
+Tom Vendolsky [lvlcn-t], Deutsche Telekom IT GmbH
+Frank Kloeker [eumel8], Deutsche Telekom IT GmbH

README.md

@@ -1,4 +1,4 @@
-# `sparrow` aka Check Sparrow <!-- omit from toc -->
+# Sparrow - Infrastructure Monitoring<!-- omit from toc -->
 
 <p align="center">
     <a href="/../../commits/" title="Last Commit"><img src="https://img.shields.io/github/last-commit/caas-team/sparrow?style=flat"></a>
@@ -35,7 +35,7 @@ The `sparrow` performs several checks to monitor the health of the infrastructur
 
 1. Health check - `health`: The `sparrow` is able perform an http-based (HTTP/1.1) health check to provided endpoints. The `sparrow` will expose its own health check endpoint as well.
 
-2. Latency check - `rtt`: The `sparrow` is able to communicate with other `sparrow` instances to calculate the time a request takes to the target and back. The check is http (HTTP/1.1) based as well.
+2. Latency check - `latency`: The `sparrow` is able to communicate with other `sparrow` instances to calculate the time a request takes to the target and back. The check is http (HTTP/1.1) based as well.
 
 ## Installation
 
@@ -69,7 +69,28 @@ The [sparrow container images](https://github.com/caas-team/sparrow/pkgs/contain
 
 ### Helm
 
-tbd
+Sparrow can be install via Helm Chart. The chart is provided in the GitHub registry:
+
+```sh
+helm -n sparrow upgrade -i sparrow oci://ghcr.io/caas-team/charts/sparrow --version 1.0.0 --create-namespace
+```
+
+The default settings are fine for a local running configuration. With the default Helm values the sparrow loader uses a runtime configuration that is provided in a ConfigMap. The ConfigMap can be set by defining the `runtimeConfig` section.
+
+To be able to load the configuration during the runtime dynamically, the sparrow loader needs to be set to type `http`.
+
+Use the following configuration values to use a runtime configuration by the `http` loader:
+
+```yaml
+startupConfig:
+  loaderType: http
+  loaderHttpUrl: https://url-to-runtime-config.de/api/config%2Eyaml
+
+runtimeConfig: {}
+```
+For all available value options see [Chart README](./chart/README.md).
+
+Additionally check out the sparrow [configuration](#configuration) variants.
 
 ## Usage
 
@@ -212,4 +233,4 @@ Licensed under the **Apache License, Version 2.0** (the "License"); you may not
 
 You may obtain a copy of the License at <https://www.apache.org/licenses/LICENSE-2.0>.
 
-Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the [LICENSE](./LICENSE) for the specific language governing permissions and limitations under the License.
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the [LICENSE](./LICENSE) for the specific language governing permissions and limitations under the License.

chart/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: sparrow
+description: A Helm chart to install Sparrow
+type: application
+keywords:
+  - monitoring
+version: 0.0.2
+appVersion: "v0.1.0"
+icon: https://github.com/caas-team/sparrow/blob/main/docs/img/sparrow.png
+sources:
+  - https://github.com/caas-team/sparrow
+maintainers:
+  - name: eumel8
+    email: [email protected]
+    url: https://www.telekom.com
+  - name: y-eight
+    email: [email protected]
+    url: https://www.telekom.com

chart/README.md

@@ -0,0 +1,62 @@
+# sparrow
+
+![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.0](https://img.shields.io/badge/AppVersion-v0.1.0-informational?style=flat-square)
+
+A Helm chart to install Sparrow
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| eumel8 | <[email protected]> | <https://www.telekom.com> |
+| y-eight | <[email protected]> | <https://www.telekom.com> |
+
+## Source Code
+
+* <https://github.com/caas-team/sparrow>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| env | object | `{}` |  |
+| extraArgs | object | `{"loaderFilePath":"/runconfig/checks.yaml","loaderType":"file"}` | extra command line start parameters see: https://github.com/caas-team/sparrow/blob/main/docs/sparrow_run.md |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"ghcr.io/caas-team/sparrow"` |  |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| networkPolicies | object | `{"proxy":{"enabled":false}}` | define a network policy that will open egress traffic to a proxy |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext.fsGroup | int | `1000` |  |
+| podSecurityContext.supplementalGroups[0] | int | `1000` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| runtimeConfig | object | `{"health":{"enabled":true,"healthEndpoint":false,"targets":["https://www.example.com/","https://www.google.com/"]},"latency":{"enabled":true,"interval":1,"retry":{"count":3,"delay":1},"targets":["https://example.com/","https://google.com/"],"timeout":3}}` | runtime configuration of the Sparrow see: https://github.com/caas-team/sparrow#runtime |
+| securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.privileged | bool | `false` |  |
+| securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| securityContext.runAsGroup | int | `1000` |  |
+| securityContext.runAsUser | int | `1000` |  |
+| service.port | int | `8080` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| tolerations | list | `[]` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)

chart/templates/_helpers.tpl

@@ -0,0 +1,68 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sparrow.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sparrow.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sparrow.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "sparrow.labels" -}}
+helm.sh/chart: {{ include "sparrow.chart" . }}
+{{ include "sparrow.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sparrow.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sparrow.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sparrow.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "sparrow.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{- define "startupConfig" -}}
+{{- range $key, $value := .Values.startupConfig }}
+{{ $key }}: {{ $value }}
+{{- end }}
+{{- end }}