chore(pontoon): add chart

Author: michaellzc

.github/workflows/helm-release.yml

@@ -0,0 +1,30 @@
+name: Release Helm Charts
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

charts/pontoon/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/pontoon/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+name: pontoon
+home: https://github.com/mozilla/pontoon
+version: 1.0.0
+# Pontoon no longer cuts releases.
+# See https://github.com/mozilla/pontoon/releases/tag/2018-12-19
+appVersion: latest
+type: application
+description: A Helm chart for Pontoon, a Mozilla's Localization Platform.
+keywords:
+  - i18n
+  - pontoon
+sources:
+  - https://github.com/mozilla/pontoon
+icon: https://pontoon.mozilla.org/static/img/logo.svg

charts/pontoon/README.md

@@ -0,0 +1,6 @@
+# Pontoon Helm Chart
+
+## Prerequisites
+
+- A valid domain name and TLS cert manager
+- Kubernetes 1.12+

charts/pontoon/templates/NOTES.txt

@@ -0,0 +1,26 @@
+Congratulations. You have just deployed Pontoon!
+
+1. Create an admin account
+
+export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component=pontoon" -o jsonpath="{.items[0].metadata.name}")
+kubectl --namespace {{ .Release.Namespace }} exec -ti $POD_NAME -- python manage.py createsuperuser
+
+2. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  https://{{ $host }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pontoon.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pontoon.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pontoon.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "component=pontoon" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

charts/pontoon/templates/_helpers.tpl

@@ -0,0 +1,76 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "pontoon.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "pontoon.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "pontoon.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "pontoon.labels" -}}
+helm.sh/chart: {{ include "pontoon.chart" . }}
+{{ include "pontoon.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "pontoon.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "pontoon.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "pontoon.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "pontoon.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "common.tplvalues.render" -}}
+    {{- if typeIs "string" .value }}
+        {{- tpl .value .context }}
+    {{- else }}
+        {{- tpl (.value | toYaml) .context }}
+    {{- end }}
+{{- end -}}

charts/pontoon/templates/hpa.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "pontoon.fullname" . }}
+  labels:
+    {{- include "pontoon.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "pontoon.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+  {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+  {{- end }}
+  {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+  {{- end }}
+{{- end }}

charts/pontoon/templates/image-pull-secrets.yaml

@@ -0,0 +1,13 @@
+# Loop through the imagePullSecrets to create image pull secrets
+{{- range .Values.imagePullSecrets }}
+{{- if and .name .create }}
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  name: {{ .name | quote }}
+data:
+  .dockerconfigjson: {{ printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .url (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}

charts/pontoon/templates/ingress.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "pontoon.fullname" . -}}
+{{- $servicePort := .Values.service.externalPort -}}
+{{- $ingressName := default ( include "pontoon.fullname" . ) .Values.ingress.name -}}
+{{- if semverCompare ">=v1.14.0-0" .Capabilities.KubeVersion.GitVersion }}
+apiVersion: networking.k8s.io/v1beta1
+{{- else }}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $ingressName }}
+  labels:
+    app: {{ include "pontoon.fullname" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{- if .Values.ingress.labels }}
+{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}}
+{{- end}}
+{{- if .Values.ingress.annotations }}
+  annotations:
+{{ .Values.ingress.annotations | toYaml | trimSuffix "\n" | indent 4 -}}
+{{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  tls:
+  {{- toYaml .Values.ingress.tls | nindent 4 }}
+  {{- end }}
+  rules:
+{{- if .Values.ingress.hosts }}
+  {{- range $host := .Values.ingress.hosts }}
+  - host: {{ $host | quote }}
+    http:
+      paths:
+        - path: {{ $.Values.ingress.routerPath }}
+          backend:
+            serviceName: {{ $serviceName }}
+            servicePort: {{ $servicePort }}
+  {{- end -}}
+{{- end -}}
+{{- end -}}

charts/pontoon/templates/pontoon-deployment.yaml

@@ -0,0 +1,127 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "pontoon.fullname" . }}
+  labels:
+    app: {{ include "pontoon.fullname" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    component: "pontoon"
+spec:
+{{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+{{- end }}
+  selector:
+    matchLabels:
+      app: {{ include "pontoon.fullname" . }}
+      heritage: {{ .Release.Service }}
+      release: {{ .Release.Name }}
+      component: "pontoon"
+  template:
+    metadata:
+      annotations:
+        checksum/pontoon-secrets: {{ include (print $.Template.BasePath "/pontoon-secrets.yaml") . | sha256sum }}
+        checksum/pontoon-ssh-secrets: {{ include (print $.Template.BasePath "/pontoon-ssh-secrets.yaml") . | sha256sum }}
+        checksum/pontoon-settings: {{ include (print $.Template.BasePath "/pontoon-settings-configmap.yaml") . | sha256sum }}
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
+      labels:
+        app: {{ include "pontoon.fullname" . }}
+        chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        heritage: {{ .Release.Service }}
+        release: {{ .Release.Name }}
+        component: "pontoon"
+    spec:
+      imagePullSecrets:
+      {{- range .Values.imagePullSecrets }}
+        - name: {{ .name | quote }}
+      {{- end }}
+      serviceAccountName: {{ include "pontoon.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if or .Values.ssh.config .Values.ssh.privateKeys }}
+      initContainers:
+        - name: copy-ssh-secrets
+          image: "busybox"
+          command:
+            - "cp"
+            - "-r"
+            - "/ssh-data/."
+            - {{ .Values.ssh.mountPath | quote }}
+          volumeMounts:
+            - mountPath: {{ .Values.ssh.mountPath | quote }}
+              name: "dummy-volume"
+            - mountPath: "/ssh-data"
+              name: "pontoon-ssh"
+      {{- end }}
+      containers:
+        - name: pontoon
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          command: ["gunicorn"]
+          args:
+            - "pontoon.wsgi:application"
+            - "--bind=0.0.0.0"
+          # TODO - add livenessProbe and readinessProbe
+          # Pontoon does not seem to have a health check endpoint...
+          # Maybe consider adding one to upstream
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          envFrom:
+            - secretRef:
+                name: "{{ include "pontoon.fullname" . }}-secrets"
+          env:
+            - name: SITE_URL
+              value: {{ .Values.siteUrl | quote }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.defaultEnvVars "context" $) | nindent 12 }}
+            {{- if .Values.extraSettingsModule }}
+            - name: DJANGO_SETTINGS_MODULE
+              value: "pontoon.settings.custom"
+            {{- end }}
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          volumeMounts:
+            {{- if .Values.extraSettingsModule }}
+            - mountPath: "{{ .Values.pontoonHome }}/pontoon/settings/custom.py"
+              name: "pontoon-settings"
+              subPath: "custom.py"
+            {{- end }}
+            {{- if or .Values.ssh.config .Values.ssh.privateKeys }}
+            - name: "dummy-volume"
+              mountPath: {{ .Values.ssh.mountPath | quote }}
+            {{- end }}
+      volumes:
+        {{- if .Values.extraSettingsModule }}
+        - name: "pontoon-settings"
+          configMap:
+            name: "{{ include "pontoon.fullname" . }}-settings-configmap"
+        {{- end }}
+        {{- if or .Values.ssh.config .Values.ssh.privateKeys }}
+        - name: "pontoon-ssh"
+          secret:
+            secretName: "{{ include "pontoon.fullname" . }}-ssh-secrets"
+            defaultMode: 420 # 0644
+        - name: "dummy-volume"
+          emptyDir: {}
+        {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}