github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-06 22:23:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat(helm): infisical helm

Browse Source
This commit is contained in:
Daniel Hougaard
2025-05-01 06:45:40 +04:00
parent e7a55d8a27
commit 82c7dad6c8
12 changed files with 348 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
.github/workflows/release_docker_gateway.yaml vendored Normal file
View File

@@ -0,0 +1,44 @@
name: Release Gateway Docker Image
on:
push:
tags:
- "infisical-gateway/v*.*.*"
permissions:
contents: write
pull-requests: write
jobs:
release-image:
name: Release Gateway Docker Image
runs-on: ubuntu-latest
steps:
- name: Extract version from tag
id: extract_version
run: echo "::set-output name=version::${GITHUB_REF_NAME#infisical-gateway/}"
- name: Checkout code
uses: actions/checkout@v2
- name: 🔧 Set up QEMU
uses: docker/setup-qemu-action@v1
- name: 🔧 Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: 🐋 Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: |
infisical/gateway:latest
infisical/gateway:${{ steps.extract_version.outputs.version }}

27
.github/workflows/release_helm_gateway.yaml vendored Normal file
View File

@@ -0,0 +1,27 @@
name: Release Gateway Helm Chart
on:
workflow_dispatch:
jobs:
release-helm:
name: Release Helm Chart
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.10.0
- name: Install python
uses: actions/setup-python@v4
- name: Install Cloudsmith CLI
run: pip install --upgrade cloudsmith-cli
- name: Build and push helm package to CloudSmith
run: cd helm-charts && sh upload-gateway-cloudsmith.sh
env:
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}

24
Dockerfile.gateway Normal file
View File

@@ -0,0 +1,24 @@
# Build stage
FROM golang:1.23.0-alpine AS builder
WORKDIR /app
COPY ./cli .
RUN go build -o infisical-cli .
FROM alpine:latest
ENV TOKEN=""
ENV INFISICAL_API_URL="https://app.infisical.com"
WORKDIR /app
COPY --from=builder /app/infisical-cli .
# Make the binary executable
RUN chmod +x /app/infisical-cli
CMD ["sh", "-c", "if [ -z \"${TOKEN}\" ]; then echo 'ERROR: TOKEN environment variable must be set'; exit 1; fi && ./infisical-cli gateway --token ${TOKEN} --domain ${INFISICAL_API_URL}"]

23
helm-charts/infisical-gateway/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

3
helm-charts/infisical-gateway/CHANGELOG.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.0.1 (May 1, 2025)
* Initial helm release

24
helm-charts/infisical-gateway/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: infisical-gateway
description: A Helm chart to deploy Infisical Gateway
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.0.1"

62
helm-charts/infisical-gateway/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "infisical-gateway.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "infisical-gateway.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "infisical-gateway.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "infisical-gateway.labels" -}}
helm.sh/chart: {{ include "infisical-gateway.chart" . }}
{{ include "infisical-gateway.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "infisical-gateway.selectorLabels" -}}
app.kubernetes.io/name: {{ include "infisical-gateway.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "infisical-gateway.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "infisical-gateway.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

64
helm-charts/infisical-gateway/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,64 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "infisical-gateway.fullname" . }}
labels:
{{- include "infisical-gateway.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "infisical-gateway.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "infisical-gateway.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "infisical-gateway.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

15
helm-charts/infisical-gateway/templates/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "infisical-gateway.fullname" . }}
labels:
{{- include "infisical-gateway.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "infisical-gateway.selectorLabels" . | nindent 4 }}

13
helm-charts/infisical-gateway/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "infisical-gateway.serviceAccountName" . }}
labels:
{{- include "infisical-gateway.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}

41
helm-charts/infisical-gateway/values.yaml Normal file
View File

@@ -0,0 +1,41 @@
image:
repository: infisical/infisical-gateway
pullPolicy: IfNotPresent
tag: "latest"
# Environment variables for the gateway
env:
TOKEN: ""
INFISICAL_API_URL: "https://app.infisical.com/api"
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
create: true
automount: true
annotations: {}
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
securityContext: {}
affinity: {}
tolerations: {}
nodeSelector: {}
service:
type: ClusterIP
port: 80
ingress:
enabled: false

8
helm-charts/upload-gateway-cloudsmith.sh Executable file
View File

@@ -0,0 +1,8 @@
cd infisical-gateway
helm dependency update
helm package .
for i in *.tgz; do
[ -f "$i" ] || break
cloudsmith push helm --republish infisical/helm-charts "$i"
done
cd ..