Merge pull request axoflow#59 from axoflow/merge-axosyslog-charts

Merge axosyslog-charts

.github/workflows/axosyslog-collector.yml

@@ -0,0 +1,20 @@
+name: AxoSyslog Collector
+
+on:
+  push:
+  pull_request:
+
+defaults:
+  run:
+    working-directory: charts/axosyslog-collector
+
+jobs:
+  axosyslog-collector:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v3
+
+      - name: Linter
+        run: |
+          docker run -v${PWD}:${PWD} alpine/helm lint ${PWD}

.github/workflows/release-charts.yml

@@ -0,0 +1,25 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

README.md

@@ -1,4 +1,3 @@
-
 <p align="center">
   <picture>
     <source media="(prefers-color-scheme: light)" srcset="https://github.com/axoflow/axosyslog-docker/raw/main/docs/axosyslog.svg">
@@ -9,7 +8,14 @@
 
 # AxoSyslog - a cloud-native distribution of syslog-ng by Axoflow
 
-This repository contains the cloud-ready syslog-ng images created and maintained by [Axoflow](https://axoflow.com). Our images are different from the [upstream syslog-ng images](https://hub.docker.com/r/balabit/syslog-ng/) in a number of ways:
+This repository contains the cloud-ready syslog-ng images and Helm charts
+created and maintained by [Axoflow](https://axoflow.com).  
+
+## Container images
+
+Our images are
+different from the [upstream syslog-ng
+images](https://hub.docker.com/r/balabit/syslog-ng/) in a number of ways:
 
 - They are based on Alpine Linux, instead of Debian testing for reliability and smaller size (thus smaller attack surface).
 - They incorporate cloud-native features and settings (such as the Kubernetes source).
@@ -22,7 +28,7 @@ Our images are available for the following architectures:
 - arm/v7
 - arm64
 
-## How to use
+### How to use
 
 You can find the list of tagged versions at [https://github.com/axoflow/axosyslog-docker/pkgs/container/axosyslog](https://github.com/axoflow/axosyslog-docker/pkgs/container/axosyslog).
 
@@ -52,24 +58,42 @@ docker pull ghcr.io/axoflow/axosyslog:nightly
 > docker pull ghcr.io/axoflow/axosyslog:4.5.0
 > ```
 
+## Helm Charts
+
+This repository contains various [Helm charts](https://helm.sh/docs/topics/charts/) for syslog-ng. You can use these charts to install the [AxoSyslog - cloud-ready syslog-ng images](https://github.com/axoflow/axosyslog-docker) created and maintained by [Axoflow](https://axoflow.com).
+
+### How to use
+
+[Helm](https://helm.sh) must be installed to use the charts.  Please refer to
+Helm's [documentation](https://helm.sh/docs) to get started.
+
+Once Helm has been set up correctly, add the repo as follows:
+
+    helm repo add axosyslog https://axoflow.github.io/axosyslog-charts
+
+If you had already added this repo earlier, run `helm repo update` to retrieve
+the latest versions of the packages.  You can then run `helm search repo
+axosyslog` to see the charts.
+
+To install the axosyslog-collector chart:
+
+    helm install my-axosyslog-collector axosyslog/axosyslog-collector
+
+To uninstall the chart:
+
+    helm delete my-axosyslog-collector
+
 ## Contact and support
 
 In case you need help or want to contact us, open a [GitHub issue](https://github.com/axoflow/axosyslog-docker/issues), or come chat with us in the [syslog-ng channel of the Axoflow Discord server](https://discord.gg/4Fzy7D66Qq).
 
 ## Contribution
 
-If you have fixed a bug or would like to contribute your improvements to these images, [open a pull request](https://github.com/axoflow/axosyslog-docker/pulls). We truly appreciate your help.
+If you have fixed a bug or would like to contribute your improvements to
+AxoSyslog, [open a pull request](https://github.com/axoflow/axosyslog-docker/pulls). We truly appreciate your help.
 
 ## About Axoflow
 
 The [Axoflow](https://axoflow.com) founder team consists of successful entrepreneurs with a vast knowledge and hands-on experience about observability, log management, and how to apply these technologies in the enterprise security context. We also happen to be the creators of wide-spread open source technologies in this area, like syslog-ng and the [Logging operator for Kubernetes](https://github.com/kube-logging/logging-operator).
 
 To learn more about our products and our open-source projects, visit the [Axoflow blog](https://axoflow.com/blog/), or [subscribe to the Axoflow newsletter](https://axoflow.com/#newsletter-subscription).
-
-<p align="center">
-  <picture>
-    <source media="(prefers-color-scheme: light)" srcset="https://github.com/axoflow/axosyslog-docker/raw/main/docs/axoflow-logo-color.svg">
-    <source media="(prefers-color-scheme: dark)" srcset="https://github.com/axoflow/axosyslog-docker/raw/main/docs/axoflow-logo-white.svg">
-    <img alt="Axoflow" src="https://github.com/axoflow/axosyslog-docker/raw/main/docs/axoflow-logo-color.svg" width="550">
-  </picture>
-</p>

charts/axosyslog-collector/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/axosyslog-collector/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: axosyslog-collector
+description: AxoSyslog Kubernetes log collector
+type: application
+version: 0.8.0
+appVersion: "4.5.0"

charts/axosyslog-collector/README.md

@@ -0,0 +1,55 @@
+# AxoSyslog Collector
+
+AxoSyslog Kubernetes log collector.
+
+## Prerequisites
+
+- Kubernetes 1.16+
+- Helm 3.0+
+
+
+## Configuration
+The following table lists the configurable parameters of the AxoSyslog Collector chart and their default values:
+
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+|  image.repository  | The container image repository |  ghcr.io/axoflow/axosyslog  |
+|  image.pullPolicy  | The container image pull policy |  IfNotPresent  |
+|  image.tag  | The container image tag |  4.1.1  |
+|  imagePullSecrets  | The names of secrets containing private registry credentials |  []  |
+|  nameOverride  | Override the chart name |  ""  |
+|  fullnameOverride  | Override the full chart name |  ""  |
+|  daemonset.enabled  | Deploy AxoSyslog as a DaemonSet |  true  |
+|  daemonset.labels  | Additional labels to apply to the DaemonSet |  {}  |
+|  daemonset.annotations  | Additional annotations to apply to the DaemonSet |  {}  |
+|  daemonset.affinity  | Pod affinity |  {}  |
+|  daemonset.nodeSelector  | Node labels for pod assignment |  {}  |
+|  daemonset.resources  | Resource requests and limits |  {}  |
+|  daemonset.tolerations  | Tolerations for pod assignment |  []  |
+|  daemonset.hostAliases  | Add host aliases |  []  |
+|  daemonset.secretMounts  | Mount additional secrets as volumes |  []  |
+|  daemonset.extraVolumes  | Additional volumes to mount |  []  |
+|  daemonset.securityContext  | Security context for the pod |  {}  |
+|  daemonset.maxUnavailable  | The maximum number of unavailable pods during a rolling update |  1  |
+|  daemonset.hostNetworking  | Whether to enable host networking |  false  |
+|  rbac.create  | Whether to create RBAC resources |  false  |
+|  rbac.extraRules  | Additional RBAC rules |  []  |
+|  openShift.enabled  | Whether to deploy on OpenShift |  false  |
+|  openShift.securityContextConstraints.create  | Whether to create SecurityContextConstraints on OpenShift |  true  |
+|  openShift.securityContextConstraints.annotations  | Annotations to apply to SecurityContextConstraints |  {}  |
+|  serviceAccount.create  | Whether to create a service account |  false  |
+|  serviceAccount.annotations  | Annotations to apply to the service account |  {}  |
+|  namespace  | The Kubernetes namespace to deploy to |  ""  |
+|  podAnnotations  | Additional annotations to apply to the pod |  {}  |
+|  podSecurityContext  | Security context for the pod |  {}  |
+|  securityContext  | Security context for the container |  {}  |
+|  resources  | Resource requests and limits for the container |  {}  |
+|  nodeSelector  | Node labels for pod assignment |  {}  |
+|  tolerations  | Tolerations for pod assignment |  []  |
+|  affinity  | Pod affinity |  {}  |
+|  updateStrategy  | Update strategy for the DaemonSet |  RollingUpdate  |
+|  kubernetes.enabled  | Enable kubernetes log collection  |  true  |
+|  kubernetes.prefix  | Set JSON prefix for logs collected from the k8s cluster  |  ""  |
+|  kubernetes.keyDelimiter  | Set JSON key delimiter for logs collected from the k8s cluster  |  ""  |
+

charts/axosyslog-collector/templates/NOTES.txt

@@ -0,0 +1,2 @@
+1. Watch the {{ template "axosyslog-collector.fullname" . }} container start.
+  $ kubectl get pods --namespace={{ .Release.Namespace }} -l app={{ template "axosyslog-collector.fullname" . }} -w

charts/axosyslog-collector/templates/_helpers.tpl

@@ -0,0 +1,66 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "axosyslog-collector.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "axosyslog-collector.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "axosyslog-collector.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "axosyslog-collector.labels" -}}
+helm.sh/chart: {{ include "axosyslog-collector.chart" . }}
+{{ include "axosyslog-collector.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "axosyslog-collector.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "axosyslog-collector.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "axosyslog-collector.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "axosyslog-collector.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{- define "axosyslog-collector.namespace" -}}
+{{ .Values.namespace | default .Release.Namespace }}
+{{- end -}}

charts/axosyslog-collector/templates/clusterrole.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.rbac.create -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "axosyslog-collector.serviceAccountName" . }}
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "watch", "list"]
+  {{- if .Values.rbac.extraRules }}
+{{ toYaml ( .Values.rbac.extraRules ) | indent 2 }}
+  {{- end }}
+  {{- if and .Values.openShift.enabled .Values.openShift.securityContextConstraints.create }}
+  - apiGroups:
+      - security.openshift.io
+    resources:
+      - securitycontextconstraints
+    resourceNames:
+      - {{ template "axosyslog-collector.fullname" . }}
+    verbs:
+      - use
+  {{- end }}
+{{- end -}}

charts/axosyslog-collector/templates/clusterrolebinding.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "axosyslog-collector.serviceAccountName" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "axosyslog-collector.serviceAccountName" . }}
+    namespace: {{ include "axosyslog-collector.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "axosyslog-collector.serviceAccountName" . }}
+{{- end -}}