chore: empty oci helm chart

chart/pulumi-esc-csi-provider/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/pulumi-esc-csi-provider/Chart.yaml

@@ -4,7 +4,7 @@ description: A Helm chart for the Pulumi ESC CSI provider
 
 type: application
 
-version: 0.1.0
+version: 0.1.1
 appVersion: "0.1.0"
 
 maintainers:

chart/pulumi-esc-csi-provider/README.md

@@ -0,0 +1,92 @@
+# Pulumi ESC Secret Store CSI Driver - Helm Chart
+
+![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=for-the-badge) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=for-the-badge) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=for-the-badge)
+
+## Description 📜
+
+A Helm chart for the Pulumi ESC CSI provider
+
+## Usage (via OCI Registry)
+
+To install the chart using the OCI artifact, run:
+
+```bash
+helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --version 0.1.1 --namespace kube-system
+```
+
+After a few seconds, the `pulumi-esc-csi-provider` should be running.
+
+To install the chart in a specific namespace use following commands:
+
+```bash
+kubectl create ns pulumi-esc-csi-provider
+helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --namespace kube-system
+```
+
+> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment
+
+### Uninstalling the Chart 🗑️
+
+To uninstall the `pulumi-esc-csi-provider` deployment:
+
+```bash
+helm uninstall pulumi-esc-csi-provider
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| args[0] | string | `"-endpoint=/provider/pulumi.sock"` |  |
+| image.pullPolicy | string | `"Always"` |  |
+| image.repository | string | `"ghcr.io/dirien/secrets-store-csi-driver-provider-pulumi-esc"` |  |
+| image.tag | string | `""` |  |
+| labels | object | `{}` |  |
+| livenessProbe.failureThreshold | int | `2` |  |
+| livenessProbe.httpGet.path | string | `"/healthz"` |  |
+| livenessProbe.httpGet.port | int | `8080` |  |
+| livenessProbe.httpGet.scheme | string | `"HTTP"` |  |
+| livenessProbe.initialDelaySeconds | int | `5` |  |
+| livenessProbe.periodSeconds | int | `5` |  |
+| livenessProbe.successThreshold | int | `1` |  |
+| livenessProbe.timeoutSeconds | int | `3` |  |
+| name | string | `"pulumi-esc-csi-provider"` |  |
+| namespace | string | `"kube-system"` |  |
+| nodeSelector | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| providerVolume.hostPath | string | `"/etc/kubernetes/secrets-store-csi-providers"` |  |
+| providerVolume.mountPath | string | `"/provider"` |  |
+| readinessProbe.failureThreshold | int | `2` |  |
+| readinessProbe.httpGet.path | string | `"/readyz"` |  |
+| readinessProbe.httpGet.port | int | `8080` |  |
+| readinessProbe.httpGet.scheme | string | `"HTTP"` |  |
+| readinessProbe.initialDelaySeconds | int | `5` |  |
+| readinessProbe.periodSeconds | int | `5` |  |
+| readinessProbe.successThreshold | int | `1` |  |
+| readinessProbe.timeoutSeconds | int | `3` |  |
+| resources.limits.cpu | string | `"50m"` |  |
+| resources.limits.memory | string | `"100Mi"` |  |
+| resources.requests.cpu | string | `"50m"` |  |
+| resources.requests.memory | string | `"100Mi"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `"pulumi-esc-csi-provider"` |  |
+| tolerations | list | `[]` |  |
+
+## Contributing 🤝
+
+### Contributing via GitHub
+
+Feel free to join. Checkout the [contributing guide](CONTRIBUTING.md)
+
+## License ⚖️
+
+Apache License, Version 2.0
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| dirien | <[email protected]> | <https://pulumi.com> |

chart/pulumi-esc-csi-provider/README.md.gotmpl

@@ -0,0 +1,52 @@
+# Pulumi ESC Secret Store CSI Driver - Helm Chart
+
+{{ template "chart.badgesSection" . }}
+
+## Description 📜
+
+{{ template "chart.description" . }}
+
+## Usage (via OCI Registry)
+
+To install the chart using the OCI artifact, run:
+
+```bash
+helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --version {{ .Version }} --namespace kube-system
+```
+
+After a few seconds, the `pulumi-esc-csi-provider` should be running.
+
+To install the chart in a specific namespace use following commands:
+
+```bash
+kubectl create ns pulumi-esc-csi-provider
+helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --namespace kube-system
+```
+
+> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment
+
+### Uninstalling the Chart 🗑️
+
+To uninstall the `pulumi-esc-csi-provider` deployment:
+
+```bash
+helm uninstall pulumi-esc-csi-provider
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+{{ template "chart.valuesSection" . }}
+
+## Contributing 🤝
+
+### Contributing via GitHub
+
+Feel free to join. Checkout the [contributing guide](CONTRIBUTING.md)
+
+## License ⚖️
+
+Apache License, Version 2.0
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.maintainersSection" . }}

chart/pulumi-esc-csi-provider/templates/NOTES.txt

@@ -0,0 +1,44 @@
+##
+
+-- Pulumi ESC CSI Provider Helm Chart --
+
+ ███████████             ████                              ███     ██████████  █████████    █████████
+░░███░░░░░███           ░░███                             ░░░     ░░███░░░░░█ ███░░░░░███  ███░░░░░███
+ ░███    ░███ █████ ████ ░███  █████ ████ █████████████   ████     ░███  █ ░ ░███    ░░░  ███     ░░░
+ ░██████████ ░░███ ░███  ░███ ░░███ ░███ ░░███░░███░░███ ░░███     ░██████   ░░█████████ ░███
+ ░███░░░░░░   ░███ ░███  ░███  ░███ ░███  ░███ ░███ ░███  ░███     ░███░░█    ░░░░░░░░███░███
+ ░███         ░███ ░███  ░███  ░███ ░███  ░███ ░███ ░███  ░███     ░███ ░   █ ███    ░███░░███     ███
+ █████        ░░████████ █████ ░░████████ █████░███ █████ █████    ██████████░░█████████  ░░█████████
+░░░░░          ░░░░░░░░ ░░░░░   ░░░░░░░░ ░░░░░ ░░░ ░░░░░ ░░░░░    ░░░░░░░░░░  ░░░░░░░░░    ░░░░░░░░░
+
+
+Pulumi ESC CSI Provider ({{ .Chart.Version }}) has been installed successfully!
+
+╭―― Thank you for installing Pulumi ESC CSI Provider! 👋 ―――――――――――――――――――――――――――――――――――――――――┤
+│
+│   Pulumi ESC CSI Provider enables Kubernetes to access secrets stored in Pulumi ESC 🔒
+│
+│   Current installation details:
+│   • Namespace         : {{ .Release.Namespace }}
+│   • Name              : {{ .Release.Name }}
+│   • Image             : {{ .Values.image.repository }}:{{ .Values.image.tag }}
+│
+╰――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――┤
+
+――― Helpful commands to get started 📝 ――――――――――――――――――――――――――――――――――――――――――――――――――――――――――┤
+
+→ Check if the CSI provider is running:
+$ kubectl get pods -n {{ .Values.namespace }} -l app={{ .Values.name }}
+
+→ View CSI provider logs:
+$ kubectl logs -n {{ .Values.namespace }} -l app={{ .Values.name }}
+
+→ Get your release status:
+$ helm status {{ .Release.Name }} -n {{ .Release.Namespace }}
+
+→ Uninstall the provider:
+$ helm uninstall {{ .Release.Name }} -n {{ .Release.Namespace }}
+
+――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――┤
+
+##

chart/pulumi-esc-csi-provider/templates/daemonset.yaml

@@ -0,0 +1,103 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: {{ .Values.name }}
+    {{- with .Values.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: {{ .Values.serviceAccount.name }}
+  namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.serviceAccount.name }}-cr
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ .Values.name }}
+    {{- with .Values.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Values.serviceAccount.name }}-crb
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ .Values.name }}
+   {{- with .Values.labels }}
+   {{- toYaml . | nindent 4 }}
+   {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.serviceAccount.name }}-cr
+subjects:
+- kind: ServiceAccount
+  namespace: {{ .Values.namespace }}
+  name: {{ .Values.serviceAccount.name }}
+{{- end }}
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: {{ .Values.name }}
+    {{- with .Values.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Values.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.name }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      securityContext: {}
+      containers:
+      - name: {{ .Values.name }}
+        image: {{ printf "%s:%s" .Values.image.repository (default (printf "%s" .Chart.AppVersion) .Values.image.tag) }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+          {{- with .Values.args }}
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
+        resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+        volumeMounts:
+        - name: socket
+          mountPath: {{ .Values.providerVolume.mountPath }}
+        livenessProbe:
+          {{- toYaml .Values.livenessProbe | nindent 12 }}
+        readinessProbe:
+          {{- toYaml .Values.readinessProbe | nindent 12 }}
+      volumes:
+      - name: socket
+        hostPath:
+          path: {{ .Values.providerVolume.hostPath }}
+          type: DirectoryOrCreate
+      nodeSelector:
+        kubernetes.io/os: linux

chart/pulumi-esc-csi-provider/values.yaml

@@ -2,7 +2,7 @@ name: pulumi-esc-csi-provider
 namespace: kube-system
 image:
   repository: ghcr.io/dirien/secrets-store-csi-driver-provider-pulumi-esc
-  tag: latest
+  tag: ''
   pullPolicy: Always
 
 args:

go.mod

@@ -14,18 +14,18 @@ require (
 
 require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.1 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.7 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -37,23 +37,23 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/crypto v0.27.0 // indirect
-	golang.org/x/net v0.29.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
-	golang.org/x/term v0.24.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	golang.org/x/crypto v0.30.0 // indirect
+	golang.org/x/net v0.32.0 // indirect
+	golang.org/x/oauth2 v0.24.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/time v0.8.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
 	gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/api v0.31.3 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f // indirect
+	k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )