chart refactor and rbac

Chart.yaml

@@ -1,4 +1,4 @@
 name: kubebot
 description: Kubernetes chart for Kubebot
-version: 0.1.0
+version: 0.2.0
 home: https://github.com/harbur/kubebot-chart

README.md

@@ -4,24 +4,17 @@
 
 ## Kubebot
 
-[Kubebot](https://github.com/harbur/kubebot) is a Kubernetes chatbot for Slack.  
+[Kubebot](https://github.com/harbur/kubebot) is a Kubernetes chatbot for Slack.
 ## Setup
 
 1. Clone this repository
 1. [Create a new bot](https://my.slack.com/services/new/bot) user integration on Slack and get the `token`
-1. Update `values.toml`:
-  1. set `kubebot_slack_token` with the `token` you got
-  2. set `kubebot_slack_admins_nicknames` with the nicknames (without `@`) of the users that you want to be able to interact with Kubebot (use a space as separator)
-  3. set `kubebot_slack_channels_ids` with the IDs of the channels you want kubebot to interact (use a space as separator). You can get the ids of your team's channels in `https://slack.com/api/channels.list?token={REPLACE WITH YOUR TOKEN}`. 
-  4. [optional] You can edit `kubebot_slack_valid_commands` to change which commands Kubebot is able to run.
-
+1. Update `values.yaml`:
+  1. `slack.token` should be the `token` for your bot integration
+  1. `slack.admin_nicknames` sould be a list of the nicknames (without `@`) of the users that you want to be able to interact with Kubebot
+  1. Set `slack.channel_ids` sould be a list of the channel IDs that you want kubebot to able to interact in. You can get the IDs of your team's channels in `https://slack.com/api/channels.list?token={REPLACE WITH YOUR TOKEN}`
+  1. [optional] You can add/remove items from `commands` list to change which commands Kubebot is able to run
 
 ## Run
 
-The easiest way to deploy Kubebot to your Kubernetes cluster is using [Tide](https://github.com/harbur/tide):
-
-```
-tide up .
-```
-
-
+`helm install ./kubebot-chart --name kubebot --namespace kubebot --values values.yaml`

templates/_helpers.tpl

@@ -0,0 +1,27 @@
+{{/*
+Generate the names for all chart objects
+The name will be the release name appended with "kubebot"
+Unless the release name is "kubebot"
+*/}}
+{{- define "kubebot.name" -}}
+{{- if .Values.nameOverride -}}
+{{- .Values.nameOverride | trunc 64 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 64 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 64 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Generate basic labels */}}
+{{- define "kubebot.labels" -}}
+heritage: {{ .Release.Service | quote }}
+release: {{ .Release.Name | quote }}
+chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+{{- if .Values.commonLabels}}
+{{ toYaml .Values.commonLabels }}
+{{- end }}
+{{- end }}

templates/kubebot-deployment.yaml

@@ -1,26 +1,33 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
-  name: kubebot
+  name: "{{ template "kubebot.name" . }}"
+  namespace: {{ .Release.Namespace | quote }}
   labels:
-    component: kubebot
+{{ include "kubebot.labels" . | indent 4 }}
 spec:
   replicas: 1
   template:
     metadata:
       labels:
-        component: kubebot
+{{ include "kubebot.labels" . | indent 8 }}
     spec:
+      {{- if .Values.rbac }}
+      serviceAccountName: "{{ template "kubebot.name" . }}"
+      {{- end }}
       containers:
       - name: kubebot
-        image: harbur/kubebot:0.1.0
-        imagePullPolicy: Always
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: "{{ .Values.image.pullPolicy }}"
         env:
         - name: KUBEBOT_SLACK_TOKEN
-          value: {{ .Values.kubebot_slack_token }}
+          valueFrom:
+            secretKeyRef:
+              name: "{{ template "kubebot.name" . }}"
+              key: token
         - name: KUBEBOT_SLACK_CHANNELS_IDS
-          value: {{ .Values.kubebot_slack_channels_ids }}
+          value: {{ join " " .Values.slack.channel_ids | quote }}
         - name: KUBEBOT_SLACK_ADMINS_NICKNAMES
-          value: {{ .Values.kubebot_slack_admins_nicknames }}
+          value: {{ join " " .Values.slack.admin_nicknames | quote }}
         - name: KUBEBOT_SLACK_VALID_COMMANDS
-          value: {{ .Values.kubebot_slack_valid_commands }}
+          value: {{ join " " .Values.commands | quote }}

templates/kubebot-rbac.yaml

@@ -0,0 +1,39 @@
+{{- if .Values.rbac }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "{{ template "kubebot.name" .}}"
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "kubebot.labels" . | indent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: "{{ template "kubebot.name" .}}"
+  labels:
+{{ include "kubebot.labels" . | indent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: "{{ template "kubebot.name" .}}"
+  labels:
+{{ include "kubebot.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "{{ template "kubebot.name" .}}"
+subjects:
+- kind: ServiceAccount
+  name: "{{ template "kubebot.name" .}}"
+  namespace: {{ .Release.Namespace | quote }}  
+{{- end }}

templates/kubebot-secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "kubebot.name" .}}"
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+{{ include "kubebot.labels" . | indent 4 }}
+type: Opaque
+data:
+  token: {{ .Values.slack.token | b64enc }}

values.yaml

@@ -1,4 +1,21 @@
-kubebot_slack_token: ""
-kubebot_slack_channels_ids: ""
-kubebot_slack_admins_nicknames: ""
-kubebot_slack_valid_commands: "get describe logs explain"
+rbac: true
+nameOverride: null
+
+commonLabels: {}
+
+image:
+  repository: harbur/kubebot
+  tag: 0.1.0
+  image: Always
+
+slack:
+  token: ""
+  channel_ids: []
+  admin_nicknames: []
+
+commands:
+  - get
+  - describe
+  - logs
+  - explain
+  - version