From 35f0bd1a4f9e02a90fc1886f092505577a5f43dd Mon Sep 17 00:00:00 2001 From: alexandreferris Date: Wed, 24 Jun 2026 13:16:14 +0200 Subject: [PATCH 1/2] chore: Integrate k8s setup * Add values and helper files --- helm/githubapp/Chart.yaml | 9 ++ helm/githubapp/DEPLOYMENT.md | 5 + helm/githubapp/templates/NOTES.txt | 54 ++++++++++ helm/githubapp/templates/_helpers.tpl | 62 +++++++++++ helm/githubapp/templates/configmap.yaml | 6 ++ helm/githubapp/templates/pvc.yaml | 15 +++ helm/githubapp/templates/service.yaml | 15 +++ helm/githubapp/templates/serviceaccount.yaml | 6 ++ helm/githubapp/templates/servicemonitor.yaml | 13 +++ helm/githubapp/templates/statefulset.yaml | 98 +++++++++++++++++ helm/githubapp/values.yaml | 108 +++++++++++++++++++ 11 files changed, 391 insertions(+) create mode 100644 helm/githubapp/Chart.yaml create mode 100644 helm/githubapp/DEPLOYMENT.md create mode 100644 helm/githubapp/templates/NOTES.txt create mode 100644 helm/githubapp/templates/_helpers.tpl create mode 100644 helm/githubapp/templates/configmap.yaml create mode 100644 helm/githubapp/templates/pvc.yaml create mode 100644 helm/githubapp/templates/service.yaml create mode 100644 helm/githubapp/templates/serviceaccount.yaml create mode 100644 helm/githubapp/templates/servicemonitor.yaml create mode 100644 helm/githubapp/templates/statefulset.yaml create mode 100644 helm/githubapp/values.yaml diff --git a/helm/githubapp/Chart.yaml b/helm/githubapp/Chart.yaml new file mode 100644 index 0000000..1db4aba --- /dev/null +++ b/helm/githubapp/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: githubapp +description: Wire Github-App - A Helm chart for deploying the Wire Github app +type: application +version: 0.0.1 +appVersion: "0.0.1" +home: https://github.com/wireapp/github-app +maintainers: + - name: Wire Integrations Team diff --git a/helm/githubapp/DEPLOYMENT.md b/helm/githubapp/DEPLOYMENT.md new file mode 100644 index 0000000..653bae1 --- /dev/null +++ b/helm/githubapp/DEPLOYMENT.md @@ -0,0 +1,5 @@ +## Deployment notes + +Helm charts are here, while values for each environment are in the `argocd-integrations` repo. + +That repo uses ArgoCD with an ImageUpdater to trigger deploys when new images are published. diff --git a/helm/githubapp/templates/NOTES.txt b/helm/githubapp/templates/NOTES.txt new file mode 100644 index 0000000..d0d8a69 --- /dev/null +++ b/helm/githubapp/templates/NOTES.txt @@ -0,0 +1,54 @@ +Wire Github-App has been deployed successfully! + +DEPLOYMENT INFORMATION: +{{- if .Values.persistence.enabled }} +- Persistent storage: {{ .Values.persistence.size }} ({{ .Values.persistence.storageClass | default "default" }} storage class) +{{- end }} +- Health checks: Startup, liveness, and readiness probes configured +- Resource limits: {{ .Values.resources.limits.cpu }} CPU, {{ .Values.resources.limits.memory }} memory +- Service: {{ .Values.service.type }} on port {{ .Values.service.port }} -> {{ .Values.service.targetPort }} + +MONITORING & DEBUGGING: + +1. Check application status: + kubectl get pods -n {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "githubapp.name" . }} + +2. View application logs: + kubectl logs -f deployment/{{ include "githubapp.fullname" . }} -n {{ .Release.Namespace }} + +3. Access health endpoint: +{{- if contains "ClusterIP" .Values.service.type }} + kubectl port-forward -n {{ .Release.Namespace }} svc/{{ include "githubapp.fullname" . }} 8080:{{ .Values.service.port }} + # Then visit: http://localhost:8080/health +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "githubapp.fullname" . }}) + export NODE_IP=$(kubectl get nodes -n {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + # Visit: http://$NODE_IP:$NODE_PORT/health +{{- else if contains "LoadBalancer" .Values.service.type }} + export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ include "githubapp.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + # Visit: http://$SERVICE_IP:{{ .Values.service.port }}/health +{{- end }} + +4. Check configuration: + kubectl describe configmap/{{ include "githubapp.fullname" . }} -n {{ .Release.Namespace }} +{{- if .Values.secrets.secretName }} + kubectl describe secret/{{ .Values.secrets.secretName }} -n {{ .Release.Namespace }} +{{- end }} + +CONFIGURATION: +{{- range .Values.env }} +{{- if eq .name "WIRE_SDK_ENVIRONMENT" }} +- Wire SDK Environment: {{ .value | default "Not configured" }} +{{- end }} +{{- if eq .name "WIRE_ENV" }} +- Wire Environment: {{ .value | default "Not configured" }} +{{- end }} +{{- if eq .name "PORT" }} +- Application Port: {{ .value | default "8080" }} +{{- end }} +{{- end }} +{{- if .Values.secrets.secretName }} +- Secrets mounted at: {{ .Values.secrets.mountPath }} +{{- end }} + +The app is ready for Wire environments! diff --git a/helm/githubapp/templates/_helpers.tpl b/helm/githubapp/templates/_helpers.tpl new file mode 100644 index 0000000..9306cc7 --- /dev/null +++ b/helm/githubapp/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "githubapp.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "githubapp.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "githubapp.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "githubapp.labels" -}} +helm.sh/chart: {{ include "githubapp.chart" . }} +{{ include "githubapp.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "githubapp.selectorLabels" -}} +app.kubernetes.io/name: {{ include "githubapp.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "githubapp.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "githubapp.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/githubapp/templates/configmap.yaml b/helm/githubapp/templates/configmap.yaml new file mode 100644 index 0000000..b7f1c04 --- /dev/null +++ b/helm/githubapp/templates/configmap.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "githubapp.fullname" . }}-config + labels: + {{- include "githubapp.labels" . | nindent 4 }} diff --git a/helm/githubapp/templates/pvc.yaml b/helm/githubapp/templates/pvc.yaml new file mode 100644 index 0000000..adc2a63 --- /dev/null +++ b/helm/githubapp/templates/pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "githubapp.fullname" . }}-pvc + annotations: + "helm.sh/resource-policy": keep + labels: + {{- include "githubapp.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + storageClassName: {{ .Values.persistence.storageClass }} diff --git a/helm/githubapp/templates/service.yaml b/helm/githubapp/templates/service.yaml new file mode 100644 index 0000000..46e08ef --- /dev/null +++ b/helm/githubapp/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "githubapp.fullname" . }} + labels: + {{- include "githubapp.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "githubapp.selectorLabels" . | nindent 4 }} diff --git a/helm/githubapp/templates/serviceaccount.yaml b/helm/githubapp/templates/serviceaccount.yaml new file mode 100644 index 0000000..86c681a --- /dev/null +++ b/helm/githubapp/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "githubapp.serviceAccountName" . }} + labels: + {{- include "githubapp.labels" . | nindent 4 }} diff --git a/helm/githubapp/templates/servicemonitor.yaml b/helm/githubapp/templates/servicemonitor.yaml new file mode 100644 index 0000000..f8e746e --- /dev/null +++ b/helm/githubapp/templates/servicemonitor.yaml @@ -0,0 +1,13 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "githubapp.fullname" . }} + labels: + {{- include "githubapp.labels" . | nindent 4 }} +spec: + endpoints: + - port: http + path: /metrics + selector: + matchLabels: + {{- include "githubapp.selectorLabels" . | nindent 6 }} diff --git a/helm/githubapp/templates/statefulset.yaml b/helm/githubapp/templates/statefulset.yaml new file mode 100644 index 0000000..fe3651e --- /dev/null +++ b/helm/githubapp/templates/statefulset.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "githubapp.fullname" . }} + labels: + {{- include "githubapp.labels" . | nindent 4 }} +spec: + serviceName: {{ include "githubapp.fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "githubapp.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "githubapp.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "githubapp.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + {{- if .Values.livenessProbe }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe }} + startupProbe: + {{- toYaml .Values.startupProbe | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + {{- range .Values.env }} + - name: {{ .name }} + value: {{ .value | quote }} + {{- end }} + {{- if .Values.secrets.secretName }} + - name: WIRE_SDK_API_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.secretName }} + key: WIRE_SDK_API_TOKEN + - name: WIRE_SDK_CRYPTO_STORAGE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.secretName }} + key: WIRE_SDK_CRYPTO_STORAGE_PASSWORD + {{- end }} + volumeMounts: + - name: data + mountPath: /opt/githubapp/storage + {{- if .Values.secrets.secretName }} + - name: secrets + mountPath: {{ .Values.secrets.mountPath }} + readOnly: true + {{- end }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "githubapp.fullname" . }}-pvc + {{- if .Values.secrets.secretName }} + - name: secrets + secret: + secretName: {{ .Values.secrets.secretName }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/githubapp/values.yaml b/helm/githubapp/values.yaml new file mode 100644 index 0000000..f3c0b59 --- /dev/null +++ b/helm/githubapp/values.yaml @@ -0,0 +1,108 @@ +replicaCount: 1 + +image: + repository: quay.io/wire/github-app + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "github-app" +fullnameOverride: "github-app" + +serviceAccount: + create: true + annotations: {} + name: "github-app-account" + +podAnnotations: {} + +podSecurityContext: {} + +securityContext: {} + +service: + type: ClusterIP + port: 80 + targetPort: 8080 + +# External secrets configuration +secrets: + secretName: "githubapp-secrets" + mountPath: "/etc/secrets" + +# Persistent storage configuration +persistence: + enabled: true + storageClass: "gp3-automode-nodepool" + accessMode: ReadWriteOnce + size: 1Gi + +resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 200m + memory: 256Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 1 + targetCPUUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# Environment variables for the application +env: + - name: PORT + value: "8080" + - name: WIRE_SDK_APPLICATION_ID + value: "" + - name: WIRE_SDK_API_HOST + value: "" + - name: GHAPP_API_HOST + value: "" + - name: GHAPP_REDIS_HOST + value: "" + - name: GHAPP_REDIS_PORT + value: "" + - name: GHAPP_SERVER_PORT + value: "" + +# Health check configuration (latest Kubernetes spec) +livenessProbe: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + +readinessProbe: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + +startupProbe: + httpGet: + path: /health + port: http + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 18 From be16427321501cb886eb18eed14c58b978ab8fad Mon Sep 17 00:00:00 2001 From: alexandreferris Date: Wed, 24 Jun 2026 13:35:26 +0200 Subject: [PATCH 2/2] chore: Integrate k8s setup * update values.yaml and statefulset.yaml based on Claude review --- helm/githubapp/templates/statefulset.yaml | 4 ++-- helm/githubapp/values.yaml | 8 +++----- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/helm/githubapp/templates/statefulset.yaml b/helm/githubapp/templates/statefulset.yaml index fe3651e..9100f18 100644 --- a/helm/githubapp/templates/statefulset.yaml +++ b/helm/githubapp/templates/statefulset.yaml @@ -61,11 +61,11 @@ spec: secretKeyRef: name: {{ .Values.secrets.secretName }} key: WIRE_SDK_API_TOKEN - - name: WIRE_SDK_CRYPTO_STORAGE_PASSWORD + - name: WIRE_SDK_CRYPTOGRAPHY_STORAGE_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.secrets.secretName }} - key: WIRE_SDK_CRYPTO_STORAGE_PASSWORD + key: WIRE_SDK_CRYPTOGRAPHY_STORAGE_PASSWORD {{- end }} volumeMounts: - name: data diff --git a/helm/githubapp/values.yaml b/helm/githubapp/values.yaml index f3c0b59..1977c38 100644 --- a/helm/githubapp/values.yaml +++ b/helm/githubapp/values.yaml @@ -58,20 +58,18 @@ affinity: {} # Environment variables for the application env: - - name: PORT - value: "8080" - - name: WIRE_SDK_APPLICATION_ID + - name: WIRE_SDK_APP_ID value: "" - name: WIRE_SDK_API_HOST value: "" - name: GHAPP_API_HOST value: "" + - name: GHAPP_SERVER_PORT + value: "" - name: GHAPP_REDIS_HOST value: "" - name: GHAPP_REDIS_PORT value: "" - - name: GHAPP_SERVER_PORT - value: "" # Health check configuration (latest Kubernetes spec) livenessProbe: