Skip to content

chgl/charts

Repository files navigation

Charts

Artifact Hub OpenSSF Scorecard

A collection of Helm charts

helm repo add chgl https://chgl.github.io/charts
helm repo update

Note

Also available as OCI artifacts: https://github.com/chgl?tab=packages&repo_name=charts.

Compliance Reports

Each update to the charts is scanned using Kubescape against several security frameworks. The reports are published online at:

Development

  1. (Optional) Install the pre-commit hooks

    pip install pre-commit
    pre-commit install
  2. (Optional) Setup a KinD cluster with Nginx ingress

    # configures kind to listen on port 80 and 443 and make nodes ingress-ready
    kind create cluster --config=hack/kind-config.yaml
    # setup NGINX Ingress controller
    kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml
    # (optional) install metrics-server to test VPA & HPA
    helm repo add metrics-server -n kube-system https://kubernetes-sigs.github.io/metrics-server/
    helm upgrade --install --set="args[0]=--kubelet-insecure-tls" metrics-server metrics-server/metrics-server
  3. Make changes to the charts

  4. Mount the folder in the kube-powertools container to easily run linters and checks

    docker run --rm -it -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.37@sha256:8cf87bcc6326e63a35d1cd43a831677023c7d9a94b0661b19c4f18edac691659
  5. Run chart-testing and the chart-powerlint.sh script to lint the chart

    chart-powerlint.sh
  6. (Optional) View the results of the polaris audit check in your browser

    $ docker run --rm -it -p 9090:8080 -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.37@sha256:8cf87bcc6326e63a35d1cd43a831677023c7d9a94b0661b19c4f18edac691659
    bash-5.0: helm template charts/fhir-server/ | polaris dashboard --config=.polaris.yaml --audit-path=-

    You can now open your browser at http://localhost:9090 and see the results and recommendations.

  7. Bump the version in the changed Chart.yaml according to SemVer (The ct lint step above will complain if you forget to update the version.)

  8. Run generate-docs.sh to auto-generate an updated README

    generate-docs.sh