A collection of Helm charts
helm repo add chgl https://chgl.github.io/charts
helm repo update
Note
Also available as OCI artifacts: https://github.com/chgl?tab=packages&repo_name=charts.
Each update to the charts is scanned using Kubescape against several security frameworks. The reports are published online at:
- NSA: https://chgl.github.io/charts/kubescape-reports/nsa.html
- MITRE: https://chgl.github.io/charts/kubescape-reports/mitre.html
- CIS: https://chgl.github.io/charts/kubescape-reports/cis-v1.23-t1.0.1.html
-
(Optional) Install the pre-commit hooks
pip install pre-commit pre-commit install
-
(Optional) Setup a KinD cluster with Nginx ingress
# configures kind to listen on port 80 and 443 and make nodes ingress-ready kind create cluster --config=hack/kind-config.yaml # setup NGINX Ingress controller kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml # (optional) install metrics-server to test VPA & HPA helm repo add metrics-server -n kube-system https://kubernetes-sigs.github.io/metrics-server/ helm upgrade --install --set="args[0]=--kubelet-insecure-tls" metrics-server metrics-server/metrics-server
-
Make changes to the charts
-
Mount the folder in the kube-powertools container to easily run linters and checks
docker run --rm -it -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.30@sha256:b7e588f30df97635c271e49ebd15e84c3d2845a67f0eaf20e9c273ad269b2964
-
Run chart-testing and the
chart-powerlint.sh
script to lint the chartchart-powerlint.sh
-
(Optional) View the results of the polaris audit check in your browser
$ docker run --rm -it -p 9090:8080 -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.30@sha256:b7e588f30df97635c271e49ebd15e84c3d2845a67f0eaf20e9c273ad269b2964 bash-5.0: helm template charts/fhir-server/ | polaris dashboard --config=.polaris.yaml --audit-path=-
You can now open your browser at http://localhost:9090 and see the results and recommendations.
-
Bump the version in the changed Chart.yaml according to SemVer (The
ct lint
step above will complain if you forget to update the version.) -
Run
generate-docs.sh
to auto-generate an updated READMEgenerate-docs.sh