From 01e146db7c0164e0b05a93b2e5c416366180b11c Mon Sep 17 00:00:00 2001
From: "Waylon S. Walker" <waylon@waylonwalker>
Date: Sun, 23 Feb 2025 09:34:01 -0600
Subject: [PATCH] wip

---
 helm-chart/Chart.yaml                   |  6 ++++-
 helm-chart/templates/NOTES.txt          | 23 ++++++++++++++++
 helm-chart/templates/deployment.yaml    | 36 ++++++++++++++++++++-----
 helm-chart/templates/networkpolicy.yaml | 31 +++++++++++++++++++++
 helm-chart/templates/pdb.yaml           | 12 +++++++++
 helm-chart/values.yaml                  | 29 ++++++++++++++++++++
 6 files changed, 129 insertions(+), 8 deletions(-)
 create mode 100644 helm-chart/templates/NOTES.txt
 create mode 100644 helm-chart/templates/networkpolicy.yaml
 create mode 100644 helm-chart/templates/pdb.yaml

diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index 4745e68..ca8d107 100644
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,10 @@
 apiVersion: v2
+maintainers:
+  - name: Waylon Walker
+    email: waylon@waylonwalker.com
+kubeVersion: ">=1.19.0"
 icon: https://raw.githubusercontent.com/waylon/k8s-basic/master/helm-chart/logo.png
-name: k8s-pages
+name: k8s-basic
 description: A helm chart for basic container deployment
 type: application
 version: 1.0.0
diff --git a/helm-chart/templates/NOTES.txt b/helm-chart/templates/NOTES.txt
new file mode 100644
index 0000000..1f957d9
--- /dev/null
+++ b/helm-chart/templates/NOTES.txt
@@ -0,0 +1,23 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your application has been deployed with the following configuration:
+- Name: {{ .Values.name }}
+- Domain: {{ .Values.domain }}
+- Port: {{ .Values.port }}
+
+To access your application:
+  https://{{ .Values.name }}.{{ .Values.domain }}
+
+To check the status of your pods:
+  kubectl get pods -n {{ .Values.namespace | default .Values.name }} -l service={{ .Values.name }}
+
+To view the logs:
+  kubectl logs -n {{ .Values.namespace | default .Values.name }} -l service={{ .Values.name }}
+
+For troubleshooting:
+1. Check pod status:
+   kubectl describe pod -n {{ .Values.namespace | default .Values.name }} -l service={{ .Values.name }}
+2. Check ingress status:
+   kubectl describe ingress -n {{ .Values.namespace | default .Values.name }} {{ .Values.name }}
+3. Check service status:
+   kubectl describe service -n {{ .Values.namespace | default .Values.name }} {{ .Values.name }}
diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml
index b576f5c..ffade0e 100644
--- a/helm-chart/templates/deployment.yaml
+++ b/helm-chart/templates/deployment.yaml
@@ -15,9 +15,13 @@ spec:
       labels:
         service: {{ .Values.name }}
     spec:
+      securityContext:
+{{ toYaml .Values.podSecurityContext | indent 8 }}
       containers:
         - image: {{ .Values.image.repository }}/{{ .Values.image.name | default .Values.name }}:{{ .Values.image.tag }}
           name: {{ .Values.name }}
+          securityContext:
+{{ toYaml .Values.containerSecurityContext | indent 12 }}
           ports:
             - containerPort: {{ .Values.port }}
               protocol: TCP
@@ -30,21 +34,39 @@ spec:
               memory: {{ .Values.memoryLimit }}
           livenessProbe:
             httpGet:
-              path: /health
+              path: {{ .Values.probes.liveness.path }}
               port: {{ .Values.port }}
-            initialDelaySeconds: 15
-            periodSeconds: 20
+            initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
+            timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
+            failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+            successThreshold: {{ .Values.probes.liveness.successThreshold }}
           readinessProbe:
             httpGet:
-              path: /ready
+              path: {{ .Values.probes.readiness.path }}
               port: {{ .Values.port }}
-            initialDelaySeconds: 5
-            periodSeconds: 10
+            initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+            periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
+            timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
+            failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+            successThreshold: {{ .Values.probes.readiness.successThreshold }}
           startupProbe:
             httpGet:
-              path: /ready
+              path: {{ .Values.probes.readiness.path }}
               port: {{ .Values.port }}
             failureThreshold: 30
             periodSeconds: 10
       imagePullSecrets:
         - name: {{ .Values.imagePullSecret }}
+{{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+{{- end }}
+{{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
diff --git a/helm-chart/templates/networkpolicy.yaml b/helm-chart/templates/networkpolicy.yaml
new file mode 100644
index 0000000..ef58920
--- /dev/null
+++ b/helm-chart/templates/networkpolicy.yaml
@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace | default .Values.name }}
+  labels:
+    service: {{ .Values.name }}
+spec:
+  podSelector:
+    matchLabels:
+      service: {{ .Values.name }}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              name: ingress-nginx
+      ports:
+        - protocol: TCP
+          port: {{ .Values.port }}
+  egress:
+    - to:
+        - namespaceSelector: {}
+          podSelector: {}
+      ports:
+        - protocol: TCP
+          port: 53
+        - protocol: UDP
+          port: 53
\ No newline at end of file
diff --git a/helm-chart/templates/pdb.yaml b/helm-chart/templates/pdb.yaml
new file mode 100644
index 0000000..b37c8c7
--- /dev/null
+++ b/helm-chart/templates/pdb.yaml
@@ -0,0 +1,12 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ .Values.name }}
+  namespace: {{ .Values.namespace | default .Values.name }}
+  labels:
+    service: {{ .Values.name }}
+spec:
+  minAvailable: 1
+  selector:
+    matchLabels:
+      service: {{ .Values.name }}
\ No newline at end of file
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 9d2b02a..46c213a 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -15,3 +15,32 @@ cpuLimit: 500m
 memoryRequest: 100Mi
 memoryLimit: 500Mi
 targetMemoryUtilization: 400
+
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 10000
+  fsGroup: 10000
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+
+probes:
+  liveness:
+    path: /health
+    initialDelaySeconds: 15
+    periodSeconds: 20
+    timeoutSeconds: 5
+    failureThreshold: 3
+    successThreshold: 1
+  readiness:
+    path: /ready
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    timeoutSeconds: 3
+    failureThreshold: 3
+    successThreshold: 1
+
+nodeSelector: {}
+tolerations: []
+affinity: {}
\ No newline at end of file