A collection of Helm charts
helm repo add chgl https://chgl.github.io/charts
helm repo update
Also available as OCI artifacts: https://github.com/chgl?tab=packages&repo_name=charts.
Each update to the charts is scanned using Kubescape against several security frameworks. The reports are published online at:
- NSA: https://chgl.github.io/charts/kubescape-reports/nsa.html
- MITRE: https://chgl.github.io/charts/kubescape-reports/mitre.html
- CIS: https://chgl.github.io/charts/kubescape-reports/cis-v1.23-t1.0.1.html
(Optional) Install the pre-commit hooks
pip install pre-commit pre-commit install
(Optional) Setup a KinD cluster with Nginx ingress
# configures kind to listen on port 80 and 443 and make nodes ingress-ready kind create cluster --config=hack/kind-config.yaml # setup NGINX Ingress controller kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml # (optional) install metrics-server to test VPA & HPA helm repo add metrics-server -n kube-system https://kubernetes-sigs.github.io/metrics-server/ helm upgrade --install --set="args[0]=--kubelet-insecure-tls" metrics-server metrics-server/metrics-server
Make changes to the charts
Mount the folder in the kube-powertools container to easily run linters and checks
docker run --rm -it -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.46@sha256:ccc2a2630dfb0d5f1b6964ac5a78981f183ce6b9255e9df55ff3d23a5f84c320
Run chart-testing and the
script to lint the chartchart-powerlint.sh
(Optional) View the results of the polaris audit check in your browser
$ docker run --rm -it -p 9090:8080 -v $PWD:/root/workspace ghcr.io/chgl/kube-powertools:v2.3.46@sha256:ccc2a2630dfb0d5f1b6964ac5a78981f183ce6b9255e9df55ff3d23a5f84c320 bash-5.0: helm template charts/fhir-server/ | polaris dashboard --config=.polaris.yaml --audit-path=-
You can now open your browser at http://localhost:9090 and see the results and recommendations.
Bump the version in the changed Chart.yaml according to SemVer (The
ct lint
step above will complain if you forget to update the version.) -
to auto-generate an updated READMEgenerate-docs.sh