From c59ef9f30ca4663e868ede303d88023782bd7ea5 Mon Sep 17 00:00:00 2001 From: sai karthik Date: Mon, 25 May 2026 11:21:25 +0530 Subject: [PATCH] Add Hermes Helm chart --- charts/hermes/Chart.yaml | 6 +++ charts/hermes/README.md | 47 +++++++++++++++++++ charts/hermes/templates/_helpers.tpl | 29 ++++++++++++ charts/hermes/templates/deployment.yaml | 60 +++++++++++++++++++++++++ charts/hermes/templates/pvc.yaml | 17 +++++++ charts/hermes/templates/service.yaml | 16 +++++++ charts/hermes/values.yaml | 35 +++++++++++++++ 7 files changed, 210 insertions(+) create mode 100644 charts/hermes/Chart.yaml create mode 100644 charts/hermes/README.md create mode 100644 charts/hermes/templates/_helpers.tpl create mode 100644 charts/hermes/templates/deployment.yaml create mode 100644 charts/hermes/templates/pvc.yaml create mode 100644 charts/hermes/templates/service.yaml create mode 100644 charts/hermes/values.yaml diff --git a/charts/hermes/Chart.yaml b/charts/hermes/Chart.yaml new file mode 100644 index 000000000..bdfcd1c77 --- /dev/null +++ b/charts/hermes/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: hermes +description: Helm chart for Hermes Agent +type: application +version: 0.1.0 +appVersion: latest diff --git a/charts/hermes/README.md b/charts/hermes/README.md new file mode 100644 index 000000000..e8ed2e46e --- /dev/null +++ b/charts/hermes/README.md @@ -0,0 +1,47 @@ +# Hermes Helm Chart + +This chart deploys the Hermes Agent image from the private Gitea registry. + +The current `git.openputer.com/common/hermes:latest` image is amd64-only, so +the default values schedule pods on amd64 nodes. + +## Registry Secret + +Create the registry pull secret in the target namespace before installing: + +```sh +kubectl create namespace hermes +kubectl create secret docker-registry gitea-registry \ + --namespace hermes \ + --docker-server=git.openputer.com \ + --docker-username='' \ + --docker-password='' +``` + +## Install + +```sh +helm upgrade --install hermes ./charts/hermes \ + --namespace hermes \ + --create-namespace +``` + +## Check + +```sh +kubectl get pods -n hermes +kubectl logs -n hermes deploy/hermes +``` + +## Dashboard + +The dashboard is disabled by default. If you enable it, keep it behind +authentication or a private tunnel. + +```sh +helm upgrade --install hermes ./charts/hermes \ + --namespace hermes \ + --set env.HERMES_DASHBOARD=1 \ + --set env.HERMES_DASHBOARD_HOST=0.0.0.0 \ + --set service.enabled=true +``` diff --git a/charts/hermes/templates/_helpers.tpl b/charts/hermes/templates/_helpers.tpl new file mode 100644 index 000000000..eeb4e40c6 --- /dev/null +++ b/charts/hermes/templates/_helpers.tpl @@ -0,0 +1,29 @@ +{{- define "hermes.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "hermes.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "hermes.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/name: {{ include "hermes.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "hermes.selectorLabels" -}} +app.kubernetes.io/name: {{ include "hermes.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/hermes/templates/deployment.yaml b/charts/hermes/templates/deployment.yaml new file mode 100644 index 000000000..336be3a84 --- /dev/null +++ b/charts/hermes/templates/deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "hermes.fullname" . }} + labels: + {{- include "hermes.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "hermes.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "hermes.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: hermes + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + {{- toYaml .Values.command | nindent 12 }} + env: + - name: HERMES_HOME + value: /opt/data + {{- range $name, $value := .Values.env }} + - name: {{ $name }} + value: {{ $value | quote }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: hermes-data + mountPath: /opt/data + volumes: + - name: hermes-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "hermes.fullname" . }}-data + {{- else }} + emptyDir: {} + {{- end }} diff --git a/charts/hermes/templates/pvc.yaml b/charts/hermes/templates/pvc.yaml new file mode 100644 index 000000000..4b6d20709 --- /dev/null +++ b/charts/hermes/templates/pvc.yaml @@ -0,0 +1,17 @@ +{{- if .Values.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "hermes.fullname" . }}-data + labels: + {{- include "hermes.labels" . | nindent 4 }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- if .Values.persistence.storageClassName }} + storageClassName: {{ .Values.persistence.storageClassName }} + {{- end }} +{{- end }} diff --git a/charts/hermes/templates/service.yaml b/charts/hermes/templates/service.yaml new file mode 100644 index 000000000..4bbb28586 --- /dev/null +++ b/charts/hermes/templates/service.yaml @@ -0,0 +1,16 @@ +{{- if .Values.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "hermes.fullname" . }} + labels: + {{- include "hermes.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + selector: + {{- include "hermes.selectorLabels" . | nindent 4 }} + ports: + - name: http + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} +{{- end }} diff --git a/charts/hermes/values.yaml b/charts/hermes/values.yaml new file mode 100644 index 000000000..3e801ab17 --- /dev/null +++ b/charts/hermes/values.yaml @@ -0,0 +1,35 @@ +image: + repository: git.openputer.com/common/hermes + tag: latest + pullPolicy: IfNotPresent + +imagePullSecrets: + - name: gitea-registry + +replicaCount: 1 + +command: + - gateway + - run + +env: {} + +persistence: + enabled: true + size: 10Gi + storageClassName: "" + +service: + enabled: false + type: ClusterIP + port: 9119 + targetPort: 9119 + +resources: {} + +nodeSelector: + kubernetes.io/arch: amd64 + +tolerations: [] + +affinity: {}