Add Hermes Helm chart

2026-05-25 11:21:25 +05:30
parent 186bf25cb1
commit c59ef9f30c
7 changed files with 210 additions and 0 deletions
--- a/charts/hermes/Chart.yaml
+++ b/charts/hermes/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: hermes
+description: Helm chart for Hermes Agent
+type: application
+version: 0.1.0
+appVersion: latest
--- a/charts/hermes/README.md
+++ b/charts/hermes/README.md
@@ -0,0 +1,47 @@
+# Hermes Helm Chart
+
+This chart deploys the Hermes Agent image from the private Gitea registry.
+
+The current `git.openputer.com/common/hermes:latest` image is amd64-only, so
+the default values schedule pods on amd64 nodes.
+
+## Registry Secret
+
+Create the registry pull secret in the target namespace before installing:
+
+```sh
+kubectl create namespace hermes
+kubectl create secret docker-registry gitea-registry \
+  --namespace hermes \
+  --docker-server=git.openputer.com \
+  --docker-username='<username>' \
+  --docker-password='<token-or-password>'
+```
+
+## Install
+
+```sh
+helm upgrade --install hermes ./charts/hermes \
+  --namespace hermes \
+  --create-namespace
+```
+
+## Check
+
+```sh
+kubectl get pods -n hermes
+kubectl logs -n hermes deploy/hermes
+```
+
+## Dashboard
+
+The dashboard is disabled by default. If you enable it, keep it behind
+authentication or a private tunnel.
+
+```sh
+helm upgrade --install hermes ./charts/hermes \
+  --namespace hermes \
+  --set env.HERMES_DASHBOARD=1 \
+  --set env.HERMES_DASHBOARD_HOST=0.0.0.0 \
+  --set service.enabled=true
+```
--- a/charts/hermes/templates/_helpers.tpl
+++ b/charts/hermes/templates/_helpers.tpl
@@ -0,0 +1,29 @@
+{{- define "hermes.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "hermes.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "hermes.labels" -}}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+app.kubernetes.io/name: {{ include "hermes.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{- define "hermes.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "hermes.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
--- a/charts/hermes/templates/deployment.yaml
+++ b/charts/hermes/templates/deployment.yaml
@@ -0,0 +1,60 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "hermes.fullname" . }}
+  labels:
+    {{- include "hermes.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "hermes.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "hermes.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: hermes
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            {{- toYaml .Values.command | nindent 12 }}
+          env:
+            - name: HERMES_HOME
+              value: /opt/data
+            {{- range $name, $value := .Values.env }}
+            - name: {{ $name }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: hermes-data
+              mountPath: /opt/data
+      volumes:
+        - name: hermes-data
+          {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "hermes.fullname" . }}-data
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
--- a/charts/hermes/templates/pvc.yaml
+++ b/charts/hermes/templates/pvc.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "hermes.fullname" . }}-data
+  labels:
+    {{- include "hermes.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+  {{- if .Values.persistence.storageClassName }}
+  storageClassName: {{ .Values.persistence.storageClassName }}
+  {{- end }}
+{{- end }}
--- a/charts/hermes/templates/service.yaml
+++ b/charts/hermes/templates/service.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "hermes.fullname" . }}
+  labels:
+    {{- include "hermes.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  selector:
+    {{- include "hermes.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: http
+      port: {{ .Values.service.port }}
+      targetPort: {{ .Values.service.targetPort }}
+{{- end }}
--- a/charts/hermes/values.yaml
+++ b/charts/hermes/values.yaml
@@ -0,0 +1,35 @@
+image:
+  repository: git.openputer.com/common/hermes
+  tag: latest
+  pullPolicy: IfNotPresent
+
+imagePullSecrets:
+  - name: gitea-registry
+
+replicaCount: 1
+
+command:
+  - gateway
+  - run
+
+env: {}
+
+persistence:
+  enabled: true
+  size: 10Gi
+  storageClassName: ""
+
+service:
+  enabled: false
+  type: ClusterIP
+  port: 9119
+  targetPort: 9119
+
+resources: {}
+
+nodeSelector:
+  kubernetes.io/arch: amd64
+
+tolerations: []
+
+affinity: {}