feat(helm chart): [#40] Create a helm chart for APIClarity

.github/workflows/helm.yml

@@ -0,0 +1,57 @@
+name: Docker
+on:
+  push:
+    branches:
+      - feature/#40-create-a-helm-chart-for-apiclarity
+
+jobs:
+  helm:
+    name: Publish Helm Chart
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_VERSION: v0.3.0
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Replace release version
+        id: replace_version
+        run: find . -type f -name "values.yaml" -o -name "Chart.yaml" |
+          xargs sed -i -e s/latest/${{ env.RELEASE_VERSION }}/g
+
+      - name: Parse tag name
+        run: echo "TAG_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Add Bitnami Repository
+        run: helm repo add bitnami https://charts.bitnami.com/bitnami
+
+      - name: Run chart-testing (lint)
+        run: ct lint --check-version-increment=false --validate-maintainers=false
+          --target-branch ${{ env.TAG_NAME }}
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        with:
+          charts_dir: charts
+          config: charts/cr.yaml
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

README.md

@@ -56,77 +56,33 @@ make backend
    See the [Official installation instructions](https://istio.io/latest/docs/setup/getting-started/#install)
    for more information.
 
-2. Clone the apiclarity repository to your local system
+2. Add Helm repo
 
    ```shell
-   git clone https://github.com/apiclarity/apiclarity
-   cd apiclarity
+   helm repo add apiclarity https://apiclarity.github.io/apiclarity
    ```
 
-3. Deploy APIClarity in K8s. It will be deployed in a new namespace `apiclarity`:
+3. Deploy APIClarity with Helm
 
    ```shell
-   kubectl apply -f deployment/apiclarity.yaml
+   helm install --set 'global.namespaces={namespace1,namespace2}' apiclarity apiclarity/apiclarity -n apiclarity
    ```
+  **Note**:
+  namespace1 and namespace2 are the namespaces where the Envoy Wasm filters will be deployed to allow traffic tracing.
 
-   Note: The manifest uses `PersistentVolumeClaim`s to request two persistent
-   volumes. Make sure you have a default `StorageClass` available in your
-   cluster or, if deploying on a cluster that does not have this, edit the
-   manifest to provide your own local storage configuration.
-4. Verify that APIClarity is running:
-
-   ```shell
-   $ kubectl get pods -n apiclarity
-   NAME                        READY   STATUS    RESTARTS   AGE
-   apiclarity-5df5fd6d98-h8v7t   1/1     Running   0          15m
-   apiclarity-postgresql-0       1/1     Running   0          15m
-   ```
-
-5. Initialize and pull the `wasm-filters` submodule:
-
-   ```shell
-   git submodule init wasm-filters
-   git submodule update wasm-filters
-   cd wasm-filters
-   ```
-
-6. Deploy the Envoy Wasm filter for capturing the traffic:
-
-   Run the Wasm deployment script for selected namespaces to allow traffic
-   tracing.
-
-   Tracing is accomplished by patching the Istio sidecars within the pods
-   to load the APIClarity Wasm filter. So ensure [Istio sidecar injection](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/)
-   is enabled for all namespaces you intend to trace before deploying anything
-   to that namespace.
-
-   The script will automatically:
-   - Deploy the Wasm filter binary as a config map
-   - Deploy the Istio Envoy filter to use the Wasm binary
-   - Patch all deployment annotations within the selected namespaces to mount
-     the Wasm binary
-
-   ```shell
-   ./deploy.sh <namespace1> <namespace2> ...
-   ```
-
-   **Note**:
-   To build the Wasm filter from source instead of using the pre-built binary,
-   please follow the instructions in the [wasm-filters](https://github.com/apiclarity/wasm-filters)
-   repository.
-7. Port forward to APIClarity UI:
+4. Port forward to APIClarity UI:
 
    ```shell
    kubectl port-forward -n apiclarity svc/apiclarity 9999:8080
    ```
 
-8. Open APIClarity UI in the browser: <http://localhost:9999/>
-9. Generate some traffic in the applications in the traced namespaces and check
+5. Open APIClarity UI in the browser: <http://localhost:9999/>
+6. Generate some traffic in the applications in the traced namespaces and check
    the APIClarity UI :)
 
 ## Configurations
 
-The file `deployment/apiclarity.yaml` is used to deploy and configure APIClarity on your cluster.
+The file `values.yaml` is used to deploy and configure APIClarity on your cluster via Helm.
 
 1. Set `RESPONSE_HEADERS_TO_IGNORE` and `REQUEST_HEADERS_TO_IGNORE` with a space separated list of headers to ignore when reconstructing the spec.
 

charts/apiclarity/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 10.12.2
+digest: sha256:1069221691382635193a5f8837b867553d567ee03d575f38ab8fb13cee324277
+generated: "2021-10-08T13:16:24.758958+02:00"

charts/apiclarity/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: apiclarity
+appVersion: latest
+description: Charts for apiclarity deployment. Reconstruct OpenAPI Specifications from real-time workload traffic seamlessly.
+version: latest
+home: https://apiclarity.io/
+icon: https://github.com/apiclarity/apiclarity/raw/master/API_clarity.svg
+sources:
+  - https://github.com/apiclarity/apiclarity
+maintainers:
+  - name: API Clarity
+    url: https://apiclarity.io
+type: application
+dependencies:
+  - name: postgresql
+    version: "10.12.2"
+    repository: https://charts.bitnami.com/bitnami
+    condition: apiclarity-postgresql.enabled
+    alias: apiclarity-postgresql

charts/apiclarity/templates/NOTES.txt

@@ -0,0 +1,9 @@
+Thank you for installing {{ .Chart.Name | upper }}.
+
+Your release is named {{ .Release.Name }}.
+
+Here is how to access the APIClarity UI:
+
+    $ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ .Release.Name }}-apiclarity 9999:8080
+    $ Open APIClarity UI in the browser: http://localhost:9999/
+    $ Generate some traffic in the applications in the traced namespaces and check the APIClarity UI :)

charts/apiclarity/templates/_helpers.tpl

@@ -0,0 +1,17 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Name of the chart.
+*/}}
+{{- define "apiclarity.name" -}}
+{{- printf "%s-%s" .Release.Name .Chart.Name -}}
+{{- end -}}
+
+{{/*
+Helm labels.
+*/}}
+{{- define "apiclarity.labels" -}}
+    app.kubernetes.io/name: {{ include "apiclarity.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+{{- end -}}

charts/apiclarity/templates/clusterrole.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "apiclarity.name" . }}
+  namespace: '{{ .Release.Namespace }}'
+  labels:
+    {{ include "apiclarity.labels" . }}
+rules:
+- apiGroups: [""]
+  resources: ["nodes", "services"]
+  verbs: ["get", "list", "watch"]

charts/apiclarity/templates/clusterrolebinding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "apiclarity.name" . }}
+  namespace: '{{ .Release.Namespace }}'
+  labels:
+    {{ include "apiclarity.labels" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "apiclarity.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "apiclarity.name" . }}
+    namespace: '{{ .Release.Namespace }}'

charts/apiclarity/templates/configmap.yaml

@@ -0,0 +1,115 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "apiclarity.name" . }}-headers-to-ignore-configmap
+  namespace: '{{ .Release.Namespace }}'
+  labels:
+    {{ include "apiclarity.labels" . }}
+data:
+  request.headers: |-
+    x-forwarded-proto
+    x-request-id
+    x-b3-traceid
+    x-b3-sampled
+    x-b3-spanid
+    x-span-name
+    x-b3-parentspanid
+    A-IM
+    Accept
+    Accept-Charset
+    Accept-Encoding
+    Accept-Language
+    Accept-Datetime
+    Access-Control-Request-Method
+    Access-Control-Request-Headers
+    Authorization
+    Cache-Control
+    Connection
+    Content-Length
+    Content-Type
+    Cookie
+    Date
+    Expect
+    Forwarded
+    From
+    Host
+    If-Match
+    If-Modified-Since
+    If-None-Match
+    If-Range
+    If-Unmodified-Since
+    Max-Forwards
+    Origin
+    Pragma
+    Proxy-Authorization
+    Range
+    Referer
+    TE
+    User-Agent
+    Upgrade
+    Via
+    Warning
+  response.headers: |-
+    x-application-context
+    Access-Control-Allow-Credentials
+    Access-Control-Allow-Headers
+    Access-Control-Allow-Methods
+    Access-Control-Allow-Origin
+    Access-Control-Expose-Headers
+    Access-Control-Max-Age
+    Accept-Ranges
+    Age
+    Allow
+    Alternate-Protocol
+    Cache-Control
+    Client-Date
+    Client-Peer
+    Client-Response-Num
+    Connection
+    Content-Disposition
+    Content-Encoding
+    Content-Language
+    Content-Length
+    Content-Location
+    Content-MD5
+    Content-Range
+    Content-Security-Policy
+    X-Content-Security-Policy
+    X-WebKit-CSP
+    Content-Security-Policy-Report-Only
+    Content-Type
+    Date
+    ETag
+    Expires
+    HTTP
+    Keep-Alive
+    Last-Modified
+    Link
+    Location
+    P3P
+    Pragma
+    Proxy-Authenticate
+    Proxy-Connection
+    Refresh
+    Retry-After
+    Server
+    Set-Cookie
+    Status
+    Strict-Transport-Security
+    Timing-Allow-Origin
+    Trailer
+    Transfer-Encoding
+    Upgrade
+    Vary
+    Via
+    Warning
+    WWW-Authenticate
+    X-Aspnet-Version
+    X-Content-Type-Options
+    X-Frame-Options
+    X-Permitted-Cross-Domain-Policies
+    X-Pingback
+    X-Powered-By
+    X-Robots-Tag
+    X-UA-Compatible
+    X-XSS-Protection