diff --git a/.github/workflows/chart-test.yml b/.github/workflows/chart-test.yml new file mode 100644 index 0000000..7f545f2 --- /dev/null +++ b/.github/workflows/chart-test.yml @@ -0,0 +1,44 @@ +name: Chart Lint and Test + +on: + pull_request: + paths: + - 'charts/**' + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + + - name: Install Python + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + with: + python-version: '3.12' + + - name: Install chart-testing + uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 + + - name: Run chart-testing (lint) + run: ct lint --charts charts/kasm --check-version-increment=false + + validate: + runs-on: ubuntu-latest + needs: lint + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Install Helm + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + + - name: Validate chart + run: | + helm lint charts/kasm + helm template test-release charts/kasm --debug > /dev/null \ No newline at end of file diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml new file mode 100644 index 0000000..e070e68 --- /dev/null +++ b/.github/workflows/helm-release.yml @@ -0,0 +1,66 @@ +name: Release Charts + +on: + push: + branches: + - 'release/**' + paths: + - 'charts/**/Chart.yaml' + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: write + packages: write + +jobs: + release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + + - name: Setup gh-pages branch + run: | + if ! git ls-remote --heads origin gh-pages >/dev/null 2>&1; then + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + git checkout --orphan gh-pages + git rm -rf . + printf 'apiVersion: v1\nentries: {}\n' > index.yaml + git add index.yaml + git commit -m "Initialize Helm repository" + git push origin gh-pages + git checkout - + fi + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + + - name: Login to GitHub Container Registry + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Package and Push Helm Chart to OCI + run: | + helm package charts/kasm --version $(grep "version:" charts/kasm/Chart.yaml | awk '{print $2}') + helm push kasm-*.tgz oci://ghcr.io/${{ github.repository_owner }}/charts + + - name: Run chart-releaser + uses: helm/chart-releaser-action@a0d2dc62c5e491af8ef6ba64a2e02bcf3fb33aa1 # v1.7.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_SKIP_EXISTING: "true" \ No newline at end of file diff --git a/.github/workflows/oci-publish.yml b/.github/workflows/oci-publish.yml new file mode 100644 index 0000000..9c1cd71 --- /dev/null +++ b/.github/workflows/oci-publish.yml @@ -0,0 +1,36 @@ +name: Publish Chart to OCI + +on: + push: + branches: + - 'release/**' + paths: + - 'charts/**/Chart.yaml' + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + packages: write + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Install Helm + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + + - name: Login to GHCR + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io -u ${{ github.actor }} --password-stdin + + - name: Package and Push + run: | + helm package charts/kasm --destination ./dist + helm push dist/*.tgz oci://ghcr.io/${{ github.repository_owner }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index 64eefbc..cdf20dd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,14 @@ ## Ignore cert files *.key *.crt + +## Ignore Helm chart artifacts +*.tgz +dist/ +docs/*.tgz + +## Ignore IDE files +.idea/ +.vscode/ +*.swp +*.swo diff --git a/README.md b/README.md index 8913043..efe5104 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Kasm on Kubernetes (Helm Chart) -![Version: 1.1180.0](https://img.shields.io/badge/Version-1.1180.0-informational?style=flat-square) ![AppVersion: 1.18.0](https://img.shields.io/badge/AppVersion-1.18.0-informational?style=flat-square) +![Version: 1.1181.0](https://img.shields.io/badge/Version-1.1181.0-informational?style=flat-square) ![AppVersion: 1.18.1](https://img.shields.io/badge/AppVersion-1.18.1-informational?style=flat-square) -> ⚠️ **This Helm chart is not intended for production use.** +> ⚠️ **This Helm chart is currently under technical Preview. Potential users should be advised that it is suitable for demo and evaluation purposes.** > For advanced configurations, see the [Chart README](./charts/kasm/README.md). ## Overview @@ -10,9 +10,33 @@ This Helm chart enables you to deploy [Kasm Workspaces](https://kasm.com/) in Kubernetes with minimal friction. For more detailed information or procedures for upgrading your Kasm Kubernetes deployment, refer to our **[additional documentation](./docs)**. +> Important: The [Kasm agent](https://docs.kasm.com/docs/install/multi_server_install#install-agent-server-roles) is not included in this Helm chart. It must be installed separately on a VM or bare-metal server. A Kasm session cannot be started without a running agent. + ## Quickstart -Get up and running in just a few steps! +### Option 1: Using Helm Repository + +```bash +helm repo add kasm https://kasmtech.github.io/kasm-helm +helm repo update +helm install kasm kasm/kasm \ + --namespace {namespace} --create-namespace \ + --set publicAddr="kasm.contoso.com" \ + --set certificate.secretName="" +``` + +> **Note:** Requires GitHub Pages enabled. See [Setup Instructions](#github-pages-setup) below. + +### Option 2: Using OCI Registry + +```bash +helm install kasm oci://ghcr.io/kasmtech/kasm \ + --namespace {namespace} --create-namespace \ + --set publicAddr="kasm.contoso.com" \ + --set certificate.secretName="" +``` + +### Option 3: Cloning the Repository 1. **Clone the Helm Chart Repository:** ```bash @@ -92,7 +116,7 @@ After deployment, get your connection details and credentials: ## Upgrades & Versioning - **Branching:** - This repo maintains a release branch matching each Kasm Workspaces version (e.g., `release/1.18.0`). + This repo maintains a release branch matching each Kasm Workspaces version (e.g., `release/1.18.1`). Use the matching branch for your Kasm deployment version. - **Development:** Use the default `develop` branch for developer previews. @@ -106,6 +130,19 @@ After deployment, get your connection details and credentials: --- +## GitHub Pages Setup + +To enable the Helm repository (Option 2), GitHub Pages must be configured: + +1. Go to **Settings** → **Pages** +2. Set **Source** to `gh-pages` branch +3. Set **Folder** to `/ (root)` +4. Click **Save** + +The `gh-pages` branch is automatically created and maintained by the CI workflow when charts are released. + +--- + ## Troubleshooting - It may take several minutes for pods to be ready after install. diff --git a/charts/kasm/Chart.yaml b/charts/kasm/Chart.yaml index d44640b..96993f4 100644 --- a/charts/kasm/Chart.yaml +++ b/charts/kasm/Chart.yaml @@ -2,21 +2,21 @@ annotations: category: Virtual Desktop images: | - name: kasm-api - image: kasmweb/api:develop + image: kasmweb/api:1.18.1 - name: kasm-manager - image: kasmweb/manager:develop + image: kasmweb/manager:1.18.1 - name: kasm-db - image: kasmweb/postgres:develop + image: kasmweb/postgres:1.18.1 - name: kasm-proxy - image: kasmweb/proxy:develop + image: kasmweb/proxy:1.18.1 - name: kasm-guac - image: kasmweb/kasm-guac:develop + image: kasmweb/kasm-guac:1.18.1 - name: rdp-gateway - image: kasmweb/rdp-gateway:develop + image: kasmweb/rdp-gateway:1.18.1 - name: rdp-gateway - image: kasmweb/rdp-https-gateway:develop + image: kasmweb/rdp-https-gateway:1.18.1 apiVersion: v2 -appVersion: develop +appVersion: 1.18.1 name: kasm description: Kasm is a platform specializing in providing secure browser-based workspaces for a wide range of applications and industries. Its main goal is to provide isolated and secure environments that can be accessed via web browsers, ensuring that users can perform tasks without risking the security of their local systems. icon: https://kasm-static-content.s3.amazonaws.com/icons/kasm-logo-small.png @@ -28,4 +28,4 @@ keywords: maintainers: - name: Kasm Technologies, Inc. url: https://github.com/kasmtech/kasm-helm -version: 1.1180.0-develop +version: 1.1181.3 diff --git a/charts/kasm/README.md b/charts/kasm/README.md index eedc26f..0c44d43 100644 --- a/charts/kasm/README.md +++ b/charts/kasm/README.md @@ -1,9 +1,11 @@ # Kasm on Kubernetes -![Version: 1.1180.0](https://img.shields.io/badge/Version-1.1180.0-informational?style=flat-square) ![AppVersion: 1.18.0](https://img.shields.io/badge/AppVersion-1.18.0-informational?style=flat-square) +![Version: 1.1181.0](https://img.shields.io/badge/Version-1.1181.0-informational?style=flat-square) ![AppVersion: 1.18.1](https://img.shields.io/badge/AppVersion-1.18.1-informational?style=flat-square) Kasm is a platform specializing in providing secure browser-based workspaces for a wide range of applications and industries. Its main goal is to provide isolated and secure environments that can be accessed via web browsers, ensuring that users can perform tasks without risking the security of their local systems. +> Important: The [Kasm agent](https://docs.kasm.com/docs/install/multi_server_install#install-agent-server-roles) is not included in this Helm chart. It must be installed separately on a VM or bare-metal server. A Kasm session cannot be started without a running agent. + **Homepage:** ## Maintainers @@ -363,7 +365,7 @@ object 
 repository: kasmweb/postgres
-tag: 1.18.0
+tag: 1.18.1
@@ -617,7 +619,7 @@ object 
 repository: kasmweb/proxy
-tag: 1.18.0
+tag: 1.18.1
@@ -674,7 +676,7 @@ object 
 repository: kasmweb/api
-tag: 1.18.0
+tag: 1.18.1
@@ -731,7 +733,7 @@ object 
 repository: kasmweb/manager
-tag: 1.18.0
+tag: 1.18.1
@@ -788,7 +790,7 @@ object 
 repository: kasmweb/kasm-guac
-tag: 1.18.0
+tag: 1.18.1
@@ -859,7 +861,7 @@ object 
 repository: kasmweb/rdp-gateway
-tag: 1.18.0
+tag: 1.18.1
@@ -930,7 +932,7 @@ object 
 repository: kasmweb/rdp-https-gateway
-tag: 1.18.0
+tag: 1.18.1
@@ -1001,7 +1003,7 @@ object 
 repository: kasmweb/share
-tag: 1.18.0
+tag: 1.18.1
diff --git a/charts/kasm/values.schema.json b/charts/kasm/values.schema.json index a3653ee..0e7b9c3 100644 --- a/charts/kasm/values.schema.json +++ b/charts/kasm/values.schema.json @@ -202,7 +202,7 @@ "type": "string" }, "tag": { - "default": "1.18.0", + "default": "1.18.1", "title": "tag", "type": "string" } @@ -263,7 +263,7 @@ "type": "string" }, "tag": { - "default": "1.18.0", + "default": "1.18.1", "title": "tag", "type": "string" } @@ -318,7 +318,7 @@ "type": "string" }, "tag": { - "default": "1.18.0", + "default": "1.18.1", "title": "tag", "type": "string" } @@ -373,7 +373,7 @@ "type": "string" }, "tag": { - "default": "1.18.0", + "default": "1.18.1", "title": "tag", "type": "string" } @@ -434,7 +434,7 @@ "type": "string" }, "tag": { - "default": "1.18.0", + "default": "1.18.1", "title": "tag", "type": "string" } @@ -495,7 +495,7 @@ "type": "string" }, "tag": { - "default": "1.18.0", + "default": "1.18.1", "title": "tag", "type": "string" } @@ -560,7 +560,7 @@ "type": "string" }, "tag": { - "default": "1.18.0", + "default": "1.18.1", "title": "tag", "type": "string" } diff --git a/charts/kasm/values.yaml b/charts/kasm/values.yaml index 1578cee..d509297 100644 --- a/charts/kasm/values.yaml +++ b/charts/kasm/values.yaml @@ -177,7 +177,7 @@ database: # image: repository: kasmweb/postgres - tag: develop + tag: 1.18.1 # Configure the Storage for the Kasm DB StatefulSet # storage: @@ -263,7 +263,7 @@ components: # image: repository: kasmweb/proxy - tag: develop + tag: 1.18.1 # components.proxy.annotations -- Custom annotations to add to the Kasm Proxy Deployment annotations: {} # components.proxy.resources -- Manually configure the Kasm Proxy Deployment resources. This overrides the pre-defined `deploymentSize` values. @@ -278,7 +278,7 @@ components: # image: repository: kasmweb/api - tag: develop + tag: 1.18.1 # components.api.annotations -- Custom annotations to add to the Kasm api Deployment annotations: {} # components.api.resources -- Manually configure the Kasm api Deployment resources. This overrides the pre-defined `deploymentSize` values. @@ -293,7 +293,7 @@ components: # image: repository: kasmweb/manager - tag: develop + tag: 1.18.1 # components.manager.annotations -- Custom annotations to add to the Kasm Manager Deployment annotations: {} # components.manager.resources -- Manually configure the Kasm Manager Deployment resources. This overrides the pre-defined `deploymentSize` values. @@ -308,7 +308,7 @@ components: # image: repository: kasmweb/kasm-guac - tag: develop + tag: 1.18.1 # components.guac.enabled -- Use this setting to enable/disable deployment of the Kasm Guacamole web RDP service - # [Kasm Guac Service](https://docs.kasm.com/docs/guide/connection_proxies#guacamole-guac). # @@ -327,7 +327,7 @@ components: # image: repository: kasmweb/rdp-gateway - tag: develop + tag: 1.18.1 # components.rdpGateway.enabled -- Use this setting to enable/disable deployment of the Kasm RDP Gateway service - # [Kasm RDP Gateway](https://docs.kasm.com/docs/guide/connection_proxies#rdp-gateway). # @@ -346,7 +346,7 @@ components: # image: repository: kasmweb/rdp-https-gateway - tag: develop + tag: 1.18.1 # components.rdpHttpsGateway.enabled -- Use this setting to enable/disable deployment of the Kasm RDP HTTPS Gateway service. # This service allows users to use native RDP clients via HTTPS connections rather than exposing 3389 - # [Kasm RDP HTTPS Gateway](https://docs.kasm.com/docs/guide/connection_proxies#rdp-https-gateway. diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 0000000..2ce0f50 --- /dev/null +++ b/ct.yaml @@ -0,0 +1,4 @@ +chart-dirs: + - charts +target-branch: develop +validate-maintainers: false \ No newline at end of file diff --git a/docs/kasm-upgrade.md b/docs/kasm-upgrade.md index 2889368..39180de 100644 --- a/docs/kasm-upgrade.md +++ b/docs/kasm-upgrade.md @@ -14,9 +14,9 @@ This guide walks you through safely **upgrading your Kasm deployment on Kubernet | Scenario | Use This Section | |------------------------------------------------------------|-------------------------------------------------------------------| -| Upgrade legacy `kasm-single-zone` chart 1.17.0 -> 1.1180.0 | [Upgrade Legacy Helm Deployment](legacy-helm-chart-upgrade.md) | -| Upgrade new `kasm` chart 1.1170.0 -> 1.1180.0 | [Upgrade Existing Helm Deployment](new-helm-chart-upgrade.md) | -| Migrate VM deployment → K8s (v1.1180.0/latest) | [Migrate from VM to Kubernetes](vm-to-kubernetes.md) | +| Upgrade legacy `kasm-single-zone` chart 1.17.0 -> 1.1181.0 | [Upgrade Legacy Helm Deployment](legacy-helm-chart-upgrade.md) | +| Upgrade new `kasm` chart 1.1170.0 -> 1.1181.0 | [Upgrade Existing Helm Deployment](new-helm-chart-upgrade.md) | +| Migrate VM deployment → K8s (v1.1181.0/latest) | [Migrate from VM to Kubernetes](vm-to-kubernetes.md) | ### Assumptions: --- diff --git a/docs/template-files/db-backup.yaml b/docs/template-files/db-backup.yaml index ea24306..678cb35 100644 --- a/docs/template-files/db-backup.yaml +++ b/docs/template-files/db-backup.yaml @@ -15,7 +15,7 @@ spec: restartPolicy: OnFailure initContainers: - name: db-is-ready - image: kasmweb/api:1.18.0 + image: kasmweb/api:1.18.1 imagePullPolicy: IfNotPresent env: - name: POSTGRES_HOST @@ -29,7 +29,7 @@ spec: - | while ! pg_isready -h ${POSTGRES_HOST} -p ${POSTGRES_PORT} -t 10; do echo "Waiting for DB..."; sleep 5; done - name: kasm-old-db-backup-set-perms - image: kasmweb/api:1.18.0 + image: kasmweb/api:1.18.1 imagePullPolicy: IfNotPresent command: - /bin/sh @@ -47,7 +47,7 @@ spec: mountPath: /data/kasm-db-dump containers: - name: kasm-old-db-backup-container - image: kasmweb/api:1.18.0 + image: kasmweb/api:1.18.1 imagePullPolicy: IfNotPresent env: - name: POSTGRES_HOST diff --git a/docs/template-files/db-upload.yaml b/docs/template-files/db-upload.yaml index 506c4e6..dce177f 100644 --- a/docs/template-files/db-upload.yaml +++ b/docs/template-files/db-upload.yaml @@ -15,7 +15,7 @@ spec: restartPolicy: OnFailure initContainers: - name: kasm-old-db-upload-set-perms - image: kasmweb/api:1.18.0 + image: kasmweb/api:1.18.1 imagePullPolicy: IfNotPresent command: - /bin/sh @@ -33,7 +33,7 @@ spec: mountPath: /data/kasm-db-dump containers: - name: kasm-old-db-upload-container - image: kasmweb/api:1.18.0 + image: kasmweb/api:1.18.1 imagePullPolicy: IfNotPresent command: - "/bin/bash"