waylon 0.2.0 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e39e7cf23c579184040ecee30a85aaa0a4ca657a01e1736b5b454af2d9c49e41
-  data.tar.gz: a8a94947d9cb68399930d418bb0f119dc53e0bd620082c2838569f4a3f28aa53
+  metadata.gz: b6e508ed000d1dce991935f7e6ada801dd5679946f5944a7a0b031cbecdaef38
+  data.tar.gz: 2102525187599fe90e4747e807aff22c1807f7d9634b363b3b9b9ab845a14a41
 SHA512:
-  metadata.gz: a21baa3f21ea92c0841c69a3a9cc910cbe04c242c0c8bb5520c0433c926fd38b385d920cbe7740b95c8ad9dd9dd23feeff226ba1951918ca941df40c8185788e
-  data.tar.gz: 3d2b968d6c8903c8e56a17b2c594f58bbc655779eacf33325586e7db3c616e799687add82cd1a12d9f9983fe76657c37ee9bbacf2948838536b20d25464ddd8a
+  metadata.gz: 7fff683217bf8dfa977798501d34f6768e5916baab883d6ffe7d3455b37d37e00e843081f00d6c02dfbfbf3140d443a67c4e595948754707c86db102921c3355
+  data.tar.gz: 70a7815bf45e69d29cee61b8593e150ac782a3daa7fd81126253fd67b93845cd9552b0ade32e46d7c5bc86292dc58d9cb02648730e840550311c849c2efda7be

data/Gemfile.lock

@@ -1,20 +1,24 @@
 PATH
   remote: .
   specs:
-    waylon (0.2.0)
+    waylon (0.2.2)
       rake (~> 13.0)
       waylon-core
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
+    backport (1.2.0)
+    benchmark (0.2.0)
     concurrent-ruby (1.1.10)
+    connection_pool (2.2.5)
     diff-lcs (1.5.0)
     docile (1.4.0)
-    faraday (1.10.0)
+    e2mmap (0.1.0)
+    faraday (1.10.2)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -38,38 +42,53 @@ GEM
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
     ffi (1.15.5)
-    i18n (1.10.0)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
+    jaro_winkler (1.5.4)
     json (2.6.2)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
     moneta (1.5.1)
     mono_logger (1.1.1)
     multi_json (1.15.0)
     multipart-post (2.2.3)
-    mustermann (1.1.1)
+    mustermann (2.0.2)
       ruby2_keywords (~> 0.0.1)
     nio4r (2.5.8)
+    nokogiri (1.13.8-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.13.8-x86_64-linux)
+      racc (~> 1.4)
     parallel (1.22.1)
-    parser (3.1.2.0)
+    parser (3.1.2.1)
       ast (~> 2.4.1)
-    public_suffix (4.0.7)
-    puma (5.6.4)
+    public_suffix (5.0.0)
+    puma (5.6.5)
       nio4r (~> 2.0)
-    rack (2.2.3.1)
-    rack-protection (2.2.0)
+    racc (1.6.0)
+    rack (2.2.4)
+    rack-protection (2.2.2)
       rack
     rainbow (3.1.1)
     rake (13.0.6)
     rbnacl (7.1.1)
       ffi
-    redis (4.6.0)
-    redis-namespace (1.8.2)
-      redis (>= 3.0.4)
+    redis (5.0.1)
+      redis-client (~> 0.7)
+    redis-client (0.7.1)
+      connection_pool
+    redis-namespace (1.9.0)
+      redis (>= 4)
     regexp_parser (2.5.0)
-    resque (2.2.1)
+    resque (2.3.0)
       mono_logger (~> 1.0)
       multi_json (~> 1.0)
       redis-namespace (~> 1.6)
       sinatra (>= 0.9.2)
+    reverse_markdown (2.1.1)
+      nokogiri
     rexml (3.2.5)
     rspec (3.11.0)
       rspec-core (~> 3.11.0)
@@ -84,21 +103,22 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.11.0)
     rspec-support (3.11.0)
-    rubocop (1.30.1)
+    rubocop (1.35.1)
+      json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.1.2.1)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.18.0, < 2.0)
+      rubocop-ast (>= 1.20.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.18.0)
+    rubocop-ast (1.21.0)
       parser (>= 3.1.1.0)
     rubocop-rake (0.6.0)
       rubocop (~> 1.0)
-    rubocop-rspec (2.11.1)
-      rubocop (~> 1.19)
+    rubocop-rspec (2.12.1)
+      rubocop (~> 1.31)
     ruby-progressbar (1.11.0)
     ruby2_keywords (0.0.5)
     simplecov (0.21.2)
@@ -107,14 +127,30 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
-    sinatra (2.2.0)
-      mustermann (~> 1.0)
+    sinatra (2.2.2)
+      mustermann (~> 2.0)
       rack (~> 2.2)
-      rack-protection (= 2.2.0)
+      rack-protection (= 2.2.2)
       tilt (~> 2.0)
-    tilt (2.0.10)
-    unicode-display_width (2.1.0)
-    waylon-core (0.2.0)
+    solargraph (0.46.0)
+      backport (~> 1.2)
+      benchmark
+      bundler (>= 1.17.2)
+      diff-lcs (~> 1.4)
+      e2mmap
+      jaro_winkler (~> 1.5)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.1)
+      parser (~> 3.0)
+      reverse_markdown (>= 1.0.5, < 3)
+      rubocop (>= 0.52)
+      thor (~> 1.0)
+      tilt (~> 2.0)
+      yard (~> 0.9, >= 0.9.24)
+    thor (1.2.1)
+    tilt (2.0.11)
+    unicode-display_width (2.2.0)
+    waylon-core (0.2.2)
       addressable (~> 2.8)
       faraday (~> 1.8)
       i18n (~> 1.8)
@@ -139,6 +175,7 @@ DEPENDENCIES
   rubocop-rake (~> 0.6)
   rubocop-rspec (~> 2.6)
   simplecov (~> 0.21)
+  solargraph (~> 0.45)
   waylon!
   yard (~> 0.9, >= 0.9.27)
 

data/README.md

@@ -1,10 +1,117 @@
 # Waylon
 
-This is a convenience gem for making the installation of [Waylon::Core](https://github.com/jgnagy/waylon-core) easier. See that gem for information about the Waylon bot framework.
+This is a convenience gem for making the installation of [Waylon::Core](https://github.com/jgnagy/waylon-core) easier. As a framework, Waylon is inspired by [Lita](https://www.lita.io/) and should be intuitive for anyone familiar with it. Waylon is built to make creating bots of many different kinds easy, fun, and flexible.
 
-## Installation
+It supports different kinds of sensory inputs (chat platforms, web endpoints, and more), as well as easy to build Skills, built-in and extensible permissions, modern JSON logging, and more.
 
-Add this line to your application's Gemfile:
+## Why Call it 'Waylon'?
+
+Waylon just seemed like a good name for a bot. Plus, the gem name was available. That's really all there is to it.
+
+Also, the author of the Waylon framework is a fan of The Simpsons, so it is a bit of a bonus that there is a character on that show called "Waylon Smithers, Jr." that is a faithful assistant to "Mr. Burns". Note that while it is a nice coincidence that Waylon shares its name with "Smithers" from that show, neither this framework nor any code within it is inspired by, related to, associated with, or endorsed by that show. Any similarity is entirely coincidental and unintentional.
+
+## Why Make a New Bot Framework?
+
+As a framework, Waylon was designed with several features in mind:
+
+* Scalability
+    * Using a pub-sub model and workers based on a queue, scaling up workers is fast and simple
+    * Using a shared cache and shared storage, worker instances are completely stateless
+* Support for more than just chat-based features
+    * Simple Webhook-based Senses
+    * Senses that route based on more than just regex
+* Advanced chat-based features
+    * Built-in concepts like threaded-replies, reactions, and more
+    * Support for complex responses using cards, blocks, etc. (based on the Sense's capabilities)
+* Security
+    * Storage is automatically encrypted
+    * Groups (and permissions) are a first-class concept, though user and group implementations are modular
+    * Dedicated inbound server process for webhooks that can be locked down (e.g, read-only and very limited capabilities)
+
+This is all while staying familiar to users of Lita. The goal is to make it simple to build powerful bot features while also making it straightforward to migrate existing ones.
+
+Many of these features would be difficult to port to existing frameworks.
+
+## Getting Started
+
+### Creating A New Skill
+
+Waylon's abilities, usually for responding to input (things like replying to a chat message or responding to a webhook) are packaged in plugins called `Skills`. These Skills use what are called `Routes` to determine what to do with input (and whether or not input can be handled by a particular Skill).
+
+In most cases, a route needs to be defined that matches some text. Waylon supports [Regular Expressions](https://www.rubyguides.com/2015/06/ruby-regex/) to perform this matching, though other forms of `Conditions` can easily be implemented (we'll save that for another time).
+
+Finally, we'll need to define an _action_ that is performed when input matches a Route. This is usually just a standard method in Ruby.
+
+Let's start with a very basic example. We can create a Skill that allows Waylon to perform simple a simple "echo" function, meaning Waylon will just reply with whatever we tell him to.
+
+Install the `waylon` gem:
+
+    $ gem install waylon
+
+Then, create a new skill gem:
+
+    $ waylon skill echo
+
+This will create a gem for you in a directory called `waylon-echo`. You'll need to edit `waylon-echo/waylon-echo.gemspec` and fill in a few important details.
+
+First, find any line containing `TODO` and fill in actual values. Remove `spec.metadata["allowed_push_host"]` unless you have your own private gem server. Remove any other `spec.metadata` lines you don't need.
+
+Toward the end of the file (but before the final `end`), add a line like this:
+
+    spec.add_dependency "waylon-core", "~> 0.1"
+
+Now you should be able to start development. Take a look at `lib/waylon/skills/echo.rb`. Delete the `route()` at the beginning of the file and replace it with this:
+
+    route(/^say\s+(.+)/, :do_the_thing)
+
+This simple route will look for text beginning with "say" and capture any words after it. This captured content will be available in `tokens[1]` (or `tokens.last`).
+
+Now, we can use this to respond. Edit the `do_the_thing` method so it looks like this:
+
+    def do_the_thing
+      react :speech_balloon
+    
+      reply "echo: #{tokens.last}"
+    end
+
+That's it! Save the file and now you have an echo plugin. You can even demo it with:
+
+    $ bundle exec rake demo
+
+You'll be presented with a REPL interface. You can type `say something` and you should get a response back from Waylon that looks something like this:
+
+    (@homer) << say something
+    (@waylon) >> :speech_balloon:
+    echo: 'something'
+
+From here, you'll want to do all the typical ruby things like writing tests, updating the README.md, etc., but that's the easy stuff.
+
+To actually use this with a real chat platform, you'll need to build and release your new gem. This is beyond the scope of this short guide, but [RubyGems.org](https://rubygems.org/) has a great [guide for publishing a gem](https://guides.rubygems.org/publishing/) that is worth reading.
+
+After you've published your gem, you can use it in your own bot. Keep reading to see how that works!
+### Creating Your Own Bot
+
+To create a new bot using the Waylon bot framework, you can install the `waylon` gem:
+
+    $ gem install waylon
+
+Then you can use these Waylon executable to create the basics:
+
+    $ waylon init mybot
+
+This creates a directory in your current working directory called `mybot` and populates it with the files needed to get started.
+
+From there, edit the `plugins.rb` file and add some plugins. Check out [this list](https://github.com/search?q=waylon-*+language%3ARuby+user%3Ajgnagy+language%3ARuby+language%3ARuby&type=Repositories&ref=advsearch&l=Ruby&l=Ruby) to see some options.
+
+### Building a Docker Image
+
+Assuming you used `waylon init` from above, you'll have a `Dockerfile` in your repo ready to go. In most cases, you just need to use `docker build -t waylon .` to build an image that can be used in a container environment (such as Kubernetes). You'll likely need to push this to a registry. Waylon and its open-source plugins should never cause sensitive information to be embedded within your image, but if you're using proprietary plugins, you'll want to avoid pushing your built image to a public registry.
+
+For examples on how to deploy your Waylon image to Kubernetes, see the [`helm` example](examples/deploying/helm/waylon/) or the [pure Kubernetes example](examples/deploying/k8s/).
+
+### Other Custom Ruby Projects
+
+For something custom, add this line to your application's Gemfile:
 
 ```ruby
 gem 'waylon'
@@ -14,10 +121,6 @@ And then execute:
 
     $ bundle install
 
-Or install it yourself as:
-
-    $ gem install waylon
-
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/jgnagy/waylon.

data/examples/deploying/helm/waylon/.helmignore

@@ -0,0 +1,16 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+.git/
+.gitignore
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

data/examples/deploying/helm/waylon/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "0.2.0"
+description: Helm chart for the Waylon Bot Framework
+name: waylon
+version: "0.2.0"

data/examples/deploying/helm/waylon/README.md

@@ -0,0 +1,71 @@
+# Waylon Helm Chart
+
+This is an example (though fairly complete) Helm chart for running a [Waylon](https://github.com/jgnagy/waylon) chat bot.
+
+## Usage
+
+* Review the list of parameters and decide what needs to be changed. You'll need _at least_ to have previously built and published a Waylon Docker image and you'll need to decide on a domain name. You'll provide these values when you render the template.
+
+* Render the template to a file:
+
+```sh
+$ helm template ./waylon --set common.waylonImage="some.docker.registry/project/mywaylon:1.2.3" --set web.ingress.hostname="foo.bar.com" > /tmp/waylon.yaml
+```
+
+* Deploy your rendered template:
+
+```sh
+$ kubectl -n some-namespace apply -f /tmp/waylon.yaml
+```
+
+## Parameters
+
+| Setting | Default Value |  Description |
+| --- | --- | --- |
+| `common.strictSecrurity` | `true` | Should stricter security controls be enabled? |
+| `common.waylonImage` | _none_ | The full docker image to pull for your Waylon deployment |
+| `common.imagePullSecret` | _none_ | Completely optional secret to use when pulling images from private repos |
+| `redis.enabled` | `true` | Should a dedicated Redis be deployed for alongside Waylon? |
+| `redis.annotations` | `{}` | Optionally list any additional annotations for the Redis StatefulSet. **Note:** these are not passed-through to the Pods. |
+| `redis.labels` | `{}` | Optionally list any additional labels for the Redis StatefulSet. **Note:** these are not passed-through to the Pods. |
+| `redis.hostAndPort` | `redis:6379` | Tells Waylon how to find Redis. If `redis.enabled` is `false`, be sure to update this, otherwise it can be left alone. |
+| `redis.image` | `redis:6-alpine` | The full docker image to use for Redis |
+| `redis.imagePullPolicy` | `Always` | How often to try pulling the Redis docker image |
+| `redis.command` | `["redis-server", "--appendonly yes"]` | Usually best to leave this alone, but it allows setting more advanced Redis settings |
+| `redis.cpuLimit` | `200m` | How much CPU can Redis use? |
+| `redis.memoryLimit` | `512Mi` | How much memory can Redis use? |
+| `redis.storage.capacity` | `5Gi` | How much disk space can Redis use? It shouldn't need much given how it is used but adjust based on your plugins and expected load. |
+| `redis.storage.class` | `longhorn` | What [Kubernetes StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) should Redis use? |
+| `web.deployment.annotations` | `{}` | Optionally list any additional annotations for the Waylon web Deployment. **Note:** these are not passed-through to the Pods. |
+| `web.deployment.imagePullPolicy` | `IfNotPresent` | How often to try pulling the Waylon image for the Web deployment |
+| `web.deployment.labels` | `{}` | Optionally list any additional labels for the Waylon web Deployment. **Note:** these are not passed-through to the Pods. |
+| `web.deployment.logLevel` | `DEBUG` | What log level should the Waylon web component use? |
+| `web.deployment.maxSurge` | `2` | How many _additional_ Pods can the deployment create to handle a rollout/update? |
+| `web.deployment.maxUnavailable` | `0` | How many Pods can be unavailble during a deployment rollout? |
+| `web.deployment.replicas` | `1` | How many Pods do want to run for Waylon's web component? |
+| `web.deployment.cpuLimit` | `250m` | How much CPU can Redis use? |
+| `web.deployment.memoryLimit` | `256Mi` | How much memory can Redis use? |
+| `web.ingress.enabled` | `true` | Should Waylon have an Ingress for its web component? |
+| `web.ingress.class` | `nginx` | What [Ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) will be use for `kubernetes.io/ingress.class`? |
+| `web.ingress.hostname` | _none_ | What hostname will the Web component use (also used for TLS) |
+| `web.ingress.tls.enabled` | `true` | Should the Ingress use TLS (HTTPS)? |
+| `web.ingress.tls.issuer` | `letsencrypt` | What is the name of the [Issuer/ClusterIssuer](https://cert-manager.io/docs/concepts/issuer/) that will be used for provisioning TLS secrets? |
+| `web.ingress.tls.issuerClass` | `ClusterIssuer` | Is the TLS issuer a `ClusterIssuer` or an `Issuer`? You can usually ignore this setting. |
+| `web.service.port` | `80` | The port that the Service listens on |
+| `web.service.type` | `ClusterIP` | The Service type |
+| `worker.deployment.annotations` | `{}` | Optionally list any additional annotations for the Waylon worker Deployment. **Note:** these are not passed-through to the Pods. |
+| `worker.deployment.imagePullPolicy` | `IfNotPresent` | How often to try pulling the Waylon image for the worker Deployment |
+| `worker.deployment.labels` | `{}` | Optionally list any additional labels for the Waylon worker Deployment. **Note:** these are not passed-through to the Pods. |
+| `worker.deployment.logLevel` | `DEBUG` | What log level should the Waylon worker component use? |
+| `worker.deployment.maxSurge` | `2` | How many _additional_ Pods can the deployment create to handle a rollout/update? |
+| `worker.deployment.maxUnavailable` | `0` | How many Pods can be unavailble during a deployment rollout? |
+| `worker.deployment.replicas` | `1` | How many Pods do want to run for Waylon's web component? |
+| `worker.deployment.cpuLimit` | `250m` | How much CPU can Redis use? |
+| `worker.deployment.memoryLimit` | `256Mi` | How much memory can Redis use? |
+
+See the [default `values.yaml`](values.yaml) for a full view of the default settings.
+
+### Some Gotchas
+
+* You **MUST** set `common.waylonImage` and, if you plan on using an Ingress for Waylon, `web.ingress.hostname`.
+* If your TLS issuer is not named `letsencrypt` but uses the ACMEv2 protocol via cert-manager, you might need to add to `web.ingress.annotations` so it contains an entry like `cert-manager.io/acme-challenge-type: http01`. This is only _automatically_ added if your issuer is called `letsencrypt`.

data/examples/deploying/helm/waylon/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Provides common labels */}}
+{{- define "waylon.commonLabels" -}}
+app.kubernetes.io/part-of: {{ .Chart.Name }}
+helm.sh/chart: {{ .Chart.Name }}
+{{- end -}}

data/examples/deploying/helm/waylon/templates/redis-pv.yaml

@@ -0,0 +1,19 @@
+{{- if and .Values.redis.enabled .Values.redis.storage.hostPath }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: redis-data-pv
+  labels:
+    type: local
+    app.kubernetes.io/name: redis-data-pv
+    app.kubernetes.io/component: redis-data-pv
+    {{- include "waylon.commonLabels" . | nindent 4 }}
+spec:
+  storageClassName: manual
+  capacity:
+    storage: {{ .Values.redis.storage.capacity }}
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: {{ .Values.redis.storage.hostPath }}
+{{- end -}}

data/examples/deploying/helm/waylon/templates/redis-pvc.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.redis.enabled .Values.redis.storage.hostPath }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/name: redis-data-pvc
+    app.kubernetes.io/component: redis-data-pvc
+    {{- include "waylon.commonLabels" . | nindent 4 }}
+  name: redis-data-pvc
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.redis.storage.capacity }}
+  volumeName: redis-data-pv
+{{- end -}}

data/examples/deploying/helm/waylon/templates/redis-statefulset.yaml

@@ -0,0 +1,107 @@
+{{- if .Values.redis.enabled -}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: redis
+  labels:
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: redis
+    {{- include "waylon.commonLabels" . | nindent 4 }}
+    {{- with .Values.redis.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- if .Values.redis.annotations }}
+  annotations:
+    {{- toYaml .Values.redis.annotations | nindent 4 }}
+  {{- end }}
+spec:
+  serviceName: redis
+  # hardcoded to 1 because we're not configuring clustering
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: redis
+      {{- include "waylon.commonLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: redis
+        app.kubernetes.io/component: redis
+        {{- include "waylon.commonLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.redis.storage.hostPath }}
+      volumes:
+      - name: datadir
+        persistentVolumeClaim:
+          claimName: redis-data-pvc
+      {{- end }}
+      {{- if .Values.common.imagePullSecret -}}
+      imagePullSecrets:
+      - name: {{ .Values.common.imagePullSecret }}
+      {{- end }}
+      containers:
+      - name: redis
+        image: {{ .Values.redis.image }}
+        imagePullPolicy: {{ .Values.redis.imagePullPolicy }}
+        stdin: true
+        tty: true
+        command: {{ toYaml .Values.redis.command | nindent 8 }}
+        {{- if .Values.common.strictSecurity }}
+        securityContext:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+          privileged: false
+          runAsNonRoot: true
+          runAsUser: 999
+          runAsGroup: 999
+          capabilities:
+            drop:
+            - ALL
+        {{- end }}
+        resources:
+          limits:
+            memory: {{ .Values.redis.memoryLimit }}
+            cpu: {{ .Values.redis.cpuLimit }}
+          requests:
+            memory: 8Mi
+            cpu: 20m
+        ports:
+        - containerPort: 6379
+          protocol: TCP
+          name: redis
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "/usr/local/bin/redis-cli -h $(hostname) ping"
+          initialDelaySeconds: 15
+          timeoutSeconds: 5
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - "/usr/local/bin/redis-cli -h $(hostname) ping"
+          initialDelaySeconds: 30
+          periodSeconds: 2
+          successThreshold: 1
+          failureThreshold: 3
+          timeoutSeconds: 5
+        volumeMounts:
+        - name: datadir
+          mountPath: /data
+  {{- if not .Values.redis.storage.hostPath }}
+  volumeClaimTemplates:
+  - metadata:
+      name: datadir
+    spec:
+      accessModes:
+      - "ReadWriteOnce"
+      resources:
+        requests:
+          storage: {{ .Values.redis.storage.capacity }}
+      storageClassName: {{ .Values.redis.storage.class | quote }}
+  {{- end -}}
+{{- end -}}

data/examples/deploying/helm/waylon/templates/web-deployment.yaml

@@ -0,0 +1,99 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web
+  labels:
+    app.kubernetes.io/name: web
+    app.kubernetes.io/component: web
+    {{- include "waylon.commonLabels" . | nindent 4 }}
+    {{- with .Values.web.deployment.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- if .Values.web.deployment.annotations }}
+  annotations:
+    {{- toYaml .Values.web.deployment.annotations | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: {{ .Values.web.deployment.replicas }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: {{ .Values.web.deployment.maxSurge }}
+      maxUnavailable: {{ .Values.web.deployment.maxUnavailable }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: web
+      {{- include "waylon.commonLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: web
+        app.kubernetes.io/component: web
+        {{- include "waylon.commonLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.common.strictSecurity }}
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+      {{- end }}
+      {{- if .Values.common.imagePullSecret }}
+      imagePullSecrets:
+      - name: {{ .Values.common.imagePullSecret }}
+      {{- end }}
+      volumes:
+      - name: tmpvol
+        emptyDir: {}
+      containers:
+      - name: web
+        image: {{ .Values.common.waylonImage }}
+        imagePullPolicy: {{ .Values.web.deployment.imagePullPolicy }}
+        stdin: true
+        tty: true
+        args: ["web"]
+        env:
+        - name: REDIS
+          value: {{ .Values.redis.hostAndPort }}
+        - name: LOG_LEVEL
+          value: {{ .Values.web.deployment.logLevel }}
+        envFrom:
+        - secretRef:
+            name: waylon-secret
+        resources:
+          limits:
+            memory: {{ .Values.web.deployment.memoryLimit }}
+            cpu: {{ .Values.web.deployment.cpuLimit }}
+          requests:
+            memory: 64Mi
+            cpu: 10m
+        livenessProbe:
+          tcpSocket:
+            port: waylon
+          timeoutSeconds: 2
+          initialDelaySeconds: 2
+          periodSeconds: 2
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: waylon
+          timeoutSeconds: 6
+          initialDelaySeconds: 2
+          periodSeconds: 10
+          failureThreshold: 3
+        ports:
+        - name: waylon
+          containerPort: 9292
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /tmp
+          name: tmpvol
+        {{- if .Values.common.strictSecurity }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          runAsNonRoot: true
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+              - all
+        {{- end }}