Kubernetes installation¶
neophile can be used as a command-line tool, but it is possibly most useful running as a cron job to monitor a set of repositories.
This guide documents how to use its official Helm chart to install neophile as a Kubernetes CronJob.
Prerequisites¶
The neophile Helm chart requires using Vault to store secrets and Vault Secrets Operator to materialize those secrets as Kubernetes secrets.
As documented in Settings, neophile requires a GitHub token.
This should be stored in Vault as the value of the github_token key of a secret.
The path to that secret in Vault will be needed when configuring the Helm chart.
Helm deployment¶
The is Helm chart for neophile is available from the Rubin Observatory charts repository.
To use that chart, you will need to set the following parameters (either on the Helm command line or in a values.yaml file):
- github_email
- The email address to use for commit messages. If not set, the public email address of the configured GitHub user will be used.
- github_user
- The user corresponding to the GitHub token in the secret.
- repositories
- A list of repositories. This has the same format as the corresponding setting. See Settings for more information.
- image(optional)
- Controls the Docker image to use via the following keys. The default is the current release of neophile from its official repository. - repository(optional)
- The Docker Hub repository.
- tag(optional)
- The tag of the image.
- pullPolicy(optional)
- The Kubernetes pull policy.
Defaults to IfNotPresent.
 
- schedule(optional)
- The schedule on which to run neophile as a cron expression.
Defaults to 0 4 * * 1(4am each Monday).
- volume_claim(optional)
- The name of a PersistentVolumeClaimto use as the working directory. This makes neophile more efficient by allowing it to update existing checkouts of repositories rather than redownload each monitored repository on each run. If not set, neophile will useemptyDir, which will not preserve the working directory between runs.
- vault_secrets_path
- The path in Vault to the secret containing the GitHub token.