From 071761e81cf74f916ea74264ab39b179a39d6cff Mon Sep 17 00:00:00 2001 From: Diego Braga Date: Fri, 11 Oct 2024 14:36:50 +0200 Subject: [PATCH 1/5] feat: align to helm defaults --- .github/workflows/release-pullrequest.yaml | 2 +- .github/workflows/release-tag.yaml | 2 +- chart/templates/configmap.yaml | 8 ++ chart/templates/deployment.yaml | 127 ++++++------------ chart/templates/hpa.yaml | 20 +-- chart/templates/role.yaml | 41 ------ chart/templates/rolebinding.yaml | 17 --- chart/templates/service.yaml | 20 --- chart/templates/serviceaccount.yaml | 14 +- chart/values.yaml | 149 ++++++++++----------- 10 files changed, 141 insertions(+), 259 deletions(-) create mode 100644 chart/templates/configmap.yaml delete mode 100644 chart/templates/role.yaml delete mode 100644 chart/templates/rolebinding.yaml delete mode 100644 chart/templates/service.yaml diff --git a/.github/workflows/release-pullrequest.yaml b/.github/workflows/release-pullrequest.yaml index 9527481..cce9444 100644 --- a/.github/workflows/release-pullrequest.yaml +++ b/.github/workflows/release-pullrequest.yaml @@ -14,7 +14,7 @@ jobs: uses: tdemin/find-latest-tag@v1 id: app_version with: - repo: https://${{ secrets.HELM_CHARTS_BOT }}@github.com/krateoplatformops/finops-operator-exporter.git + repo: https://${{ secrets.HELM_CHARTS_BOT }}@github.com/krateoplatformops/composition-watcher.git - name: Print latest App Version run: echo ${{ steps.app_version.outputs.tag }} diff --git a/.github/workflows/release-tag.yaml b/.github/workflows/release-tag.yaml index ef2b79f..ec1e7d4 100644 --- a/.github/workflows/release-tag.yaml +++ b/.github/workflows/release-tag.yaml @@ -13,7 +13,7 @@ jobs: uses: tdemin/find-latest-tag@v1 id: app_version with: - repo: https://${{ secrets.HELM_CHARTS_BOT }}@github.com/krateoplatformops/finops-operator-exporter.git + repo: https://${{ secrets.HELM_CHARTS_BOT }}@github.com/krateoplatformops/composition-watcher.git - name: Checkout uses: actions/checkout@v3 diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml new file mode 100644 index 0000000..b885f1a --- /dev/null +++ b/chart/templates/configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "composition-watcher.fullname" . }} + labels: + {{- include "composition-watcher.labels" . | nindent 4 }} +data: + RESOURCE_TREE_HANDLER_URL: {{ .Values.env.RESOURCE_TREE_HANDLER_URL }} \ No newline at end of file diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index f5d37c2..d956378 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -1,99 +1,58 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "chart.fullname" . }}-controller-manager + name: {{ include "composition-watcher.fullname" . }} labels: - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: composition-watcher - app.kubernetes.io/part-of: composition-watcher - control-plane: controller-manager - {{- include "chart.labels" . | nindent 4 }} + {{- include "composition-watcher.labels" . | nindent 4 }} spec: - replicas: {{ .Values.controllerManager.replicas }} + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} selector: matchLabels: - control-plane: controller-manager - {{- include "chart.selectorLabels" . | nindent 6 }} + {{- include "composition-watcher.selectorLabels" . | nindent 6 }} template: metadata: - labels: - control-plane: controller-manager - {{- include "chart.selectorLabels" . | nindent 8 }} + {{- with .Values.podAnnotations }} annotations: - kubectl.kubernetes.io/default-container: manager - spec: - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=0 - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: "cluster.local" - image: {{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag - | default .Chart.AppVersion }} - name: kube-rbac-proxy - imagePullPolicy: {{ .Values.proxy.imagePullPolicy }} - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: {{- toYaml .Values.proxy.resources | nindent - 10 }} - {{- with .Values.proxy.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 10 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - command: - - /manager - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: RECONCILE_REQUEUE_AFTER - value: {{ quote .Values.requeueAfter }} - image: {{ .Values.controllerManager.image.repository }}:{{ .Values.controllerManager.image.tag - | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.controllerManager.imagePullPolicy }} - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - {{- with .Values.controllerManager.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 10 }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "composition-watcher.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} {{- end }} - resources: {{- toYaml .Values.controllerManager.resources - | nindent 10 }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - imagePullSecrets: {{- toYaml .Values.imagePullSecrets - | nindent 6 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "composition-watcher.serviceAccountName" . }} securityContext: - runAsNonRoot: true - serviceAccountName: {{ include "chart.fullname" . }}-controller-manager - terminationGracePeriodSeconds: 10 + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "composition-watcher.fullname" . }} + envFrom: + - configMapRef: + name: {{ include "composition-watcher.fullname" . }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/chart/templates/hpa.yaml b/chart/templates/hpa.yaml index 65db208..74bcc8c 100644 --- a/chart/templates/hpa.yaml +++ b/chart/templates/hpa.yaml @@ -1,32 +1,32 @@ -{{- if .Values.controllerManager.autoscaling.enabled }} +{{- if .Values.autoscaling.enabled }} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ include "chart.fullname" . }} + name: {{ include "composition-watcher.fullname" . }} labels: - {{- include "chart.labels" . | nindent 4 }} + {{- include "composition-watcher.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "chart.fullname" . }} - minReplicas: {{ .Values.controllerManager.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controllerManager.autoscaling.maxReplicas }} + name: {{ include "composition-watcher.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: - {{- if .Values.controllerManager.autoscaling.targetCPUUtilizationPercentage }} + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu target: type: Utilization - averageUtilization: {{ .Values.controllerManager.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} - {{- if .Values.controllerManager.autoscaling.targetMemoryUtilizationPercentage }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory target: type: Utilization - averageUtilization: {{ .Values.controllerManager.autoscaling.targetMemoryUtilizationPercentage }} + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} {{- end }} diff --git a/chart/templates/role.yaml b/chart/templates/role.yaml deleted file mode 100644 index 4664be2..0000000 --- a/chart/templates/role.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "chart.fullname" . }}-leader-election-role - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: composition-watcher - app.kubernetes.io/part-of: composition-watcher - {{- include "chart.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/chart/templates/rolebinding.yaml b/chart/templates/rolebinding.yaml deleted file mode 100644 index d6828ae..0000000 --- a/chart/templates/rolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "chart.fullname" . }}-leader-election-rolebinding - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: composition-watcher - app.kubernetes.io/part-of: composition-watcher - {{- include "chart.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: '{{ include "chart.fullname" . }}-leader-election-role' -subjects: -- kind: ServiceAccount - name: '{{ include "chart.fullname" . }}-controller-manager' - namespace: '{{ .Release.Namespace }}' diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml deleted file mode 100644 index 5c245c8..0000000 --- a/chart/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "chart.fullname" . }}-controller-manager-metrics-service - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: composition-watcher - app.kubernetes.io/part-of: composition-watcher - control-plane: controller-manager - {{- include "chart.labels" . | nindent 4 }} -spec: - type: ClusterIP - selector: - control-plane: controller-manager - {{- include "chart.selectorLabels" . | nindent 4 }} - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml index f380362..06a66a4 100644 --- a/chart/templates/serviceaccount.yaml +++ b/chart/templates/serviceaccount.yaml @@ -1,11 +1,13 @@ +{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "chart.fullname" . }}-controller-manager + name: {{ include "composition-watcher.serviceAccountName" . }} labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: composition-watcher - app.kubernetes.io/part-of: composition-watcher - {{- include "chart.labels" . | nindent 4 }} + {{- include "composition-watcher.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} annotations: - {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index 39486df..21fd92a 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,80 +1,73 @@ -# Default values for finops-operator-focus. +# Default values for composition-watcher. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -controllerManager: - replicaCount: 1 +# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ +replicaCount: 1 - image: - repository: ghcr.io/krateoplatformops/composition-watcher - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" +# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ +image: + repository: ghcr.io/krateoplatformops/composition-watcher + # This sets the pull policy for images. + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 128Mi +# This is for the secretes for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# This is to override the chart name. +nameOverride: "" +fullnameOverride: "" - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - - # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - -proxy: - replicaCount: 1 - - image: - repository: gcr.io/kubebuilder/kube-rbac-proxy - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: v0.15.0 - - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - - # Additional volumeMounts on the output Deployment definition. - volumeMounts: [] - # - name: foo - # mountPath: "/etc/foo" - # readOnly: true - - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL +# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# This is for setting Kubernetes Annotations to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} +# This is for setting Kubernetes Labels to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 # Additional volumes on the output Deployment definition. volumes: [] @@ -83,16 +76,14 @@ volumes: [] # secretName: mysecret # optional: false +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + nodeSelector: {} tolerations: [] affinity: {} - -serviceAccount: - annotations: {} - -imagePullSecrets: - - name: registry-credentials - -requeueAfter: 300 From 82cc3da1dcb9a2469f0ce77b48fe61f296a7f0cc Mon Sep 17 00:00:00 2001 From: Diego Braga Date: Fri, 11 Oct 2024 14:41:01 +0200 Subject: [PATCH 2/5] feat: align to helm defaults --- chart/templates/_helpers.tpl | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 7ba5edc..0ef3f52 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "chart.name" -}} +{{- define "composition-watcher.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "chart.fullname" -}} +{{- define "composition-watcher.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "chart.chart" -}} +{{- define "composition-watcher.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "chart.labels" -}} -helm.sh/chart: {{ include "chart.chart" . }} -{{ include "chart.selectorLabels" . }} +{{- define "composition-watcher.labels" -}} +helm.sh/chart: {{ include "composition-watcher.chart" . }} +{{ include "composition-watcher.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "chart.selectorLabels" -}} -app.kubernetes.io/name: {{ include "chart.name" . }} +{{- define "composition-watcher.selectorLabels" -}} +app.kubernetes.io/name: {{ include "composition-watcher.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "chart.serviceAccountName" -}} +{{- define "composition-watcher.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} +{{- default (include "composition-watcher.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} From 3a55aaf0c275f524f5c53be468445986ebcf2257 Mon Sep 17 00:00:00 2001 From: Diego Braga Date: Fri, 11 Oct 2024 14:42:27 +0200 Subject: [PATCH 3/5] feat: align to helm defaults --- chart/templates/deployment.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index d956378..70ffc12 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -39,10 +39,6 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: From f50150eb108f0bd5dfdcb471707f82f08cfd94af Mon Sep 17 00:00:00 2001 From: Diego Braga Date: Fri, 11 Oct 2024 14:49:42 +0200 Subject: [PATCH 4/5] feat: align to helm defaults --- chart/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/chart/values.yaml b/chart/values.yaml index 21fd92a..bae08b3 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -87,3 +87,6 @@ nodeSelector: {} tolerations: [] affinity: {} + +env: + RESOURCE_TREE_HANDLER_URL: http://resource-tree-handler.krateo-system.svc.cluster.local:8085 \ No newline at end of file From 007b44aeee495391bc6b701b7f40df93cd3e1c98 Mon Sep 17 00:00:00 2001 From: FrancescoL96 Date: Fri, 11 Oct 2024 15:22:09 +0200 Subject: [PATCH 5/5] feat: added provider-runtime environment configuration variables --- chart/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index bae08b3..8cb2c6c 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -89,4 +89,6 @@ tolerations: [] affinity: {} env: - RESOURCE_TREE_HANDLER_URL: http://resource-tree-handler.krateo-system.svc.cluster.local:8085 \ No newline at end of file + RESOURCE_TREE_HANDLER_URL: http://resource-tree-handler.krateo-system.svc.cluster.local:8085 + POLLING_INTERVAL: 300 + MAX_RECONCILE_RATE: 1