feat(helm): add helm chart

helm/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-name: pod-cleaner
-description: Helm chart for pod-cleaner
+name: pod-volume-cleaner
+description: Helm chart for pod-volume-cleaner
 
 # A chart can be either an 'application' or a 'library' chart.
 #

helm/README.md

@@ -0,0 +1,48 @@
+# pod-volume-cleaner
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+
+Helm chart for pod-volume-cleaner
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| fullnameOverride | string | `nil` | Override the expanded name of the chart |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.pullSecrets | list | `[]` | Image pull secrets |
+| image.repository | string | `"docker.io/cyrilix/pod-cleaner"` | Image repository |
+| image.tag | string | `""` | Image tag Defaults to appVersion in Chart.yaml if omitted |
+| nameOverride | string | `nil` | Override the name of the chart |
+| nodeAffinity | object | `{}` | Node affinity constraints. |
+| nodeSelector | object | `{}` | Node labels for pod assignment |
+| podAnnotations | object | `{}` | Additional annotations to add to each pod |
+| podCleaner.logLevel | string | `"info"` | Log level: info,debug |
+| podCleaner.logfile | string | `"/var/log/syslog"` | File to watch to detect orphan pod errors |
+| podLabels | object | `{}` | Additional labels to add to each pod |
+| podMonitor.additionalLabels | string | `nil` | Additional labels |
+| podMonitor.enabled | bool | `false` | Create a `PodMonitor` to collect Prometheus metrics. |
+| podMonitor.interval | string | `"30s"` | Interval to scrape metrics |
+| podMonitor.path | string | `"/metrics"` | Url path to scrap metrics |
+| podMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
+| podMonitor.secure | bool | `false` | Is TLS required for endpoint |
+| podMonitor.tlsConfig | object | `{}` | TLS Configuration for endpoint |
+| podSecurityContext | object | `{}` | Security context for the pod |
+| priorityClassName | string | `""` | Optional priority class to be used for kyverno pods |
+| rbac.create | bool | `true` | Create ClusterRoles, ClusterRoleBindings, and ServiceAccount |
+| rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
+| rbac.serviceAccount.create | bool | `true` | Create a ServiceAccount |
+| rbac.serviceAccount.name | string | `nil` | The ServiceAccount name |
+| resources | object | `{}` |  |
+| revisionHistoryLimit | int | `0` | The number of old history to retain to allow rollback |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
+| service.annotations | object | `{}` | Service annotations. |
+| service.nodePort | string | `nil` | Service node port. Only used if `service.type` is `NodePort`. |
+| service.port | int | `9098` | Service port. |
+| service.type | string | `"ClusterIP"` | Service type. |
+| tolerations | list | `[]` | List of node taints to tolerate |
+| topologySpreadConstraints | list | `[]` | Topology spread constraints. |
+| updateStrategy | object | See [values.yaml](values.yaml) | Deployment update strategy. Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

helm/README.md.tpl

@@ -0,0 +1,36 @@
+
+## Upgrade
+
+None
+
+
+## Develop
+
+### Update documentation
+
+Chart documentation is generated with [helm-docs](https://github.com/norwoodj/helm-docs) from `values.yaml` file.
+After file modification, regenerate README.md with command:
+
+```bash
+docker run --rm -it -v $(pwd):/helm --workdir /helm norwoodj/helm-docs helm-docs
+```
+
+### Run linter
+
+```bash
+docker run --rm -it -w /charts -v $(pwd)/../{{ .Name }}:/charts quay.io/helmpack/chart-testing:v2.4.0 ct lint --charts . --config /charts/ct.yaml
+```
+
+### Prometheus Rules
+
+Check rules:
+
+```bash
+docker run --rm --entrypoint /bin/sh -v $(pwd):/workdir -w /workdir prom/prometheus -c -- "promtool check rules resources/prometheus-rules/*"
+```
+
+Test rules:
+
+```bash
+docker run --rm --entrypoint /bin/sh -v $(pwd):/workdir -w /workdir prom/prometheus -c -- "promtool test rules tests/prometheus/*"
+```

helm/templates/_helpers.tpl

@@ -56,9 +56,13 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 Create the name of the service account to use
 */}}
 {{- define "pod-cleaner.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "pod-cleaner.fullname" .) .Values.serviceAccount.name }}
+{{- if .Values.rbac.serviceAccount.create }}
+{{- default (include "pod-cleaner.fullname" .) .Values.rbac.serviceAccount.name }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- default "default" .Values.rbac.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{- define "pod-cleaner.metrics.portName" -}}
+http-metric
+{{- end -}}

helm/templates/daemonset.yaml

@@ -8,6 +8,11 @@ spec:
   selector:
     matchLabels:
       {{- include "pod-cleaner.selectorLabels" . | nindent 6 }}
+  {{- if .Values.updateStrategy }}
+  updateStrategy:
+    {{ toYaml .Values.updateStrategy | nindent 4 | trim }}
+  {{- end }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   template:
     metadata:
       {{- with .Values.podAnnotations }}
@@ -17,7 +22,7 @@ spec:
       labels:
         {{- include "pod-cleaner.selectorLabels" . | nindent 8 }}
     spec:
-      {{- with .Values.imagePullSecrets }}
+      {{- with .Values.image.pullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
@@ -31,33 +36,40 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
-            - "--metric-path=/metrics"
+            - "--metric-path={{ .Values.podMonitor.path }}"
             - "--metric-port=0.0.0.0:{{ .Values.service.port }}"
             - "--log-file={{ .Values.podCleaner.logfile }}"
             - "--log={{ .Values.podCleaner.logLevel }}"
           ports:
-            - name: http-metric
+            - name: {{ include "pod-cleaner.metrics.portName" . }}
               containerPort: {{ .Values.service.port }}
               protocol: TCP
           livenessProbe:
             httpGet:
-              path: /metrics
-              port: http-metric
+              path: {{ .Values.podMonitor.path }}
+              port: {{ include "pod-cleaner.metrics.portName" . }}
           readinessProbe:
             httpGet:
-              path: /metrics
-              port: http-metric
+              path: {{ .Values.podMonitor.path }}
+              port: {{ include "pod-cleaner.metrics.portName" . }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+      {{- if or .Values.nodeAffinity }}
+      affinity:
+        {{- toYaml .Values.nodeAffinity | nindent 8 }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
+        {{ tpl (toYaml . ) $ | nindent 8 }}
       {{- end }}
       {{- with .Values.tolerations }}
       tolerations:
-        {{- toYaml . | nindent 8 }}
+        {{- tpl (toYaml . ) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints: {{ tpl (toYaml . ) $ | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ template "pod-cleaner.serviceAccountName" . }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
       {{- end }}

helm/templates/podmonitor.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: {{ include "pod-cleaner.fullname" . }}
+  labels:
+    {{- include "pod-cleaner.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "pod-cleaner.labels" . | nindent 4 }}
+  podMetricsEndpoints:
+    - port: {{ include "pod-cleaner.metrics.portName" . | quote }}
+      path: {{ .Values.podMonitor.path | quote }}
+      {{- if .Values.podMonitor.tlsConfig }}
+      scheme: "https"
+      tlsConfig:
+        {{- toYaml .Values.podMonitor.tlsConfig | trim | nindent 8 }}
+      {{- end }}
+      interval: {{ .Values.podMonitor.interval }}
+      scrapeTimeout: {{ .Values.podMonitor.additionalLabels }}
+
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  {{- if .Values.podMonitor.additionalLabels }}
+  jobLabel:
+    {{- toYaml .Values.podMonitor.additionalLabels | trim | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/templates/service.yaml

@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "pod-cleaner.fullname" . }}
-  labels:
-    {{- include "pod-cleaner.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http-metric
-      protocol: TCP
-      name: http-metric
-      {{- if semverCompare ">= 1.24-0" .Capabilities.KubeVersion.Version }}
-      appProtocol: http
-      {{- end }}
-  selector:
-    {{- include "pod-cleaner.selectorLabels" . | nindent 4 }}

helm/templates/serviceaccount.yaml

@@ -1,11 +1,11 @@
-{{- if .Values.serviceAccount.create -}}
+{{- if .Values.rbac.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ include "pod-cleaner.serviceAccountName" . }}
   labels:
     {{- include "pod-cleaner.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
+  {{- with .Values.rbac.serviceAccount.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}

helm/values.yaml

@@ -1,44 +1,53 @@
-# Default values for pod-cleaner.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+# -- Override the name of the chart
+nameOverride:
 
-replicaCount: 1
+# -- Override the expanded name of the chart
+fullnameOverride:
 
 image:
-  repository: docker.io/cyrilix/pod-cleaner
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
+  # -- Image repository
+  repository: git.cyrilix.bzh/cyrilix/pod-volume-cleaner
+  # -- Image tag
+  # Defaults to appVersion in Chart.yaml if omitted
   tag: ""
+  # -- Image pull policy
+  pullPolicy: IfNotPresent
+  # -- Image pull secrets
+  pullSecrets: []
+  # - secretName
 
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
+# -- The number of old history to retain to allow rollback
+revisionHistoryLimit: 0
 
-serviceAccount:
-  # Specifies whether a service account should be created
+# -- Deployment update strategy.
+# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+# @default -- See [values.yaml](values.yaml)
+updateStrategy:
+  type: RollingUpdate
+
+rbac:
+  # -- Create ClusterRoles, ClusterRoleBindings, and ServiceAccount
   create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  serviceAccount:
+    # -- Create a ServiceAccount
+    create: true
+    # -- The ServiceAccount name
+    name:
+    # -- Annotations for the ServiceAccount
+    annotations: {}
+    # example.com/annotation: value
 
-podAnnotations: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
 
 service:
-  type: ClusterIP
-  port: 9098
+    # -- Service port.
+    port: 9098
+    # -- Service type.
+    type: ClusterIP
+    # -- Service node port.
+    # Only used if `service.type` is `NodePort`.
+    nodePort:
+    # -- Service annotations.
+    annotations: { }
 
 
 resources: {}
@@ -53,14 +62,67 @@ resources: {}
   #   cpu: 100m
   #   memory: 128Mi
 
+
+# -- Additional labels to add to each pod
+podLabels: {}
+# example.com/label: foo
+
+# -- Additional annotations to add to each pod
+podAnnotations: {}
+# example.com/annotation: foo
+
+# -- Security context for the pod
+podSecurityContext: {}
+
+# -- Security context for the containers
+securityContext:
+  runAsNonRoot: true
+  privileged: false
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  capabilities:
+    drop:
+      - ALL
+  seccompProfile:
+    type: RuntimeDefault
+
+# -- Optional priority class to be used for kyverno pods
+priorityClassName: ''
+
+# -- Node affinity constraints.
+nodeAffinity: {}
+
+# -- Node labels for pod assignment
 nodeSelector: {}
 
+# -- List of node taints to tolerate
 tolerations: []
 
-affinity: {}
+# -- Topology spread constraints.
+topologySpreadConstraints: []
+
+
 
 podCleaner:
-  # File to watch to detect orphan pod errors
+  # -- File to watch to detect orphan pod errors
   logfile: /var/log/syslog
-  # Log level: info,debug
-  logLevel: info
+  # -- Log level: info,debug
+  logLevel: info
+
+
+podMonitor:
+  # -- Create a `PodMonitor` to collect Prometheus metrics.
+  enabled: false
+  # -- Url path to scrap metrics
+  path: /metrics
+  # -- Additional labels
+  additionalLabels:
+  # key: value
+  # --  Interval to scrape metrics
+  interval: 30s
+  # -- Timeout if metrics can't be retrieved in given time interval
+  scrapeTimeout: 25s
+  # -- Is TLS required for endpoint
+  secure: false
+  # -- TLS Configuration for endpoint
+  tlsConfig: {}