diff --git a/helm/Chart.yaml b/helm/Chart.yaml index bcbfa8a..bab6cdd 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: pod-cleaner -description: Helm chart for pod-cleaner +name: pod-volume-cleaner +description: Helm chart for pod-volume-cleaner # A chart can be either an 'application' or a 'library' chart. # diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 0000000..bc84252 --- /dev/null +++ b/helm/README.md @@ -0,0 +1,48 @@ +# pod-volume-cleaner + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +Helm chart for pod-volume-cleaner + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| fullnameOverride | string | `nil` | Override the expanded name of the chart | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.pullSecrets | list | `[]` | Image pull secrets | +| image.repository | string | `"docker.io/cyrilix/pod-cleaner"` | Image repository | +| image.tag | string | `""` | Image tag Defaults to appVersion in Chart.yaml if omitted | +| nameOverride | string | `nil` | Override the name of the chart | +| nodeAffinity | object | `{}` | Node affinity constraints. | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| podAnnotations | object | `{}` | Additional annotations to add to each pod | +| podCleaner.logLevel | string | `"info"` | Log level: info,debug | +| podCleaner.logfile | string | `"/var/log/syslog"` | File to watch to detect orphan pod errors | +| podLabels | object | `{}` | Additional labels to add to each pod | +| podMonitor.additionalLabels | string | `nil` | Additional labels | +| podMonitor.enabled | bool | `false` | Create a `PodMonitor` to collect Prometheus metrics. | +| podMonitor.interval | string | `"30s"` | Interval to scrape metrics | +| podMonitor.path | string | `"/metrics"` | Url path to scrap metrics | +| podMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval | +| podMonitor.secure | bool | `false` | Is TLS required for endpoint | +| podMonitor.tlsConfig | object | `{}` | TLS Configuration for endpoint | +| podSecurityContext | object | `{}` | Security context for the pod | +| priorityClassName | string | `""` | Optional priority class to be used for kyverno pods | +| rbac.create | bool | `true` | Create ClusterRoles, ClusterRoleBindings, and ServiceAccount | +| rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount | +| rbac.serviceAccount.create | bool | `true` | Create a ServiceAccount | +| rbac.serviceAccount.name | string | `nil` | The ServiceAccount name | +| resources | object | `{}` | | +| revisionHistoryLimit | int | `0` | The number of old history to retain to allow rollback | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers | +| service.annotations | object | `{}` | Service annotations. | +| service.nodePort | string | `nil` | Service node port. Only used if `service.type` is `NodePort`. | +| service.port | int | `9098` | Service port. | +| service.type | string | `"ClusterIP"` | Service type. | +| tolerations | list | `[]` | List of node taints to tolerate | +| topologySpreadConstraints | list | `[]` | Topology spread constraints. | +| updateStrategy | object | See [values.yaml](values.yaml) | Deployment update strategy. Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/helm/README.md.tpl b/helm/README.md.tpl new file mode 100644 index 0000000..3236339 --- /dev/null +++ b/helm/README.md.tpl @@ -0,0 +1,36 @@ + +## Upgrade + +None + + +## Develop + +### Update documentation + +Chart documentation is generated with [helm-docs](https://github.com/norwoodj/helm-docs) from `values.yaml` file. +After file modification, regenerate README.md with command: + +```bash +docker run --rm -it -v $(pwd):/helm --workdir /helm norwoodj/helm-docs helm-docs +``` + +### Run linter + +```bash +docker run --rm -it -w /charts -v $(pwd)/../{{ .Name }}:/charts quay.io/helmpack/chart-testing:v2.4.0 ct lint --charts . --config /charts/ct.yaml +``` + +### Prometheus Rules + +Check rules: + +```bash +docker run --rm --entrypoint /bin/sh -v $(pwd):/workdir -w /workdir prom/prometheus -c -- "promtool check rules resources/prometheus-rules/*" +``` + +Test rules: + +```bash +docker run --rm --entrypoint /bin/sh -v $(pwd):/workdir -w /workdir prom/prometheus -c -- "promtool test rules tests/prometheus/*" +``` \ No newline at end of file diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 3999f4f..7aabb63 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -56,9 +56,13 @@ app.kubernetes.io/instance: {{ .Release.Name }} Create the name of the service account to use */}} {{- define "pod-cleaner.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "pod-cleaner.fullname" .) .Values.serviceAccount.name }} +{{- if .Values.rbac.serviceAccount.create }} +{{- default (include "pod-cleaner.fullname" .) .Values.rbac.serviceAccount.name }} {{- else }} -{{- default "default" .Values.serviceAccount.name }} +{{- default "default" .Values.rbac.serviceAccount.name }} {{- end }} {{- end }} + +{{- define "pod-cleaner.metrics.portName" -}} +http-metric +{{- end -}} \ No newline at end of file diff --git a/helm/templates/daemonset.yaml b/helm/templates/daemonset.yaml index e3f8755..e2d1812 100644 --- a/helm/templates/daemonset.yaml +++ b/helm/templates/daemonset.yaml @@ -8,6 +8,11 @@ spec: selector: matchLabels: {{- include "pod-cleaner.selectorLabels" . | nindent 6 }} + {{- if .Values.updateStrategy }} + updateStrategy: + {{ toYaml .Values.updateStrategy | nindent 4 | trim }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} template: metadata: {{- with .Values.podAnnotations }} @@ -17,7 +22,7 @@ spec: labels: {{- include "pod-cleaner.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with .Values.image.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} @@ -31,33 +36,40 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - - "--metric-path=/metrics" + - "--metric-path={{ .Values.podMonitor.path }}" - "--metric-port=0.0.0.0:{{ .Values.service.port }}" - "--log-file={{ .Values.podCleaner.logfile }}" - "--log={{ .Values.podCleaner.logLevel }}" ports: - - name: http-metric + - name: {{ include "pod-cleaner.metrics.portName" . }} containerPort: {{ .Values.service.port }} protocol: TCP livenessProbe: httpGet: - path: /metrics - port: http-metric + path: {{ .Values.podMonitor.path }} + port: {{ include "pod-cleaner.metrics.portName" . }} readinessProbe: httpGet: - path: /metrics - port: http-metric + path: {{ .Values.podMonitor.path }} + port: {{ include "pod-cleaner.metrics.portName" . }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if or .Values.nodeAffinity }} + affinity: + {{- toYaml .Values.nodeAffinity | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} + {{ tpl (toYaml . ) $ | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: - {{- toYaml . | nindent 8 }} + {{- tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{ tpl (toYaml . ) $ | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "pod-cleaner.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} diff --git a/helm/templates/podmonitor.yaml b/helm/templates/podmonitor.yaml index e69de29..31bacbf 100644 --- a/helm/templates/podmonitor.yaml +++ b/helm/templates/podmonitor.yaml @@ -0,0 +1,30 @@ +{{- if .Values.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "pod-cleaner.fullname" . }} + labels: + {{- include "pod-cleaner.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "pod-cleaner.labels" . | nindent 4 }} + podMetricsEndpoints: + - port: {{ include "pod-cleaner.metrics.portName" . | quote }} + path: {{ .Values.podMonitor.path | quote }} + {{- if .Values.podMonitor.tlsConfig }} + scheme: "https" + tlsConfig: + {{- toYaml .Values.podMonitor.tlsConfig | trim | nindent 8 }} + {{- end }} + interval: {{ .Values.podMonitor.interval }} + scrapeTimeout: {{ .Values.podMonitor.additionalLabels }} + + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + {{- if .Values.podMonitor.additionalLabels }} + jobLabel: + {{- toYaml .Values.podMonitor.additionalLabels | trim | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml deleted file mode 100644 index 7e806e7..0000000 --- a/helm/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "pod-cleaner.fullname" . }} - labels: - {{- include "pod-cleaner.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http-metric - protocol: TCP - name: http-metric - {{- if semverCompare ">= 1.24-0" .Capabilities.KubeVersion.Version }} - appProtocol: http - {{- end }} - selector: - {{- include "pod-cleaner.selectorLabels" . | nindent 4 }} diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml index 27865ef..10729d9 100644 --- a/helm/templates/serviceaccount.yaml +++ b/helm/templates/serviceaccount.yaml @@ -1,11 +1,11 @@ -{{- if .Values.serviceAccount.create -}} +{{- if .Values.rbac.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "pod-cleaner.serviceAccountName" . }} labels: {{- include "pod-cleaner.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} + {{- with .Values.rbac.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} diff --git a/helm/values.yaml b/helm/values.yaml index 5ce0be6..47b9c71 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -1,44 +1,53 @@ -# Default values for pod-cleaner. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. +# -- Override the name of the chart +nameOverride: -replicaCount: 1 +# -- Override the expanded name of the chart +fullnameOverride: image: - repository: docker.io/cyrilix/pod-cleaner - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + # -- Image repository + repository: git.cyrilix.bzh/cyrilix/pod-volume-cleaner + # -- Image tag + # Defaults to appVersion in Chart.yaml if omitted tag: "" + # -- Image pull policy + pullPolicy: IfNotPresent + # -- Image pull secrets + pullSecrets: [] + # - secretName -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" +# -- The number of old history to retain to allow rollback +revisionHistoryLimit: 0 -serviceAccount: - # Specifies whether a service account should be created +# -- Deployment update strategy. +# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +# @default -- See [values.yaml](values.yaml) +updateStrategy: + type: RollingUpdate + +rbac: + # -- Create ClusterRoles, ClusterRoleBindings, and ServiceAccount create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" + serviceAccount: + # -- Create a ServiceAccount + create: true + # -- The ServiceAccount name + name: + # -- Annotations for the ServiceAccount + annotations: {} + # example.com/annotation: value -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 service: - type: ClusterIP - port: 9098 + # -- Service port. + port: 9098 + # -- Service type. + type: ClusterIP + # -- Service node port. + # Only used if `service.type` is `NodePort`. + nodePort: + # -- Service annotations. + annotations: { } resources: {} @@ -53,14 +62,67 @@ resources: {} # cpu: 100m # memory: 128Mi + +# -- Additional labels to add to each pod +podLabels: {} +# example.com/label: foo + +# -- Additional annotations to add to each pod +podAnnotations: {} +# example.com/annotation: foo + +# -- Security context for the pod +podSecurityContext: {} + +# -- Security context for the containers +securityContext: + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +# -- Optional priority class to be used for kyverno pods +priorityClassName: '' + +# -- Node affinity constraints. +nodeAffinity: {} + +# -- Node labels for pod assignment nodeSelector: {} +# -- List of node taints to tolerate tolerations: [] -affinity: {} +# -- Topology spread constraints. +topologySpreadConstraints: [] + + podCleaner: - # File to watch to detect orphan pod errors + # -- File to watch to detect orphan pod errors logfile: /var/log/syslog - # Log level: info,debug - logLevel: info \ No newline at end of file + # -- Log level: info,debug + logLevel: info + + +podMonitor: + # -- Create a `PodMonitor` to collect Prometheus metrics. + enabled: false + # -- Url path to scrap metrics + path: /metrics + # -- Additional labels + additionalLabels: + # key: value + # -- Interval to scrape metrics + interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval + scrapeTimeout: 25s + # -- Is TLS required for endpoint + secure: false + # -- TLS Configuration for endpoint + tlsConfig: {}