feat(helm): add helm chart
This commit is contained in:
parent
5cab1cd96d
commit
86bfdd5622
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
name: pod-cleaner
|
name: pod-volume-cleaner
|
||||||
description: Helm chart for pod-cleaner
|
description: Helm chart for pod-volume-cleaner
|
||||||
|
|
||||||
# A chart can be either an 'application' or a 'library' chart.
|
# A chart can be either an 'application' or a 'library' chart.
|
||||||
#
|
#
|
||||||
|
48
helm/README.md
Normal file
48
helm/README.md
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
# pod-volume-cleaner
|
||||||
|
|
||||||
|
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
|
||||||
|
|
||||||
|
Helm chart for pod-volume-cleaner
|
||||||
|
|
||||||
|
## Values
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| fullnameOverride | string | `nil` | Override the expanded name of the chart |
|
||||||
|
| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
|
||||||
|
| image.pullSecrets | list | `[]` | Image pull secrets |
|
||||||
|
| image.repository | string | `"docker.io/cyrilix/pod-cleaner"` | Image repository |
|
||||||
|
| image.tag | string | `""` | Image tag Defaults to appVersion in Chart.yaml if omitted |
|
||||||
|
| nameOverride | string | `nil` | Override the name of the chart |
|
||||||
|
| nodeAffinity | object | `{}` | Node affinity constraints. |
|
||||||
|
| nodeSelector | object | `{}` | Node labels for pod assignment |
|
||||||
|
| podAnnotations | object | `{}` | Additional annotations to add to each pod |
|
||||||
|
| podCleaner.logLevel | string | `"info"` | Log level: info,debug |
|
||||||
|
| podCleaner.logfile | string | `"/var/log/syslog"` | File to watch to detect orphan pod errors |
|
||||||
|
| podLabels | object | `{}` | Additional labels to add to each pod |
|
||||||
|
| podMonitor.additionalLabels | string | `nil` | Additional labels |
|
||||||
|
| podMonitor.enabled | bool | `false` | Create a `PodMonitor` to collect Prometheus metrics. |
|
||||||
|
| podMonitor.interval | string | `"30s"` | Interval to scrape metrics |
|
||||||
|
| podMonitor.path | string | `"/metrics"` | Url path to scrap metrics |
|
||||||
|
| podMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
|
||||||
|
| podMonitor.secure | bool | `false` | Is TLS required for endpoint |
|
||||||
|
| podMonitor.tlsConfig | object | `{}` | TLS Configuration for endpoint |
|
||||||
|
| podSecurityContext | object | `{}` | Security context for the pod |
|
||||||
|
| priorityClassName | string | `""` | Optional priority class to be used for kyverno pods |
|
||||||
|
| rbac.create | bool | `true` | Create ClusterRoles, ClusterRoleBindings, and ServiceAccount |
|
||||||
|
| rbac.serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount |
|
||||||
|
| rbac.serviceAccount.create | bool | `true` | Create a ServiceAccount |
|
||||||
|
| rbac.serviceAccount.name | string | `nil` | The ServiceAccount name |
|
||||||
|
| resources | object | `{}` | |
|
||||||
|
| revisionHistoryLimit | int | `0` | The number of old history to retain to allow rollback |
|
||||||
|
| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the containers |
|
||||||
|
| service.annotations | object | `{}` | Service annotations. |
|
||||||
|
| service.nodePort | string | `nil` | Service node port. Only used if `service.type` is `NodePort`. |
|
||||||
|
| service.port | int | `9098` | Service port. |
|
||||||
|
| service.type | string | `"ClusterIP"` | Service type. |
|
||||||
|
| tolerations | list | `[]` | List of node taints to tolerate |
|
||||||
|
| topologySpreadConstraints | list | `[]` | Topology spread constraints. |
|
||||||
|
| updateStrategy | object | See [values.yaml](values.yaml) | Deployment update strategy. Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy |
|
||||||
|
|
||||||
|
----------------------------------------------
|
||||||
|
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
|
36
helm/README.md.tpl
Normal file
36
helm/README.md.tpl
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
|
||||||
|
## Upgrade
|
||||||
|
|
||||||
|
None
|
||||||
|
|
||||||
|
|
||||||
|
## Develop
|
||||||
|
|
||||||
|
### Update documentation
|
||||||
|
|
||||||
|
Chart documentation is generated with [helm-docs](https://github.com/norwoodj/helm-docs) from `values.yaml` file.
|
||||||
|
After file modification, regenerate README.md with command:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker run --rm -it -v $(pwd):/helm --workdir /helm norwoodj/helm-docs helm-docs
|
||||||
|
```
|
||||||
|
|
||||||
|
### Run linter
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker run --rm -it -w /charts -v $(pwd)/../{{ .Name }}:/charts quay.io/helmpack/chart-testing:v2.4.0 ct lint --charts . --config /charts/ct.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
### Prometheus Rules
|
||||||
|
|
||||||
|
Check rules:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker run --rm --entrypoint /bin/sh -v $(pwd):/workdir -w /workdir prom/prometheus -c -- "promtool check rules resources/prometheus-rules/*"
|
||||||
|
```
|
||||||
|
|
||||||
|
Test rules:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker run --rm --entrypoint /bin/sh -v $(pwd):/workdir -w /workdir prom/prometheus -c -- "promtool test rules tests/prometheus/*"
|
||||||
|
```
|
@ -56,9 +56,13 @@ app.kubernetes.io/instance: {{ .Release.Name }}
|
|||||||
Create the name of the service account to use
|
Create the name of the service account to use
|
||||||
*/}}
|
*/}}
|
||||||
{{- define "pod-cleaner.serviceAccountName" -}}
|
{{- define "pod-cleaner.serviceAccountName" -}}
|
||||||
{{- if .Values.serviceAccount.create }}
|
{{- if .Values.rbac.serviceAccount.create }}
|
||||||
{{- default (include "pod-cleaner.fullname" .) .Values.serviceAccount.name }}
|
{{- default (include "pod-cleaner.fullname" .) .Values.rbac.serviceAccount.name }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
{{- default "default" .Values.serviceAccount.name }}
|
{{- default "default" .Values.rbac.serviceAccount.name }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "pod-cleaner.metrics.portName" -}}
|
||||||
|
http-metric
|
||||||
|
{{- end -}}
|
@ -8,6 +8,11 @@ spec:
|
|||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
{{- include "pod-cleaner.selectorLabels" . | nindent 6 }}
|
{{- include "pod-cleaner.selectorLabels" . | nindent 6 }}
|
||||||
|
{{- if .Values.updateStrategy }}
|
||||||
|
updateStrategy:
|
||||||
|
{{ toYaml .Values.updateStrategy | nindent 4 | trim }}
|
||||||
|
{{- end }}
|
||||||
|
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
{{- with .Values.podAnnotations }}
|
{{- with .Values.podAnnotations }}
|
||||||
@ -17,7 +22,7 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
{{- include "pod-cleaner.selectorLabels" . | nindent 8 }}
|
{{- include "pod-cleaner.selectorLabels" . | nindent 8 }}
|
||||||
spec:
|
spec:
|
||||||
{{- with .Values.imagePullSecrets }}
|
{{- with .Values.image.pullSecrets }}
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -31,33 +36,40 @@ spec:
|
|||||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
||||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||||
args:
|
args:
|
||||||
- "--metric-path=/metrics"
|
- "--metric-path={{ .Values.podMonitor.path }}"
|
||||||
- "--metric-port=0.0.0.0:{{ .Values.service.port }}"
|
- "--metric-port=0.0.0.0:{{ .Values.service.port }}"
|
||||||
- "--log-file={{ .Values.podCleaner.logfile }}"
|
- "--log-file={{ .Values.podCleaner.logfile }}"
|
||||||
- "--log={{ .Values.podCleaner.logLevel }}"
|
- "--log={{ .Values.podCleaner.logLevel }}"
|
||||||
ports:
|
ports:
|
||||||
- name: http-metric
|
- name: {{ include "pod-cleaner.metrics.portName" . }}
|
||||||
containerPort: {{ .Values.service.port }}
|
containerPort: {{ .Values.service.port }}
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /metrics
|
path: {{ .Values.podMonitor.path }}
|
||||||
port: http-metric
|
port: {{ include "pod-cleaner.metrics.portName" . }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /metrics
|
path: {{ .Values.podMonitor.path }}
|
||||||
port: http-metric
|
port: {{ include "pod-cleaner.metrics.portName" . }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.resources | nindent 12 }}
|
{{- toYaml .Values.resources | nindent 12 }}
|
||||||
|
{{- if or .Values.nodeAffinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml .Values.nodeAffinity | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
{{- with .Values.nodeSelector }}
|
{{- with .Values.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{ tpl (toYaml . ) $ | nindent 8 }}
|
||||||
{{- end }}
|
|
||||||
{{- with .Values.affinity }}
|
|
||||||
affinity:
|
|
||||||
{{- toYaml . | nindent 8 }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.tolerations }}
|
{{- with .Values.tolerations }}
|
||||||
tolerations:
|
tolerations:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- tpl (toYaml . ) $ | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.topologySpreadConstraints }}
|
||||||
|
topologySpreadConstraints: {{ tpl (toYaml . ) $ | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
serviceAccountName: {{ template "pod-cleaner.serviceAccountName" . }}
|
||||||
|
{{- if .Values.priorityClassName }}
|
||||||
|
priorityClassName: {{ .Values.priorityClassName | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -0,0 +1,30 @@
|
|||||||
|
{{- if .Values.podMonitor.enabled }}
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: {{ include "pod-cleaner.fullname" . }}
|
||||||
|
labels:
|
||||||
|
{{- include "pod-cleaner.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "pod-cleaner.labels" . | nindent 4 }}
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- port: {{ include "pod-cleaner.metrics.portName" . | quote }}
|
||||||
|
path: {{ .Values.podMonitor.path | quote }}
|
||||||
|
{{- if .Values.podMonitor.tlsConfig }}
|
||||||
|
scheme: "https"
|
||||||
|
tlsConfig:
|
||||||
|
{{- toYaml .Values.podMonitor.tlsConfig | trim | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
interval: {{ .Values.podMonitor.interval }}
|
||||||
|
scrapeTimeout: {{ .Values.podMonitor.additionalLabels }}
|
||||||
|
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- {{ .Release.Namespace }}
|
||||||
|
{{- if .Values.podMonitor.additionalLabels }}
|
||||||
|
jobLabel:
|
||||||
|
{{- toYaml .Values.podMonitor.additionalLabels | trim | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -1,18 +0,0 @@
|
|||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: {{ include "pod-cleaner.fullname" . }}
|
|
||||||
labels:
|
|
||||||
{{- include "pod-cleaner.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
type: {{ .Values.service.type }}
|
|
||||||
ports:
|
|
||||||
- port: {{ .Values.service.port }}
|
|
||||||
targetPort: http-metric
|
|
||||||
protocol: TCP
|
|
||||||
name: http-metric
|
|
||||||
{{- if semverCompare ">= 1.24-0" .Capabilities.KubeVersion.Version }}
|
|
||||||
appProtocol: http
|
|
||||||
{{- end }}
|
|
||||||
selector:
|
|
||||||
{{- include "pod-cleaner.selectorLabels" . | nindent 4 }}
|
|
@ -1,11 +1,11 @@
|
|||||||
{{- if .Values.serviceAccount.create -}}
|
{{- if .Values.rbac.serviceAccount.create -}}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "pod-cleaner.serviceAccountName" . }}
|
name: {{ include "pod-cleaner.serviceAccountName" . }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "pod-cleaner.labels" . | nindent 4 }}
|
{{- include "pod-cleaner.labels" . | nindent 4 }}
|
||||||
{{- with .Values.serviceAccount.annotations }}
|
{{- with .Values.rbac.serviceAccount.annotations }}
|
||||||
annotations:
|
annotations:
|
||||||
{{- toYaml . | nindent 4 }}
|
{{- toYaml . | nindent 4 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
130
helm/values.yaml
130
helm/values.yaml
@ -1,44 +1,53 @@
|
|||||||
# Default values for pod-cleaner.
|
# -- Override the name of the chart
|
||||||
# This is a YAML-formatted file.
|
nameOverride:
|
||||||
# Declare variables to be passed into your templates.
|
|
||||||
|
|
||||||
replicaCount: 1
|
# -- Override the expanded name of the chart
|
||||||
|
fullnameOverride:
|
||||||
|
|
||||||
image:
|
image:
|
||||||
repository: docker.io/cyrilix/pod-cleaner
|
# -- Image repository
|
||||||
pullPolicy: IfNotPresent
|
repository: git.cyrilix.bzh/cyrilix/pod-volume-cleaner
|
||||||
# Overrides the image tag whose default is the chart appVersion.
|
# -- Image tag
|
||||||
|
# Defaults to appVersion in Chart.yaml if omitted
|
||||||
tag: ""
|
tag: ""
|
||||||
|
# -- Image pull policy
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
# -- Image pull secrets
|
||||||
|
pullSecrets: []
|
||||||
|
# - secretName
|
||||||
|
|
||||||
imagePullSecrets: []
|
# -- The number of old history to retain to allow rollback
|
||||||
nameOverride: ""
|
revisionHistoryLimit: 0
|
||||||
fullnameOverride: ""
|
|
||||||
|
|
||||||
serviceAccount:
|
# -- Deployment update strategy.
|
||||||
# Specifies whether a service account should be created
|
# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
|
||||||
|
# @default -- See [values.yaml](values.yaml)
|
||||||
|
updateStrategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
|
||||||
|
rbac:
|
||||||
|
# -- Create ClusterRoles, ClusterRoleBindings, and ServiceAccount
|
||||||
create: true
|
create: true
|
||||||
# Annotations to add to the service account
|
serviceAccount:
|
||||||
annotations: {}
|
# -- Create a ServiceAccount
|
||||||
# The name of the service account to use.
|
create: true
|
||||||
# If not set and create is true, a name is generated using the fullname template
|
# -- The ServiceAccount name
|
||||||
name: ""
|
name:
|
||||||
|
# -- Annotations for the ServiceAccount
|
||||||
|
annotations: {}
|
||||||
|
# example.com/annotation: value
|
||||||
|
|
||||||
podAnnotations: {}
|
|
||||||
|
|
||||||
podSecurityContext: {}
|
|
||||||
# fsGroup: 2000
|
|
||||||
|
|
||||||
securityContext: {}
|
|
||||||
# capabilities:
|
|
||||||
# drop:
|
|
||||||
# - ALL
|
|
||||||
# readOnlyRootFilesystem: true
|
|
||||||
# runAsNonRoot: true
|
|
||||||
# runAsUser: 1000
|
|
||||||
|
|
||||||
service:
|
service:
|
||||||
type: ClusterIP
|
# -- Service port.
|
||||||
port: 9098
|
port: 9098
|
||||||
|
# -- Service type.
|
||||||
|
type: ClusterIP
|
||||||
|
# -- Service node port.
|
||||||
|
# Only used if `service.type` is `NodePort`.
|
||||||
|
nodePort:
|
||||||
|
# -- Service annotations.
|
||||||
|
annotations: { }
|
||||||
|
|
||||||
|
|
||||||
resources: {}
|
resources: {}
|
||||||
@ -53,14 +62,67 @@ resources: {}
|
|||||||
# cpu: 100m
|
# cpu: 100m
|
||||||
# memory: 128Mi
|
# memory: 128Mi
|
||||||
|
|
||||||
|
|
||||||
|
# -- Additional labels to add to each pod
|
||||||
|
podLabels: {}
|
||||||
|
# example.com/label: foo
|
||||||
|
|
||||||
|
# -- Additional annotations to add to each pod
|
||||||
|
podAnnotations: {}
|
||||||
|
# example.com/annotation: foo
|
||||||
|
|
||||||
|
# -- Security context for the pod
|
||||||
|
podSecurityContext: {}
|
||||||
|
|
||||||
|
# -- Security context for the containers
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
privileged: false
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
|
||||||
|
# -- Optional priority class to be used for kyverno pods
|
||||||
|
priorityClassName: ''
|
||||||
|
|
||||||
|
# -- Node affinity constraints.
|
||||||
|
nodeAffinity: {}
|
||||||
|
|
||||||
|
# -- Node labels for pod assignment
|
||||||
nodeSelector: {}
|
nodeSelector: {}
|
||||||
|
|
||||||
|
# -- List of node taints to tolerate
|
||||||
tolerations: []
|
tolerations: []
|
||||||
|
|
||||||
affinity: {}
|
# -- Topology spread constraints.
|
||||||
|
topologySpreadConstraints: []
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
podCleaner:
|
podCleaner:
|
||||||
# File to watch to detect orphan pod errors
|
# -- File to watch to detect orphan pod errors
|
||||||
logfile: /var/log/syslog
|
logfile: /var/log/syslog
|
||||||
# Log level: info,debug
|
# -- Log level: info,debug
|
||||||
logLevel: info
|
logLevel: info
|
||||||
|
|
||||||
|
|
||||||
|
podMonitor:
|
||||||
|
# -- Create a `PodMonitor` to collect Prometheus metrics.
|
||||||
|
enabled: false
|
||||||
|
# -- Url path to scrap metrics
|
||||||
|
path: /metrics
|
||||||
|
# -- Additional labels
|
||||||
|
additionalLabels:
|
||||||
|
# key: value
|
||||||
|
# -- Interval to scrape metrics
|
||||||
|
interval: 30s
|
||||||
|
# -- Timeout if metrics can't be retrieved in given time interval
|
||||||
|
scrapeTimeout: 25s
|
||||||
|
# -- Is TLS required for endpoint
|
||||||
|
secure: false
|
||||||
|
# -- TLS Configuration for endpoint
|
||||||
|
tlsConfig: {}
|
||||||
|
Loading…
Reference in New Issue
Block a user