diff --git a/charts/node-specific-sizing/.helmignore b/charts/node-specific-sizing/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/node-specific-sizing/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/node-specific-sizing/Chart.yaml b/charts/node-specific-sizing/Chart.yaml new file mode 100644 index 0000000..2b86a10 --- /dev/null +++ b/charts/node-specific-sizing/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: node-specific-sizing +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.16.0" diff --git a/charts/node-specific-sizing/templates/_helpers.tpl b/charts/node-specific-sizing/templates/_helpers.tpl new file mode 100644 index 0000000..eec0d81 --- /dev/null +++ b/charts/node-specific-sizing/templates/_helpers.tpl @@ -0,0 +1,81 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "node-specific-sizing.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "node-specific-sizing.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "node-specific-sizing.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "node-specific-sizing.labels" -}} +helm.sh/chart: {{ include "node-specific-sizing.chart" . }} +{{ include "node-specific-sizing.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "node-specific-sizing.selectorLabels" -}} +app.kubernetes.io/name: {{ include "node-specific-sizing.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "node-specific-sizing.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "node-specific-sizing.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "node-specific-sizing.namespace" -}} +{{- if .Values.namespaceOverride }} +{{- .Values.namespaceOverride }} +{{- else }} +{{- .Release.Namespace }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "node-specific-sizing.selectorLabels" -}} +app.kubernetes.io/name: {{ include "node-specific-sizing.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/charts/node-specific-sizing/templates/_pod.tpl b/charts/node-specific-sizing/templates/_pod.tpl new file mode 100644 index 0000000..5a3be07 --- /dev/null +++ b/charts/node-specific-sizing/templates/_pod.tpl @@ -0,0 +1,24 @@ +{{- define "node-specific-sizing.pod" -}} +serviceAccountName: {{ include "node-specific-sizing.serviceAccountName" . }} +terminationGracePeriodSeconds: 10 +containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image.registry }}/{{ .Values.image.tag }}@sha256:{{ .Values.image.sha256 }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: node-specific-sizing-cert +{{- end }} \ No newline at end of file diff --git a/charts/node-specific-sizing/templates/clusterrole.yaml b/charts/node-specific-sizing/templates/clusterrole.yaml new file mode 100644 index 0000000..dd1790c --- /dev/null +++ b/charts/node-specific-sizing/templates/clusterrole.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingClusterRole) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{ - include "node-specific-sizing.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ include "node-specific-sizing.fullname" . }} +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + {{- with .Values.rbac.extraClusterRoleRules }} + {{- toYaml . | nindent 2 }} + {{- end}} +{{- end }} \ No newline at end of file diff --git a/charts/node-specific-sizing/templates/clusterrolebinding.yaml b/charts/node-specific-sizing/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..5388d55 --- /dev/null +++ b/charts/node-specific-sizing/templates/clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-specific-sizing.fullname" . }} + labels: + {{ - include "node-specific-sizing.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + {{- if .Values.rbac.useExistingClusterRole }} + name: {{ .Values.rbac.useExistingClusterRole }} + {{- else }} + name: {{ include "node-specific-sizing.fullname" . }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ include "node-specific-sizing.serviceAccountName" . }} + namespace: {{ include "node-specific-sizing.namespace" . }} +{{- end }} \ No newline at end of file diff --git a/charts/node-specific-sizing/templates/deployment.yaml b/charts/node-specific-sizing/templates/deployment.yaml new file mode 100644 index 0000000..4f6ab03 --- /dev/null +++ b/charts/node-specific-sizing/templates/deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "node-specific-sizing.fullname" . }} + labels: + {{- include "node-specific-sizing.labels" . | nindent 4 }} + {{- if .Values.deployment.annotations }} + annotations: + {{- toYaml .Values.deployment.annotations | nindent 4 }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + app: {{- include "node-specific-sizing.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "node-specific-sizing.labels" . | nindent 4 }} + spec: + {{- include "node-specific-sizing.pod" . | nindent 6 }} + \ No newline at end of file diff --git a/charts/node-specific-sizing/templates/mutatingadmissionwebhook.yaml b/charts/node-specific-sizing/templates/mutatingadmissionwebhook.yaml new file mode 100644 index 0000000..c62e98e --- /dev/null +++ b/charts/node-specific-sizing/templates/mutatingadmissionwebhook.yaml @@ -0,0 +1,27 @@ +kind: MutatingWebhookConfiguration +apiVersion: admissionregistration.k8s.io/v1 +metadata: + name: {{ include "node-specific-sizing.fullname" . }} + annotations: + cert-manager.io/inject-ca-from: kube-system/{{ include "node-specific-sizing.fullname" . }} +webhooks: + - name: {{ include "node-specific-sizing.fullname" . }}.svc.cluster.local + objectSelector: + matchLabels: + node-specific-sizing.manomano.tech/enabled: "true" + admissionReviewVersions: [ "v1" ] + sideEffects: None + failurePolicy: Ignore + timeoutSeconds: 1 + clientConfig: + service: + namespace: kube-system + name: {{ include "node-specific-sizing.fullname" . }} + path: /mutate + rules: + - apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + operations: ["CREATE"] + scope: Namespaced + diff --git a/charts/node-specific-sizing/templates/service.yaml b/charts/node-specific-sizing/templates/service.yaml new file mode 100644 index 0000000..95c72b6 --- /dev/null +++ b/charts/node-specific-sizing/templates/service.yaml @@ -0,0 +1,37 @@ +{{- if .Values.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "node-specific-sizing.fullname" . }} + namespace: {{ include "node-specific-sizing.namespace" . }} + labels: + {{- include "node-specific-sizing.labels" . | nindent 4 }} +spec: + {{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} + type: ClusterIP + {{- with .Values.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- else if eq .Values.service.type "LoadBalancer" }} + type: LoadBalancer + {{- with .Values.service.loadBalancerIP }} + loadBalancerIP: {{ . }} + {{- end }} + {{- with .Values.service.loadBalancerClass }} + loadBalancerClass: {{ . }} + {{- end }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- else }} + type: {{ .Values.service.type }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: {{ .Values.service.portName }} + selector: + {{- include "node-specific-sizing.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/node-specific-sizing/templates/serviceaccount.yaml b/charts/node-specific-sizing/templates/serviceaccount.yaml new file mode 100644 index 0000000..9956817 --- /dev/null +++ b/charts/node-specific-sizing/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} +metadata: + name: {{ include "node-specific-sizing.serviceAccountName" . }} + labels: + {{- include "node-specific-sizing.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/node-specific-sizing/templates/tests/test-connection.yaml b/charts/node-specific-sizing/templates/tests/test-connection.yaml new file mode 100644 index 0000000..4a8d485 --- /dev/null +++ b/charts/node-specific-sizing/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "node-specific-sizing.fullname" . }}-test-connection" + labels: + {{- include "knss.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "knss.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/node-specific-sizing/values.yaml b/charts/node-specific-sizing/values.yaml new file mode 100644 index 0000000..7f18ede --- /dev/null +++ b/charts/node-specific-sizing/values.yaml @@ -0,0 +1,27 @@ + +global: + imageRegistry: docker.io + +image: + sha: "" + +annotations: {} + +rbac: + create: true + ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) + # useExistingRole: name-of-some-role + # useExistingClusterRole: name-of-some-clusterRole + extraClusterRoleRules: [] + # - apiGroups: [] + # resources: [] + # verbs: [] + +## Override the deployment namespace +## +namespaceOverride: "" + +serviceAccount: + autoMount: true + labels: {} + annotations: {} \ No newline at end of file diff --git a/deploy/certmanager.yaml b/deploy/certmanager.yaml index 4bf0bae..83089f4 100644 --- a/deploy/certmanager.yaml +++ b/deploy/certmanager.yaml @@ -80,4 +80,4 @@ spec: size: 2048 usages: - client auth - - server auth + - server auth \ No newline at end of file