diff --git a/charts/metadata-reflector/Chart.yaml b/charts/metadata-reflector/Chart.yaml new file mode 100644 index 0000000..d3cd524 --- /dev/null +++ b/charts/metadata-reflector/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +description: Metadata Reflector +name: metadata-reflector +version: 0.1.0 +appVersion: 0.1.0 +sources: + - https://github.com/NCCloud/metadata-reflector +maintainers: + - name: BonySmoke + email: oleg.neychev@namecheap.com diff --git a/charts/metadata-reflector/README.md b/charts/metadata-reflector/README.md new file mode 100644 index 0000000..2ff5263 --- /dev/null +++ b/charts/metadata-reflector/README.md @@ -0,0 +1,64 @@ +# metadata-reflector + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) + +Metadata Reflector + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| BonySmoke | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| annotations | object | `{}` | | +| configuration.backgroundReflectionInterval | string | `"5m"` | The frequency of the background reconciliation. Set to 0 to disable | +| configuration.gomaxprocsOverride | string | `""` | The value for GOMAXPROCS. By default, the CPU limit of the deployment. See https://pkg.go.dev/runtime#hdr-Environment_Variables | +| configuration.gomemlimitOverride | string | `""` | The value for GOMEMLIMIT. By default, the memory limit of the deployment. See https://pkg.go.dev/runtime#hdr-Environment_Variables | +| configuration.namespaces | list | `[]` | A list of namespaces to watch | +| configuration.resourceSelector | object | `{}` | Configure what resources will be watched by the controller. An example can be seen in `values.yaml`. At the moment, only Deployment is supported | +| extraEnvs | list | `[]` | Extra environment variables to be passed to the controller deployment | +| fullnameOverride | string | `"metadata-reflector"` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"ghcr.io/nccloud/metadata-reflector"` | | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| livenessProbe.failureThreshold | int | `3` | | +| livenessProbe.httpGet.path | string | `"/healthz"` | | +| livenessProbe.httpGet.port | int | `8083` | | +| livenessProbe.httpGet.scheme | string | `"HTTP"` | | +| livenessProbe.initialDelaySeconds | int | `15` | | +| livenessProbe.periodSeconds | int | `10` | | +| livenessProbe.successThreshold | int | `1` | | +| livenessProbe.timeoutSeconds | int | `1` | | +| metrics.port | int | `9090` | The port to expose Prometheus metrics on | +| metrics.serviceMonitor | object | `{"annotations":{},"enabled":false,"path":"/metrics","scrapeInterval":"1m","scrapeTimeout":"10s"}` | Service Monitor configuration. Enable if Prometheus is installed in your cluster | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| readinessProbe.failureThreshold | int | `3` | | +| readinessProbe.httpGet.path | string | `"/readyz"` | | +| readinessProbe.httpGet.port | int | `8083` | | +| readinessProbe.httpGet.scheme | string | `"HTTP"` | | +| readinessProbe.initialDelaySeconds | int | `5` | | +| readinessProbe.periodSeconds | int | `10` | | +| readinessProbe.successThreshold | int | `1` | | +| readinessProbe.timeoutSeconds | int | `1` | | +| replicaCount | int | `1` | The number of controller replicas to run. Leader election is enabled for 2 and more replicas | +| resources.limits.memory | string | `"512Mi"` | | +| resources.requests.cpu | string | `"50m"` | | +| resources.requests.memory | string | `"128Mi"` | | +| securityContext.runAsNonRoot | bool | `true` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automount | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `"metadata-reflector"` | The name of the service account to use. | +| tolerations | list | `[]` | | + diff --git a/charts/metadata-reflector/templates/_helpers.tpl b/charts/metadata-reflector/templates/_helpers.tpl new file mode 100644 index 0000000..cf01182 --- /dev/null +++ b/charts/metadata-reflector/templates/_helpers.tpl @@ -0,0 +1,85 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "metadata-reflector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "metadata-reflector.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "metadata-reflector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "metadata-reflector.labels" -}} +helm.sh/chart: {{ include "metadata-reflector.chart" . }} +{{ include "metadata-reflector.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "metadata-reflector.selectorLabels" -}} +app.kubernetes.io/name: {{ include "metadata-reflector.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "metadata-reflector.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "metadata-reflector.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + + +{{/* +Template env variables for resource selection +*/}} +{{- define "resourceSelectorEnvVariables" -}} +{{- range $resourceSelector := .Values.configuration.resourceSelector -}} +{{- $selectors := list -}} +{{- range $resourceSelector.matchExpressions -}} +{{- $selector := "" -}} +{{- if has .operator (list "In" "NotIn") -}} +{{- $selector = printf "%s %s (%s)" .key (.operator | lower) (join "," .values) -}} +{{- else if eq .operator "Exists" -}} +{{- $selector = printf "%s" .key -}} +{{- else -}} +{{- $selector = printf "!%s" .key -}} +{{- end -}} +{{- $selectors = append $selectors $selector -}} +{{- end }} +- name: "{{ $resourceSelector.kind | upper }}_SELECTOR" + value: "{{ join "," $selectors }}" +{{- end -}} +{{- end -}} diff --git a/charts/metadata-reflector/templates/clusterrole.yaml b/charts/metadata-reflector/templates/clusterrole.yaml new file mode 100644 index 0000000..ec8f1ce --- /dev/null +++ b/charts/metadata-reflector/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +{{ if .Values.serviceAccount.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "metadata-reflector.serviceAccountName" . }} + labels: + {{- include "metadata-reflector.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: + - pods + verbs: + - get + - list + - watch + - patch + - update + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +{{ end }} diff --git a/charts/metadata-reflector/templates/clusterrolebinding.yaml b/charts/metadata-reflector/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..1281e6a --- /dev/null +++ b/charts/metadata-reflector/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "metadata-reflector.serviceAccountName" . }} + labels: + {{- include "metadata-reflector.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "metadata-reflector.serviceAccountName" . }} +subjects: + - kind: ServiceAccount + name: {{ include "metadata-reflector.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/metadata-reflector/templates/deployment.yaml b/charts/metadata-reflector/templates/deployment.yaml new file mode 100644 index 0000000..f484fad --- /dev/null +++ b/charts/metadata-reflector/templates/deployment.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "metadata-reflector.fullname" . }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "metadata-reflector.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount | default 1 }} + selector: + matchLabels: + {{- include "metadata-reflector.selectorLabels" . | nindent 6 }} + {{ if .Values.updateStrategy -}} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + {{ end -}} + template: + metadata: + labels: + {{- include "metadata-reflector.labels" . | nindent 8 }} + spec: + serviceAccountName: {{ include "metadata-reflector.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + containers: + - name: metadata-reflector + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.port }} + protocol: TCP + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: BACKGROUND_REFLECTION_INTERVAL + value: "{{ .Values.configuration.backgroundReflectionInterval }}" + - name: PROMETHEUS_METRICS_PORT + value: "{{ .Values.metrics.port }}" + - name: NAMESPACES + value: "{{ join "," .Values.configuration.namespaces }}" + {{- if gt .Values.replicaCount 1.0 }} + - name: ENABLE_LEADER_ELECTION + value: "true" + {{- end }} + - name: GOMAXPROCS + {{- if .Values.configuration.gomaxprocsOverride }} + value: {{ .Values.configuration.gomaxprocsOverride | quote }} + {{- else }} + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: '1' + {{- end }} + - name: GOMEMLIMIT + {{- if .Values.configuration.gomemlimitOverride }} + value: {{ .Values.configuration.gomemlimitOverride | quote }} + {{- else }} + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: '1' + {{- end }} + {{- include "resourceSelectorEnvVariables" . | trim | nindent 10 }} + {{- if .Values.extraEnvs }} + {{- toYaml .Values.extraEnvs | nindent 10 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/metadata-reflector/templates/service.yaml b/charts/metadata-reflector/templates/service.yaml new file mode 100644 index 0000000..98e55e4 --- /dev/null +++ b/charts/metadata-reflector/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "metadata-reflector.serviceAccountName" . }} + labels: + {{- include "metadata-reflector.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.metrics.port }} + targetPort: metrics + protocol: TCP + name: metrics + selector: + {{- include "metadata-reflector.selectorLabels" . | nindent 4 }} diff --git a/charts/metadata-reflector/templates/serviceaccount.yaml b/charts/metadata-reflector/templates/serviceaccount.yaml new file mode 100644 index 0000000..53cf8f6 --- /dev/null +++ b/charts/metadata-reflector/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Release.Namespace }} + name: {{ include "metadata-reflector.serviceAccountName" . }} + labels: + {{- include "metadata-reflector.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/metadata-reflector/templates/servicemonitor.yaml b/charts/metadata-reflector/templates/servicemonitor.yaml new file mode 100644 index 0000000..5bd0b45 --- /dev/null +++ b/charts/metadata-reflector/templates/servicemonitor.yaml @@ -0,0 +1,24 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "metadata-reflector.fullname" . }} + labels: + {{- include "metadata-reflector.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "metadata-reflector.selectorLabels" . | nindent 6 }} + endpoints: + - port: "metrics" + path: {{ .Values.metrics.serviceMonitor.path }} + interval: {{ .Values.metrics.serviceMonitor.scrapeInterval }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} +{{- end }} diff --git a/charts/metadata-reflector/values.yaml b/charts/metadata-reflector/values.yaml new file mode 100644 index 0000000..2b9e016 --- /dev/null +++ b/charts/metadata-reflector/values.yaml @@ -0,0 +1,102 @@ +# Default values for metadata-reflector. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- The number of controller replicas to run. Leader election is enabled for 2 and more replicas +replicaCount: 1 + +image: + repository: ghcr.io/nccloud/metadata-reflector + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. + tag: "" + +nameOverride: "" +fullnameOverride: "metadata-reflector" +annotations: {} + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + name: "metadata-reflector" + +securityContext: + runAsNonRoot: true + +service: + type: ClusterIP + +livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8083 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + +readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 8083 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + +resources: + limits: + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi + +metrics: + # -- The port to expose Prometheus metrics on + port: 9090 + # -- Service Monitor configuration. Enable if Prometheus is installed in your cluster + serviceMonitor: + path: "/metrics" + enabled: false + annotations: {} + scrapeInterval: 1m + scrapeTimeout: 10s + +configuration: + # -- The frequency of the background reconciliation. Set to 0 to disable + backgroundReflectionInterval: 5m + # -- Configure what resources will be watched by the controller. An example can be seen in `values.yaml`. + # At the moment, only Deployment is supported + resourceSelector: {} + # - kind: Deployment + # matchExpressions: + # - key: app + # operator: In + # values: ["hello", "world"] + # -- A list of namespaces to watch + namespaces: [] + + # -- The value for GOMAXPROCS. By default, the CPU limit of the deployment. + # See https://pkg.go.dev/runtime#hdr-Environment_Variables + gomaxprocsOverride: "" + # -- The value for GOMEMLIMIT. By default, the memory limit of the deployment. + # See https://pkg.go.dev/runtime#hdr-Environment_Variables + gomemlimitOverride: "" + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# -- Extra environment variables to be passed to the controller deployment +extraEnvs: []