Skip to content

Commit

Permalink
Update keptn-lifecycle-operator Helm chart (#106)
Browse files Browse the repository at this point in the history 
Co-authored-by: mowies <[email protected]>
  • Loading branch information
@keptn-bot @mowies
keptn-bot and mowies authored Oct 31, 2023
1 parent 83423e3 commit 1686968
Show file tree
Hide file tree
Showing 29 changed files with 7,095 additions and 0 deletions.
23 changes: 23 additions & 0 deletions charts/keptn-lifecycle-operator/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
53 changes: 53 additions & 0 deletions charts/keptn-lifecycle-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
apiVersion: v2
name: keptn-lifecycle-operator
description: A Helm chart for Keptn Lifecycle Operator, a subproject of Keptn
icon: "https://raw.githubusercontent.com/cncf/artwork/master/projects/keptn/icon/color/keptn-icon-color.svg"
home: https://keptn.sh
sources:
- "https://github.com/keptn/lifecycle-toolkit"
keywords:
- cloud-native
- lifecycle
- lifecycle-management
- application-lifecycle
- application-lifecycle-management
- orchestration
- keptn
- operator
- pre-deployment
- post-deployment
annotations:
artifacthub.io/links: |
- name: support
url: https://github.com/keptn/lifecycle-toolkit/issues/new
- name: community
url: https://slack.keptn.sh/
artifacthub.io/license: "Apache-2.0"
artifacthub.io/operator: "true"
artifacthub.io/operatorCapabilities: "Full Lifecycle"

kubeVersion: ">= 1.24.0-0"
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v0.8.3" # x-release-please-version
dependencies:
- name: common
repository: "https://charts.lifecycle.keptn.sh"
version: 0.1.0
98 changes: 98 additions & 0 deletions charts/keptn-lifecycle-operator/README.md
View file

Large diffs are not rendered by default.

266 changes: 266 additions & 0 deletions charts/keptn-lifecycle-operator/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,266 @@
{{- if or (le .Capabilities.KubeVersion.Minor "26") (not .Values.schedulingGatesEnabled) }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: keptn-scheduler
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }}
{{- include "common.annotations" ( dict "context" . ) }}
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: lifecycle-operator
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }}
{{- include "common.annotations" ( dict "context" . ) }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: lifecycle-operator
namespace: {{ .Release.Namespace | quote }}
labels:
app.kubernetes.io/part-of: keptn-lifecycle-toolkit
control-plane: lifecycle-operator
keptn.sh/inject-cert: "true"
{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }}
{{- include "common.annotations" ( dict "context" . ) }}
spec:
replicas: {{ .Values.lifecycleOperator.replicas }}
selector:
matchLabels:
control-plane: lifecycle-operator
{{- include "common.selectorLabels" ( dict "context" . ) | nindent 6 }}
template:
metadata:
labels:
control-plane: lifecycle-operator
{{- include "common.selectorLabels" ( dict "context" . ) | nindent 8 }}
annotations:
kubectl.kubernetes.io/default-container: lifecycle-operator
metrics.dynatrace.com/port: "2222"
metrics.dynatrace.com/scrape: "true"
{{- if .Values.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
containers:
- args:
- --leader-elect
command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: FUNCTION_RUNNER_IMAGE
value: {{ .Values.lifecycleOperator.env.functionRunnerImage | quote }}
- name: PYTHON_RUNNER_IMAGE
value: {{ .Values.lifecycleOperator.env.pythonRunnerImage | quote }}
- name: OTEL_COLLECTOR_URL
value: {{ .Values.lifecycleOperator.env.otelCollectorUrl | quote }}
- name: KEPTN_APP_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnAppControllerLogLevel | quote
}}
- name: KEPTN_APP_CREATION_REQUEST_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnAppCreationRequestControllerLogLevel
| quote }}
- name: KEPTN_APP_VERSION_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnAppVersionControllerLogLevel
| quote }}
- name: KEPTN_EVALUATION_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnEvaluationControllerLogLevel
| quote }}
- name: KEPTN_TASK_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnTaskControllerLogLevel | quote
}}
- name: KEPTN_TASK_DEFINITION_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnTaskDefinitionControllerLogLevel
| quote }}
- name: KEPTN_WORKLOAD_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnWorkloadControllerLogLevel
| quote }}
- name: KEPTN_WORKLOAD_VERSION_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnWorkloadVersionControllerLogLevel
| quote }}
- name: KEPTN_WORKLOAD_INSTANCE_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.keptnWorkloadInstanceControllerLogLevel
| quote }}
- name: OPTIONS_CONTROLLER_LOG_LEVEL
value: {{ .Values.lifecycleOperator.env.optionsControllerLogLevel | quote
}}
- name: SCHEDULING_GATES_ENABLED
value: {{ .Values.schedulingGatesEnabled | quote
}}
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ .Values.kubernetesClusterDomain }}
image: {{ include "common.images.image" ( dict "imageRoot" .Values.lifecycleOperator.image "global" .Values.global ) }}
imagePullPolicy: {{ .Values.lifecycleOperator.imagePullPolicy }}
name: lifecycle-operator
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 2222
name: metrics
protocol: TCP
resources: {{- toYaml .Values.lifecycleOperator.resources | nindent 10 }}
securityContext:
allowPrivilegeEscalation: {{ .Values.lifecycleOperator.containerSecurityContext.allowPrivilegeEscalation
}}
capabilities: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.containerSecurityContext.capabilities
"context" $) | nindent 12 }}
privileged: {{ .Values.lifecycleOperator.containerSecurityContext.privileged
}}
runAsGroup: {{ .Values.lifecycleOperator.containerSecurityContext.runAsGroup
}}
runAsNonRoot: {{ .Values.lifecycleOperator.containerSecurityContext.runAsNonRoot
}}
runAsUser: {{ .Values.lifecycleOperator.containerSecurityContext.runAsUser
}}
seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.containerSecurityContext.seccompProfile
"context" $) | nindent 12 }}
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs/
name: certs-dir
- mountPath: /tmp/metrics-adapter/serving-certs
name: adapter-certs-dir
{{- if .Values.lifecycleOperator.livenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.livenessProbe "context" $) | nindent 10 }}
{{- else }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
{{- end }}
{{- if .Values.lifecycleOperator.readinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.readinessProbe "context" $) | nindent 10 }}
{{- else }}
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
{{- end }}
imagePullSecrets: {{- include "common.images.imagePullSecrets" . }}
securityContext:
runAsNonRoot: true
serviceAccountName: lifecycle-operator
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: certs-dir
- emptyDir: {}
name: adapter-certs-dir
{{- if .Values.lifecycleOperator.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.lifecycleOperator.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.lifecycleOperator.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.lifecycleOperator.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.tolerations "context" .) | nindent 8 }}
{{- end }}

{{- if or (le .Capabilities.KubeVersion.Minor "26") (not .Values.schedulingGatesEnabled) }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: scheduler
namespace: {{ .Release.Namespace | quote }}
labels:
component: scheduler
{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }}
{{- include "common.annotations" ( dict "context" . ) }}
spec:
replicas: {{ .Values.scheduler.replicas }}
selector:
matchLabels:
component: scheduler
{{- include "common.selectorLabels" ( dict "context" . ) | nindent 6 }}
template:
metadata:
labels:
component: scheduler
{{- include "common.selectorLabels" ( dict "context" . ) | nindent 8 }}
spec:
containers:
- command:
- /bin/kube-scheduler
- --config=/etc/kubernetes/scheduler-config.yaml
env:
- name: OTEL_COLLECTOR_URL
value: {{ .Values.scheduler.env.otelCollectorUrl | quote }}
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ .Values.kubernetesClusterDomain }}
image: {{ include "common.images.image" ( dict "imageRoot" .Values.scheduler.image "global" .Values.global ) }}
imagePullPolicy: {{ .Values.scheduler.imagePullPolicy }}
name: scheduler
resources: {{- toYaml .Values.scheduler.resources | nindent 10 }}
securityContext:
allowPrivilegeEscalation: {{ .Values.scheduler.containerSecurityContext.allowPrivilegeEscalation
}}
capabilities: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.containerSecurityContext.capabilities
"context" $) | nindent 12 }}
privileged: {{ .Values.scheduler.containerSecurityContext.privileged
}}
readOnlyRootFilesystem: {{ .Values.scheduler.containerSecurityContext.readOnlyRootFilesystem
}}
runAsNonRoot: {{ .Values.scheduler.containerSecurityContext.runAsNonRoot
}}
runAsUser: {{ .Values.scheduler.containerSecurityContext.runAsUser }}
seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.containerSecurityContext.seccompProfile
"context" $) | nindent 12 }}
volumeMounts:
- mountPath: /etc/kubernetes
name: scheduler-config
readOnly: true
{{- if .Values.scheduler.livenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.livenessProbe "context" $) | nindent 10 }}
{{- else }}
livenessProbe:
httpGet:
path: /healthz
port: 10259
scheme: HTTPS
initialDelaySeconds: 15
{{- end }}
{{- if .Values.scheduler.readinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.readinessProbe "context" $) | nindent 10 }}
{{- else }}
readinessProbe:
httpGet:
path: /healthz
port: 10259
scheme: HTTPS
{{- end }}
imagePullSecrets: {{- include "common.images.imagePullSecrets" . }}
serviceAccountName: keptn-scheduler
volumes:
- configMap:
name: scheduler-config
name: scheduler-config
{{- if .Values.scheduler.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.scheduler.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.scheduler.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.scheduler.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- end }}
18 changes: 18 additions & 0 deletions ...ts/keptn-lifecycle-operator/templates/extension-apiserver-authentication-reader-rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{{- if or (le .Capabilities.KubeVersion.Minor "26") (not .Values.schedulingGatesEnabled) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: extension-apiserver-authentication-reader
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }}
{{- include "common.annotations" ( dict "context" . ) }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: 'extension-apiserver-authentication-reader'
subjects:
- kind: ServiceAccount
name: 'keptn-scheduler'
namespace: '{{ .Release.Namespace }}'
{{- end }}
Loading

0 comments on commit 1686968

Please sign in to comment.