helm chart stuff

Author: mark.lynch

.gitignore

@@ -20,3 +20,4 @@ build/_output
 bin/kustomize
 bin/node-specific-sizing
 deploy.yaml
+build.yaml

charts/node-specific-sizing/Chart.yaml

@@ -1,6 +1,13 @@
 apiVersion: v2
 name: node-specific-sizing
-description: A Helm chart for Kubernetes
+description: A Kubernetes controller that helps resize pods created by a DaemonSet depending on the amount of allocatable resources present on the node.
 type: application
 version: 0.1.0
-appVersion: "1.16.0"
+appVersion: "0.1.0"
+
+dependencies:
+  - name: cert-manager
+    repository: https://charts.jetstack.io
+    condition: certmanager.enabled
+    alias: certmanager
+    version: "v1.15.3"

charts/node-specific-sizing/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "node-specific-sizing.name" -}}
+{{- define "chart.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "node-specific-sizing.fullname" -}}
+{{- define "chart.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -23,19 +23,21 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "node-specific-sizing.chart" -}}
+{{- define "chart.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+
 {{/*
 Common labels
 */}}
-{{- define "node-specific-sizing.labels" -}}
-helm.sh/chart: {{ include "node-specific-sizing.chart" . }}
-{{ include "node-specific-sizing.selectorLabels" . }}
+{{- define "chart.labels" -}}
+helm.sh/chart: {{ include "chart.chart" . }}
+{{ include "chart.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +47,18 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "node-specific-sizing.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "node-specific-sizing.name" . }}
+{{- define "chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "chart.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: "node-specific-sizing"
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "node-specific-sizing.serviceAccountName" -}}
+{{- define "chart.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "node-specific-sizing.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
@@ -64,18 +67,10 @@ Create the name of the service account to use
 {{/*
 Allow the release namespace to be overridden for multi-namespace deployments in combined charts
 */}}
-{{- define "node-specific-sizing.namespace" -}}
+{{- define "chart.namespace" -}}
 {{- if .Values.namespaceOverride }}
 {{- .Values.namespaceOverride }}
 {{- else }}
 {{- .Release.Namespace }}
 {{- end }}
 {{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "node-specific-sizing.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "node-specific-sizing.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}

charts/node-specific-sizing/templates/_pod.tpl

@@ -1,14 +1,10 @@
-{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) (not .Values.rbac.useExistingClusterRole) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels: 
-    {{ - include "node-specific-sizing.labels" . | nindent 4 }}
-  {{- with .Values.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  name: {{ include "node-specific-sizing.fullname" . }}
+  name: {{ include "chart.fullname" . }}-role
+  labels:
+    app.kubernetes.io/component: rbac
+  {{- include "chart.labels" . | nindent 4 }}
 rules:
   - apiGroups:
       - ""
@@ -17,8 +13,4 @@ rules:
     verbs:
       - get
       - list
-      - watch
-    {{- with .Values.rbac.extraClusterRoleRules }}
-    {{- toYaml . | nindent 2 }}
-    {{- end}}
-{{- end }}
+      - watch

charts/node-specific-sizing/templates/clusterrole.yaml

@@ -1,24 +1,15 @@
-{{- if and .Values.rbac.create (or (not .Values.rbac.namespaced) .Values.rbac.extraClusterRoleRules) }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "node-specific-sizing.fullname" . }}
-  labels: 
-    {{ - include "node-specific-sizing.labels" . | nindent 4 }}
-  {{- with .Values.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
+  name: {{ include "chart.fullname" . }}-rolebinding
+  labels:
+    app.kubernetes.io/component: rbac
+  {{- include "chart.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  {{- if .Values.rbac.useExistingClusterRole }}
-  name: {{ .Values.rbac.useExistingClusterRole }}
-  {{- else }}
-  name: {{ include "node-specific-sizing.fullname" . }}
-  {{- end }}
+  name: {{ include "chart.name" . }}-role
 subjects:
 - kind: ServiceAccount
-  name: {{ include "node-specific-sizing.serviceAccountName" . }}
-  namespace: {{ include "node-specific-sizing.namespace" . }}
-{{- end }}
+  name: {{ include "chart.name" . }}
+  namespace: {{ include "chart.namespace" . }}

charts/node-specific-sizing/templates/clusterrolebinding.yaml

@@ -1,21 +1,43 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "node-specific-sizing.fullname" . }}
+  name: {{ include "chart.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "node-specific-sizing.labels" . | nindent 4 }}
-  {{- if .Values.deployment.annotations }}
-  annotations:
-    {{- toYaml .Values.deployment.annotations | nindent 4 }}
+    app.kubernetes.io/component: controller
+    {{- include "chart.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.deployment.replicas }}
+  replicas: {{ .Values.replicas }}
   selector:
     matchLabels:
-      app: {{- include "node-specific-sizing.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: controller
+      {{- include "chart.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
-        {{- include "node-specific-sizing.labels" . | nindent 4 }}
+        app.kubernetes.io/component: controller
+      {{- include "chart.selectorLabels" . | nindent 8 }}
     spec:
-      {{- include "node-specific-sizing.pod" . | nindent 6 }}
-        
+      serviceAccountName: {{ include "chart.serviceAccountName" . }}
+      terminationGracePeriodSeconds: 10
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+          imagePullPolicy:  {{ .Values.image.pullPolicy }}
+          resources: {{- toYaml .Values.resources | nindent 10 }}
+          env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          volumeMounts:
+            - mountPath: /tmp/k8s-webhook-server/serving-certs
+              name: node-specific-sizing-serving-cert
+              readOnly: true
+          securityContext:
+            runAsNonRoot: true
+      volumes:
+        - name: serving-certs
+          secret:
+            defaultMode: 420
+            secretName: {{ include "chart.fullname" . }}-server-cert

charts/node-specific-sizing/templates/deployment.yaml

@@ -1,11 +1,13 @@
-kind: MutatingWebhookConfiguration
 apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
 metadata:
-  name: {{ include "node-specific-sizing.fullname" . }}
+  name: {{ include "chart.fullname" . }}-mutating-webhook-configuration
   annotations:
-    cert-manager.io/inject-ca-from: kube-system/{{ include "node-specific-sizing.fullname" . }}
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "chart.fullname" . }}-serving-cert'
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
 webhooks:
-  - name: {{ include "node-specific-sizing.fullname" . }}.svc.cluster.local
+  - name: {{ include "chart.fullname" . }}.svc.cluster.local
     objectSelector:
       matchLabels:
         node-specific-sizing.manomano.tech/enabled: "true"
@@ -15,8 +17,8 @@ webhooks:
     timeoutSeconds: 1
     clientConfig:
       service:
-        namespace: kube-system
-        name: {{ include "node-specific-sizing.fullname" . }}
+        namespace: node-specific-sizing
+        name: {{ include "chart.fullname" . }}
         path: /mutate
     rules:
       - apiGroups: [""]

charts/node-specific-sizing/templates/mutatingadmissionwebhook.yaml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "chart.fullname" . }}-selfsigned-issuer
+  namespace: {{ .Release.Namespace }}
+  annotations:
+  {{- if .Values.certmanager.enabled }}
+    helm.sh/hook: post-install,post-upgrade
+  {{- else }}
+    helm.sh/hook: pre-install,pre-upgrade
+  {{- end }}
+    helm.sh/hook-weight: "1"
+  labels:
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  selfSigned: {}

charts/node-specific-sizing/templates/selfsigned-issuer.yaml

@@ -1,37 +1,17 @@
-{{- if .Values.service.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "node-specific-sizing.fullname" . }}
-  namespace: {{ include "node-specific-sizing.namespace" . }}
+  name: {{ include "chart.fullname" . }}-webhook-service
+  namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "node-specific-sizing.labels" . | nindent 4 }}
+    app.kubernetes.io/component: webhook
+  {{- include "chart.labels" . | nindent 4 }}
 spec:
-  {{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
   type: ClusterIP
-  {{- with .Values.service.clusterIP }}
-  clusterIP: {{ . }}
-  {{- end }}
-  {{- else if eq .Values.service.type "LoadBalancer" }}
-  type: LoadBalancer
-  {{- with .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ . }}
-  {{- end }}
-  {{- with .Values.service.loadBalancerClass }}
-  loadBalancerClass: {{ . }}
-  {{- end }}
-  {{- with .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  {{- else }}
-  type: {{ .Values.service.type }}
-  {{- end }}
+  selector:
+  {{- include "chart.selectorLabels" . | nindent 4 }}
   ports:
-    - port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
+    - port: {{ default "443" .Values.service.port }}
+      targetPort: {{ default "8443" .Values.service.targetPort }}
       protocol: TCP
-      name: {{ .Values.service.portName }}
-  selector:
-    {{- include "node-specific-sizing.selectorLabels" . | nindent 4 }}
-{{- end }}
+      name: {{default (include "chart.fullname" .) .Values.service.portName }}