Allow disabling kruise-daemon-config namespace

versions/kruise/next/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: kruise
 description: Helm chart for kruise components
-version: 1.8.1
+version: 1.8.2
 appVersion: 1.8.0
 kubeVersion: ">= 1.18.0-0"
 icon: https://openkruise.io/img/openkruise-logo-bg.jpg

versions/kruise/next/templates/daemonset.yaml

@@ -0,0 +1,149 @@
+{{-  if not (contains "KruiseDaemon=false" .Values.featureGates) }}
+{{- if .Values.installation.daemonSet.createNamespace }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.installation.daemonSet.namespace }}
+{{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kruise-daemon
+{{- if .Values.serviceAccount.annotations }}
+  annotations:
+{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
+{{- end }}
+  namespace: {{ .Values.installation.namespace }}
+{{ ( include "serviceAccountDaemon" . ) }}
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kruise-daemon
+  namespace: {{ .Values.installation.namespace }}
+  labels:
+    control-plane: daemon
+spec:
+  selector:
+    matchLabels:
+      control-plane: daemon
+  minReadySeconds: 3
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 10%
+  template:
+    metadata:
+      labels:
+        control-plane: daemon
+    spec:
+{{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{- toYaml . | nindent 8 }}
+{{- end }}
+{{- if .Values.daemon.affinity }}
+      affinity:
+{{ toYaml .Values.daemon.affinity | indent 8 }}
+{{- end }}
+{{- if .Values.daemon.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.daemon.nodeSelector | indent 8 }}
+{{- end }}
+      containers:
+      - command:
+        - /kruise-daemon
+        args:
+        - --logtostderr=true
+        - --v=4
+        - --addr=:{{ .Values.daemon.port }}
+        - --feature-gates={{ .Values.featureGates }}
+        - --socket-file={{ .Values.daemon.socketFile }}
+{{- if not .Values.daemon.enablePprof }}
+        - --enable-pprof=false
+{{- else }}
+        - --enable-pprof=true
+        - --pprof-addr={{ .Values.daemon.pprofAddr }}
+{{- end }}
+{{- if .Values.daemon.credentialProvider.enable }}
+        - --plugin-config-file=/credential-provider-config/CredentialProviderPlugin.yaml
+        - --plugin-bin-dir=/credential-provider-plugin
+{{- end }}
+        image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
+        imagePullPolicy: Always
+        securityContext:
+          capabilities:
+            drop:
+              - all
+            add: [ 'NET_BIND_SERVICE' ]
+          allowPrivilegeEscalation: false
+        name: daemon
+        env:
+{{- if .Values.enableKubeCacheMutationDetector }}
+        - name: KUBE_CACHE_MUTATION_DETECTOR
+          value: "true"
+{{- end }}
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        {{- if .Values.daemon.extraEnvs }}
+        {{- toYaml .Values.daemon.extraEnvs | nindent 8 }}
+        {{- end }}
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /healthz
+            port: {{ .Values.daemon.port }}
+            scheme: HTTP
+          initialDelaySeconds: 60
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 1
+        resources:
+          {{- toYaml .Values.daemon.resources | nindent 12 }}
+        volumeMounts:
+        - mountPath: /hostvarrun
+          name: runtime-socket
+          readOnly: true
+{{- if .Values.daemon.credentialProvider.enable }}
+        - name: credential-provider-plugin-config
+          mountPath: /credential-provider-config
+          readOnly: true
+        - name: credential-provider-plugin
+          mountPath: /credential-provider-plugin
+          readOnly: true
+        {{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
+        - name: aws-credentials-dir
+          mountPath: /root/.aws
+          readOnly: true
+        {{- end }}
+{{- end }}
+      tolerations:
+      - operator: Exists
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      terminationGracePeriodSeconds: 10
+      serviceAccountName: kruise-daemon
+      volumes:
+      - hostPath:
+          path: {{ .Values.daemon.socketLocation }}
+          type: ""
+        name: runtime-socket
+{{- if .Values.daemon.credentialProvider.enable }}
+      - name: credential-provider-plugin-config
+        configMap:
+          name: {{ .Values.daemon.credentialProvider.configmap }}
+      - hostPath:
+          path: {{ .Values.daemon.credentialProvider.hostPath }}
+          type: ""
+        name: credential-provider-plugin
+      {{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
+      - hostPath:
+          path: {{ .Values.daemon.credentialProvider.awsCredentialsDir }}
+          type: ""
+        name: aws-credentials-dir
+      {{- end }}
+{{- end }}
+{{- end }}

versions/kruise/next/templates/manager.yaml

@@ -8,11 +8,6 @@ metadata:
 {{- end }}
 ---
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: kruise-daemon-config
----
-apiVersion: v1
 kind: Service
 metadata:
   name: kruise-webhook-service
@@ -160,146 +155,3 @@ metadata:
 {{- end }}
   namespace: {{ .Values.installation.namespace }}
 {{ ( include "serviceAccountManager" . ) }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kruise-daemon
-{{- if .Values.serviceAccount.annotations }}
-  annotations:
-{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
-{{- end }}
-  namespace: {{ .Values.installation.namespace }}
-{{ ( include "serviceAccountDaemon" . ) }}
----
-{{ if contains "KruiseDaemon=false" .Values.featureGates }}{{ else }}
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: kruise-daemon
-  namespace: {{ .Values.installation.namespace }}
-  labels:
-    control-plane: daemon
-spec:
-  selector:
-    matchLabels:
-      control-plane: daemon
-  minReadySeconds: 3
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 10%
-  template:
-    metadata:
-      labels:
-        control-plane: daemon
-    spec:
-{{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-{{- toYaml . | nindent 8 }}
-{{- end }}
-{{- if .Values.daemon.affinity }}
-      affinity:
-{{ toYaml .Values.daemon.affinity | indent 8 }}
-{{- end }}
-{{- if .Values.daemon.nodeSelector }}
-      nodeSelector:
-{{ toYaml .Values.daemon.nodeSelector | indent 8 }}
-{{- end }}
-      containers:
-      - command:
-        - /kruise-daemon
-        args:
-        - --logtostderr=true
-        - --v=4
-        - --addr=:{{ .Values.daemon.port }}
-        - --feature-gates={{ .Values.featureGates }}
-        - --socket-file={{ .Values.daemon.socketFile }}
-{{- if not .Values.daemon.enablePprof }}
-        - --enable-pprof=false
-{{- else }}
-        - --enable-pprof=true
-        - --pprof-addr={{ .Values.daemon.pprofAddr }}
-{{- end }}
-{{- if .Values.daemon.credentialProvider.enable }}
-        - --plugin-config-file=/credential-provider-config/CredentialProviderPlugin.yaml
-        - --plugin-bin-dir=/credential-provider-plugin
-{{- end }}
-        image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
-        imagePullPolicy: Always
-        securityContext:
-          capabilities:
-            drop:
-              - all
-            add: [ 'NET_BIND_SERVICE' ]
-          allowPrivilegeEscalation: false
-        name: daemon
-        env:
-{{- if .Values.enableKubeCacheMutationDetector }}
-        - name: KUBE_CACHE_MUTATION_DETECTOR
-          value: "true"
-{{- end }}
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: spec.nodeName
-        {{- if .Values.daemon.extraEnvs }}
-        {{- toYaml .Values.daemon.extraEnvs | nindent 8 }}
-        {{- end }}
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /healthz
-            port: {{ .Values.daemon.port }}
-            scheme: HTTP
-          initialDelaySeconds: 60
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 1
-        resources:
-          {{- toYaml .Values.daemon.resources | nindent 12 }}
-        volumeMounts:
-        - mountPath: /hostvarrun
-          name: runtime-socket
-          readOnly: true
-{{- if .Values.daemon.credentialProvider.enable }}
-        - name: credential-provider-plugin-config
-          mountPath: /credential-provider-config
-          readOnly: true
-        - name: credential-provider-plugin
-          mountPath: /credential-provider-plugin
-          readOnly: true
-        {{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
-        - name: aws-credentials-dir
-          mountPath: /root/.aws
-          readOnly: true
-        {{- end }}
-{{- end }}
-      tolerations:
-      - operator: Exists
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
-      terminationGracePeriodSeconds: 10
-      serviceAccountName: kruise-daemon
-      volumes:
-      - hostPath:
-          path: {{ .Values.daemon.socketLocation }}
-          type: ""
-        name: runtime-socket
-{{- if .Values.daemon.credentialProvider.enable }}
-      - name: credential-provider-plugin-config
-        configMap:
-          name: {{ .Values.daemon.credentialProvider.configmap }}
-      - hostPath:
-          path: {{ .Values.daemon.credentialProvider.hostPath }}
-          type: ""
-        name: credential-provider-plugin
-      {{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
-      - hostPath:
-          path: {{ .Values.daemon.credentialProvider.awsCredentialsDir }}
-          type: ""
-        name: aws-credentials-dir
-      {{- end }}
-{{- end }}
-{{- end }}

versions/kruise/next/templates/rbac_role.yaml

@@ -927,7 +927,7 @@ kind: Role
 metadata:
   creationTimestamp: null
   name: kruise-daemon-secret-role
-  namespace: kruise-daemon-config
+  namespace: {{ .Values.installation.daemonSet.namespace }}
 rules:
 - apiGroups:
   - ""
@@ -942,7 +942,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: kruise-daemon-secret-rolebinding
-  namespace: kruise-daemon-config
+  namespace: {{ .Values.installation.daemonSet.namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

versions/kruise/next/values.yaml

@@ -7,6 +7,9 @@ crds:
 installation:
   namespace: kruise-system
   createNamespace: true
+  daemonSet:
+    namespace: kruise-daemon-config
+    createNamespace: true
   roleListGroups:
     - '*'