add podDisruptionBudget and podSecurityContext

Signed-off-by: Paul Czarkowski <[email protected]>

Chart.yaml

@@ -10,7 +10,7 @@ icon: https://spring.io/img/homepage/icon-spring-boot.svg
 sources:
   - https://github.com/paulczar/helm-chart-spring
   - https://github.com/spring-projects/spring-petclinic
-version: 0.0.4
+version: 0.0.5
 maintainers:
   - name: paulczar
     email: [email protected]

README.md

@@ -52,8 +52,11 @@ helm install --name my-release -f values.yaml stable/spring
 | `tolerations` | List of node taints to tolerate | `[]` |
 | `nodeSelector` | Node labels for pod assignment | `{}` |
 | `podAnnotations` | Annotations to apploy to the pod | `{}` |
-| `spring.profile` | The spring profile to activate | `dev` |
+| `spring.profile` | The spring profile to activate | `nil` |
 | `spring.trustKubernetesCertificates` | ensure spring trusts kubernetes certs | `true` |
+| `spring.config.type` | type of spring config (currently only supports `file`) | `file` |
+| `spring.config.content` | YAML to be placed in `/config/application.yml` | `nil` |
+| `spring.config.secretName` | Name of a secret containing `secret.yml:` key to be placed in `/config/secret.yml` | `nil` |
 | `containerPort` | the port your application listens on | `8080` |
 | `extraEnv` | extra environment variables to pass to your application | `{}` |
 | `livenessProbe` | Values to enable livenessProbe suitable for your application | `{}` |

docs/repo/index.yaml

@@ -1,6 +1,26 @@
 apiVersion: v1
 entries:
   spring:
+  - apiVersion: v1
+    appVersion: 2.1.0.BUILD-SNAPSHOT
+    created: "2019-02-04T08:17:57.179861627-06:00"
+    description: Helm chart for deploying basic Spring applications
+    digest: af802ff906859755e4a4d2cc97b17c95f24a7fc44c57f9c96c1ba91612ec8f81
+    home: https://spring.io
+    icon: https://spring.io/img/homepage/icon-spring-boot.svg
+    keywords:
+    - spring
+    - spring-cloud
+    maintainers:
+    - email: [email protected]
+      name: paulczar
+    name: spring
+    sources:
+    - https://github.com/paulczar/helm-chart-spring
+    - https://github.com/spring-projects/spring-petclinic
+    urls:
+    - https://github.com/paulczar/helm-chart-spring/releases/download/0.0.5/spring-0.0.5.tgz
+    version: 0.0.5
   - apiVersion: v1
     appVersion: 2.1.0.BUILD-SNAPSHOT
     created: "2019-01-23T23:20:30.390118173-06:00"

templates/configmap-config.yaml

@@ -0,0 +1,15 @@
+{{- if and ( eq .Values.spring.config.type "file") (hasKey .Values.spring.config "content") }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "spring.fullname" . }}-app
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ include "spring.name" . }}
+    chart: {{ include "spring.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  application.yml:
+    {{ toYaml .Values.Spring.config.content | indent 4  }}
+{{- end }}

templates/deployment.yaml

@@ -23,21 +23,46 @@ spec:
         {{ toYaml .Values.podAnnotations | indent 8 }}
     spec:
       serviceAccountName: {{ template "spring.serviceAccountName" . }}
+      securityContext:
+        {{ toYaml .Values.securityContext | indent 8 }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
+            {{- if hasKey .Values.spring "profile" }}
             - name: SPRING_PROFILES_ACTIVE
               value: {{ .Values.spring.profile }}
+            {{- end }}
               {{- if .Values.spring.trustKubernetesCertificates }}
             - name: KUBERNETES_TRUST_CERTIFICATES
               value: "true"
               {{- end }}
+            {{- if and (eq .Values.spring.config.type "file") (hasKey .Values.spring.config "content") }}
+            - name: SPRING_CONFIG_LOCATION
+              value: "file:/config/application.yml"
+            {{- end }}
+            {{- if hasKey .Values.spring.config "secretName" }}
+            - name: SPRING_CONFIG_ADDITIONAL_LOCATION
+              value: "file:/config/secret.yml"
+            {{- end }}
             {{- range $key, $value := .Values.extraEnv }}
             - name: {{ $key }}
               value: {{ $value | quote }}
             {{- end }}
+          volumeMounts:
+            - name: data
+              mountPath: /data
+            {{- if and (eq .Values.spring.config.type "file") (hasKey .Values.spring.config "contents") }}
+            - name: config-file
+              mountPath: /config/application.yml
+              subPath: application.yml
+            {{- end }}
+            {{- if hasKey .Values.spring.config "secretName" }}
+            - name: secret-file
+              mountPath: /config/secret.yml
+              subPath: secret.yml
+            {{- end }}
           ports:
             - name: http
               containerPort: {{ .Values.containerPort }}
@@ -64,3 +89,16 @@ spec:
       tolerations:
 {{ toYaml . | indent 8 }}
     {{- end }}
+      volumes:
+        - name: data
+          emptyDir: {}
+      {{- if and (eq .Values.spring.config.type "file") (hasKey .Values.spring.config "contents") }}
+        - name: config-file
+          configMap:
+            name: {{ include "spring.fullname" . }}-config
+      {{- end }}
+      {{- if hasKey .Values.spring.config "secretName" }}
+        - name: secret-file
+          secret:
+            secretName: {{ .Values.spring.config.secretName }}
+      {{- end }}

templates/poddisruptionbudget.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "spring.controller.fullname" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    app: {{ template "spring.name" . }}
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "spring.name" . }}
+      heritage: "{{ .Release.Service }}"
+      release: "{{ .Release.Name }}"
+      chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}

values.yaml

@@ -24,8 +24,24 @@ podAnnotations: {}
 #  prometheus.io/path: "/actuator/prometheus"
 
 spring:
-  profile: dev
+  ## Uncomment if you want to activate a specfic spring profile
+  # profile: kubernetes
+  ## Ensures that Spring trusts Kubernetes certificate for use with
+  ## service discovery, configuration, etc.
   trustKubernetesCertificates: true
+  ## customized parameters/config for your spring app.
+  ## by default will be rendered to `/config/application.yml`
+  config:
+    ## Currently only supports file
+    type: file
+    ## Contents of config in YAML
+    # contents:
+    #   spring:
+    #     database:
+    ## An optional secret that contains a base64 encoded YAML file to be loaded in
+    ## for passwords and other secrets, by default `/config/secret.yml`
+    ## this secret must only have a single key of `secret.yml: |-`.
+    # secretName: configSecret
 
 ## The list of ports that your app listens on
 containerPort: 8080
@@ -38,6 +54,10 @@ extraEnv: {}
   # DATABASE_USERNAME: spring
   # DATABASE_PASSWORD: spring
 
+securityContext: {}
+  # runAsUser: 1000
+  # fsGroup: 1000
+
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
@@ -114,3 +134,7 @@ ingress:
   #   - secretName: spring-tls
   #     hosts:
   #       - spring.example.io
+
+podDisruptionBudget:
+  enabled: false
+  minAvailable: 1