Skip to content

Commit

Permalink
feat: add scheduling values (#396)
Browse files Browse the repository at this point in the history
* chore(makefile): improve helm-testing makes

Signed-off-by: Oliver Bähler <[email protected]>

* feat(helm): add scheduling values

Signed-off-by: Oliver Bähler <[email protected]>

---------

Signed-off-by: Oliver Bähler <[email protected]>
  • Loading branch information
oliverbaehler authored Feb 20, 2024
1 parent c17230b commit 87d3128
Show file tree
Hide file tree
Showing 6 changed files with 198 additions and 121 deletions.
13 changes: 7 additions & 6 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -103,17 +103,18 @@ helm-docs: docker
helm-lint: docker
@docker run -v "$(SRC_ROOT):/workdir" --entrypoint /bin/sh quay.io/helmpack/chart-testing:v3.3.1 -c "cd /workdir; ct lint --config .github/configs/ct.yaml --lint-conf .github/configs/lintconf.yaml --all --debug"

helm-test: helm-controller-version kind ct ko-build-all
@kind create cluster --wait=60s --name capsule-charts
@kind load docker-image --name capsule-charts $(CAPSULE_PROXY_IMG):$(VERSION)
@kubectl create ns capsule-system
@make helm-install
helm-test: helm-controller-version kind ct ko-build-all helm-create helm-install helm-destroy

helm-install:
@kubectl apply --server-side=true -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
@make install-capsule
@kubectl apply --server-side=true -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml
@ct install --config $(SRC_ROOT)/.github/configs/ct.yaml --namespace=capsule-system --all --debug
@$(CT) install --config $(SRC_ROOT)/.github/configs/ct.yaml --namespace=capsule-system --all --debug

helm-create:
@kind create cluster --wait=60s --name capsule-charts
@kind load docker-image --name capsule-charts $(CAPSULE_PROXY_IMG):$(VERSION)
@kubectl create ns capsule-system

helm-destroy:
@kind delete cluster --name capsule-charts
Expand Down
8 changes: 8 additions & 0 deletions charts/capsule-proxy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ If you only need to make minor customizations, you can specify them on the comma
|-----|------|---------|-------------|
| affinity | object | `{}` | Set affinity rules for the capsule-proxy pod. |
| certManager.certificate.dnsNames | list | `[]` | Additional DNS Names to include in certificate |
| certManager.certificate.includeInternalServiceNames | bool | `true` | Include internal service names in certificate (disable if you create a public cert) |
| certManager.certificate.ipAddresses | list | `[]` | Additional IP Addresses to include in certificate |
| certManager.certificate.uris | list | `[]` | Additional URIs to include in certificate |
| certManager.externalCA.enabled | bool | `false` | Set if want cert manager to sign certificates with an external CA |
Expand All @@ -71,18 +72,25 @@ If you only need to make minor customizations, you can specify them on the comma
| certManager.issuer.name | string | `""` | Set the name of the ClusterIssuer if issuer kind is ClusterIssuer and if cert manager will generate CA signed SSL certificates |
| daemonset.hostNetwork | bool | `false` | Use the host network namespace for capsule-proxy pod. |
| daemonset.hostPort | bool | `false` | Binding the capsule-proxy listening port to the host port. |
| hostNetwork | bool | `false` | When deployed as DaemonSet use |
| image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. |
| image.registry | string | `"ghcr.io"` | Set the image registry for capsule-proxy |
| image.repository | string | `"projectcapsule/capsule-proxy"` | Set the image repository for capsule-proxy. |
| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
| imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. |
| jobs.affinity | object | `{}` | Set affinity rules |
| jobs.annotations | object | `{}` | Annotations to add to the certgen job. |
| jobs.certs.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy of the post install certgen job |
| jobs.certs.registry | string | `"docker.io"` | Set the image repository of the post install certgen job |
| jobs.certs.repository | string | `"jettech/kube-webhook-certgen"` | Set the image repository of the post install certgen job |
| jobs.certs.tag | string | `"v1.3.0"` | Set the image tag of the post install certgen job |
| jobs.nodeSelector | object | `{}` | Set the node selector |
| jobs.podSecurityContext | object | `{"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the job pods. |
| jobs.priorityClassName | string | `""` | Set a pod priorityClassName |
| jobs.restartPolicy | string | `"Never"` | Set the restartPolicy |
| jobs.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1002,"runAsNonRoot":true,"runAsUser":1002}` | Security context for the job containers. |
| jobs.tolerations | list | `[]` | Set list of tolerations |
| jobs.topologySpreadConstraints | list | `[]` | Set Topology Spread Constraints |
| jobs.ttlSecondsAfterFinished | int | `60` | Sets the ttl in seconds after a finished certgen job is deleted. Set to -1 to never delete. |
| kind | string | `"Deployment"` | Set the deployment mode of the capsule-proxy as `Deployment` or `DaemonSet`. |
| nodeSelector | object | `{}` | Set the node selector for the capsule-proxy pod. |
Expand Down
36 changes: 36 additions & 0 deletions charts/capsule-proxy/ci/ds-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,16 @@ tolerations:
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/master
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: another-node-label-key
operator: In
values:
- another-node-label-value
# Ingress
ingress:
enabled: true
Expand All @@ -59,3 +69,29 @@ ingress:
# ServiceMonitor
serviceMonitor:
enabled: true
jobs:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: another-node-label-key
operator: In
values:
- another-node-label-value
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app.kubernetes.io/name: capsule-proxy
priorityClassName: "system-node-critical"
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/master
21 changes: 20 additions & 1 deletion charts/capsule-proxy/templates/certgen-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,30 @@ spec:
labels:
{{- include "capsule-proxy.selectorLabels" . | nindent 8 }}
spec:
restartPolicy: Never
restartPolicy: {{ $.Values.jobs.restartPolicy }}
{{- with $.Values.jobs.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jobs.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jobs.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jobs.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jobs.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.jobs.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
containers:
- name: post-install-job
image: {{ include "capsule.jobs.certsFullyQualifiedDockerImage" $ }}
Expand Down
2 changes: 2 additions & 0 deletions charts/capsule-proxy/templates/certmanager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,10 @@ spec:
{{- range $dns := .Values.certManager.certificate.dnsNames }}
- {{ $dns }}
{{- end }}
{{- if $.Values.certManager.certificate.includeInternalServiceNames }}
- {{ include "capsule-proxy.fullname" . }}
- {{ include "capsule-proxy.fullname" . }}.{{ .Release.Namespace }}.svc
{{- end }}
{{- with .Values.certManager.certificate.ipAddresses }}
ipAddresses:
{{- range $ip := . }}
Expand Down
Loading

0 comments on commit 87d3128

Please sign in to comment.