From 2bccb0e8b86d42b613e1dc5546ac1f9173a00aae Mon Sep 17 00:00:00 2001 From: Lukasz Raczylo Date: Fri, 5 Jan 2024 11:40:27 +0000 Subject: [PATCH] Fix chart --- Makefile | 2 +- charts/jobs-manager-operator/Chart.yaml | 4 +- .../templates/deployment.yaml | 47 ++++--------------- .../templates/managedjob-crd.yaml | 32 ++++++++----- .../templates/serviceaccount.yaml | 11 +++++ charts/jobs-manager-operator/values.yaml | 23 ++++++++- 6 files changed, 66 insertions(+), 53 deletions(-) create mode 100644 charts/jobs-manager-operator/templates/serviceaccount.yaml diff --git a/Makefile b/Makefile index a0b41fd..38e3f38 100644 --- a/Makefile +++ b/Makefile @@ -163,7 +163,7 @@ $(ENVTEST): $(LOCALBIN) test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest helmify: - $(call go-get-tool,$(HELMIFY),github.com/arttor/helmify/cmd/helmify@v0.3.7) + $(call go-get-tool,$(HELMIFY),github.com/arttor/helmify/cmd/helmify@v0.4.10) helm: manifests kustomize helmify $(KUSTOMIZE) build config/default | $(HELMIFY) \ No newline at end of file diff --git a/charts/jobs-manager-operator/Chart.yaml b/charts/jobs-manager-operator/Chart.yaml index c1ec2a7..ad6851c 100644 --- a/charts/jobs-manager-operator/Chart.yaml +++ b/charts/jobs-manager-operator/Chart.yaml @@ -13,12 +13,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.30 +version: 0.0.32 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.0.30" +appVersion: "0.0.32" keywords: - operator - jobs diff --git a/charts/jobs-manager-operator/templates/deployment.yaml b/charts/jobs-manager-operator/templates/deployment.yaml index cc38f5e..b738097 100644 --- a/charts/jobs-manager-operator/templates/deployment.yaml +++ b/charts/jobs-manager-operator/templates/deployment.yaml @@ -1,13 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "chart.fullname" . }}-controller-manager - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: jobs-manager-operator - app.kubernetes.io/part-of: jobs-manager-operator - {{- include "chart.labels" . | nindent 4 }} ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -49,16 +39,11 @@ spec: values: - linux containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=0 + - args: {{- toYaml .Values.controllerManager.kubeRbacProxy.args | nindent 8 }} env: - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ .Values.kubernetesClusterDomain }} - image: {{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag - | default .Chart.AppVersion }} + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag | default .Chart.AppVersion }} name: kube-rbac-proxy ports: - containerPort: 8443 @@ -66,22 +51,15 @@ spec: protocol: TCP resources: {{- toYaml .Values.controllerManager.kubeRbacProxy.resources | nindent 10 }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect + securityContext: {{- toYaml .Values.controllerManager.kubeRbacProxy.containerSecurityContext + | nindent 10 }} + - args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }} command: - /manager env: - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ .Values.kubernetesClusterDomain }} - image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag - | default .Chart.AppVersion }} + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag | default .Chart.AppVersion }} livenessProbe: httpGet: path: /healthz @@ -95,13 +73,8 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 - resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 - }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 }} + securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext | nindent 10 }} securityContext: runAsNonRoot: true serviceAccountName: {{ include "chart.fullname" . }}-controller-manager diff --git a/charts/jobs-manager-operator/templates/managedjob-crd.yaml b/charts/jobs-manager-operator/templates/managedjob-crd.yaml index 0202f7f..083fce4 100644 --- a/charts/jobs-manager-operator/templates/managedjob-crd.yaml +++ b/charts/jobs-manager-operator/templates/managedjob-crd.yaml @@ -747,7 +747,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -962,7 +962,8 @@ spec: \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field - is immutable." + is immutable. It can only be + set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -1009,7 +1010,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2827,7 +2829,7 @@ spec: and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' + https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3042,7 +3044,8 @@ spec: \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field - is immutable." + is immutable. It can only be + set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -3089,7 +3092,8 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -4856,7 +4860,7 @@ spec: be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that - the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -5051,7 +5055,8 @@ spec: that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable." + feature gate. \n This field is immutable. + It can only be set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -5094,7 +5099,8 @@ spec: a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -6747,7 +6753,7 @@ spec: between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More - info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -6925,7 +6931,8 @@ spec: defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable." + feature gate. \n This field is immutable. + It can only be set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -6967,7 +6974,8 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: diff --git a/charts/jobs-manager-operator/templates/serviceaccount.yaml b/charts/jobs-manager-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..b733f79 --- /dev/null +++ b/charts/jobs-manager-operator/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.fullname" . }}-controller-manager + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: jobs-manager-operator + app.kubernetes.io/part-of: jobs-manager-operator + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }} \ No newline at end of file diff --git a/charts/jobs-manager-operator/values.yaml b/charts/jobs-manager-operator/values.yaml index c36a58c..245e279 100644 --- a/charts/jobs-manager-operator/values.yaml +++ b/charts/jobs-manager-operator/values.yaml @@ -1,5 +1,15 @@ controllerManager: kubeRbacProxy: + args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL image: repository: gcr.io/kubebuilder/kube-rbac-proxy tag: v0.13.1 @@ -11,9 +21,18 @@ controllerManager: cpu: 5m memory: 64Mi manager: + args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL image: repository: ghcr.io/lukaszraczylo/jobs-manager-operator - tag: latest + tag: 0.0.32 resources: limits: cpu: 500m @@ -22,6 +41,8 @@ controllerManager: cpu: 10m memory: 64Mi replicas: 1 + serviceAccount: + annotations: {} kubernetesClusterDomain: cluster.local metricsService: ports: