Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add extraPodSpec to allow customizing Pods #205

Merged
merged 1 commit into from
Apr 27, 2024
Merged

Add extraPodSpec to allow customizing Pods #205

merged 1 commit into from
Apr 27, 2024

Conversation

josephshanak
Copy link
Contributor

Not sure how this is normally tested, so here are examples of the template output.

Fixes #204.

$ helm template  charts/minecraft  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' | grep 'test-priority-class' -C 10
            drop:
            - ALL
          readOnlyRootFilesystem: true
      volumes:
      - name: tmp
        emptyDir: {}
      - name: datadir
        emptyDir: {}
      - name: backupdir
        emptyDir: {}
      priorityClassName: test-priority-class

$ helm template  charts/minecraft-bedrock  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' | grep 'test-priority-class' -C 10
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
      volumes:
      - name: tmp
        emptyDir: {}
      - name: datadir
        emptyDir: {}
      priorityClassName: test-priority-class

$ helm template  charts/mc-router  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' | grep 'test-priority-class' -C 70
        app.kubernetes.io/name: mc-router
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/version: "1.20.0"
        app.kubernetes.io/managed-by: Helm
    spec:
      serviceAccountName: release-name-mc-router
      securityContext:
        {}
      containers:
        - name: mc-router
          securityContext:
            {}
          image: "itzg/mc-router:1.20.0"
          imagePullPolicy: IfNotPresent
          env:
            - name: IN_KUBE_CLUSTER
              value: "true"
            - name: API_BINDING
              value: ":8080"
            - name: PORT
              value: "25565"
            - name: AUTO_SCALE_UP
              value: "false"
            - name: CONNECTION_RATE_LIMIT
              value: "1"
            - name: DEBUG
              value: "false"
            - name: METRICS_BACKEND
              value: "discard"
            - name: SIMPLIFY_SRV
              value: "false"
            - name: USE_PROXY_PROTOCOL
              value: "false"
            - name: VERSION
              value: "false"
          ports:
            - name: api
              containerPort: 8080
              protocol: TCP
            - name: minecraft
              containerPort: 25565
              protocol: TCP
          livenessProbe:
            initialDelaySeconds: 30
            failureThreshold: 20
            httpGet:
              path: /routes
              httpHeaders:
                - name: Accept
                  value: application/json
              port: 8080
          readinessProbe:
            initialDelaySeconds: 30
            failureThreshold: 20
            httpGet:
              path: /routes
              httpHeaders:
                - name: Accept
                  value: application/json
              port: 8080
          startupProbe:
            failureThreshold: 30
            httpGet:
              path: /routes
              httpHeaders:
                - name: Accept
                  value: application/json
              port: 8080
          resources:
            {}
      priorityClassName: test-priority-class

$ helm template  charts/minecraft-proxy  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' | grep 'test-priority-class' -C 10
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
      volumes:
      - name: tmp
        emptyDir: {}
      - name: datadir
        emptyDir: {}
      priorityClassName: test-priority-class

helm template  charts/rcon-web-admin  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' --set 'rconWeb.password=testpass' --set 'service.type=LoadBalancer' | grep 'test-priority-class' -C90
        fsGroup: 2000
        runAsGroup: 3000
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault
      volumes:
        - name: db
          emptyDir: {}
      containers:
        - name: rcon-web-admin
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          image: "docker.io/itzg/rcon:0.14.1-1"
          imagePullPolicy: Always
          env:
            - name: RWA_USERNAME
              value: "admin"
            - name: RWA_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: release-name-rcon-web-admin
                  key: password
            - name: RWA_ADMIN
              value: "FALSE"
            - name: RWA_RCON_HOST
              value: "127.0.0.1"
            - name: RWA_RCON_PORT
              value: "25575"
            - name: RWA_GAME
              value: "minecraft"
            - name: RWA_SERVER_NAME
              value: "minecraft"
            - name: RWA_RCON_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: release-name-rcon-web-admin
                  key: rcon-password
            - name: RWA_RESTRICT_COMMANDS
              value: ""
            - name: RWA_RESTRICT_WIDGETS
              value: ""
            - name: RWA_READ_ONLY_WIDGET_OPTIONS
              value: "FALSE"
            - name: RWA_WEB_RCON
              value: "FALSE"
          command:
            - '/bin/sh'
            - '-c'
            - |-
              # Installing jq to parse k8s response
              export DEBIAN_FRONTEND=noninteractive
              apt-get -qq update >/dev/null && apt-get -qq install -y jq > /dev/null
              # Configuring k8s API auth
              APISERVER=https://kubernetes.default.svc
              SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
              NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
              TOKEN=$(cat ${SERVICEACCOUNT}/token)
              CACERT=${SERVICEACCOUNT}/ca.crt
              # Querying for websocket service
              WS_SERVICE="$(curl --silent --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/default/services/release-name-rcon-web-admin)"
              WS_IP="$(echo "$WS_SERVICE" | jq -r .status.loadBalancer.ingress[0].ip)"
              WS_PORT="4327"
              export RWA_WEBSOCKET_URL="ws://$WS_IP:$WS_PORT"
              export RWA_WEBSOCKET_URL_SSL="wss://$WS_IP:$WS_PORT"
              /usr/local/bin/node src/main.js start
          ports:
            - name: http
              containerPort: 4326
              protocol: TCP
            - name: ws
              containerPort: 4327
              protocol: TCP
          volumeMounts:
            - name: db
              mountPath: /opt/rcon-web-admin/db
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {}
      priorityClassName: test-priority-class

@josephshanak
Copy link
Contributor Author

Seems like the lint-test check is failing because it couldn't get an IP for the rcon-web-admin service:

5m          Warning   AllocationFailed    service/rcon-web-admin-oyjfjwelyw                                                   metallb-controller                     Failed to allocate IP for "rcon-web-admin-oyjfjwelyw/rcon-web-admin-oyjfjwelyw": no available IPs                           5m           1       rcon-web-admin-oyjfjwelyw.17ca351cea9ab8ff

Perhaps re-running will fix?

@itzg
Copy link
Owner

itzg commented Apr 27, 2024

I kicked off a re-run, but that rcon web admin is pretty flaky. Might just need to revert the change for that chart.

itzg
itzg previously approved these changes Apr 27, 2024
View reviewed changes
Copy link
Owner

@itzg itzg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this!

@josephshanak
Copy link
Contributor Author

I kicked off a re-run, but that rcon web admin is pretty flaky. Might just need to revert the change for that chart.

Reverted.

@itzg itzg merged commit ef6b865 into itzg:master Apr 27, 2024
1 check passed
@josephshanak josephshanak deleted the extraPodSpec branch August 18, 2024 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@itzg itzg itzg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow setting priorityClassName
2 participants
@josephshanak @itzg