Skip to content

Commit

Permalink
Update cluster-auth charts (#17)
Browse files Browse the repository at this point in the history 
Signed-off-by: Rokibul Hasan <[email protected]>
  • Loading branch information
@RokibulHasan7
RokibulHasan7 authored Jun 5, 2024
1 parent cd9fa60 commit f79a3d7
Show file tree
Hide file tree
Showing 7 changed files with 43 additions and 11 deletions.
10 changes: 6 additions & 4 deletions apis/installer/v1alpha1/cluster_auth_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,12 @@ type ClusterAuthSpec struct {
// PodSecurityContext holds pod-level security attributes and common container settings.
// Optional: Defaults to empty. See type description for default values of each field.
// +optional
PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
Monitoring Monitoring `json:"monitoring"`
ApiServer ApiServerSpec `json:"apiServer"`
PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
Monitoring Monitoring `json:"monitoring"`
ApiServer ApiServerSpec `json:"apiServer"`
HubKubeconfigSecretName string `json:"hubKubeconfigSecretName"`
ClusterName string `json:"clusterName"`
}

type ImageRef struct {
Expand Down
2 changes: 2 additions & 0 deletions charts/cluster-auth/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ The following table lists the configurable parameters of the `cluster-auth-agent
| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | <code>prometheus.io/operator</code> |
| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | <code>{}</code> |
| apiServer.healthcheck.enabled | | <code>false</code> |
| hubKubeconfigSecretName | Name of OCM Hub Kubeconfig secret | <code>""</code> |
| clusterName | We need to pass the cluster name because the OCM-MC host cluster doesn't have Klusterlet object. | <code>""</code> |


Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
Expand Down
6 changes: 0 additions & 6 deletions charts/cluster-auth/templates/cluster-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,3 @@ rules:
- roles
- rolebindings
verbs: ["*"]
# ocm cluster name detection
- apiGroups:
- operator.open-cluster-management.io
resources:
- klusterlets
verbs: ["get", "list", "watch"]
20 changes: 19 additions & 1 deletion charts/cluster-auth/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "cluster-auth.fullname" . }}
name: cluster-auth-agent
namespace: {{ .Release.Namespace }}
labels:
{{- include "cluster-auth.labels" . | nindent 4 }}
Expand Down Expand Up @@ -37,6 +37,12 @@ spec:
args:
- agent
- --v={{ .Values.logLevel }}
{{- if .Values.hubKubeconfigSecretName }}
- --hub-kubeconfig=/var/run/secrets/ocm/auth/kubeconfig
{{- end }}
{{- if .Values.clusterName }}
- --cluster-name={{ .Values.clusterName }}
{{- end }}
ports:
- containerPort: 8080
env:
Expand Down Expand Up @@ -64,6 +70,18 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.image.resources | nindent 10 }}
volumeMounts:
{{- if .Values.hubKubeconfigSecretName }}
- mountPath: /var/run/secrets/ocm/auth
name: ocm-auth
{{- end }}
volumes:
{{- if .Values.hubKubeconfigSecretName }}
- name: ocm-auth
secret:
defaultMode: 420
secretName: {{ .Values.hubKubeconfigSecretName }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if or .Values.tolerations $criticalAddon }}
Expand Down
4 changes: 4 additions & 0 deletions charts/cluster-auth/templates/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Release.Namespace }}
6 changes: 6 additions & 0 deletions charts/cluster-auth/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -420,10 +420,14 @@ properties:
required:
- healthcheck
type: object
clusterName:
type: string
criticalAddon:
type: boolean
fullnameOverride:
type: string
hubKubeconfigSecretName:
type: string
image:
properties:
registry:
Expand Down Expand Up @@ -667,6 +671,8 @@ properties:
type: array
required:
- apiServer
- clusterName
- hubKubeconfigSecretName
- image
- imagePullPolicy
- monitoring
Expand Down
6 changes: 6 additions & 0 deletions charts/cluster-auth/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,3 +78,9 @@ monitoring:
apiServer:
healthcheck:
enabled: false

# Name of OCM Hub Kubeconfig secret
hubKubeconfigSecretName: ""

# We need to pass the cluster name because the OCM-MC host cluster doesn't have Klusterlet object.
clusterName: ""

0 comments on commit f79a3d7

Please sign in to comment.