From 3ff6d6fdecb9162434198fd8f6d57ef1e6770156 Mon Sep 17 00:00:00 2001 From: Mikhail Naletov <36846182+okgolove@users.noreply.github.com> Date: Sat, 24 Sep 2022 16:25:47 +0300 Subject: [PATCH] feat: rework goldpinger helm chart (#63) Rework labels, indentation, readme --- charts/goldpinger/Chart.yaml | 4 +- charts/goldpinger/README.md | 92 +------------------ charts/goldpinger/templates/clusterrole.yaml | 6 +- charts/goldpinger/templates/daemonset.yaml | 56 +++++------ .../goldpinger/templates/prometheusrule.yaml | 5 +- charts/goldpinger/templates/role.yaml | 15 ++- charts/goldpinger/templates/rolebinding.yaml | 11 +-- charts/goldpinger/values.yaml | 4 +- 8 files changed, 48 insertions(+), 145 deletions(-) diff --git a/charts/goldpinger/Chart.yaml b/charts/goldpinger/Chart.yaml index acdf1b0..0cd0294 100644 --- a/charts/goldpinger/Chart.yaml +++ b/charts/goldpinger/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 3.5.1 +appVersion: "v3.5.1" description: Goldpinger makes calls between its instances for visibility and alerting. home: https://github.com/bloomberg/goldpinger maintainers: @@ -11,4 +11,4 @@ name: goldpinger sources: - https://github.com/bloomberg/goldpinger - https://github.com/okgolove/helm-charts -version: 5.2.0 +version: 5.3.0 diff --git a/charts/goldpinger/README.md b/charts/goldpinger/README.md index 6421cb3..9d5cae9 100644 --- a/charts/goldpinger/README.md +++ b/charts/goldpinger/README.md @@ -7,99 +7,9 @@ ```console ## Add the okgolove Helm repository $ helm repo add okgolove https://okgolove.github.io/helm-charts/ -$ helm install okgolove/goldpinger +$ helm install goldpinger okgolove/goldpinger ``` ## Introduction This chart bootstraps a [Goldpinger](https://github.com/bloomberg/goldpinger) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.9+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install --name my-release okgolove/goldpinger -``` - -The command deploys Goldpinger on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the Goldpinger chart and their default values. - -| Parameter | Description | Default | -| ------------------------------ | -------------------------------------------- | ---------------------- | -| `image.repository` | Goldpinger image | `bloomberg/goldpinger` | -| `image.tag` | Goldpinger image tag | `3.5.1` | -| `pullPolicy` | Image pull policy | `IfNotPresent` | -| `rbac.create` | Install required rbac resources | `true` | -| `rbac.clusterscoped` | Install optional cluster scoped rbac | `true` | -| `serviceAccount.create` | Enable ServiceAccount creation | `true` | -| `serviceAccount.name` | ServiceAccount for Goldpinger pods | `default` | -| `goldpinger.port` | Goldpinger app port listen to | `80` | -| `extraEnv` | Extra environment variables | `[]` | -| `service.type` | Kubernetes service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.annotations` | Service annotations | `{}` | -| `service.labels` | Additional service labels | `{}` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Additional ingress labels | `{}` | -| `ingress.path` | Ingress path | `/` | -| `ingress.hosts` | URLs to address your Goldpinger installation | `goldpinger.local` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `priorityClassName` | Set a priorityClassName for pod | `` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Additional pod labels | `{}` | -| `updateStrategy` | Update strategy configuration | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | List of node taints to tolerate | `[]` | -| `affinity` | Map of node/pod affinities | `{}` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `podSecurityPolicy.enabled` | Enable podSecuritypolicy | `false` | -| `podSecurityPolicy.policyName` | PodSecurityPolicy Name | `unrestricted-psp` | -| `serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | -| `serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | -| `serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false`| -| `serviceMonitor.namespace` | namespace where servicemonitor resource should be created, same as Goldpinger if not specified | `` | -| `serviceMonitor.scrapeInterval` | interval between Prometheus scraping | `30s` | -| `prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | -| `prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | -| `prometheusRule.rules` | Custom Prometheus rules | `see values.yaml` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install --name my-release \ - --set goldpinger.port=8080,serviceAccount.name=goldpinger \ - stable/goldpinger -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release -f values.yaml stable/goldpinger -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Ingress - -This chart provides support for Ingress resource. If you have an available Ingress Controller such as Nginx or Traefik you maybe want to set `ingress.enabled` to true and choose an `ingress.hostname` for the URL. Then, you should be able to access the installation using that address. diff --git a/charts/goldpinger/templates/clusterrole.yaml b/charts/goldpinger/templates/clusterrole.yaml index f6b8d19..8404c64 100644 --- a/charts/goldpinger/templates/clusterrole.yaml +++ b/charts/goldpinger/templates/clusterrole.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "goldpinger.labels" . | nindent 4 }} rules: -- apiGroups: [""] - resources: ["pods"] - verbs: ["list"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["list"] {{- end }} diff --git a/charts/goldpinger/templates/daemonset.yaml b/charts/goldpinger/templates/daemonset.yaml index cc865bb..fe465d4 100644 --- a/charts/goldpinger/templates/daemonset.yaml +++ b/charts/goldpinger/templates/daemonset.yaml @@ -33,37 +33,37 @@ spec: {{- end }} {{- end }} containers: - - name: goldpinger-daemon - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HOST - value: "0.0.0.0" - - name: PORT - value: "{{ .Values.goldpinger.port }}" - - name: LABEL_SELECTOR - value: "app.kubernetes.io/name={{ include "goldpinger.name" . }}" + - name: goldpinger-daemon + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HOST + value: "0.0.0.0" + - name: PORT + value: "{{ .Values.goldpinger.port }}" + - name: LABEL_SELECTOR + value: "app.kubernetes.io/name={{ include "goldpinger.name" . }}" {{- if .Values.extraEnv }} {{ toYaml .Values.extraEnv | indent 10 }} {{- end }} - ports: - - name: http - containerPort: {{ .Values.goldpinger.port }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: -{{ toYaml .Values.resources | indent 12 }} + ports: + - name: http + containerPort: {{ .Values.goldpinger.port }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/charts/goldpinger/templates/prometheusrule.yaml b/charts/goldpinger/templates/prometheusrule.yaml index 90fcd17..54a840f 100644 --- a/charts/goldpinger/templates/prometheusrule.yaml +++ b/charts/goldpinger/templates/prometheusrule.yaml @@ -9,10 +9,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} {{- end }} labels: - app.kubernetes.io/name: {{ include "goldpinger.name" . }} - helm.sh/chart: {{ include "goldpinger.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- include "goldpinger.labels" . | nindent 4 }} spec: {{- with .Values.prometheusRule.rules }} groups: diff --git a/charts/goldpinger/templates/role.yaml b/charts/goldpinger/templates/role.yaml index e9ce0b8..0b85f3f 100644 --- a/charts/goldpinger/templates/role.yaml +++ b/charts/goldpinger/templates/role.yaml @@ -1,5 +1,4 @@ {{- if or .Values.podSecurityPolicy.enabled (not .Values.rbac.clusterscoped) }} ---- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -8,14 +7,14 @@ metadata: {{- include "goldpinger.labels" . | nindent 4 }} rules: {{- if not .Values.rbac.clusterscoped }} -- apiGroups: [""] - resources: ["pods"] - verbs: ["list"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["list"] {{- end }} {{- if .Values.podSecurityPolicy.enabled }} -- apiGroups: ["extensions"] - resources: ["podsecuritypolicies"] - resourceNames: [{{ .Values.podSecurityPolicy.policyName | quote }}] - verbs: ["use"] + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + resourceNames: [{{ .Values.podSecurityPolicy.policyName | quote }}] + verbs: ["use"] {{- end }} {{- end }} diff --git a/charts/goldpinger/templates/rolebinding.yaml b/charts/goldpinger/templates/rolebinding.yaml index 81be4ae..34c0bc4 100644 --- a/charts/goldpinger/templates/rolebinding.yaml +++ b/charts/goldpinger/templates/rolebinding.yaml @@ -4,16 +4,13 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "goldpinger.fullname" . }}-pod-security-policy labels: - app.kubernetes.io/name: {{ include "goldpinger.name" . }} - helm.sh/chart: {{ include "goldpinger.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- include "goldpinger.labels" . | nindent 4 }} roleRef: kind: Role name: {{ include "goldpinger.fullname" . }}-pod-security-policy apiGroup: rbac.authorization.k8s.io subjects: -- kind: ServiceAccount - name: {{ include "goldpinger.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ include "goldpinger.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/charts/goldpinger/values.yaml b/charts/goldpinger/values.yaml index 5e36486..78bb403 100644 --- a/charts/goldpinger/values.yaml +++ b/charts/goldpinger/values.yaml @@ -3,7 +3,8 @@ # Declare variables to be passed into your templates. image: repository: bloomberg/goldpinger - tag: v3.5.1 + # Overrides the image tag whose default is the chart appVersion. + tag: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -30,7 +31,6 @@ service: annotations: {} labels: {} - ingress: enabled: false className: ""