Revise the chart template according to the feedback

charts/scalar-manager/README.md

@@ -11,40 +11,28 @@ Current chart version is `2.0.0-SNAPSHOT`
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| api.grafanaKubernetesServiceLabelName | string | `"app.kubernetes.io/name"` |  |
-| api.grafanaKubernetesServiceLabelValue | string | `"grafana"` |  |
-| api.grafanaKubernetesServicePortName | string | `"http-web"` |  |
-| api.helmScalarAdminForKubernetesChartName | string | `"scalar-admin-for-kubernetes"` |  |
-| api.helmScalarAdminForKubernetesChartVersion | string | `"1.0.0"` |  |
-| api.helmScalarRepositoryName | string | `"scalar-labs"` |  |
-| api.helmScalarRepositoryUrl | string | `"https://scalar-labs.github.io/helm-charts"` |  |
+| api.applicationProperties | string | `"grafana.kubernetesServiceLabelName=${GRAFANA_KUBERNETES_SERVICE_LABEL_NAME:app.kubernetes.io/name}\ngrafana.kubernetesServiceLabelValue=${GRAFANA_KUBERNETES_SERVICE_LABEL_VALUE:grafana}\ngrafana.kubernetesServicePortName=${GRAFANA_KUBERNETES_SERVICE_PORT_NAME:http-web}\n\nprometheus.kubernetesServiceLabelName=${PROMETHEUS_KUBERNETES_SERVICE_LABEL_NAME:app}\nprometheus.kubernetesServiceLabelValue=${PROMETHEUS_KUBERNETES_SERVICE_LABEL_VALUE:kube-prometheus-stack-prometheus}\nprometheus.kubernetesServicePortName=${PROMETHEUS_KUBERNETES_SERVICE_PORT_NAME:http-web}\n\nloki.kubernetesServiceLabelName=${LOKI_KUBERNETES_SERVICE_LABEL_NAME:app}\nloki.kubernetesServiceLabelValue=${LOKI_KUBERNETES_SERVICE_LABEL_VALUE:loki}\nloki.kubernetesServicePortName=${LOKI_KUBERNETES_SERVICE_PORT_NAME:http-metrics}\n\nhelm.scalarRepositoryName=${HELM_SCALAR_REPOSITORY_NAME:scalar-labs}\nhelm.scalarRepositoryUrl=${HELM_SCALAR_REPOSITORY_URL:https://scalar-labs.github.io/helm-charts}\nhelm.scalarAdminForKubernetesChartName=${HELM_SCALAR_ADMIN_FOR_KUBERNETES_CHART_NAME:scalar-admin-for-kubernetes}\nhelm.scalarAdminForKubernetesChartVersion=${HELM_SCALAR_ADMIN_FOR_KUBERNETES_CHART_VERSION:1.0.0}\n\nconfigMapNamespace=${CONFIG_MAP_NAMESPACE:default}\nconfigMapName=${CONFIG_MAP_NAME:scalar-manager-metadata}\n\npaused-state-retention.storage=${PAUSED_STATE_RETENTION_STORAGE:configmap}\npaused-state-retention.max-number=${PAUSED_STATE_RETENTION_MAX_NUMBER:100}\n"` |  |
 | api.image.pullPolicy | string | `"IfNotPresent"` |  |
 | api.image.repository | string | `"ghcr.io/scalar-labs/scalar-manager-api"` |  |
 | api.image.tag | string | `""` |  |
-| api.lokiKubernetesServiceLabelName | string | `"app"` |  |
-| api.lokiKubernetesServiceLabelValue | string | `"loki"` |  |
-| api.lokiKubernetesServicePortName | string | `"http-metrics"` |  |
-| api.pausedStateRetentionMaxNumber | string | `"100"` |  |
-| api.pausedStateRetentionStorage | string | `"configmap"` |  |
-| api.prometheusKubernetesServiceLabelName | string | `"app"` |  |
-| api.prometheusKubernetesServiceLabelValue | string | `"kube-prometheus-stack-prometheus"` |  |
-| api.prometheusKubernetesServicePortName | string | `"http-web"` |  |
+| api.resources | object | `{}` |  |
 | fullnameOverride | string | `""` |  |
 | imagePullSecrets[0].name | string | `"reg-docker-secrets"` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
-| podSecurityContext | object | `{}` |  |
+| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | replicaCount | int | `1` |  |
-| resources | object | `{}` |  |
-| securityContext | object | `{}` |  |
+| securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.runAsNonRoot | bool | `true` |  |
 | service.port | int | `80` |  |
-| service.type | string | `"LoadBalancer"` |  |
-| serviceAccount.automount | bool | `true` |  |
-| serviceAccount.create | bool | `true` |  |
-| serviceAccount.name | string | `""` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.automountServiceAccountToken | bool | `true` |  |
+| serviceAccount.serviceAccountName | string | `""` |  |
 | tolerations | list | `[]` |  |
 | web.image.pullPolicy | string | `"IfNotPresent"` |  |
 | web.image.repository | string | `"ghcr.io/scalar-labs/scalar-manager-web"` |  |
 | web.image.tag | string | `""` |  |
+| web.resources | object | `{}` |  |

charts/scalar-manager/templates/_helpers.tpl

@@ -48,15 +48,16 @@ Selector labels
 {{- define "scalar-manager.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "scalar-manager.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/app: scalar-manager
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "scalar-manager.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "scalar-manager.fullname" .) .Values.serviceAccount.name }}
+{{- if .Values.serviceAccount.serviceAccountName }}
+{{- .Values.serviceAccount.serviceAccountName }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- print (include "scalar-manager.fullname" .) "-sa" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}

charts/scalar-manager/templates/scalar-manager/configmap.yaml

@@ -1,12 +1,8 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "scalar-manager.fullname" . }}
+  name: {{ include "scalar-manager.fullname" . }}-api-application-properties
   namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/app: {{ include "scalar-manager.fullname" . }}
-    {{- include "scalar-manager.labels" . | nindent 4 }}
 data:
-  managed-clusters: "[]"
-  paused-states: "[]"
-  paused-states-updated-at: "0"
+  scalar-manager-api-application.properties:
+    {{- toYaml .Values.api.applicationProperties | nindent 4 }}

charts/scalar-manager/templates/scalar-manager/deployment.yaml

@@ -25,62 +25,35 @@ spec:
     spec:
       restartPolicy: Always
       serviceAccountName: {{ include "scalar-manager.serviceAccountName" . }}
-      automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-      terminationGracePeriodSeconds: 90
+      automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
       containers:
         - name: {{ .Chart.Name }}-api
           image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag | default .Chart.AppVersion }}"
           resources:
-            {{- toYaml .Values.resources | nindent 12 }}
+            {{- toYaml .Values.api.resources | nindent 12 }}
           ports:
             - containerPort: 8080
           imagePullPolicy: {{ .Values.api.image.pullPolicy }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          env:
-            - name: GRAFANA_KUBERNETES_SERVICE_LABEL_NAME
-              value: {{ .Values.api.grafanaKubernetesServiceLabelName | quote }}
-            - name: GRAFANA_KUBERNETES_SERVICE_LABEL_VALUE
-              value: {{ .Values.api.grafanaKubernetesServiceLabelValue | quote }}
-            - name: GRAFANA_KUBERNETES_SERVICE_PORT_NAME
-              value: {{ .Values.api.grafanaKubernetesServicePortName | quote }}
-            - name: PROMETHEUS_KUBERNETES_SERVICE_LABEL_NAME
-              value: {{ .Values.api.prometheusKubernetesServiceLabelName | quote }}
-            - name: PROMETHEUS_KUBERNETES_SERVICE_LABEL_VALUE
-              value: {{ .Values.api.prometheusKubernetesServiceLabelValue | quote }}
-            - name: PROMETHEUS_KUBERNETES_SERVICE_PORT_NAME
-              value: {{ .Values.api.prometheusKubernetesServicePortName | quote }}
-            - name: LOKI_KUBERNETES_SERVICE_LABEL_NAME
-              value: {{ .Values.api.lokiKubernetesServiceLabelName | quote }}
-            - name: LOKI_KUBERNETES_SERVICE_LABEL_VALUE
-              value: {{ .Values.api.lokiKubernetesServiceLabelValue | quote }}
-            - name: LOKI_KUBERNETES_SERVICE_PORT_NAME
-              value: {{ .Values.api.lokiKubernetesServicePortName | quote }}
-            - name: HELM_SCALAR_REPOSITORY_NAME
-              value: {{ .Values.api.helmScalarRepositoryName | quote }}
-            - name: HELM_SCALAR_REPOSITORY_URL
-              value: {{ .Values.api.helmScalarRepositoryUrl | quote }}
-            - name: HELM_SCALAR_ADMIN_FOR_KUBERNETES_CHART_NAME
-              value: {{ .Values.api.helmScalarAdminForKubernetesChartName | quote }}
-            - name : HELM_SCALAR_ADMIN_FOR_KUBERNETES_CHART_VERSION
-              value: {{ .Values.api.helmScalarAdminForKubernetesChartVersion | quote }}
-            - name: CONFIG_MAP_LABEL_NAME
-              value: "app.kubernetes.io/app"
-            - name: CONFIG_MAP_LABEL_VALUE
-              value: {{ include "scalar-manager.fullname" . | quote }}
-            - name: PAUSED_STATE_RETENTION_STORAGE
-              value: {{ .Values.api.pausedStateRetentionStorage | quote }}
-            - name: PAUSED_STATE_RETENTION_MAX_NUMBER
-              value: {{ .Values.api.pausedStateRetentionMaxNumber | quote }}
+          volumeMounts:
+            - name: api-application-properties-volume
+              mountPath: /app/application.properties
+              subPath: scalar-manager-api-application.properties
         - name: {{ .Chart.Name }}-web
           image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag | default .Chart.AppVersion }}"
           resources:
-            {{- toYaml .Values.resources | nindent 12 }}
+            {{- toYaml .Values.web.resources | nindent 12 }}
           ports:
             - containerPort: 3000
           imagePullPolicy: {{ .Values.web.image.pullPolicy }}
           securityContext:
+            runAsUser: 1000
             {{- toYaml .Values.securityContext | nindent 12 }}
+      volumes:
+        - name: api-application-properties-volume
+          configMap:
+            name: {{ include "scalar-manager.fullname" . }}-api-application-properties
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       {{- with .Values.imagePullSecrets }}

charts/scalar-manager/templates/scalar-manager/clusterrole.yaml → charts/scalar-manager/templates/scalar-manager/role.yaml

@@ -1,7 +1,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
-  name: {{ include "scalar-manager.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  name: {{ include "scalar-manager.fullname" . }}-role
   labels:
     {{- include "scalar-manager.labels" . | nindent 4 }}
 rules:

charts/scalar-manager/templates/scalar-manager/rolebinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "scalar-manager.fullname" . }}-rolebinding
+  namespace: {{ .Release.Namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "scalar-manager.serviceAccountName" . }}
+roleRef:
+  kind: Role
+  name: {{ include "scalar-manager.fullname" . }}-role
+  apiGroup: rbac.authorization.k8s.io

charts/scalar-manager/templates/scalar-manager/serviceaccount.yaml

@@ -1,4 +1,4 @@
-{{- if not .Values.serviceAccount.name }}
+{{- if not .Values.serviceAccount.serviceAccountName }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/scalar-manager/values.schema.json

@@ -5,25 +5,7 @@
         "api": {
             "type": "object",
             "properties": {
-                "grafanaKubernetesServiceLabelName": {
-                    "type": "string"
-                },
-                "grafanaKubernetesServiceLabelValue": {
-                    "type": "string"
-                },
-                "grafanaKubernetesServicePortName": {
-                    "type": "string"
-                },
-                "helmScalarAdminForKubernetesChartName": {
-                    "type": "string"
-                },
-                "helmScalarAdminForKubernetesChartVersion": {
-                    "type": "string"
-                },
-                "helmScalarRepositoryName": {
-                    "type": "string"
-                },
-                "helmScalarRepositoryUrl": {
+                "applicationProperties": {
                     "type": "string"
                 },
                 "image": {
@@ -40,29 +22,8 @@
                         }
                     }
                 },
-                "lokiKubernetesServiceLabelName": {
-                    "type": "string"
-                },
-                "lokiKubernetesServiceLabelValue": {
-                    "type": "string"
-                },
-                "lokiKubernetesServicePortName": {
-                    "type": "string"
-                },
-                "pausedStateRetentionMaxNumber": {
-                    "type": "string"
-                },
-                "pausedStateRetentionStorage": {
-                    "type": "string"
-                },
-                "prometheusKubernetesServiceLabelName": {
-                    "type": "string"
-                },
-                "prometheusKubernetesServiceLabelValue": {
-                    "type": "string"
-                },
-                "prometheusKubernetesServicePortName": {
-                    "type": "string"
+                "resources": {
+                    "type": "object"
                 }
             }
         },
@@ -93,16 +54,42 @@
             "type": "object"
         },
         "podSecurityContext": {
-            "type": "object"
+            "type": "object",
+            "properties": {
+                "seccompProfile": {
+                    "type": "object",
+                    "properties": {
+                        "type": {
+                            "type": "string"
+                        }
+                    }
+                }
+            }
         },
         "replicaCount": {
             "type": "integer"
         },
-        "resources": {
-            "type": "object"
-        },
         "securityContext": {
-            "type": "object"
+            "type": "object",
+            "properties": {
+                "allowPrivilegeEscalation": {
+                    "type": "boolean"
+                },
+                "capabilities": {
+                    "type": "object",
+                    "properties": {
+                        "drop": {
+                            "type": "array",
+                            "items": {
+                                "type": "string"
+                            }
+                        }
+                    }
+                },
+                "runAsNonRoot": {
+                    "type": "boolean"
+                }
+            }
         },
         "service": {
             "type": "object",
@@ -118,13 +105,10 @@
         "serviceAccount": {
             "type": "object",
             "properties": {
-                "automount": {
+                "automountServiceAccountToken": {
                     "type": "boolean"
                 },
-                "create": {
-                    "type": "boolean"
-                },
-                "name": {
+                "serviceAccountName": {
                     "type": "string"
                 }
             }
@@ -148,6 +132,9 @@
                             "type": "string"
                         }
                     }
+                },
+                "resources": {
+                    "type": "object"
                 }
             }
         }