kairos/helm-charts
1
0
Fork 0
mirror of https://github.com/kairos-io/helm-charts.git synced 2025-09-20 10:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add osbuilder chart

Browse Source
This commit is contained in:
mudler
2022-09-04 00:42:56 +02:00
parent a61cf98728
commit 2bd0b1e236
9 changed files with 402 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
charts/c3os-crds/Chart.yaml
View File

@@ -7,4 +7,4 @@ home: https://docs.c3os.io/
maintainers: maintainers:
- name: Ettore Di Giacinto - name: Ettore Di Giacinto
email: mudler@c3os.io email: mudler@c3os.io
version: 0.0.1 version: 0.0.2

10
charts/osbuilder/Chart.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v2
name: osbuilder
description: A Helm chart for osbuilder
icon:
type: application
home: https://docs.c3os.io/
maintainers:
- name: Ettore Di Giacinto
email: mudler@c3os.io
version: 0.0.1

58
charts/osbuilder/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,58 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "helm-chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "helm-chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "helm-chart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "helm-chart.labels" -}}
helm.sh/chart: {{ include "helm-chart.chart" . }}
{{ include "helm-chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "helm-chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "helm-chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "helm-chart.serviceAccountName" -}}
{{- include "helm-chart.fullname" . }}
{{- end }}

19
charts/osbuilder/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
data:
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n
\ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect:
true\n resourceName: 98ca89ca.c3os-x.io\n# leaderElectionReleaseOnCancel
defines if the leader should step down volume \n# when the Manager ends.
This requires the binary to immediately end when the\n# Manager is stopped,
otherwise, this setting is unsafe. Setting this significantly\n# speeds
up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration
time first.\n# In the default scaffold provided, the program ends immediately
after \n# the manager stops, so would be fine to enable this option. However,
\n# if you are doing or is intended to do any operation such as perform
cleanups \n# after the manager stops then its usage might be unsafe.\n#
\ leaderElectionReleaseOnCancel: true\n"
kind: ConfigMap
metadata:
name: osartifactbuilder-operator-manager-config
namespace: '{{.Release.Namespace}}'

89
charts/osbuilder/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,89 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: '{{ include "helm-chart.fullname" . }}'
namespace: '{{.Release.Namespace}}'
labels:
{{- include "helm-chart.labels" . | nindent 8 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "helm-chart.selectorLabels" . | nindent 10 }}
template:
metadata:
annotations:
{{- range keys .Values.podAnnotations }}
{{ . | quote }}: {{ get $.Values.podAnnotations . | quote}}
{{- end }}
labels:
{{- include "helm-chart.selectorLabels" . | nindent 14}}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 6 }}
{{- end }}
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
command:
- /manager
image: '{{ .Values.image.repository | default "quay.io/c3os/osbuilder" }}:{{ .Values.image.tag | default .Chart.AppVersion
}}'
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
{{- if and .Values.resources .Values.resources.controller }}
resources:
{{ toYaml .Values.resources.controller | indent 20 }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
securityContext:
runAsNonRoot: true
serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}'
terminationGracePeriodSeconds: 10
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

160
charts/osbuilder/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,160 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: osartifactbuilder-operator-leader-election-role
namespace: '{{.Release.Namespace}}'
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: osartifactbuilder-operator-manager-role
rules:
- apiGroups:
- build.c3os-x.io
resources:
- osartifacts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- build.c3os-x.io
resources:
- osartifacts/finalizers
verbs:
- update
- apiGroups:
- build.c3os-x.io
resources:
- osartifacts/status
verbs:
- get
- patch
- update
- apiGroups:
- build.c3os-x.io
resources:
- osartifacts/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- services
- configmaps
verbs:
- get
- create
- update
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: osartifactbuilder-operator-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: osartifactbuilder-operator-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: osartifactbuilder-operator-leader-election-rolebinding
namespace: '{{.Release.Namespace}}'
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: osartifactbuilder-operator-leader-election-role
subjects:
- kind: ServiceAccount
name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: '{{.Release.Namespace}}'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: osartifactbuilder-operator-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: osartifactbuilder-operator-manager-role
subjects:
- kind: ServiceAccount
name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: '{{.Release.Namespace}}'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: osartifactbuilder-operator-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: osartifactbuilder-operator-proxy-role
subjects:
- kind: ServiceAccount
name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: '{{.Release.Namespace}}'

15
charts/osbuilder/templates/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: '{{ include "helm-chart.fullname" . }}-metrics-service'
namespace: '{{.Release.Namespace}}'
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
{{- include "helm-chart.selectorLabels" . | nindent 6 }}

5
charts/osbuilder/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: '{{.Release.Namespace}}'

45
charts/osbuilder/values.yaml Normal file
View File

@@ -0,0 +1,45 @@
# Settings for the chart.
# nameOverride Replaces the release name of the chart in Chart.yaml file when
# this is used to construct Kubernetes object names
nameOverride: ""
# fullnameOverride completely replaces the generated release name
fullnameOverride: ""
# Secrets to pull container images from private registries
imagePullSecrets: []
image:
# controller image to be used. Leave empty to use
repository: ""
# image tag, leave empty to use chart's AppVersion
tag: "latest"
podAnnotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
tls:
# source options:
# - "cert-manager-self-signed": Scaffold cert-manager integration, and create
# a self-signed certificate with a cert-manager self-signed Issuer. Depends
# on cert-manager. (default)
# - "cert-manager": Scafffold cert-manager integration. User configures their
# own Issuer. Depends on cert-manager. Set tls.certManagerIssuerName to the
# desired Issuer.
source: cert-manager-self-signed
# "cert-manager"-only options:
certManagerIssuerName: ""
## Resource limits & requests
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources:
controller:
limits:
cpu: 500m
memory: 50Mi
requests:
cpu: 250m
memory: 50Mi