diff --git a/charts/aiven-operator/Chart.yaml b/charts/aiven-operator/Chart.yaml index ee76f77..7ebc9ef 100644 --- a/charts/aiven-operator/Chart.yaml +++ b/charts/aiven-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: aiven-operator description: A Helm chart to deploy the aiven operator type: application -version: v0.4.0 +version: v0.4.1 appVersion: v0.4.0 maintainers: - name: mhoffm-aiven diff --git a/charts/aiven-operator/templates/cluster_role_binding.yaml b/charts/aiven-operator/templates/cluster_role_binding.yaml index 0b6fa57..b0e189e 100644 --- a/charts/aiven-operator/templates/cluster_role_binding.yaml +++ b/charts/aiven-operator/templates/cluster_role_binding.yaml @@ -11,5 +11,5 @@ roleRef: name: {{ include "aiven-operator.fullname" . }}-role subjects: - kind: ServiceAccount - name: default + name: {{ include "aiven-operator.serviceAccountName" . }} namespace: {{ include "aiven-operator.namespace" . }} diff --git a/charts/aiven-operator/templates/deployment.yaml b/charts/aiven-operator/templates/deployment.yaml index ebcb82a..82b7920 100644 --- a/charts/aiven-operator/templates/deployment.yaml +++ b/charts/aiven-operator/templates/deployment.yaml @@ -6,7 +6,9 @@ metadata: labels: {{- include "aiven-operator.labels" . | nindent 4 }} spec: + {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} + {{- end }} selector: matchLabels: {{- include "aiven-operator.selectorLabels" . | nindent 6 }} @@ -26,8 +28,13 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} + serviceAccountName: {{ include "aiven-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: diff --git a/charts/aiven-operator/templates/election_role_binding.yaml b/charts/aiven-operator/templates/election_role_binding.yaml index 1c1b2dc..d1db662 100644 --- a/charts/aiven-operator/templates/election_role_binding.yaml +++ b/charts/aiven-operator/templates/election_role_binding.yaml @@ -11,5 +11,5 @@ roleRef: name: {{ include "aiven-operator.fullname" . }}-election-role subjects: - kind: ServiceAccount - name: default + name: {{ include "aiven-operator.serviceAccountName" . }} namespace: {{ include "aiven-operator.namespace" . }} diff --git a/charts/aiven-operator/templates/hpa.yaml b/charts/aiven-operator/templates/hpa.yaml new file mode 100644 index 0000000..9d81986 --- /dev/null +++ b/charts/aiven-operator/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "aiven-operator.fullname" . }} + labels: + {{- include "aiven-operator.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "aiven-operator.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/aiven-operator/templates/serviceaccount.yaml b/charts/aiven-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..9f75c04 --- /dev/null +++ b/charts/aiven-operator/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "aiven-operator.serviceAccountName" . }} + labels: + {{- include "aiven-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/aiven-operator/values.yaml b/charts/aiven-operator/values.yaml index b5033a7..efeb9bc 100644 --- a/charts/aiven-operator/values.yaml +++ b/charts/aiven-operator/values.yaml @@ -1,3 +1,7 @@ +# Default values for aiven-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + replicaCount: 1 nameOverride: "" @@ -19,6 +23,15 @@ image: imagePullSecrets: [] +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + resources: limits: cpu: 100m @@ -29,6 +42,24 @@ resources: podAnnotations: {} +podSecurityContext: {} + # runAsNonRoot: true + # runAsUser: 65532 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # allowPrivilegeEscalation: false + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 10 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + nodeSelector: {} tolerations: []