Skip to content

Commit

Permalink
feat: add the Kestra Operator
Browse files Browse the repository at this point in the history
  • Loading branch information
loicmathieu committed Oct 2, 2024
1 parent 95b9c7b commit 18c50b0
Show file tree
Hide file tree
Showing 2 changed files with 258 additions and 0 deletions.
251 changes: 251 additions & 0 deletions charts/kestra/templates/operator.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,251 @@
{{ $merged := (merge (dict "Component" "operator") $) -}}
{{ $service := (merge (dict "Component" "service") $) -}}
{{- if .Values.operator.enabled -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
{{ include "kestra.labels" $merged | indent 4 }}
name: {{ include "kestra.fullname" $merged }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kestra.fullname" $merged }}-namespace-file-cluster-role
rules:
- apiGroups:
- model.kestra.io
resources:
- kestranamespacefiles
- kestranamespacefiles/status
- kestranamespacefiles/finalizers
verbs:
- get
- list
- watch
- patch
- update
- create
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kestra.fullname" $merged }}-flow-cluster-role
rules:
- apiGroups:
- model.kestra.io
resources:
- kestraflows
- kestraflows/status
- kestraflows/finalizers
verbs:
- get
- list
- watch
- patch
- update
- create
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kestra.fullname" $merged }}-key-value-cluster-role
rules:
- apiGroups:
- model.kestra.io
resources:
- kestrakeyvalues
- kestrakeyvalues/status
- kestrakeyvalues/finalizers
verbs:
- get
- list
- watch
- patch
- update
- create
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "kestra.fullname" $merged }}-josdk-crd-validating-cluster-role
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kestra.fullname" $merged }}-namespace-file-crd-validating-role-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: {{ include "kestra.fullname" $merged }}-josdk-crd-validating-cluster-role
subjects:
- kind: ServiceAccount
name: {{ include "kestra.fullname" $merged }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kestra.fullname" $merged }}-namespace-file-cluster-role-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: {{ include "kestra.fullname" $merged }}-namespace-file-cluster-role
subjects:
- kind: ServiceAccount
name: {{ include "kestra.fullname" $merged }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kestra.fullname" $merged }}-flow-crd-validating-role-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: {{ include "kestra.fullname" $merged }}-josdk-crd-validating-cluster-role
subjects:
- kind: ServiceAccount
name: {{ include "kestra.fullname" $merged }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kestra.fullname" $merged }}-flow-cluster-role-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: {{ include "kestra.fullname" $merged }}-flow-cluster-role
subjects:
- kind: ServiceAccount
name: {{ include "kestra.fullname" $merged }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kestra.fullname" $merged }}-key-value-crd-validating-role-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: {{ include "kestra.fullname" $merged }}-josdk-crd-validating-cluster-role
subjects:
- kind: ServiceAccount
name: {{ include "kestra.fullname" $merged }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kestra.fullname" $merged }}-key-value-cluster-role-binding
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: {{ include "kestra.fullname" $merged }}-key-value-cluster-role
subjects:
- kind: ServiceAccount
name: {{ include "kestra.fullname" $merged }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "kestra.fullname" $merged }}-view
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
name: view
subjects:
- kind: ServiceAccount
name: {{ include "kestra.fullname" $merged }}
namespace: {{ .Release.Namespace }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "kestra.fullname" $merged }}
labels:
app: {{ include "kestra.fullname" $merged }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ include "kestra.fullname" $merged }}
template:
metadata:
labels:
app: {{ include "kestra.fullname" $merged }}
spec:
serviceAccountName: kestra-operator
{{- with $.Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: kestra-operator
image: {{ .Values.operator.image }}
resources:
requests:
cpu: 250m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
startupProbe:
httpGet:
path: /q/health/started
port: 8080
scheme: HTTP
periodSeconds: {{ $.Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ $.Values.startupProbe.timeoutSeconds }}
successThreshold: {{ $.Values.startupProbe.successThreshold }}
failureThreshold: {{ $.Values.startupProbe.failureThreshold }}
livenessProbe:
httpGet:
path: /q/health/live
port: 8080
scheme: HTTP
initialDelaySeconds: {{ $.Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ $.Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ $.Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ $.Values.livenessProbe.successThreshold }}
failureThreshold: {{ $.Values.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /q/health/ready
port: 8080
scheme: HTTP
initialDelaySeconds: {{ $.Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ $.Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ $.Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ $.Values.readinessProbe.successThreshold }}
failureThreshold: {{ $.Values.readinessProbe.failureThreshold }}
env:
- name: QUARKUS_OPERATOR_SDK_CRD_APPLY
value: "true"
- name: QUARKUS_OPERATOR_SDK_CRD_VALIDATE
value: "false"
- name: KESTRA_API_URL
value: http://{{ include "kestra.fullname" $service }}:8080
{{- if .Values.operator.apiKey }}
- name: KESTRA_API_API_KEY
value: {{ .Values.operator.apiKey }}
{{- end }}
{{- if .Values.operator.basicAuth }}
- name: KESTRA_API_BASIC_AUTH
value: {{ .Values.operator.basicAuth }}
{{- end }}
{{- end }}
7 changes: 7 additions & 0 deletions charts/kestra/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,13 @@ workerGroup:
# By default, we start a number of threads of two times the number of available processors, use 'workerThreads' to configure a different value.
#workerThreads: 128

# EE only - the Kestra Kubernetes Operator
operator:
enabled: false
image: registry.kestra.io/docker/kestra-operator
apiKey: ""
basicAuth: ""

# for io.kestra.core.tasks.scripts.Bash task or io.kestra.plugin.scripts.*, attach a docker dind container in order to isolate in a container
# every command launch
dind:
Expand Down

0 comments on commit 18c50b0

Please sign in to comment.