add deployment

kas/helm/kas/templates/_helpers.tpl

@@ -57,6 +57,13 @@ Create the name of the service to use
 {{- printf "%s-service" (include "kas.fullname" .) }}
 {{- end }}
 
+{{/*
+Create the name of the config map to use
+*/}}
+{{- define "kas.configMapName" -}}
+{{- printf "%s-config" (include "kas.fullname" .) }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}

kas/helm/kas/templates/configmap.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "kas.fullname" . }}
+  name: {{ template "kas.configMapName" . }}
   labels:
     {{- include "kas.labels" . | nindent 4 }}
 data:

kas/helm/kas/templates/deployment.yaml

@@ -0,0 +1,99 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "kas.fullname" . }}
+  labels:
+    {{- include "kas.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "kas.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+        {{- if and .Values.metrics.enabled (not .Values.metrics.serviceMonitor.enabled) }}
+        prometheus.io/scrape: "true"
+        prometheus.io/port: {{ .Values.observability.port | quote }}
+        prometheus.io/path: {{ .Values.metrics.path }}
+        {{- end }}
+        {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "kas.selectorLabels" . | nindent 8 }}
+    spec:
+      automountServiceAccountToken: false
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- with .Values.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}
+      serviceAccountName: {{ include "kas.serviceAccountName" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          args:
+            - "--configuration-file=/etc/kas/config.yaml"
+            {{- range .Values.extraArgs }}
+            - {{ . }}
+            {{- end }}
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+          {{- if .Values.extraEnv }}
+            {{- toYaml .Values.extraEnv | nindent 12 }}
+          {{- end }}
+          ports:
+            - containerPort: {{ .Values.service.internalPort }}
+            - containerPort: {{ .Values.service.kubernetesApiPort }}
+            - containerPort: {{ .Values.service.privateApiPort }}
+            - containerPort: {{ .Values.service.observabilityPort }}
+          readinessProbe:
+            httpGet:
+              path: /readiness
+              port: {{ .Values.service.observabilityPort }}
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /liveness
+              port: {{ .Values.service.observabilityPort }}
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: etc-kas
+              mountPath: /etc/kas
+              readOnly: true
+      terminationGracePeriodSeconds: 300
+      volumes:
+      - name: etc-kas
+        projected:
+          defaultMode: 0440
+          sources:
+            - configMap:
+                name: {{ template "kas.configMapName" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

kas/helm/kas/templates/servicemonitor.yaml

@@ -3,7 +3,6 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   name: {{ template "kas.serviceName" . }}
-  namespace: {{ $.Release.Namespace }}
   labels:
     {{- include "kas.labels" . | nindent 4 }}
   {{- with .Values.metrics.serviceMonitor.additionalLabels }}

kas/helm/kas/values.yaml

@@ -1,17 +1,61 @@
+image:
+  repository: ghcr.io/pluralsh/kas
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+
+nameOverride: ""
+
+fullnameOverride: ""
+
+
+podAnnotations: {}
+
+podSecurityContext:
+  runAsUser: 65532
+
+securityContext:
+  runAsUser: 65532
+  runAsGroup: 65532
+  fsGroup: 65532
+
+priorityClassName: ""
+
+extraEnv: []
+
+extraArgs: []
+
 nodeSelector: {}
 
+affinity: {}
+
 tolerations: []
 
-affinity: {}
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 100m
+  memory: 128Mi
 
-podAnnotations: {}
+service:
+  externalPort: 8150
+  internalPort: 8150
+  apiInternalPort: 8153
+  kubernetesApiPort: 8154
+  privateApiPort: 8155
+  observabilityPort: 8151
+  type: ClusterIP
 
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
   # Annotations to add to the service account
   annotations: {}
-  # The name of the service account to use.
+  # The name of the service account to use
   # If not set and create is true, a name is generated using the fullname template
   name: ""