diff --git a/kas/helm/kas/templates/_helpers.tpl b/kas/helm/kas/templates/_helpers.tpl index 5053a8cd8..3fd69cf22 100644 --- a/kas/helm/kas/templates/_helpers.tpl +++ b/kas/helm/kas/templates/_helpers.tpl @@ -57,6 +57,13 @@ Create the name of the service to use {{- printf "%s-service" (include "kas.fullname" .) }} {{- end }} +{{/* +Create the name of the config map to use +*/}} +{{- define "kas.configMapName" -}} +{{- printf "%s-config" (include "kas.fullname" .) }} +{{- end }} + {{/* Create the name of the service account to use */}} diff --git a/kas/helm/kas/templates/configmap.yaml b/kas/helm/kas/templates/configmap.yaml index fe5e05248..9320e66ba 100644 --- a/kas/helm/kas/templates/configmap.yaml +++ b/kas/helm/kas/templates/configmap.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "kas.fullname" . }} + name: {{ template "kas.configMapName" . }} labels: {{- include "kas.labels" . | nindent 4 }} data: diff --git a/kas/helm/kas/templates/deployment.yaml b/kas/helm/kas/templates/deployment.yaml new file mode 100644 index 000000000..b78a1a7fd --- /dev/null +++ b/kas/helm/kas/templates/deployment.yaml @@ -0,0 +1,99 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kas.fullname" . }} + labels: + {{- include "kas.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "kas.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + {{- if and .Values.metrics.enabled (not .Values.metrics.serviceMonitor.enabled) }} + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.observability.port | quote }} + prometheus.io/path: {{ .Values.metrics.path }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "kas.selectorLabels" . | nindent 8 }} + spec: + automountServiceAccountToken: false + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + serviceAccountName: {{ include "kas.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + args: + - "--configuration-file=/etc/kas/config.yaml" + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- if .Values.extraEnv }} + {{- toYaml .Values.extraEnv | nindent 12 }} + {{- end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.kubernetesApiPort }} + - containerPort: {{ .Values.service.privateApiPort }} + - containerPort: {{ .Values.service.observabilityPort }} + readinessProbe: + httpGet: + path: /readiness + port: {{ .Values.service.observabilityPort }} + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /liveness + port: {{ .Values.service.observabilityPort }} + initialDelaySeconds: 15 + periodSeconds: 20 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: etc-kas + mountPath: /etc/kas + readOnly: true + terminationGracePeriodSeconds: 300 + volumes: + - name: etc-kas + projected: + defaultMode: 0440 + sources: + - configMap: + name: {{ template "kas.configMapName" . }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/kas/helm/kas/templates/servicemonitor.yaml b/kas/helm/kas/templates/servicemonitor.yaml index 8d963a615..cc8c15705 100644 --- a/kas/helm/kas/templates/servicemonitor.yaml +++ b/kas/helm/kas/templates/servicemonitor.yaml @@ -3,7 +3,6 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "kas.serviceName" . }} - namespace: {{ $.Release.Namespace }} labels: {{- include "kas.labels" . | nindent 4 }} {{- with .Values.metrics.serviceMonitor.additionalLabels }} diff --git a/kas/helm/kas/values.yaml b/kas/helm/kas/values.yaml index 35d77dd8e..3e1f70a4f 100644 --- a/kas/helm/kas/values.yaml +++ b/kas/helm/kas/values.yaml @@ -1,17 +1,61 @@ +image: + repository: ghcr.io/pluralsh/kas + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] + +nameOverride: "" + +fullnameOverride: "" + + +podAnnotations: {} + +podSecurityContext: + runAsUser: 65532 + +securityContext: + runAsUser: 65532 + runAsGroup: 65532 + fsGroup: 65532 + +priorityClassName: "" + +extraEnv: [] + +extraArgs: [] + nodeSelector: {} +affinity: {} + tolerations: [] -affinity: {} +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi -podAnnotations: {} +service: + externalPort: 8150 + internalPort: 8150 + apiInternalPort: 8153 + kubernetesApiPort: 8154 + privateApiPort: 8155 + observabilityPort: 8151 + type: ClusterIP serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} - # The name of the service account to use. + # The name of the service account to use # If not set and create is true, a name is generated using the fullname template name: ""