version 0.2.9 (#47)

* add traefik ingressroute Signed-off-by: Sunny Yip <sunny@kusari.dev> * lower minio mem request Signed-off-by: Sunny Yip <sunny@kusari.dev> * update ingressroute enable param Signed-off-by: Sunny Yip <sunny@kusari.dev> * add alb-oidc-secret read role Signed-off-by: Sunny Yip <sunny@kusari.dev> * undeploy alb secret read role Signed-off-by: Sunny Yip <sunny@kusari.dev> * clean up ingress yaml Signed-off-by: Sunny Yip <sunny@kusari.dev> * bump version Signed-off-by: Sunny Yip <sunny@kusari.dev> * fix white spaces Signed-off-by: Sunny Yip <sunny@kusari.dev> * fix linting error Signed-off-by: Sunny Yip <sunny@kusari.dev> * remove traefik ingress defaults Signed-off-by: Sunny Yip <sunny@kusari.dev> * add support to create nodeport service for gql server Signed-off-by: Sunny Yip <sunny@kusari.dev> * update README Signed-off-by: Sunny Yip <sunny@kusari.dev> * check in test values file Signed-off-by: Sunny Yip <sunny@kusari.dev> * fix linting test Signed-off-by: Sunny Yip <sunny@kusari.dev> * tidy up test workflow Signed-off-by: Sunny Yip <sunny@kusari.dev> * add service accounts Signed-off-by: Sunny Yip <sunny@kusari.dev> * parameterize resources Signed-off-by: Sunny Yip <sunny@kusari.dev> * support deploying additional objects Signed-off-by: Sunny Yip <sunny@kusari.dev> * remove common env vars Signed-off-by: Sunny Yip <sunny@kusari.dev> * add service account for depsdev collector Signed-off-by: Sunny Yip <sunny@kusari.dev> * add tolerations support Signed-off-by: Sunny Yip <sunny@kusari.dev> * add tolerations support Signed-off-by: Sunny Yip <sunny@kusari.dev> * tidy up resource requests Signed-off-by: Sunny Yip <sunny@kusari.dev> * unset default db-address Signed-off-by: Sunny Yip <sunny@kusari.dev> * properly disable osv-certifier Signed-off-by: Sunny Yip <sunny@kusari.dev> * properly disable osv-certifier Signed-off-by: Sunny Yip <sunny@kusari.dev> * properly disable deployment Signed-off-by: Sunny Yip <sunny@kusari.dev> * support additional volumes Signed-off-by: Sunny Yip <sunny@kusari.dev> * support additional volumes Signed-off-by: Sunny Yip <sunny@kusari.dev> * take list of env vars Signed-off-by: Sunny Yip <sunny@kusari.dev> * take list of env vars Signed-off-by: Sunny Yip <sunny@kusari.dev> * reduce memory requests Signed-off-by: Sunny Yip <sunny@kusari.dev> * update readme and bump version Signed-off-by: Sunny Yip <sunny@kusari.dev> * add guacrest Signed-off-by: Sunny Yip <sunny@kusari.dev> * define minio request memory or else it defaults to 16G Signed-off-by: Sunny Yip <sunny@kusari.dev> * properly disable service account Signed-off-by: Sunny Yip <sunny@kusari.dev> --------- Signed-off-by: Sunny Yip <sunny@kusari.dev>
kusaridev · Apr 30, 2024 · 2030175 · 2030175
1 parent 54b076a
commit 2030175
Show file tree

Hide file tree

Showing 22 changed files with 936 additions and 228 deletions.
diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml
@@ -9,8 +9,8 @@ maintainers:
     email: guac-info@kusari.dev
 
 type: application
-version: 0.2.8
-appVersion: "v0.5.1"
+version: 0.2.9
+appVersion: "v0.5.2"
 
 dependencies:
 - name: nats

diff --git a/charts/guac/README.md b/charts/guac/README.md
diff --git a/charts/guac/schema.json b/charts/guac/schema.json
diff --git a/charts/guac/templates/additional-objects.yaml b/charts/guac/templates/additional-objects.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.additionalObjects }}
+{{/*
+{{- toYaml .Values.guac.additionalResources }}
+*/}}
+{{- range $.Values.additionalObjects }}
+---
+{{ toYaml . }}
+{{- end }}
+{{- end }}
diff --git a/charts/guac/templates/collectsub-deployment.yaml b/charts/guac/templates/collectsub-deployment.yaml
@@ -28,6 +28,7 @@ spec:
         app.kubernetes.io/name: {{ .Values.guac.collectSub.name }}
         app.kubernetes.io/component: {{ .Values.guac.collectSub.name }}
     spec:
+      serviceAccountName: {{ .Values.guac.collectSub.name }}
       containers:
       - name: {{ .Values.guac.collectSub.name }}
         {{- if .Values.guac.guacImage.digest }}
@@ -42,32 +43,40 @@ spec:
 {{- if .Values.guac.collectSub.ports }}
         ports:
 {{ toYaml .Values.guac.collectSub.image.ports | indent 10 }}
+{{- end }}
+{{- if .Values.guac.collectSub.resources }}
+        resources: {{- toYaml .Values.guac.collectSub.resources | nindent 10 }}
 {{- end }}
         volumeMounts:
           - name: guac-config
             mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
-{{- if .Values.imagePullSecrets }}
+
 {{- if or .Values.guac.common.env .Values.guac.collectSub.env }}
         env:
-        {{- range $key, $value := .Values.guac.common.env }}
-        - name: {{ $key }}
-          value: {{ $value | quote }}
-        {{- end }}  
-        {{- range $key, $value := .Values.guac.collectSub.env }}
-        - name: {{ $key }}
-          value: {{ $value | quote }}
-        {{- end }}  
+{{- if .Values.guac.common.env }}
+{{ toYaml .Values.guac.common.env | indent 10 }}
+{{- end }}
+{{- if .Values.guac.collectSub.env }}
+{{ toYaml .Values.guac.collectSub.env | indent 10 }}
+{{- end }}
 {{- end }}
+
+{{- if .Values.imagePullSecrets }}
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
 {{- end }}
       volumes:
         - name: guac-config
           configMap:
             name: guac-cm
-{{- end }}
 {{- if .Values.guac.collectSub.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.guac.collectSub.nodeSelector | indent 8 }}
 {{- end }}
+{{- if .Values.guac.collectSub.tolerations }}
+      tolerations:
+{{ toYaml .Values.guac.collectSub.tolerations | indent 8 }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/guac/templates/collectsub-sa.yaml b/charts/guac/templates/collectsub-sa.yaml
@@ -0,0 +1,17 @@
+# Copyright Kusari, Inc. and contributors
+# Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.collectSub.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.guac.collectSub.name }}
+{{- if .Values.guac.collectSub.annotations }}
+  annotations:
+{{ toYaml .Values.guac.collectSub.serviceAccount.annotations | indent 4 }}
+{{- end }}
+  labels:
+    {{- include "guac.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.collectSub.name }}
+    app.kubernetes.io/component: {{ .Values.guac.collectSub.name }}
+{{- end }}
diff --git a/charts/guac/templates/depsdev-collector-deployment.yaml b/charts/guac/templates/depsdev-collector-deployment.yaml
@@ -28,6 +28,7 @@ spec:
         app.kubernetes.io/name: {{ .Values.guac.depsDevCollector.name }}
         app.kubernetes.io/component: {{ .Values.guac.depsDevCollector.name }}
     spec:
+      serviceAccountName: {{ .Values.guac.depsDevCollector.name }}
       containers:
       - name: {{ .Values.guac.depsDevCollector.name }}
         {{- if .Values.guac.guacImage.digest }}
@@ -43,21 +44,25 @@ spec:
         ports:
 {{ toYaml .Values.guac.depsDevCollector.image.ports | indent 10 }}
 {{- end }}
+{{- if .Values.guac.depsDevCollector.resources }}
+        resources: {{- toYaml .Values.guac.depsDevCollector.resources | nindent 10 }}
+{{- end }}
+
         volumeMounts:
           - name: guac-config
             mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
+
 {{- if or .Values.guac.common.env .Values.guac.depsDevCollector.env }}
         env:
-        {{- range $key, $value := .Values.guac.common.env }}
-        - name: {{ $key }}
-          value: {{ $value | quote }}
-        {{- end }}  
-        {{- range $key, $value := .Values.guac.depsDevCollector.env }}
-        - name: {{ $key }}
-          value: {{ $value | quote }}
-        {{- end }}  
+{{- if .Values.guac.common.env }}
+{{ toYaml .Values.guac.common.env | indent 10 }}
+{{- end }}
+{{- if .Values.guac.depsDevCollector.env }}
+{{ toYaml .Values.guac.depsDevCollector.env | indent 10 }}
+{{- end }}
 {{- end }}
+
 {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
@@ -66,8 +71,13 @@ spec:
         - name: guac-config
           configMap:
             name: guac-cm
-{{- end }}
 {{- if .Values.guac.depsDevCollector.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.guac.depsDevCollector.nodeSelector | indent 8 }}
 {{- end }}
+{{- if .Values.guac.depsDevCollector.tolerations }}
+      tolerations:
+{{ toYaml .Values.guac.depsDevCollector.tolerations | indent 8 }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/guac/templates/depsdev-collector-sa.yaml b/charts/guac/templates/depsdev-collector-sa.yaml
@@ -0,0 +1,17 @@
+# Copyright Kusari, Inc. and contributors
+# Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.depsDevCollector.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.guac.depsDevCollector.name }}
+{{- if .Values.guac.depsDevCollector.annotations }}
+  annotations:
+{{ toYaml .Values.guac.depsDevCollector.serviceAccount.annotations | indent 4 }}
+{{- end }}
+  labels:
+    {{- include "guac.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.depsDevCollector.name }}
+    app.kubernetes.io/component: {{ .Values.guac.depsDevCollector.name }}
+{{- end }}
diff --git a/charts/guac/templates/graphql-server-deployment.yaml b/charts/guac/templates/graphql-server-deployment.yaml
@@ -28,6 +28,7 @@ spec:
         app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
         app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
     spec:
+      serviceAccountName: {{ .Values.guac.graphqlServer.name }}
       containers:
       - name: {{ .Values.guac.graphqlServer.name }}
         {{- if .Values.guac.guacImage.digest }}
@@ -42,32 +43,46 @@ spec:
 {{- if .Values.guac.graphqlServer.ports }}
         ports:
 {{ toYaml .Values.guac.graphqlServer.image.ports | indent 10 }}
+{{- end }}
+{{- if .Values.guac.graphqlServer.resources }}
+        resources: {{- toYaml .Values.guac.graphqlServer.resources | nindent 10 }}
 {{- end }}
         volumeMounts:
           - name: guac-config
             mountPath: {{ .Values.guac.guacImage.workingDir }}
             readOnly: true
-{{- if .Values.imagePullSecrets }}
+{{- if .Values.guac.graphqlServer.additionalVolumeMounts }}
+{{ toYaml .Values.guac.graphqlServer.additionalVolumeMounts | indent 10 }}
+{{- end }}
+
 {{- if or .Values.guac.common.env .Values.guac.graphqlServer.env }}
         env:
-        {{- range $key, $value := .Values.guac.common.env }}
-        - name: {{ $key }}
-          value: {{ $value | quote }}
-        {{- end }}  
-        {{- range $key, $value := .Values.guac.graphqlServer.env }}
-        - name: {{ $key }}
-          value: {{ $value | quote }}
-        {{- end }}  
+{{- if .Values.guac.common.env }}
+{{ toYaml .Values.guac.common.env | indent 10 }}
+{{- end }}
+{{- if .Values.guac.graphqlServer.env }}
+{{ toYaml .Values.guac.graphqlServer.env | indent 10 }}
 {{- end }}
+{{- end }}
+
+{{- if .Values.imagePullSecrets }}
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
 {{- end }}
       volumes:
         - name: guac-config
           configMap:
             name: guac-cm
+{{- if .Values.guac.graphqlServer.additionalVolumes }}
+{{ toYaml .Values.guac.graphqlServer.additionalVolumes | indent 8 }}
 {{- end }}
 {{- if .Values.guac.graphqlServer.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.guac.graphqlServer.nodeSelector | indent 8 }}
 {{- end }}
+{{- if .Values.guac.graphqlServer.tolerations }}
+      tolerations:
+{{ toYaml .Values.guac.graphqlServer.tolerations | indent 8 }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/guac/templates/graphql-server-sa.yaml b/charts/guac/templates/graphql-server-sa.yaml
@@ -0,0 +1,17 @@
+# Copyright Kusari, Inc. and contributors
+# Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.graphqlServer.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.guac.graphqlServer.name }}
+{{- if .Values.guac.graphqlServer.annotations }}
+  annotations:
+{{ toYaml .Values.guac.graphqlServer.serviceAccount.annotations | indent 4 }}
+{{- end }}
+  labels:
+    {{- include "guac.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.graphqlServer.name }}
+    app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
+{{- end }}
diff --git a/charts/guac/templates/guacrest-deployment.yaml b/charts/guac/templates/guacrest-deployment.yaml
@@ -0,0 +1,78 @@
+# Copyright Kusari, Inc. and contributors
+# Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.restApi.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.guac.restApi.name }}
+{{- if .Values.guac.restApi.annotations }}
+  annotations:
+{{ toYaml .Values.guac.restApi.annotations | indent 4 }}
+{{- end }}
+  labels:
+    {{- include "guac.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.restApi.name }}
+    app.kubernetes.io/component: {{ .Values.guac.restApi.name }}
+spec:
+  replicas:  {{ .Values.guac.restApi.replicas }}
+  selector:
+    matchLabels:
+      {{- include "guac.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/name: {{ .Values.guac.restApi.name }}
+      app.kubernetes.io/component: {{ .Values.guac.restApi.name }}
+  template:
+    metadata:
+      labels:
+        {{- include "guac.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/name: {{ .Values.guac.restApi.name }}
+        app.kubernetes.io/component: {{ .Values.guac.restApi.name }}
+    spec:
+      containers:
+      - name: {{ .Values.guac.restApi.name }}
+        {{- if .Values.guac.guacImage.digest }}
+        image: "{{ .Values.guac.guacImage.repository }}@{{ .Values.guac.guacImage.digest }}"
+        {{- else }}
+        image: "{{ .Values.guac.guacImage.repository }}:{{ .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
+        {{- end }}
+        imagePullPolicy: "{{ .Values.guac.guacImage.pullPolicy }}"
+        command:
+{{ toYaml .Values.guac.restApi.image.command | indent 10 }}
+        workingDir: {{ .Values.guac.guacImage.workingDir }}
+{{- if .Values.guac.restApi.ports }}
+        ports:
+{{ toYaml .Values.guac.restApi.image.ports | indent 10 }}
+{{- end }}
+        volumeMounts:
+          - name: guac-config
+            mountPath: {{ .Values.guac.guacImage.workingDir }}
+            readOnly: true
+
+{{- if or .Values.guac.common.env .Values.guac.graphqlServer.env }}
+        env:
+{{- if .Values.guac.common.env }}
+{{ toYaml .Values.guac.common.env | indent 10 }}
+{{- end }}
+{{- if .Values.guac.graphqlServer.env }}
+{{ toYaml .Values.guac.graphqlServer.env | indent 10 }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+{{- end }}
+      volumes:
+        - name: guac-config
+          configMap:
+            name: guac-cm
+{{- if .Values.guac.restApi.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.guac.restApi.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.guac.restApi.tolerations }}
+      tolerations:
+{{ toYaml .Values.guac.restApi.tolerations | indent 8 }}
+{{- end }}
+
+{{- end }}
diff --git a/charts/guac/templates/guacrest-sa.yaml b/charts/guac/templates/guacrest-sa.yaml
@@ -0,0 +1,17 @@
+# Copyright Kusari, Inc. and contributors
+# Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.restApi.enabled }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.guac.restApi.name }}
+{{- if .Values.guac.restApi.annotations }}
+  annotations:
+{{ toYaml .Values.guac.restApi.serviceAccount.annotations | indent 4 }}
+{{- end }}
+  labels:
+    {{- include "guac.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.restApi.name }}
+    app.kubernetes.io/component: {{ .Values.guac.restApi.name }}
+{{- end }}
diff --git a/charts/guac/templates/guacrest-service.yaml b/charts/guac/templates/guacrest-service.yaml
@@ -0,0 +1,24 @@
+# Copyright Kusari, Inc. and contributors
+# Licensed under the MIT license. See LICENSE file in the project root for details.
+{{ if .Values.guac.restApi.enabled }}
+{{- if .Values.guac.restApi.svcPorts }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.guac.restApi.name }}
+  labels:
+    {{- include "guac.labels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.restApi.name }}
+    app.kubernetes.io/component: {{ .Values.guac.restApi.name }}
+spec:
+  selector:
+    {{- include "guac.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/name: {{ .Values.guac.restApi.name }}
+    app.kubernetes.io/component: {{ .Values.guac.restApi.name }}
+  ports:
+  {{- range .Values.guac.restApi.svcPorts }}
+    - {{ . | toYaml | indent 6 | trim }}
+  {{- end }}
+{{- end }}
+{{- end }}