forked from kubernetes-sigs/aws-load-balancer-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add lint and dry run checks for the Helm chart (kubernetes-sigs#2099)
- Loading branch information
Fawad Khaliq
authored
Jun 24, 2021
1 parent
a03084b
commit b43e566
Showing
4 changed files
with
245 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,6 +6,7 @@ | |
*.so | ||
*.dylib | ||
bin | ||
build | ||
|
||
# mkdocs generated live docs | ||
site | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,181 @@ | ||
# Default values for aws-load-balancer-controller. | ||
# This is a YAML-formatted file. | ||
# Declare variables to be passed into your templates. | ||
|
||
replicaCount: 2 | ||
|
||
image: | ||
repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller | ||
tag: v2.2.0 | ||
pullPolicy: IfNotPresent | ||
|
||
imagePullSecrets: [] | ||
nameOverride: "" | ||
fullnameOverride: "" | ||
|
||
# The name of the Kubernetes cluster. A non-empty value is required | ||
clusterName: test-cluster | ||
|
||
serviceAccount: | ||
# Specifies whether a service account should be created | ||
create: true | ||
# Annotations to add to the service account | ||
annotations: {} | ||
# The name of the service account to use. | ||
# If not set and create is true, a name is generated using the fullname template | ||
name: | ||
# Automount API credentials for a Service Account. | ||
automountServiceAccountToken: true | ||
|
||
rbac: | ||
# Specifies whether rbac resources should be created | ||
create: true | ||
|
||
podSecurityContext: | ||
fsGroup: 65534 | ||
|
||
securityContext: | ||
# capabilities: | ||
# drop: | ||
# - ALL | ||
readOnlyRootFilesystem: true | ||
runAsNonRoot: true | ||
allowPrivilegeEscalation: false | ||
|
||
# Time period for the controller pod to do a graceful shutdown | ||
terminationGracePeriodSeconds: 10 | ||
|
||
resources: | ||
limits: | ||
cpu: 100m | ||
memory: 128Mi | ||
requests: | ||
cpu: 100m | ||
memory: 128Mi | ||
|
||
# priorityClassName specifies the PriorityClass to indicate the importance of controller pods | ||
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass | ||
priorityClassName: system-cluster-critical | ||
|
||
nodeSelector: {} | ||
|
||
tolerations: [] | ||
|
||
affinity: {} | ||
|
||
podAnnotations: {} | ||
|
||
podLabels: {} | ||
|
||
# Enable cert-manager | ||
enableCertManager: false | ||
|
||
# The ingress class this controller will satisfy. If not specified, controller will match all | ||
# ingresses without ingress class annotation and ingresses of type alb | ||
ingressClass: alb | ||
|
||
# The AWS region for the kubernetes cluster. Set to use KIAM or kube2iam for example. | ||
region: | ||
|
||
# The VPC ID for the Kubernetes cluster. Set this manually when your pods are unable to use the metadata service to determine this automatically | ||
vpcId: | ||
|
||
# Maximum retries for AWS APIs (default 10) | ||
awsMaxRetries: | ||
|
||
# If enabled, targetHealth readiness gate will get injected to the pod spec for the matching endpoint pods (default true) | ||
enablePodReadinessGateInject: | ||
|
||
# Enable Shield addon for ALB (default true) | ||
enableShield: | ||
|
||
# Enable WAF addon for ALB (default true) | ||
enableWaf: | ||
|
||
# Enable WAF V2 addon for ALB (default true) | ||
enableWafv2: | ||
|
||
# Maximum number of concurrently running reconcile loops for ingress (default 3) | ||
ingressMaxConcurrentReconciles: | ||
|
||
# Set the controller log level - info(default), debug (default "info") | ||
logLevel: | ||
|
||
# The address the metric endpoint binds to. (default ":8080") | ||
metricsBindAddr: "" | ||
|
||
# The TCP port the Webhook server binds to. (default 9443) | ||
webhookBindPort: | ||
|
||
# Maximum number of concurrently running reconcile loops for service (default 3) | ||
serviceMaxConcurrentReconciles: | ||
|
||
# Maximum number of concurrently running reconcile loops for targetGroupBinding | ||
targetgroupbindingMaxConcurrentReconciles: | ||
|
||
# Period at which the controller forces the repopulation of its local object stores. (default 1h0m0s) | ||
syncPeriod: | ||
|
||
# Namespace the controller watches for updates to Kubernetes objects, If empty, all namespaces are watched. | ||
watchNamespace: | ||
|
||
# disableIngressClassAnnotation disables the usage of kubernetes.io/ingress.class annotation, false by default | ||
disableIngressClassAnnotation: | ||
|
||
# disableIngressGroupNameAnnotation disables the usage of alb.ingress.kubernetes.io/group.name annotation, false by default | ||
disableIngressGroupNameAnnotation: | ||
|
||
# defaultSSLPolicy specifies the default SSL policy to use for TLS/HTTPS listeners | ||
defaultSSLPolicy: | ||
|
||
# Liveness probe configuration for the controller | ||
livenessProbe: | ||
failureThreshold: 2 | ||
httpGet: | ||
path: /healthz | ||
port: 61779 | ||
scheme: HTTP | ||
initialDelaySeconds: 30 | ||
timeoutSeconds: 10 | ||
|
||
# Environment variables to set for aws-load-balancer-controller pod. | ||
# We strongly discourage programming access credentials in the controller environment. You should setup IRSA or | ||
# comparable solutions like kube2iam, kiam etc instead. | ||
env: | ||
|
||
# Specifies if aws-load-balancer-controller should be started in hostNetwork mode. | ||
# | ||
# This is required if using a custom CNI where the managed control plane nodes are unable to initiate | ||
# network connections to the pods, for example using Calico CNI plugin on EKS. This is not required or | ||
# recommended if using the Amazon VPC CNI plugin. | ||
hostNetwork: false | ||
|
||
# extraVolumeMounts are the additional volume mounts. This enables setting up IRSA on non-EKS Kubernetes cluster | ||
extraVolumeMounts: | ||
- name: aws-iam-token | ||
mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount | ||
readOnly: true | ||
|
||
# extraVolumes for the extraVolumeMounts. Useful to mount a projected service account token for example. | ||
extraVolumes: | ||
- name: aws-iam-token | ||
projected: | ||
defaultMode: 420 | ||
sources: | ||
- serviceAccountToken: | ||
audience: sts.amazonaws.com | ||
expirationSeconds: 86400 | ||
path: token | ||
|
||
# defaultTags are the tags to apply to all AWS resources managed by this controller | ||
defaultTags: | ||
default_tag1: value1 | ||
default_tag2: value2 | ||
|
||
# podDisruptionBudget specifies the disruption budget for the controller pods. | ||
# Disruption budget will be configured only when the replicaCount is greater than 1 | ||
podDisruptionBudget: | ||
maxUnavailable: 1 | ||
|
||
# externalManagedTags is the list of tag keys on AWS resources that will be managed externally | ||
externalManagedTags: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
#!/usr/bin/env bash | ||
set -euo pipefail | ||
|
||
set +x | ||
|
||
SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" | ||
TMP_DIR="$SCRIPTPATH/../../build" | ||
PLATFORM=$(uname | tr '[:upper:]' '[:lower:]') | ||
HELM3_VERSION="3.3.1" | ||
HELM2_VERSION="2.16.10" | ||
HELM_DIR="${SCRIPTPATH}/../../helm" | ||
LB_HELM_CHART=${HELM_DIR}/aws-load-balancer-controller | ||
|
||
mkdir -p $TMP_DIR | ||
|
||
if [ ! -x "$TMP_DIR/helm" ]; then | ||
echo " Downloading the \"helm3\" binary" | ||
curl -L https://get.helm.sh/helm-v$HELM3_VERSION-$PLATFORM-amd64.tar.gz | tar zxf - -C $TMP_DIR | ||
mv $TMP_DIR/$PLATFORM-amd64/helm $TMP_DIR/. | ||
chmod +x $TMP_DIR/helm | ||
echo " Downloaded the \"helm\" binary" | ||
fi | ||
|
||
if [ ! -x "$TMP_DIR/helm2" ]; then | ||
echo " Downloading the \"helm2\" binary" | ||
curl -L https://get.helm.sh/helm-v$HELM2_VERSION-$PLATFORM-amd64.tar.gz | tar zxf - -C $TMP_DIR | ||
mv $TMP_DIR/$PLATFORM-amd64/helm $TMP_DIR/helm2 | ||
chmod +x $TMP_DIR/helm2 | ||
echo " Downloaded the \"helm2\" binary" | ||
fi | ||
export PATH=$TMP_DIR:$PATH | ||
|
||
echo "==============================================================================" | ||
echo " Linting Helm Chart w/ Helm v3" | ||
echo "==============================================================================" | ||
helm lint $LB_HELM_CHART | ||
|
||
echo "==============================================================================" | ||
echo " Linting Helm Chart w/ Helm v2" | ||
echo "==============================================================================" | ||
helm2 lint $LB_HELM_CHART | ||
|
||
echo " Helm Linting for v2 and v3 have successfully completed!" | ||
|
||
echo "==============================================================================" | ||
echo " Generate Template w/ Helm v3" | ||
echo "==============================================================================" | ||
|
||
helm template aws-load-balancer-controller "${LB_HELM_CHART}" --debug --namespace=kube-system -f "${LB_HELM_CHART}/test.yaml" > /dev/null | ||
|
||
echo "==============================================================================" | ||
echo " Generate Template w/ Helm v2" | ||
echo "==============================================================================" | ||
|
||
helm2 template --name aws-load-balancer-controller "${LB_HELM_CHART}" --debug --namespace=kube-system -f "${LB_HELM_CHART}/test.yaml" > /dev/null | ||
|
||
echo " Helm template generation for v2 and v3 have successfully completed!" |