diff --git a/.github/ct.yaml b/.github/ct.yaml index 475449d..970c205 100644 --- a/.github/ct.yaml +++ b/.github/ct.yaml @@ -4,4 +4,6 @@ # - incubator=https://charts.helm.sh/incubator target-branch: main helm-extra-args: --debug +chart-repos: +- metrics-server=https://kubernetes-sigs.github.io/metrics-server debug: true diff --git a/charts/ocean-kubernetes-controller/.helmignore b/charts/ocean-kubernetes-controller/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/ocean-kubernetes-controller/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/ocean-kubernetes-controller/Chart.lock b/charts/ocean-kubernetes-controller/Chart.lock new file mode 100644 index 0000000..6429d10 --- /dev/null +++ b/charts/ocean-kubernetes-controller/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: metrics-server + repository: https://kubernetes-sigs.github.io/metrics-server + version: 3.11.0 +digest: sha256:d72c6e2556ad01652833d9a81cd6ec626611244912a878d32d9ed58203d831bb +generated: "2023-09-21T16:24:22.598098+03:00" diff --git a/charts/ocean-kubernetes-controller/Chart.yaml b/charts/ocean-kubernetes-controller/Chart.yaml new file mode 100644 index 0000000..e574c9c --- /dev/null +++ b/charts/ocean-kubernetes-controller/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: ocean-kubernetes-controller +description: A Helm chart for Ocean Controller +type: application +version: 0.1.0 +appVersion: 2.0.17 +kubeVersion: ">=1.20.0-0" +maintainers: +- name: spotinst + email: ng-spot-info@netapp.com +icon: https://docs.spot.io/_media/images/spot_mark.png +keywords: +- spot +- ocean +- controller +dependencies: +- name: metrics-server + version: 3.11.0 + repository: https://kubernetes-sigs.github.io/metrics-server + condition: metrics-server.enabled +annotations: + artifacthub.io/prerelease: "true" diff --git a/charts/ocean-kubernetes-controller/README.md.gotmpl b/charts/ocean-kubernetes-controller/README.md.gotmpl new file mode 100644 index 0000000..cf7d1ae --- /dev/null +++ b/charts/ocean-kubernetes-controller/README.md.gotmpl @@ -0,0 +1,35 @@ +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }}. + +## Installation + +1. Add the Spot Helm chart repository: + +```sh +helm repo add spot https://charts.spot.io +``` + +2. Update your local Helm chart repository cache: + +```sh +helm repo update +``` + +3. Install `{{ template "chart.name" . }}`: + +```sh +helm install my-release spot/{{ template "chart.name" . }} +``` + +> NOTE: Please configure all required chart values using the `set` command line argument or a `values.yaml` file. + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/charts/ocean-kubernetes-controller/charts/metrics-server-3.11.0.tgz b/charts/ocean-kubernetes-controller/charts/metrics-server-3.11.0.tgz new file mode 100644 index 0000000..8860457 Binary files /dev/null and b/charts/ocean-kubernetes-controller/charts/metrics-server-3.11.0.tgz differ diff --git a/charts/ocean-kubernetes-controller/templates/_helpers.tpl b/charts/ocean-kubernetes-controller/templates/_helpers.tpl new file mode 100644 index 0000000..d1963e6 --- /dev/null +++ b/charts/ocean-kubernetes-controller/templates/_helpers.tpl @@ -0,0 +1,140 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocean-kubernetes-controller.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocean-kubernetes-controller.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocean-kubernetes-controller.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +The image to use +*/}} +{{- define "ocean-kubernetes-controller.image" -}} +{{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocean-kubernetes-controller.labels" -}} +helm.sh/chart: {{ include "ocean-kubernetes-controller.chart" . }} +{{ include "ocean-kubernetes-controller.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocean-kubernetes-controller.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocean-kubernetes-controller.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +ConfigMap name. +*/}} +{{- define "ocean-kubernetes-controller.configMapName" -}} +{{ default (include "ocean-kubernetes-controller.fullname" .) .Values.configMap.name }} +{{- end }} + +{{/* +Secret name. +*/}} +{{- define "ocean-kubernetes-controller.secretName" -}} +{{ default (include "ocean-kubernetes-controller.fullname" .) .Values.secret.name }} +{{- end }} + +{{/* +CA bundle secret name. +*/}} +{{- define "ocean-kubernetes-controller.caBundleSecretName" -}} +{{ default (printf "%s-ca-bundle" (include "ocean-kubernetes-controller.fullname" .)) .Values.caBundleSecret.name }} +{{- end }} + +{{/* +ClusterRole name. +*/}} +{{- define "ocean-kubernetes-controller.clusterRoleName" -}} +{{ include "ocean-kubernetes-controller.fullname" . }} +{{- end }} + +{{/* +ClusterRoleBinding name. +*/}} +{{- define "ocean-kubernetes-controller.clusterRoleBindingName" -}} +{{ include "ocean-kubernetes-controller.fullname" . }} +{{- end }} + +{{/* +Create the name of the service-account to use +*/}} +{{- define "ocean-kubernetes-controller.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocean-kubernetes-controller.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Figure out if we should deploy metrics server. We are checking: +- if 'metrics-server.deployChart' is true: + - try to fetch the 'v1beta1.metrics.k8s.io' APIService + - if it exists: + - check for it's helm annotations to see if it was installed as part of the + same release we are installing now (release name and namespace annotations). + - if it's not the same release -> fail +*/}} +{{- define "ocean-kubernetes-controller.deployMetricsServer" }} +{{- if (index .Values "metrics-server" "deployChart") }} +{{- $apiService := lookup "apiregistration.k8s.io/v1" "APIService" "" "v1beta1.metrics.k8s.io" }} +{{- $releaseName := .Release.Name }} +{{- $releaseNamespace := .Release.Namespace }} +{{- if $apiService -}} +{{- with $apiService }} +{{- if (or + (not .metadata.annotations) + (or + (ne + $releaseName + (index .metadata.annotations "meta.helm.sh/release-name") + ) + (ne + $releaseNamespace + (index .metadata.annotations "meta.helm.sh/release-namespace") + ) + )) +}} +{{- fail "\nThe value: 'metrics-server.deployChart' was set to 'true' but we found another installation of metrics-server in your cluster.\nYou must use:\n --set metrics-server.deployChart=false" }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/ocean-kubernetes-controller/templates/clusterrole.yaml b/charts/ocean-kubernetes-controller/templates/clusterrole.yaml new file mode 100644 index 0000000..d571da3 --- /dev/null +++ b/charts/ocean-kubernetes-controller/templates/clusterrole.yaml @@ -0,0 +1,117 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ocean-kubernetes-controller.fullname" . }} + labels: + {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }} +rules: +# --------------------------------------------------------------------------- +# feature: ocean/readonly +# --------------------------------------------------------------------------- +- apiGroups: [ "" ] + resources: [ "pods", "nodes", "services", "namespaces", "replicationcontrollers", "limitranges", "events", "persistentvolumes", "persistentvolumeclaims" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [ "apps" ] + resources: [ "deployments", "daemonsets", "statefulsets", "replicasets" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [ "batch" ] + resources: [ "jobs", "cronjobs" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [ "policy" ] + resources: [ "poddisruptionbudgets" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [ "metrics.k8s.io" ] + resources: [ "pods" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [ "autoscaling" ] + resources: [ "horizontalpodautoscalers" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + verbs: [ "get", "list", "watch" ] +- apiGroups: [ "node.k8s.io" ] + resources: [ "runtimeclasses" ] + verbs: [ "get", "list", "watch" ] +- nonResourceURLs: [ "/version/", "/version" ] + verbs: [ "get" ] +# --------------------------------------------------------------------------- +# feature: ocean/draining +# --------------------------------------------------------------------------- +- apiGroups: [""] + resources: ["nodes"] + verbs: ["patch", "update"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["delete"] +- apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] +# --------------------------------------------------------------------------- +# feature: ocean/cleanup +# --------------------------------------------------------------------------- +- apiGroups: [""] + resources: ["nodes"] + verbs: ["delete"] +# --------------------------------------------------------------------------- +# feature: ocean/csr-approval +# --------------------------------------------------------------------------- +- apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests"] + verbs: ["get", "list", "delete", "create"] +- apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests/approval"] + verbs: ["patch", "update"] +- apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["kubernetes.io/kubelet-serving", "kubernetes.io/kube-apiserver-client-kubelet"] + verbs: ["approve"] +# --------------------------------------------------------------------------- +# feature: ocean/auto-update +# --------------------------------------------------------------------------- +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles"] + resourceNames: ["spotinst-kubernetes-cluster-controller"] + verbs: ["patch", "update", "escalate"] +- apiGroups: ["apps"] + resources: ["deployments"] + resourceNames: ["spotinst-kubernetes-cluster-controller"] + verbs: ["patch", "update"] +# --------------------------------------------------------------------------- +# feature: ocean/apply +# --------------------------------------------------------------------------- +- apiGroups: ["apps"] + resources: ["deployments", "daemonsets"] + verbs: ["get", "list", "patch", "update", "create", "delete"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "patch", "update", "create", "delete"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["get", "list", "patch", "update", "create", "delete"] +# --------------------------------------------------------------------------- +# feature: wave +# --------------------------------------------------------------------------- +- apiGroups: ["sparkoperator.k8s.io"] + resources: ["sparkapplications", "scheduledsparkapplications"] + verbs: ["get", "list", "patch", "update", "create", "delete"] +- apiGroups: ["wave.spot.io"] + resources: ["sparkapplications", "wavecomponents", "waveenvironments"] + verbs: ["get", "list"] +- apiGroups: ["bigdata.spot.io"] + resources: ["bigdataenvironments"] + verbs: ["get", "list", "patch", "update", "create", "delete"] +# --------------------------------------------------------------------------- +# feature: controller/leader-election (high-availability) +# --------------------------------------------------------------------------- +- apiGroups: [ "coordination.k8s.io" ] + resources: [ "leases" ] + verbs: [ "get","list","patch","update","create","delete" ] +# --------------------------------------------------------------------------- +# feature: controller/report-events +# --------------------------------------------------------------------------- +- apiGroups: [ "" ] + resources: [ "events" ] + verbs: [ "create" ] \ No newline at end of file diff --git a/charts/ocean-kubernetes-controller/templates/clusterrolebinding.yaml b/charts/ocean-kubernetes-controller/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..a73fd74 --- /dev/null +++ b/charts/ocean-kubernetes-controller/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ocean-kubernetes-controller.fullname" . }} + labels: + {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ocean-kubernetes-controller.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "ocean-kubernetes-controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/ocean-kubernetes-controller/templates/configmap.yaml b/charts/ocean-kubernetes-controller/templates/configmap.yaml new file mode 100644 index 0000000..5979fef --- /dev/null +++ b/charts/ocean-kubernetes-controller/templates/configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.configMap.create }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + labels: + {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }} +data: + spotinst.cluster-identifier: {{ required "`spotinst.clusterIdentifier` must be specified" .Values.spotinst.clusterIdentifier }} + base-url: {{ default "" .Values.spotinst.baseUrl | quote }} + proxy-url: {{ default "" .Values.spotinst.proxyUrl | quote }} + leader-election: {{ gt (int .Values.replicas) 1 | quote }} + disable-auto-update: {{ default "false" .Values.spotinst.disableAutoUpdate | quote }} + enable-csr-approval: {{ default "false" .Values.spotinst.enableCsrApproval | quote }} +{{- end }} diff --git a/charts/ocean-kubernetes-controller/templates/deployment.yaml b/charts/ocean-kubernetes-controller/templates/deployment.yaml new file mode 100644 index 0000000..ca1dcf0 --- /dev/null +++ b/charts/ocean-kubernetes-controller/templates/deployment.yaml @@ -0,0 +1,221 @@ +{{ include "ocean-kubernetes-controller.deployMetricsServer" . }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocean-kubernetes-controller.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicas }} + {{- with .Values.updateStrategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "ocean-kubernetes-controller.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + # This will restart the deployment in case of configmap/secret changes + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "ocean-kubernetes-controller.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocean-kubernetes-controller.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ include "ocean-kubernetes-controller.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + {{- range .Values.args }} + - {{ . }} + {{- end }} + env: + - name: SPOTINST_TOKEN + valueFrom: + secretKeyRef: + name: {{ include "ocean-kubernetes-controller.secretName" . }} + key: token + optional: true + - name: SPOTINST_ACCOUNT + valueFrom: + secretKeyRef: + name: {{ include "ocean-kubernetes-controller.secretName" . }} + key: account + optional: true + - name: SPOTINST_TOKEN_LEGACY + valueFrom: + configMapKeyRef: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + key: spotinst.token + optional: true + - name: SPOTINST_LEADER_ELECTION_ENABLED + valueFrom: + configMapKeyRef: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + key: leader-election + optional: true + - name: SPOTINST_ACCOUNT_LEGACY + valueFrom: + configMapKeyRef: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + key: spotinst.account + optional: true + - name: CLUSTER_IDENTIFIER + valueFrom: + configMapKeyRef: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + key: spotinst.cluster-identifier + - name: BASE_SPOTINST_URL + valueFrom: + configMapKeyRef: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + key: base-url + optional: true + - name: PROXY_URL + valueFrom: + configMapKeyRef: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + key: proxy-url + optional: true + - name: DISABLE_AUTO_UPDATE + valueFrom: + configMapKeyRef: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + key: disable-auto-update + optional: true + - name: ENABLE_CSR_APPROVAL + valueFrom: + configMapKeyRef: + name: {{ include "ocean-kubernetes-controller.configMapName" . }} + key: enable-csr-approval + optional: true + - name: USER_ENV_CERTIFICATES + valueFrom: + secretKeyRef: + name: {{ include "ocean-kubernetes-controller.caBundleSecretName" . }} + key: userEnvCertificates.pem + optional: true + - name: POD_ID + valueFrom: + fieldRef: + fieldPath: metadata.uid + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.extraEnv }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - name: metrics + containerPort: 9080 + - name: readiness + containerPort: 9081 + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- with .Values.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + {{- with .Values.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if kindIs "invalid" .Values.affinity }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: Exists + {{- else }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if kindIs "invalid" .Values.tolerations }} + tolerations: + - key: node.kubernetes.io/not-ready + effect: NoExecute + operator: Exists + tolerationSeconds: 150 + - key: node.kubernetes.io/unreachable + effect: NoExecute + operator: Exists + tolerationSeconds: 150 + - key: node-role.kubernetes.io/master + operator: Exists + - key: node-role.kubernetes.io/control-plane + operator: Exists + {{- else }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if kindIs "invalid" .Values.topologySpreadConstraints }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + {{- include "ocean-kubernetes-controller.selectorLabels" . | nindent 12 }} + {{- else }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} diff --git a/charts/ocean-kubernetes-controller/templates/secret.yaml b/charts/ocean-kubernetes-controller/templates/secret.yaml new file mode 100644 index 0000000..54d3405 --- /dev/null +++ b/charts/ocean-kubernetes-controller/templates/secret.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.secret.create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ocean-kubernetes-controller.secretName" . }} + labels: + {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }} +type: Opaque +data: + token: {{ required "`spotinst.token` must be specified" .Values.spotinst.token | b64enc }} + account: {{ required "`spotinst.account` must be specified" .Values.spotinst.account | b64enc }} +{{- end }} diff --git a/charts/ocean-kubernetes-controller/templates/serviceaccount.yaml b/charts/ocean-kubernetes-controller/templates/serviceaccount.yaml new file mode 100644 index 0000000..443b2df --- /dev/null +++ b/charts/ocean-kubernetes-controller/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocean-kubernetes-controller.serviceAccountName" . }} + labels: + {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/ocean-kubernetes-controller/values.yaml b/charts/ocean-kubernetes-controller/values.yaml new file mode 100644 index 0000000..9854e0d --- /dev/null +++ b/charts/ocean-kubernetes-controller/values.yaml @@ -0,0 +1,181 @@ +# Default values for ocean-kubernetes-controller. + +nameOverride: "" +fullnameOverride: "" + +# Spot Configuration. +spotinst: + # -- Spot Token. (Required) + # Ref: https://docs.spot.io/administration/api/create-api-token + token: "" + # -- Spot Account. (Required) + # Ref: https://docs.spot.io/administration/organizations?id=account + account: "" + # -- Unique identifier used by the Ocean Controller to connect (Required) + # between the Ocean backend and the Kubernetes cluster. + # Ref: https://docs.spot.io/ocean/tutorials/spot-kubernetes-controller/ + clusterIdentifier: "" + # -- Base URL. (Optional) + baseUrl: "" + # -- Proxy URL. (Optional) + proxyUrl: "" + # -- Disable auto update. (Optional) + disableAutoUpdate: false + # -- Enable CSR approval. (Optional) + enableCsrApproval: false + +# -- Configure the amount of replicas for the controller (Optional) +replicas: 3 + +image: + repository: us-docker.pkg.dev/spotit-today/container-labs/spotinst-kubernetes-controller + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. (Optional) + name: "" + +secret: + # -- Controls whether a Secret should be created. (Optional) + create: true + # -- Secret name. (Optional) + name: "" + +# CA bundle. +# Ref: https://kubernetes.io/docs/concepts/configuration/secret/ +caBundleSecret: + # -- Secret name. (Optional) + name: "" + +# Config Map. +# Ref: https://kubernetes.io/docs/concepts/configuration/configmap/ +configMap: + create: true + # -- ConfigMap name. (Optional) + name: "" + +podAnnotations: {} +podLabels: {} +commonLabels: {} + +# Pod Security Context +# Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/ +podSecurityContext: + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 + +priorityClassName: system-cluster-critical + +# Container Security Context +securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + +args: [] +# - --test + +extraEnv: [] +# - name: KEY +# value: VALUE + +livenessProbe: + httpGet: + path: /healthz + port: readiness + initialDelaySeconds: 15 + periodSeconds: 20 + +readinessProbe: + httpGet: + path: /readyz + port: readiness + initialDelaySeconds: 5 + periodSeconds: 10 + +# Controller pod resources. (Optional) +resources: {} + # requests: + # cpu: 100m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +# -- Tolerations for nodes that have taints on them. (Optional) +# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: +# - key: node.kubernetes.io/not-ready +# effect: NoExecute +# operator: Exists +# tolerationSeconds: 150 + +# Pod scheduling preferences. +# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: +# podAntiAffinity: +# preferredDuringSchedulingIgnoredDuringExecution: +# - weight: 50 +# podAffinityTerm: +# labelSelector: +# matchExpressions: +# - key: app.kubernetes.io/name +# operator: In +# values: +# - spotinst-kubernetes-cluster-controller +# topologyKey: kubernetes.io/hostname + +topologySpreadConstraints: +# - maxSkew: 1 +# topologyKey: kubernetes.io/hostname +# whenUnsatisfiable: ScheduleAnyway +# labelSelector: +# app: test + +extraVolumeMounts: [] + +extraVolumes: [] + +schedulerName: "" + +# Annotations to add to the deployment +deploymentAnnotations: {} + +# Deployment update strategy +updateStrategy: {} +# type: RollingUpdate +# rollingUpdate: +# maxSurge: 0 +# maxUnavailable: 1 + +# Metrics Server configuration. +metrics-server: + # -- Specifies whether the metrics-server chart should be deployed. (Optional) + deployChart: true + + # Overrides the image + image: + repository: registry.k8s.io/metrics-server/metrics-server + tag: "" + pullPolicy: IfNotPresent + + # -- Arguments to pass to metrics-server on start up. (Optional) + args: + - --logtostderr + # enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server + # - --kubelet-insecure-tls