From 058b0b9e4f549b80b5c23d9b4e7925a46092bdea Mon Sep 17 00:00:00 2001
From: Roi Kramer <roik@netapp.com>
Date: Tue, 26 Sep 2023 10:57:03 +0300
Subject: [PATCH] Con 22853 create controller v2 chart (#50)

* added new kubernetes controller chart
---
 .github/ct.yaml                               |   2 +
 .../ocean-kubernetes-controller/.helmignore   |  23 ++
 charts/ocean-kubernetes-controller/Chart.lock |   6 +
 charts/ocean-kubernetes-controller/Chart.yaml |  22 ++
 .../README.md.gotmpl                          |  35 +++
 .../charts/metrics-server-3.11.0.tgz          | Bin 0 -> 8462 bytes
 .../templates/_helpers.tpl                    | 140 +++++++++++
 .../templates/clusterrole.yaml                | 117 ++++++++++
 .../templates/clusterrolebinding.yaml         |  14 ++
 .../templates/configmap.yaml                  |  15 ++
 .../templates/deployment.yaml                 | 221 ++++++++++++++++++
 .../templates/secret.yaml                     |  12 +
 .../templates/serviceaccount.yaml             |  12 +
 .../ocean-kubernetes-controller/values.yaml   | 181 ++++++++++++++
 14 files changed, 800 insertions(+)
 create mode 100644 charts/ocean-kubernetes-controller/.helmignore
 create mode 100644 charts/ocean-kubernetes-controller/Chart.lock
 create mode 100644 charts/ocean-kubernetes-controller/Chart.yaml
 create mode 100644 charts/ocean-kubernetes-controller/README.md.gotmpl
 create mode 100644 charts/ocean-kubernetes-controller/charts/metrics-server-3.11.0.tgz
 create mode 100644 charts/ocean-kubernetes-controller/templates/_helpers.tpl
 create mode 100644 charts/ocean-kubernetes-controller/templates/clusterrole.yaml
 create mode 100644 charts/ocean-kubernetes-controller/templates/clusterrolebinding.yaml
 create mode 100644 charts/ocean-kubernetes-controller/templates/configmap.yaml
 create mode 100644 charts/ocean-kubernetes-controller/templates/deployment.yaml
 create mode 100644 charts/ocean-kubernetes-controller/templates/secret.yaml
 create mode 100644 charts/ocean-kubernetes-controller/templates/serviceaccount.yaml
 create mode 100644 charts/ocean-kubernetes-controller/values.yaml

diff --git a/.github/ct.yaml b/.github/ct.yaml
index 475449d..970c205 100644
--- a/.github/ct.yaml
+++ b/.github/ct.yaml
@@ -4,4 +4,6 @@
 #   - incubator=https://charts.helm.sh/incubator
 target-branch: main
 helm-extra-args: --debug
+chart-repos:
+- metrics-server=https://kubernetes-sigs.github.io/metrics-server
 debug: true
diff --git a/charts/ocean-kubernetes-controller/.helmignore b/charts/ocean-kubernetes-controller/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/ocean-kubernetes-controller/Chart.lock b/charts/ocean-kubernetes-controller/Chart.lock
new file mode 100644
index 0000000..6429d10
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: metrics-server
+  repository: https://kubernetes-sigs.github.io/metrics-server
+  version: 3.11.0
+digest: sha256:d72c6e2556ad01652833d9a81cd6ec626611244912a878d32d9ed58203d831bb
+generated: "2023-09-21T16:24:22.598098+03:00"
diff --git a/charts/ocean-kubernetes-controller/Chart.yaml b/charts/ocean-kubernetes-controller/Chart.yaml
new file mode 100644
index 0000000..e574c9c
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/Chart.yaml
@@ -0,0 +1,22 @@
+apiVersion: v2
+name: ocean-kubernetes-controller
+description: A Helm chart for Ocean Controller
+type: application
+version: 0.1.0
+appVersion: 2.0.17
+kubeVersion: ">=1.20.0-0"
+maintainers:
+- name: spotinst
+  email: ng-spot-info@netapp.com
+icon: https://docs.spot.io/_media/images/spot_mark.png
+keywords:
+- spot
+- ocean
+- controller
+dependencies:
+- name: metrics-server
+  version: 3.11.0
+  repository: https://kubernetes-sigs.github.io/metrics-server
+  condition: metrics-server.enabled
+annotations:
+  artifacthub.io/prerelease: "true"
diff --git a/charts/ocean-kubernetes-controller/README.md.gotmpl b/charts/ocean-kubernetes-controller/README.md.gotmpl
new file mode 100644
index 0000000..cf7d1ae
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/README.md.gotmpl
@@ -0,0 +1,35 @@
+{{ template "chart.header" . }}
+
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+{{ template "chart.description" . }}.
+
+## Installation
+
+1. Add the Spot Helm chart repository:
+
+```sh
+helm repo add spot https://charts.spot.io
+```
+
+2. Update your local Helm chart repository cache:
+
+```sh
+helm repo update
+```
+
+3. Install `{{ template "chart.name" . }}`:
+
+```sh
+helm install my-release spot/{{ template "chart.name" . }}
+```
+
+> NOTE: Please configure all required chart values using the `set` command line argument or a `values.yaml` file.
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+{{ template "helm-docs.versionFooter" . }}
diff --git a/charts/ocean-kubernetes-controller/charts/metrics-server-3.11.0.tgz b/charts/ocean-kubernetes-controller/charts/metrics-server-3.11.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..8860457ec1efe286aefd1237d6a403256c933800
GIT binary patch
literal 8462
zcmV+pA@SZHiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYMbK5x5D7>HfD|+pB-kr$_b@46xs7{_!9w*PPYvYV6&dk=-
z)>Z_OEeRWv-~gZ;O+4qfpTdQAQj%>+No?UmVv)^8qtR$I8t6udl2cE(0{I+y_hLr4
z>?}wa{AqKg*X#ApPEPdyy<V^S|53kx`ltTM$=T7_*>Uf*|EFI6q<`A~6ZAGnLu*Nd
zB>Ydk2iH|?+&5B46fsF8Wsw*-0EA0AA)cHi;|^tAZ$_diiUHg@001t0q>(=W;``|9
zCjdSQkJDIT7{I}~dILUAND@f6GQtJdTDX9tU<vmSIR2KPkfL)?LThSkM*MT^6Nx^^
z8CKE$ba4qZBvS;*VBYJTb&l_enD{=66q)q*8s2{AubuvX-2w51d8ZMl3@KL-ktkZ^
zT=7^mq0@xx-cWUhM0zvxJ@b+fBSmMW@g$K<cqE|F6y_vIP%)Ln^cUnp(=k7CNE~NB
z6?;yc5~UT4Q~&{ml8gg<4mg=mk76XjlF25DQb}l3=u!v3Y7&?*4*y8T$Rm^}V4ToE
zx-=?L8q*j98lmVoGZx|iW>Ust(CtpC7Cn!J-H#a#SJ0{GmNk__Jw<!^9hnnJxagSg
z6M<aOh>_H&lJ4<YuYY>fJN`f7<w>vi|Ic5ZI3ICw!?-U7jthBRjtiBFvIkB`sBO3Y
zC?bk-A#si~8sA_LH~<L`8e3BWOTYcdL+Z_N*>@R8`VB@tM{mg&7QjGP+G09OQ-61k
z%SDU>AaNW}Ps^w?Po?U()9-hB&X-nZ`*P<}ng6W{*{lJuV*Y<|diJ6^|DPPa*w6pF
zD2MRM&P}H4wfZg#MaMaW_cJQY%<${^)f;!hcu1t0jwUof1@H>JfN+F4;Z#i=LQP;}
zgqR3{KF~-qSg?eH#4rwsRI1<6v#T;YIL1s+$@pRb9H&%BzUX}Xt57ybMM5h|3E&WZ
znj`1bS9Q)XowCUkZe~p6b1xMz|NI#`#>73(=0y184+j+d01njb9w$LCWC8US1Gt>L
zWpc<-U?eTM!z2i<(c>t^0RHuF=MYlOoDy!{z9k_#S_`M-Y5bEU2x<=<)fnpGx#zJY
zk^|kU>li&cp(x;HhH|Fnda!Un3?PUZO9Ef<+2g3p7zgZM1CTsHjp#f#@l>Y}-&g-B
zR#ng``>$XQ!skEq_wQ$@Tc~FKhOZQ|L|{k5UQQrl5(G*hk#A{HtXI@L2VxLW0aJ{S
zYr`uM$|6vRQ{H4U;(%qX?ifQ!K!sG42-61;DjJl;!FT~uiD`vCL)bN9Hs$5>oRTk}
zd7{g4f*d0cy8#(vAlw2YTs7xQ(LKay!nlWSR;6o+a3Cc|i-g0+#B1xscR!wAWM-3C
zrw3yZzm8OO{s1N<5a=ia@7lDoS`9UQH1Cg5l77dI7CV;Ue0Z6$r&hCOlt%X}OF%AS
z>X9H=zztEItT>B?j6bVxUa$mwDm3SdXf-l5tQ5eE%$4=5k%lBv1CvT%i4@eg@<fHQ
zqPf(H2Rl=kF;0J124(;;^Gjx<#dO2?N4TMKW<KW_ATa`X2iY&s+#>h&zLN~ZM;gQX
zH`g#nPA91$1VAH!Uc&MEBaPp`x&B4HT@(mWqC0$j1sHiuEs-wHVVp#MfV$lc2tD$n
zes2_n$HI_BZ?tS`0%PWvf1Ouapq^bTlBir<C|mfGG|xrlp=x~)u$v*La~j|jUu)yv
ztPPC3DFsdZpQ2##jxqT^G(fQs62q*0Jc-W5TNbI;<%d5D<OAsUdOb5pJQl`7&eXIq
z(90%cRlZ9iNkg=Ak#2rW#x$UkqA-9yXYs(Uv|KoU^Tu&vPMK~>K!kW}%yCVa>jjCB
z$X$<9sl-@u(Aw@p#-*a@=(OiJGbZF)luDu+MpAjMDU29pGe|wHK>-7V%*XO5y3t>#
z^)BUD8bk`e8X}26Ab~_4DNV`d$OE!~$Y4}LujC_UzEBF)$h4JQ<dA4wN-mXvB#{yy
zG()2@hr_u-0QiZ7v0BziJE2?B4CVq!|3o!(Eg8Tfc>RxS2U6lQMZ{6B2E+jRj+5x6
z^tDuaeY()nc9{1t3)C1k%WeIf7oQCDBY=>6x=#2M2hhu({2Y-vp?X28D~g%_iVB|S
z1?-QBKSeudF46Fkh>xPnlgKTsV7lp=8{OC+ck2xV2x)YlRqoWtaU5%3ob#y`R2N*=
zLoQvP@|Rs1#`c*aDM0DQdaB{*yTtc73gIgLh?kd<mVw}M`26*!?9ab5A=MOEL6Qh`
zBj%$kB$0`5W5%TgG5zkU874?n8(;QMh2s!Ko}QcnI>!iw7;-k&EmBPTo8cfpOyq0;
zT?O>Jd7y`jW~}}#ycw#2_V@Sihu2#1QAtVg3In1n9~SvS^&LQroN5(h9`)6;386v4
z@%@aWn6bbgz_F4c;?tEBDX7H*NIJR`O(LINjrd*|g>pG`()v$MjvFVAAXm#uB;nlG
zJ|KbijT)_bUaV`E8%ScMQ%0(vJsCi%#%MHQBZICi+9^OvFB~Z4d(Z@GEvc(gtp|>y
zeNyj?OKQ+G0x~Ooxt(5^sJj}cYyDhC%`5xb_|Wupl6fKwTH_B))w>rb132l0_GgHp
zuJP#fit0xJ4e7ej+R0`>HK2vVPm+@h^`LJaq@VR{9U9;&#bqCcG_rzlO@Bu{uUUx<
zf}xhJ0UYb~pJ{Y1Q>Tt&`@4b1skmLSNHMpu7l`juC1xaeQxq_&)W)0ywjILbB*ynN
zM3(4TPGp|Bcc|r$Mph9hwwIqcWixqg&(NXmcBj;><xbVS@ArCTW*_woyAKOpdT62T
zpBB_{bcg)Hf+WN%Wq@0n3y<v+r5LX<Ku@t!n>>;Q$kRcpK*(gGl*A%^9kYN<7uT^;
zG8Zfol53Mc<x0C1>0=zQMW~jC`JXjYOerWo36Q@{S2JIF*`Jll>N;DUci;Z>{`GZ7
zev%KbV}<{xcXm?s|D2wk9q;`=yC}~#Q=DhjZG?N3XU?YR0nmOP$XwL9>!;-RIgjHU
z2B6(RbeX!92Aa~(pMgeRkoX7(6;oT!mj}>M-)*WnTkHSU@&93lL5y5<Wc*N9@QU$&
zdUn>YjQ_LK)6@O<-$nWSx%<p{{V67q*{Li#`m|rB<2>vB@rU#IvkN{>XjGSX^~nLa
zIgoa@+F_(-Jm~ylwiSwwPq+oilgNX!WBn%$uan7yeu4w{04y$yeD$ZJiM%krM3U7o
zNrGSjza=D43w9q!9BcAB&Og!M*6>o*pqe6Jj2=;oTfsss?osMSPbdazmCex@BWNdi
zD&TwVT10sD_FBQJRk?`K`=R4pPEz-iL1MiOsZYyzJ0;xEAb>Hdm9-B<0MW!-YFF_$
zb&KXarjv}NRey5Iy4LsWusskNp8robVeoSOe$8pjm|>7~-dRVT{x+qv^ze?v#hgZR
z0tep-_d9V=!DT94U&@;QEXiJ>Q`LB}^M>kB-LY0m43svlS9h)k&U?1nq9U`)v)8R!
zj0MC)IQU-&aPZ;a?gL8u6z!^XC7}k)P&&gP?1))c6F*os7ux1^3<0fR!kX)EY$ct7
z6gAGrB#t}f<!!@6U-;w}eoL6d3LolNjFZ}T#|wifl_=|Nhx!04dS-1aCHs|x!4ime
zK}**y>-I{Oac*O)%+h}e|BZU-H1mW;LXybCGDnJoxM{3ZCzIw~qcs{>+!=e@rUuJk
z9lP&TnUcP5Yksa_J3q9cjEe0o=%5t&f&JrPEd(vy|32TpT#r50)~u_KfmR=u5)IYK
zoj34(#**}lc|qOe<K~A73Q49vtVOu?TGx(Lt!z%w7qw>F>Yo%Fx&%s+X^UEnCUkm5
z;!J!W&;~C>)~e#y6Uqba#&Qk1W_A9K1-J>4ISVqbXT;k5p6`UK30ary20GzyC}CK4
z;OlLTR9&wkIQGY#{E(ZWR;|gjPEb?x_nnKv22$sIcxhop=kG+oL993UyYv3R5AeOf
zaE|<fg|RaJ4*vTk^gBm=x2Fa~5sR`IEt*a?KupzUNoYH_h`vCY)*2~z6R_U0EqxLB
znb@R%Z`l5CUH_4oS_Sst(?BcMfBoZL)&KM2=;Ua>{@X>V%%l0if^-fw7DaxZl*H6}
z{<ViQ_5RQMjyV#0KD@LToDe1Pi6n#U97pr9gnZK^8yaoeCCCiKTZm}nV<h1OvH_!a
zJ{#In*rhSRm1EE5>(p**#%-0DTKElCRG04En~(FI{Li0Ze0GA7XH2aUUVtfQNt_+o
z%z2}q5A9a>6^&?^gz45p%drDxsMX181U7XS_Pf%)T4F91bUavnrhbZ;G+BxIaSCVl
z&I<IUN=CgfK$#_Pr6qrqGQqTdi(2vNlve$3cNUd3;F9T-<CIABU5>;@ezz%MmHzL&
zI4bM^qvKw0um5*aD*B&~iPxt2^*fSCeL$;O`P<D=Wr{Xv|3-VVCR<Bv%c5PmkvRjF
zG%6#^mCPl6NTb5;`r03&Pvw2Sn^U~WzT-)N_HYS_>EG0RAo8P7wF#rPzpkKS=8Nn{
z#C$Zr=E%nds42?q?|_Q@#|@F*Y_D=3U0F;2>owo~mjSExe@{;;@qb6X(--^m|2rv#
zHFMJ((C9x&PcZIgg1D>0VFMFGLElEY*;<+Y{O(ObQ>JHN+O+65qAJ%J{||KltX%(}
zo>kZXC#U=IzmxK%?Y}QJuq%d?Yhp}lrjxam+D3b7F|Cbni75s)l1Q(Y^GC+#8<O}w
z23zJ7Ep>1nQDXSoXjbAUiIH}h76=chw^-IJ8(W|Oscl3Gs(k@DctINCH1xo~gG<~R
z@D+X}`mp4VoTrbVtfT+OH1cUQb=BB+eGJqhh26miu*&{>QD6VR=%4NN|1Qeb^#6}W
zXqHa{--&^p3Cgmy<5__P_zovJ63XhqC9QP;>XTjCw#L>tA{qY&J!xki^YwLUcX&O&
zYtv@<ojkC0U3i!Af8S-`D*LZr-Tyf{>L2aT|Lvr#82{Dnq0KJ?*U}STb~U(h_3-&~
z7UH~OZ^g9t>r^0n!|D-~JLvy=y8%}2|J3w<zt`Kxf9#}uS^MuxxdFbQM*li>`Ii>M
zefdJAUH@lpr-yF;thWFA$JPCx<J0~A|4zz%4E$W(r>9$+wS1fAYC9oowbyz_i5@%&
zq~yL;(tT0Py*PkdSK}=<S`Pw4Y<J!#K|IqZlhV1Njzzy56M+}QpUWq*ip@7;%Zrm#
zb9-?zME;ifxay-cggyOI)s+UUFaOfSRHxsWUw5hWD*JvvhkWCuRsZMV>{~wn+wUJ8
zAJ@+Rp6&Plc2demdt;H?@~`sL26xi#wZox1(&r6FavM`JZ0Z1Tp8BYuG1G@F1eG%+
z*`v2<zNEX60g%RinGbcc;5P*(E@xvs;x4c3%%()Ny1?Qu$bc$AsjB-|_E#tcP?Xq}
zB{|DsS~*m~lX0mHaZMuhgkP14dsUc92-w_2h14I#gU`h`OK7cToy<XN`6wU4qxy34
z{;SVsj#skL6|1ggq}yOuS98SWunp<sRR0u%MVHi4u$l`w;4-5*gDs|*OH<=DBF!??
z6*@A_En3TZT4YhFy`qiFOF6xS+x??5jvC#WC@vM4VpfdGcf&%))xrQVVS0Hw*7BFc
z=3C24=}3X=npg*&8tvtGzIHIlLQHNU8{iN1267Tju`rKhDc;JUw$jcT9IA*+dT6&M
zE-6~qE%~Bc65No5aCNFiHzsl>UX~7}tf;!&Ao7rwD2|p`p9*Q7ku3w|OfruJ19*Qi
zEWN3uV=Q!g=}n!SlCYO@*_B~yY3|Bs?kngu63W@@%E0x^cAFt$Ud)13=|s~NChuUe
z=%lqnlS{Asw$`Ltrmd=|Y?y&*F5C+5DhG@nTJ<`fjskeI=C%8Ac}1%gUsFtTWtd?!
zZ|=scUq1|gdiCM$`PJ)6cj|22|HD~0sJsA^$i%w08{ZizNDaD<%`dsM_UqyK#g<9X
zYk>m1$HI_Aew8uZnE4;7y<pRBYWIstyou7YF3cKOzAAWmw-~odT}Dg2Y@M17V3q^$
z<#NYL2G>+u%!0r*$tzc&$uki);Xxs3NF?Jg@l(tqj3gyN4XT{wa7Be>;HF9wfi^3t
zcv-N2U@b*fjC*$t_!7m|*z5I3%~H7g4%JWT(cI=NtZAIGcE&K4i&vD}e2;K{O}3ns
znIE>?;D<VM8=Jmt#@YB<ub2)p2P-9s+-QAiZpp%`GR-!*(RvC=Epw=1rppc2){-N$
zSa(|*&HGXErCnoBqO|&dV}HD<YhYIG{~euF<3CQ%_VFLPDV4dTA+vhxHsF#;p_-pX
zPX@-V+>rX^+wd<J6F;orSTSe3slAj%zPQ?5@AFhELNU+HQWT{u^_GT8BK=iVG@vNc
zv0VrBers_TrCtAvcvt$rcUs;5JAKjb?e+gI%Ifg2qRKC)s>(Hb>e@Gs+T~~d?jP*6
zF%_<zsOVqR?wE1mFVFts08E5A6sRBaBrrGBoQreqb;w)LaMw-qCj#HlDEZX(Hi_c^
zLyRN|ieY#)z|xvAC3ePy9A3W4Xi>i}hZm*a)eQ*!P435aL8rIqTfH5UPXjnRJv}~i
z_V)PWF0J~16Nw*eS*ibzde!qE{j>e~znzpX6aUj5AikEH$)u><t@&?5$19=IHq5)^
zEzAPEv(RJ{rd|7##Cp4|@^S8-F22lyr`<cPjVdH);%b?E_Llb3Elc(PLjyl;S$Y1u
z7XQ;bJ=(|r?4*1-{l8{__}wBtYg59<WQ?u}()ogsL#2?Rd(3iQWz5ii+IR$I9sR%U
z{7((`|M82Hz5d@t*=+phUG%!nk+Cx6=QpR_v$RRB&7h84Hx(mkFP*iG{yLTVmzKwU
z*==dn|C>twzmENXT+RP~c6!?1>;GMp#<<S*1pZ&)zHH+ecq6;^!sX(f8*9eaw4&U?
zO#<eE>4uc}>V^3#F1qULhppF0st+xvu_fVCl*7`E+U0%S`)=Z%?Dq`5fwD^f+v~a>
zG!3lK|GgJSwfO)3(LVp*PRi$X?on$^08lYk8|RDGyeLcT)-OJFqzu@gx?fe5$iw?Y
z9?#c;{s@|HlDo4BziRx4=1Tf)j{l>hdj9wQ{@;$u=X(Bk+w)hp=TkRtTjW|*IarCI
z(X`_+j!a*G*{!M!i~U<MG21mo$|mCbRH+3LltY%6>xV{z@IP#<aWr4JS!nfj{QzD)
z$#NT4wjDl>ksq`C__u4V)RNt5qBhE5jKZ5?)xed3Fu7IoqvXZQtkP?*D$%vex{F2<
z`J4oWXlnapP>F+FeKx*=T6mnq_@0Ky5($Mc=i>7R*J7CV4z<wIs2I;#d$rk6fC?eJ
zi3I-O%J)vGos`P_-<e?$(rLsvZmy11_W$W|W&ZD<9Pj7<-IPNZ5-E{K0we>|^Kdi6
z2*wEwd>Tz5Cf-LfMbU8%;r)yXeO!@oDL~9H2w)npv6(+;G<~jzzNB;1+P(0cM80zf
z5l*%B4By8bC-f8gM!Ed?hYtJ{1q)!2{!)<yF>(lKgdL~z>iWaAWE`DCu=ke#a&Zkl
z<-+MqsqE^14f#%I{5$XJf71uEX;=M|{uJ}5n<E+%?_(0fga#;_XB}}9JI^{}^3i$L
zk)isVaXNLL{a@!0ej%K)M8M^%*TU(<oc#wq>2#=%q-(%A`;XI^3y=BO{TB3AW&FQ;
zeg5j|btm*US;zA6e|B_oRQ3NJpZ53hKRYRh@Q>`Wcepabplx*Ij`OebgMWXoZL&eP
zJEd}#jJ08(-xco)I?XOhNd@W$paKX8kLWOx=YW$5^{ATn&A~QclROzjcHAuuyVv)K
z7bsLpNxC!wl1QeIY6V4OWojr5<^1nIyDq%vbUM}8wB-w~``?apcnFt~kR;IG$QgpZ
z?c8yG#EDXR3zmRKBA^CHLwE{8zqz4701=|E)FknJ{d!bx><Bo<Oac7s?-+zRyVRuG
z5wq?O9mg4sMp|t;>Y@2Sp(|s8^veo&JC^a3Rr##&I?nk-B3JbOWsYe>(9o)DYHeeU
zuq2*x;w#pruoVg`^;e?cH8qEaP|k>`uZf?qAYeDT4|HHrK!p^Bk`!1yjtM6rO5{RG
zh<g2@ER7#*@2I7#oFV1eRs3^fr#j9p3{xzyq};+Q6dtEK`e_;9<1LB>hIyMp=-h(4
zMuGLf9&_0^3pDdbCVi3`_Cl@G7Nf>)zf@3=Lv=PK0N+Zvg^|6_e32e!S*qHa*jPrG
zGhdSF67ZDyl1!hQ`Gw7qbLyj3cd0g$WC}iVI!7NSoP~vniNtYwHTJjJZ?`ZyI9SQi
zyCBS&pC=AmCix1=hP8d0EWCfYh0*2YEt5lz0wekGZpfKmNJ_Yp`F6A8iE;lHM*sTv
z#w9-@A^v2QNE`B7_^GI7^f#l_#xlm>2Fdy=i{cawHpqR={B(C>SqD^^pMLX%I$%4@
zZ``;ZRcpSSz)120N6*1-Z4-#_CQW_{>1l_}5%-mqTigE4A#7lNVUK)NsJWPNH(f+C
zE%Z->{kJgs{Kv+1eueo)o78H)F0)v1evFU^^gC))L`;G}vzTrhOH^cohv+>>^<;_>
zaw5@(M5KNdrPK^SdYs@Z=+T|19noa-+`{{radRjopC0qjY3sD7W4r*V-Rjj*aE;jD
z2vRE)pLwFoae^Ep54&dL+AWMbSL)1L-9wBfjC<&2)wwAFyDZzWb_&4?t+<<XzLL>*
zKb~LYk+)xgd~UC7N9R{Eg*0Mso^WI4XNjoo(kttUN7oU`E+m229QQTzNldLmZ<qfz
z$sgJ5E!jaH<MkN9`S3E;K^^#&B_J0u^+*sb;D)FvLn$eH>gUf2`GO_jQ=yeu;bT)7
zWswG$kvXc_CM1zs@=*yakwO{3+Tx|c`Z6Yr19qmM!)#b2NuUL#=;xOVZW#Y)HVpNr
z*1_K<HQSN=0`nU!9av%Q6j}9%%XX}t0`rR}fZo5kHiv*l#@dO|qZ5h(Ze}QF$QAF!
zM;gQXH`g#%kTw`=gY<n(W$Tjfksp)D51LF(W$g@KUjarQ^U;Tka~Nw_J;t9v2W-cy
z>FLu7=D=OMZ^s@!%ry=YZw5?98a@dh!*<k8b`#A~e}0YmirX>sA1kkGWoyhoZ<}cI
zn%gJbC(;93V}9l0o_ZCxkb>x=9QetYb5Dr(Tl4L#;QVste<*KVe#j5nJgz>ug%8(=
z>A8;u34;$0M5raddOcL*B5P=&z*At>?ZqHzUzI$vqQq2ZU~uh~@vg_IR13#@4hL)P
z6m9`(L3FD_3Z9&_7t1Y-`n{vm-e%nk4fmNf*!czbf{<znZ#y94KaGmHM<Hasbu8Sl
zB=CXbZwcjC@+$x}ZiPf3kU%1jh(vuZA|MNh3?>>)b*IP77usW;uBeeiqVcE^sO;q=
zQmYI!9)n5<3!JNu0Y8y24)D1lL;DmoStU~biDZsx^}r%{{g3O;mV7(u6_U%a-oo1?
z93xj2eRk!fWWbYe^dQLHi<10J&bNm7<qJC7OwEf#NET92KB!~9&F=Gj%pI{cQ?u>z
zfl*#_-K#ljxKm*Cs9nlCVt(-=0_#{qX`ILvmQQ`f@{mR}OhU+S4NxljQFXv}wh>p~
zzc5<OeDX;%KZzbK`?tgV!tI_*wh`0w(S%PEot#(Ax3Mz$t(T#}{L~lNJr@4o>iy^s
z8(w6QWn9l{KF@-ypD6#gvw>c^Beivr^~OR$tiT=xJMUJuBl+daVcSg2cPZ3U<^Fb<
zUre#pzL}C9no>|tkMl<D*vmaHha1s8CFaNNuAKt&71UE@{>jPlmQJj-A6;1Qtmb3y
zk*%K9w3%kwbbjMD;uGP!E?YV}(vZBqT1m;hz>`R`UVrFv^Cb`+&rE&vh(1<A63Id$
z?MW%&kpS~BW{$rlD5NkRNb4X6h3Kp8$Ss{%tKEWL4^6zSaGF+P6E{WBS6mvR5ep~a
zx+VUs)j@5{uZ1QyGhdSFwwn6&m0K9~JAdu;|7%mCUuS-H;<(EEcQuVcA|C=8QYrEs
zE`1lq<J{O%IzMat06v2kCj&U?h0h_xknzO;j!v&A{PEm!Wf=_oF=}AGxyHtelcw|e
zV<HePhCiqKKOsKeK$Kd!g;6iu?u2WYuP=JP82()F=PTwD9i9MeqI<v^J~48AP5Wc-
z1*LX&!hADEM#Y*l$v5wwp71NlzoMI7WVK2DRiOu}l5cz9DGC2AjE;7~{E$Z0k8w?Z
zSC(z@h`3%|g(L`2NQkn1b;W&=hX|Pr4P!JGzFL-j<6WbVj%@DWNIUam76e1&l=+#R
zuOwg65T65$Af!P+1$r#<#dGb|XErsFk1?7Yk&n&dxrNcO&J(shQ`0bC&Nzx03$m5&
zEu5!9K1O+i7(vhN_j(=ODH+HAQWSl{m0fznsgxL*?0|BH3-EDHiA0l@1V6>-N%Ud7
zfRO2PJw(CT`oE%%yM@u|=8uk4@*=Meh|{-FLlPBk2SOi+=b_ou8l{<MMqd%{9$dEL
zUTDr)UA6O@q7gp~ISWzFFcBZJu&gxexyg4KA^M`BgG~&z!T4=-(N36O&4fLI>K<;8
zIXKmPiV~P{w3Ty%e;X`aziic|+?p2JoZBf$xq&I<Xnt&*ZYbN?KyOclT}*sYV*Zoj
zx-C0lewx31RIa(K-*pOhm}oy!^fXd_ZO6T^Ea!c0YBn)n8lb1Zdb`M4dBEu|2+h%v
zMlW)u=Jj04OM)hf`A62y_<NW}>wo#u>{9OcO8(+r?~1}7>&?rW`Pz~53k#AEuUHZ_
zX1FU^J97<d627d*_{UJTqw@>QUlIgeW4?G|@rYZ>F39}s%9(cNzhyqA7QT(r0U`vQ
zMo+}6yd67VvH<zA2x#M2%b}hu^S2=RWHO-<l`R25Y0c*r>S=O*i;^F+fK3<IF-PKG
zut-R*vzwK6vWCou_ZAWiC=_5He+O(w@_md0wooG6o`PZ7al!oiN8JNk^6hvt^pgO2
zOZ2&^IfK$kj!-@^)^8=>&X>NHWoM<5>)xYXkGh4!_M50<)%{<+lYZs?pVQ;B{rx{X
wDTJFF`dn~bwXhFRx@lrHR|ewgjD&sJmwnlnr&a!600030|J=8qQUDSG07YH*+yDRo

literal 0
HcmV?d00001

diff --git a/charts/ocean-kubernetes-controller/templates/_helpers.tpl b/charts/ocean-kubernetes-controller/templates/_helpers.tpl
new file mode 100644
index 0000000..d1963e6
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/templates/_helpers.tpl
@@ -0,0 +1,140 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ocean-kubernetes-controller.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ocean-kubernetes-controller.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ocean-kubernetes-controller.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+The image to use
+*/}}
+{{- define "ocean-kubernetes-controller.image" -}}
+{{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ocean-kubernetes-controller.labels" -}}
+helm.sh/chart: {{ include "ocean-kubernetes-controller.chart" . }}
+{{ include "ocean-kubernetes-controller.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ocean-kubernetes-controller.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ocean-kubernetes-controller.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+ConfigMap name.
+*/}}
+{{- define "ocean-kubernetes-controller.configMapName" -}}
+{{ default (include "ocean-kubernetes-controller.fullname" .) .Values.configMap.name }}
+{{- end }}
+
+{{/*
+Secret name.
+*/}}
+{{- define "ocean-kubernetes-controller.secretName" -}}
+{{ default (include "ocean-kubernetes-controller.fullname" .) .Values.secret.name }}
+{{- end }}
+
+{{/*
+CA bundle secret name.
+*/}}
+{{- define "ocean-kubernetes-controller.caBundleSecretName" -}}
+{{ default (printf "%s-ca-bundle" (include "ocean-kubernetes-controller.fullname" .)) .Values.caBundleSecret.name }}
+{{- end }}
+
+{{/*
+ClusterRole name.
+*/}}
+{{- define "ocean-kubernetes-controller.clusterRoleName" -}}
+{{ include "ocean-kubernetes-controller.fullname" . }}
+{{- end }}
+
+{{/*
+ClusterRoleBinding name.
+*/}}
+{{- define "ocean-kubernetes-controller.clusterRoleBindingName" -}}
+{{ include "ocean-kubernetes-controller.fullname" . }}
+{{- end }}
+
+{{/*
+Create the name of the service-account to use
+*/}}
+{{- define "ocean-kubernetes-controller.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ocean-kubernetes-controller.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Figure out if we should deploy metrics server. We are checking:
+- if 'metrics-server.deployChart' is true:
+  - try to fetch the 'v1beta1.metrics.k8s.io' APIService
+  - if it exists:
+    - check for it's helm annotations to see if it was installed as part of the
+      same release we are installing now (release name and namespace annotations).
+    - if it's not the same release -> fail
+*/}}
+{{- define "ocean-kubernetes-controller.deployMetricsServer" }}
+{{- if (index .Values "metrics-server" "deployChart") }}
+{{- $apiService := lookup "apiregistration.k8s.io/v1" "APIService" "" "v1beta1.metrics.k8s.io" }}
+{{- $releaseName := .Release.Name }}
+{{- $releaseNamespace := .Release.Namespace }}
+{{- if $apiService -}}
+{{- with $apiService }}
+{{- if (or 
+    (not .metadata.annotations)
+    (or
+        (ne 
+            $releaseName
+            (index .metadata.annotations "meta.helm.sh/release-name")
+        )
+        (ne 
+            $releaseNamespace
+            (index .metadata.annotations "meta.helm.sh/release-namespace")
+        )
+    ))
+}}
+{{- fail "\nThe value: 'metrics-server.deployChart' was set to 'true' but we found another installation of metrics-server in your cluster.\nYou must use:\n    --set metrics-server.deployChart=false" }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/ocean-kubernetes-controller/templates/clusterrole.yaml b/charts/ocean-kubernetes-controller/templates/clusterrole.yaml
new file mode 100644
index 0000000..d571da3
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/templates/clusterrole.yaml
@@ -0,0 +1,117 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "ocean-kubernetes-controller.fullname" . }}
+  labels:
+  {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }}
+rules:
+# ---------------------------------------------------------------------------
+# feature: ocean/readonly
+# ---------------------------------------------------------------------------
+- apiGroups: [ "" ]
+  resources: [ "pods", "nodes", "services", "namespaces", "replicationcontrollers", "limitranges", "events", "persistentvolumes", "persistentvolumeclaims" ]
+  verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "apps" ]
+  resources: [ "deployments", "daemonsets", "statefulsets", "replicasets" ]
+  verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "storage.k8s.io" ]
+  resources: [ "storageclasses" ]
+  verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "batch" ]
+  resources: [ "jobs", "cronjobs" ]
+  verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "policy" ]
+  resources: [ "poddisruptionbudgets" ]
+  verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "metrics.k8s.io" ]
+  resources: [ "pods" ]
+  verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "autoscaling" ]
+  resources: [ "horizontalpodautoscalers" ]
+  verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "apiextensions.k8s.io" ]
+  resources: [ "customresourcedefinitions" ]
+  verbs: [ "get", "list", "watch" ]
+- apiGroups: [ "node.k8s.io" ]
+  resources: [ "runtimeclasses" ]
+  verbs: [ "get", "list", "watch" ]
+- nonResourceURLs: [ "/version/", "/version" ]
+  verbs: [ "get" ]
+# ---------------------------------------------------------------------------
+# feature: ocean/draining
+# ---------------------------------------------------------------------------
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["patch", "update"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["delete"]
+- apiGroups: [""]
+  resources: ["pods/eviction"]
+  verbs: ["create"]
+# ---------------------------------------------------------------------------
+# feature: ocean/cleanup
+# ---------------------------------------------------------------------------
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["delete"]
+# ---------------------------------------------------------------------------
+# feature: ocean/csr-approval
+# ---------------------------------------------------------------------------
+- apiGroups: ["certificates.k8s.io"]
+  resources: ["certificatesigningrequests"]
+  verbs: ["get", "list", "delete", "create"]
+- apiGroups: ["certificates.k8s.io"]
+  resources: ["certificatesigningrequests/approval"]
+  verbs: ["patch", "update"]
+- apiGroups: ["certificates.k8s.io"]
+  resources: ["signers"]
+  resourceNames: ["kubernetes.io/kubelet-serving", "kubernetes.io/kube-apiserver-client-kubelet"]
+  verbs: ["approve"]
+# ---------------------------------------------------------------------------
+# feature: ocean/auto-update
+# ---------------------------------------------------------------------------
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["clusterroles"]
+  resourceNames: ["spotinst-kubernetes-cluster-controller"]
+  verbs: ["patch", "update", "escalate"]
+- apiGroups: ["apps"]
+  resources: ["deployments"]
+  resourceNames: ["spotinst-kubernetes-cluster-controller"]
+  verbs: ["patch", "update"]
+# ---------------------------------------------------------------------------
+# feature: ocean/apply
+# ---------------------------------------------------------------------------
+- apiGroups: ["apps"]
+  resources: ["deployments", "daemonsets"]
+  verbs: ["get", "list", "patch", "update", "create", "delete"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "patch", "update", "create", "delete"]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["get", "list", "patch", "update", "create", "delete"]
+# ---------------------------------------------------------------------------
+# feature: wave
+# ---------------------------------------------------------------------------
+- apiGroups: ["sparkoperator.k8s.io"]
+  resources: ["sparkapplications", "scheduledsparkapplications"]
+  verbs: ["get", "list", "patch", "update", "create", "delete"]
+- apiGroups: ["wave.spot.io"]
+  resources: ["sparkapplications", "wavecomponents", "waveenvironments"]
+  verbs: ["get", "list"]
+- apiGroups: ["bigdata.spot.io"]
+  resources: ["bigdataenvironments"]
+  verbs: ["get", "list", "patch", "update", "create", "delete"]
+# ---------------------------------------------------------------------------
+# feature: controller/leader-election (high-availability)
+# ---------------------------------------------------------------------------
+- apiGroups: [ "coordination.k8s.io" ]
+  resources: [ "leases" ]
+  verbs: [ "get","list","patch","update","create","delete" ]
+# ---------------------------------------------------------------------------
+# feature: controller/report-events
+# ---------------------------------------------------------------------------
+- apiGroups: [ "" ]
+  resources: [ "events" ]
+  verbs: [ "create" ]
\ No newline at end of file
diff --git a/charts/ocean-kubernetes-controller/templates/clusterrolebinding.yaml b/charts/ocean-kubernetes-controller/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..a73fd74
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/templates/clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "ocean-kubernetes-controller.fullname" . }}
+  labels:
+  {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "ocean-kubernetes-controller.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "ocean-kubernetes-controller.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
diff --git a/charts/ocean-kubernetes-controller/templates/configmap.yaml b/charts/ocean-kubernetes-controller/templates/configmap.yaml
new file mode 100644
index 0000000..5979fef
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/templates/configmap.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.configMap.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+  labels:
+  {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }}
+data:
+  spotinst.cluster-identifier: {{ required "`spotinst.clusterIdentifier` must be specified" .Values.spotinst.clusterIdentifier }}
+  base-url: {{ default "" .Values.spotinst.baseUrl | quote }}
+  proxy-url: {{ default "" .Values.spotinst.proxyUrl | quote }}
+  leader-election: {{ gt (int .Values.replicas) 1 | quote }}
+  disable-auto-update: {{ default "false" .Values.spotinst.disableAutoUpdate | quote }}
+  enable-csr-approval: {{ default "false" .Values.spotinst.enableCsrApproval | quote }}
+{{- end }}
diff --git a/charts/ocean-kubernetes-controller/templates/deployment.yaml b/charts/ocean-kubernetes-controller/templates/deployment.yaml
new file mode 100644
index 0000000..ca1dcf0
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/templates/deployment.yaml
@@ -0,0 +1,221 @@
+{{ include "ocean-kubernetes-controller.deployMetricsServer" . }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "ocean-kubernetes-controller.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicas }}
+  {{- with .Values.updateStrategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "ocean-kubernetes-controller.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        # This will restart the deployment in case of configmap/secret changes
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "ocean-kubernetes-controller.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "ocean-kubernetes-controller.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.priorityClassName }}
+      priorityClassName: {{ . | quote }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: {{ include "ocean-kubernetes-controller.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+          {{- range .Values.args }}
+            - {{ . }}
+          {{- end }}
+          env:
+          - name: SPOTINST_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "ocean-kubernetes-controller.secretName" . }}
+                key: token
+                optional: true
+          - name: SPOTINST_ACCOUNT
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "ocean-kubernetes-controller.secretName" . }}
+                key: account
+                optional: true
+          - name: SPOTINST_TOKEN_LEGACY
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+                key: spotinst.token
+                optional: true
+          - name: SPOTINST_LEADER_ELECTION_ENABLED
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+                key: leader-election
+                optional: true
+          - name: SPOTINST_ACCOUNT_LEGACY
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+                key: spotinst.account
+                optional: true
+          - name: CLUSTER_IDENTIFIER
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+                key: spotinst.cluster-identifier
+          - name: BASE_SPOTINST_URL
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+                key: base-url
+                optional: true
+          - name: PROXY_URL
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+                key: proxy-url
+                optional: true
+          - name: DISABLE_AUTO_UPDATE
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+                key: disable-auto-update
+                optional: true
+          - name: ENABLE_CSR_APPROVAL
+            valueFrom:
+              configMapKeyRef:
+                name: {{ include "ocean-kubernetes-controller.configMapName" . }}
+                key: enable-csr-approval
+                optional: true
+          - name: USER_ENV_CERTIFICATES
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "ocean-kubernetes-controller.caBundleSecretName" . }}
+                key: userEnvCertificates.pem
+                optional: true
+          - name: POD_ID
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.uid
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          {{- with .Values.extraEnv }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          ports:
+          - name: metrics
+            containerPort: 9080
+          - name: readiness
+            containerPort: 9081
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+          {{- with .Values.extraVolumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          resources:
+          {{- with .Values.resources }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      volumes:
+      {{- with .Values.extraVolumes }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if kindIs "invalid" .Values.affinity }}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/os
+                operator: NotIn
+                values:
+                - windows
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            preference:
+              matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+      {{- else }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- end }}
+      {{- if kindIs "invalid" .Values.tolerations }}
+      tolerations:
+      - key: node.kubernetes.io/not-ready
+        effect: NoExecute
+        operator: Exists
+        tolerationSeconds: 150
+      - key: node.kubernetes.io/unreachable
+        effect: NoExecute
+        operator: Exists
+        tolerationSeconds: 150
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+      {{- else }}
+      {{- with .Values.tolerations }}
+            tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- end }}
+      {{- if kindIs "invalid" .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: kubernetes.io/hostname
+        whenUnsatisfiable: ScheduleAnyway
+        labelSelector:
+          matchLabels:
+            {{- include "ocean-kubernetes-controller.selectorLabels" . | nindent 12 }}
+      {{- else }}
+      {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- end }}
diff --git a/charts/ocean-kubernetes-controller/templates/secret.yaml b/charts/ocean-kubernetes-controller/templates/secret.yaml
new file mode 100644
index 0000000..54d3405
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/templates/secret.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.secret.create }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "ocean-kubernetes-controller.secretName" . }}
+  labels:
+  {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }}
+type: Opaque
+data:
+  token: {{ required "`spotinst.token` must be specified" .Values.spotinst.token | b64enc }}
+  account: {{ required "`spotinst.account` must be specified" .Values.spotinst.account | b64enc }}
+{{- end }}
diff --git a/charts/ocean-kubernetes-controller/templates/serviceaccount.yaml b/charts/ocean-kubernetes-controller/templates/serviceaccount.yaml
new file mode 100644
index 0000000..443b2df
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ocean-kubernetes-controller.serviceAccountName" . }}
+  labels:
+    {{- include "ocean-kubernetes-controller.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/ocean-kubernetes-controller/values.yaml b/charts/ocean-kubernetes-controller/values.yaml
new file mode 100644
index 0000000..9854e0d
--- /dev/null
+++ b/charts/ocean-kubernetes-controller/values.yaml
@@ -0,0 +1,181 @@
+# Default values for ocean-kubernetes-controller.
+
+nameOverride: ""
+fullnameOverride: ""
+
+# Spot Configuration.
+spotinst:
+  # -- Spot Token. (Required)
+  # Ref: https://docs.spot.io/administration/api/create-api-token
+  token: ""
+  # -- Spot Account. (Required)
+  # Ref: https://docs.spot.io/administration/organizations?id=account
+  account: ""
+  # -- Unique identifier used by the Ocean Controller to connect (Required)
+  # between the Ocean backend and the Kubernetes cluster.
+  # Ref: https://docs.spot.io/ocean/tutorials/spot-kubernetes-controller/
+  clusterIdentifier: ""
+  # -- Base URL. (Optional)
+  baseUrl: ""
+  # -- Proxy URL. (Optional)
+  proxyUrl: ""
+  # -- Disable auto update. (Optional)
+  disableAutoUpdate: false
+  # -- Enable CSR approval. (Optional)
+  enableCsrApproval: false
+
+# -- Configure the amount of replicas for the controller (Optional)
+replicas: 3
+
+image:
+  repository: us-docker.pkg.dev/spotit-today/container-labs/spotinst-kubernetes-controller
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use. (Optional)
+  name: ""
+
+secret:
+  # -- Controls whether a Secret should be created. (Optional)
+  create: true
+  # -- Secret name. (Optional)
+  name: ""
+
+# CA bundle.
+# Ref: https://kubernetes.io/docs/concepts/configuration/secret/
+caBundleSecret:
+  # -- Secret name. (Optional)
+  name: ""
+
+# Config Map.
+# Ref: https://kubernetes.io/docs/concepts/configuration/configmap/
+configMap:
+  create: true
+  # -- ConfigMap name. (Optional)
+  name: ""
+
+podAnnotations: {}
+podLabels: {}
+commonLabels: {}
+
+# Pod Security Context
+# Ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 10001
+  runAsGroup: 10001
+  fsGroup: 10001
+
+priorityClassName: system-cluster-critical
+
+# Container Security Context
+securityContext:
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  capabilities:
+    drop:
+    - ALL
+
+args: []
+#  - --test
+
+extraEnv: []
+# - name: KEY
+#   value: VALUE
+
+livenessProbe:
+  httpGet:
+    path: /healthz
+    port: readiness
+  initialDelaySeconds: 15
+  periodSeconds: 20
+
+readinessProbe:
+  httpGet:
+    path: /readyz
+    port: readiness
+  initialDelaySeconds: 5
+  periodSeconds: 10
+
+# Controller pod resources. (Optional)
+resources: {}
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+# -- Tolerations for nodes that have taints on them. (Optional)
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations:
+# - key: node.kubernetes.io/not-ready
+#   effect: NoExecute
+#   operator: Exists
+#   tolerationSeconds: 150
+
+# Pod scheduling preferences.
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+affinity:
+#   podAntiAffinity:
+#     preferredDuringSchedulingIgnoredDuringExecution:
+#     - weight: 50
+#       podAffinityTerm:
+#         labelSelector:
+#           matchExpressions:
+#           - key: app.kubernetes.io/name
+#             operator: In
+#             values:
+#             - spotinst-kubernetes-cluster-controller
+#         topologyKey: kubernetes.io/hostname
+
+topologySpreadConstraints:
+# - maxSkew: 1
+#   topologyKey: kubernetes.io/hostname
+#   whenUnsatisfiable: ScheduleAnyway
+#   labelSelector:
+#     app: test
+
+extraVolumeMounts: []
+
+extraVolumes: []
+
+schedulerName: ""
+
+# Annotations to add to the deployment
+deploymentAnnotations: {}
+
+# Deployment update strategy
+updateStrategy: {}
+#   type: RollingUpdate
+#   rollingUpdate:
+#     maxSurge: 0
+#     maxUnavailable: 1
+
+# Metrics Server configuration.
+metrics-server:
+  # -- Specifies whether the metrics-server chart should be deployed. (Optional)
+  deployChart: true
+
+  # Overrides the image
+  image:
+    repository: registry.k8s.io/metrics-server/metrics-server
+    tag: ""
+    pullPolicy: IfNotPresent
+
+  # -- Arguments to pass to metrics-server on start up. (Optional)
+  args:
+  - --logtostderr
+  # enable this if you have self-signed certificates, see: https://github.com/kubernetes-incubator/metrics-server
+  #  - --kubelet-insecure-tls