feat(chart): migrate k8s deployments to Bitnami guidelines (#1183)

Signed-off-by: Miguel <[email protected]>

Author: migmartri

deployment/chainloop/Chart.yaml

@@ -7,7 +7,7 @@ description: Chainloop is an open source software supply chain control plane, a
 
 type: application
 # Bump the patch (not minor, not major) version on each change in the Chart Source code
-version: 1.86.7
+version: 1.86.8
 # Do not update appVersion, this is handled automatically by the release process
 appVersion: v0.95.3
 

deployment/chainloop/README.md

@@ -144,7 +144,17 @@ Chainloop Controlplane Chart fullname
 Common labels
 */}}
 {{- define "chainloop.controlplane.labels" -}}
-{{- include "common.labels.standard" . }}
+{{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" .) }}
+app.kubernetes.io/part-of: chainloop
+app.kubernetes.io/component: controlplane
+{{- end }}
+
+-{{/*
+-Selector labels
+-*/}}
+{{- define "chainloop.controlplane.selectorLabels" -}}
+{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.controlplane.podLabels .Values.commonLabels) "context" .) }}
+{{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" . ) }}
 app.kubernetes.io/part-of: chainloop
 app.kubernetes.io/component: controlplane
 {{- end }}
@@ -162,13 +172,6 @@ app.kubernetes.io/part-of: chainloop
 app.kubernetes.io/component: controlplane-migration
 {{- end }}
 
-{{/*
-Selector labels
-*/}}
-{{- define "chainloop.controlplane.selectorLabels" -}}
-{{- include "common.labels.matchLabels" .}}
-app.kubernetes.io/component: controlplane
-{{- end }}
 
 {{/*
 OIDC settings, will fallback to development settings if needed
@@ -355,17 +358,19 @@ Chainloop CAS Chart fullname
 Common labels
 */}}
 {{- define "chainloop.cas.labels" -}}
-{{- include "common.labels.standard" . }}
+{{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" .) }}
 app.kubernetes.io/part-of: chainloop
 app.kubernetes.io/component: cas
 {{- end }}
 
-{{/*
-Selector labels
-*/}}
+-{{/*
+-Selector labels
+-*/}}
 {{- define "chainloop.cas.selectorLabels" -}}
-{{- include "common.labels.matchLabels" .}}
+{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.cas.podLabels .Values.commonLabels) "context" .) }}
+{{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" . ) }}
 app.kubernetes.io/component: cas
+app.kubernetes.io/part-of: chainloop
 {{- end }}
 
 {{/*

deployment/chainloop/charts/dex-0.0.1.tgz

@@ -8,8 +8,7 @@ kind: ConfigMap
 metadata:
   name: {{ include "chainloop.cas.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: cas
+  labels: {{ include "chainloop.cas.labels" . | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
   {{- end }}

deployment/chainloop/templates/_helpers.tpl

@@ -3,48 +3,90 @@ Copyright Chainloop, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-apiVersion: apps/v1
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
   name: {{ include "chainloop.cas.fullname" . }}
-  labels:
-    {{- include "chainloop.cas.labels" . | nindent 4 }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{ include "chainloop.cas.labels" . | nindent 4 }}
+  {{- if or .Values.cas.deploymentAnnotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.cas.deploymentAnnotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
 spec:
-  {{- if not .Values.cas.autoscaling.enabled }}
+  {{- if not .Values.cas.autoscaling.hpa.enabled }}
   replicas: {{ .Values.cas.replicaCount }}
   {{- end }}
+  {{- if .Values.cas.updateStrategy }}
+  strategy: {{- toYaml .Values.cas.updateStrategy | nindent 4 }}
+  {{- end }}
   selector:
-    matchLabels:
-      {{- include "chainloop.cas.selectorLabels" . | nindent 6 }}
+    matchLabels: {{ include "chainloop.cas.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/cas" "/configmap.yaml") . | sha256sum }}
         checksum/config-secret: {{ include (print $.Template.BasePath "/cas" "/secret-config.yaml") . | sha256sum }}
         checksum/public-key-secret: {{ include (print $.Template.BasePath "/cas" "/secret-jwt-public-key.yaml") . | sha256sum }}
-      labels:
-        {{- include "chainloop.cas.selectorLabels" . | nindent 8 }}
+      labels: {{ include "chainloop.cas.labels" . | nindent 8 }}
     spec:
       {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.cas.image) "context" $) | nindent 6 }}
       serviceAccountName: {{ include "chainloop.cas.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.cas.podSecurityContext | nindent 8 }}
+      automountServiceAccountToken: {{ .Values.cas.automountServiceAccountToken }}
+      {{- if .Values.cas.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.cas.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.cas.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.cas.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.cas.podLabels .Values.commonLabels) "context" .) }}
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.cas.podAffinityPreset "component" "cas" "customLabels" $podLabels "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.cas.podAntiAffinityPreset "component" "cas" "customLabels" $podLabels "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.cas.nodeAffinityPreset.type "key" .Values.cas.nodeAffinityPreset.key "values" .Values.cas.nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .Values.cas.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.cas.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.cas.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.cas.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.cas.priorityClassName }}
+      priorityClassName: {{ .Values.cas.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.cas.schedulerName }}
+      schedulerName: {{ .Values.cas.schedulerName | quote }}
+      {{- end }}
+      {{- if .Values.cas.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.cas.topologySpreadConstraints "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.cas.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.cas.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      {{- if .Values.cas.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.cas.terminationGracePeriodSeconds }}
+      {{- end }}
+      initContainers:
+        {{- if .Values.cas.initContainers }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.cas.initContainers "context" $) | nindent 8 }}
+        {{- end }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.cas.securityContext | nindent 12 }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.cas.containerSecurityContext "context" $) | nindent 12 }}
           image: {{ include "chainloop.cas.image" . }}
           imagePullPolicy: {{ .Values.cas.image.pullPolicy }}
           ports:
             - name: http
-              containerPort: 8000
-              protocol: TCP
-            - name: grpc
-              containerPort: 9000
-              protocol: TCP
+              containerPort: {{ .Values.cas.containerPorts.http }}
             - name: metrics
-              containerPort: 5000
-              protocol: TCP
+              containerPort: {{ .Values.cas.containerPorts.metrics }}
+            - name: grpc
+              containerPort: {{ .Values.cas.containerPorts.grpc }}
+          startupProbe:
+            httpGet:
+              path: /statusz
+              port: http
+            periodSeconds: 5
           livenessProbe:
             httpGet:
               path: /statusz
@@ -53,8 +95,27 @@ spec:
             httpGet:
               path: /statusz?readiness=1
               port: http
-          resources:
-            {{- toYaml .Values.cas.resources | nindent 12 }}
+          {{- if .Values.cas.resources }}
+          resources: {{- toYaml .Values.cas.resources | nindent 12 }}
+          {{- else if ne .Values.cas.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.cas.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.cas.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.cas.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            {{- if .Values.cas.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.cas.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            {{- if .Values.cas.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.cas.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.cas.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.cas.extraEnvVarsSecret "context" $) }}
+            {{- end }}
           volumeMounts:
             - name: config
               mountPath: "/data/conf"
@@ -75,6 +136,12 @@ spec:
               mountPath: /etc/pki/tls/certs
               readOnly: true
             {{- end }}
+            {{- if .Values.cas.extraVolumeMounts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.cas.extraVolumeMounts "context" $) | nindent 12 }}
+            {{- end }}
+        {{- if .Values.cas.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.cas.sidecars "context" $) | nindent 8 }}
+        {{- end }}
       volumes:
         - name: config
           projected:
@@ -94,7 +161,7 @@ spec:
         {{- if eq "gcpSecretManager" .Values.secretsBackend.backend  }}
         - name: gcp-secretmanager-serviceaccountkey
           secret:
-            secretName: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-serviceaccountkey
+            secretName: {{ include "chainloop.cas.fullname" . }}-gcp-secretmanager-serviceaccountkey
         {{- end }}
         {{- if (not (empty .Values.cas.customCAs)) }}
         - name: custom-cas
@@ -103,3 +170,6 @@ spec:
               - secret:
                   name: {{ include "chainloop.cas.fullname" . }}-custom-cas
         {{- end }}
+        {{- if .Values.cas.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.cas.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}

deployment/chainloop/templates/cas/configmap.yaml

@@ -1,45 +1,48 @@
 {{- /*
-Copyright Chainloop, Inc. All Rights Reserved.
+Copyright Broadcom, Inc. All Rights Reserved.
 SPDX-License-Identifier: APACHE-2.0
 */}}
 
-{{- if .Values.cas.autoscaling.enabled }}
-apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+{{- if .Values.cas.autoscaling.hpa.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ )}}
 kind: HorizontalPodAutoscaler
 metadata:
-  name: {{ include "chainloop.cas.fullname" . }}
-  labels:
-    {{- include "chainloop.cas.labels" . | nindent 4 }}
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{ include "chainloop.cas.labels" . | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
 spec:
   scaleTargetRef:
     apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
     kind: Deployment
-    name: {{ include "chainloop.cas.fullname" . }}
-  minReplicas: {{ .Values.cas.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.cas.autoscaling.maxReplicas }}
+    name: {{ include "common.names.fullname" . }}
+  minReplicas: {{ .Values.cas.autoscaling.hpa.minReplicas }}
+  maxReplicas: {{ .Values.cas.autoscaling.hpa.maxReplicas }}
   metrics:
-    {{- if .Values.cas.autoscaling.targetCPUUtilizationPercentage }}
+    {{- if .Values.cas.autoscaling.hpa.targetMemory }}
     - type: Resource
       resource:
-        name: cpu
+        name: memory
         {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
-        targetAverageUtilization: {{ .Values.cas.autoscaling.targetCPUUtilizationPercentage }}
+        targetAverageUtilization: {{ .Values.cas.autoscaling.hpa.targetMemory  }}
         {{- else }}
         target:
           type: Utilization
-          averageUtilization: {{ .Values.cas.autoscaling.targetCPUUtilizationPercentage }}
+          averageUtilization: {{ .Values.worker.autoscaling.hpa.targetMemory }}
         {{- end }}
     {{- end }}
-    {{- if .Values.cas.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- if .Values.cas.autoscaling.hpa.targetCPU }}
     - type: Resource
       resource:
-        name: memory
+        name: cpu
         {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
-        targetAverageUtilization: {{ .Values.cas.autoscaling.targetMemoryUtilizationPercentage }}
+        targetAverageUtilization: {{ .Values.cas.autoscaling.hpa.targetCPU }}
         {{- else }}
         target:
           type: Utilization
-          averageUtilization: {{ .Values.cas.autoscaling.targetMemoryUtilizationPercentage }}
+          averageUtilization: {{ .Values.worker.autoscaling.hpa.targetCPU }}
         {{- end }}
     {{- end }}
-{{- end }}
+{{- end }}

deployment/chainloop/templates/cas/deployment.yaml

@@ -8,8 +8,7 @@ kind: Secret
 metadata:
   name: {{ include "chainloop.cas.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: cas
+  labels: {{ include "chainloop.cas.labels" . | nindent 4 }}
   {{- if .Values.commonAnnotations }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
   {{- end }}

deployment/chainloop/templates/cas/hpa.yaml

@@ -9,8 +9,7 @@ kind: ServiceAccount
 metadata:
   name: {{ include "chainloop.cas.serviceAccountName" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: cas
+  labels: {{ include "chainloop.cas.labels" . | nindent 4 }}
   {{- if or .Values.cas.serviceAccount.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.cas.serviceAccount.annotations .Values.commonAnnotations) "context" .) }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}

deployment/chainloop/templates/cas/secret-config.yaml

@@ -8,8 +8,7 @@ kind: Service
 metadata:
   name: {{ include "chainloop.cas.fullname" . }}-api
   namespace: {{ include "common.names.namespace" . | quote }}
-  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: cas
+  labels: {{ include "chainloop.cas.labels" . | nindent 4 }}
   {{- if or .Values.cas.serviceAPI.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.cas.serviceAPI.annotations .Values.commonAnnotations) "context" .) }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
@@ -50,6 +49,4 @@ spec:
     {{- if .Values.cas.serviceAPI.extraPorts }}
     {{- include "common.tplvalues.render" (dict "value" .Values.cas.serviceAPI.extraPorts "context" $) | nindent 4 }}
     {{- end }}
-  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.cas.podLabels .Values.commonLabels) "context" .) | fromYaml }}
-  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
-    app.kubernetes.io/component: cas
+  selector: {{ include "chainloop.cas.selectorLabels" . | nindent 4 }}