diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index 0137f7b4..d71bcd10 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -79,6 +79,7 @@ certificate issuance and rotation. | `core.podAnnotations` | Annotations to be applied to the Cryostat Pods | `{}` | | `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | | `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | +| `core.service.annotations` | Annotations to be applied to the Service for Cryostat's HTTP server | `{}` | | `core.debug.log.level` | Log level for troubleshooting and debugging | `INFO` | | `core.sslProxied` | Enables SSL Proxied Environment Variables, useful when you are offloading SSL/TLS at External Loadbalancer instead of Ingress | `false` | | `core.ingress.enabled` | Whether to create an Ingress object for the Cryostat service | `false` | @@ -130,6 +131,7 @@ certificate issuance and rotation. | `reports.podAnnotations` | Annotations to be applied to the Report Generator Pods | `{}` | | `reports.service.type` | Type of Service to create for the Report Generator Deployment | `ClusterIP` | | `reports.service.httpPort` | Port number to expose on the Service for the Report Generator Deployment | `10001` | +| `reports.service.annotations` | Annotations to be applied to the Service for the Report Generator Deployment | `{}` | | `reports.reportsSecretName` | Name of the secret containing the report generator access keys. This secret must contain a REPORTS_PASS secret which is the secret credential for the report generators. It must not be updated across chart upgrades, or else the connection between Cryostat and report generators will not be able to initialize. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable | `""` | | `reports.debug.log.level` | Log level for troubleshooting and debugging | `INFO` | | `reports.replicas` | Number of Report Generator replicas to deploy. If zero, the Deployment and Service will not be created and the main Cryostat container will handle all report generations on its own. | `0` | @@ -154,6 +156,7 @@ certificate issuance and rotation. | `db.podAnnotations` | Annotations to be applied to the Database Pods | `{}` | | `db.service.type` | Type of Service to create for the database | `ClusterIP` | | `db.service.port` | Port number to expose on the Service | `5432` | +| `db.service.annotations` | Annotations to be applied to the Service for the database | `{}` | | `db.resources.requests.cpu` | CPU resource request for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `25m` | | `db.resources.requests.memory` | Memory resource request for the database container. | `64Mi` | | `db.pvc.enabled` | Specify whether to use persistentVolumeClaim (true) or EmptyDir storage (false). This is recommended to be enabled, but the storage size and selector should be chosen carefully first. | `false` | @@ -183,6 +186,7 @@ certificate issuance and rotation. | `storage.podAnnotations` | Annotations to be applied to the Storage Pods | `{}` | | `storage.service.type` | Type of Service to create for the object storage | `ClusterIP` | | `storage.service.port` | Port number to expose on the Service | `8333` | +| `storage.service.annotations` | Annotations to be applied to the Service for the object storage | `{}` | | `storage.resources.requests.cpu` | CPU resource request for the object storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `50m` | | `storage.resources.requests.memory` | Memory resource request for the object storage container. | `256Mi` | | `storage.pvc.enabled` | Specify whether to use persistentVolumeClaim (true) or EmptyDir storage (false). This is recommended to be enabled, but the storage size and selector should be chosen carefully first. | `false` | diff --git a/charts/cryostat/templates/cryostat_service.yaml b/charts/cryostat/templates/cryostat_service.yaml index 36261e43..55f4c3c6 100644 --- a/charts/cryostat/templates/cryostat_service.yaml +++ b/charts/cryostat/templates/cryostat_service.yaml @@ -7,10 +7,13 @@ metadata: labels: {{- include "cryostat.labels" $ | nindent 4 }} app.kubernetes.io/component: cryostat - {{- if (.Values.authentication.openshift).enabled }} annotations: + {{- if (.Values.authentication.openshift).enabled }} service.alpha.openshift.io/serving-cert-secret-name: {{ .Release.Name }}-proxy-tls {{- end }} + {{- with .Values.core.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.core.service.type }} ports: diff --git a/charts/cryostat/templates/db_service.yaml b/charts/cryostat/templates/db_service.yaml index 402e189f..aceeb0d1 100644 --- a/charts/cryostat/templates/db_service.yaml +++ b/charts/cryostat/templates/db_service.yaml @@ -7,6 +7,10 @@ metadata: labels: {{- include "cryostat.labels" $ | nindent 4 }} app.kubernetes.io/component: db + {{- with .Values.db.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.db.service.type }} ports: diff --git a/charts/cryostat/templates/reports_service.yaml b/charts/cryostat/templates/reports_service.yaml index a54836a6..a1820193 100644 --- a/charts/cryostat/templates/reports_service.yaml +++ b/charts/cryostat/templates/reports_service.yaml @@ -7,6 +7,10 @@ metadata: labels: {{- include "cryostat.labels" $ | nindent 4 }} app.kubernetes.io/component: reports + {{- with .Values.reports.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.reports.service.type }} ports: diff --git a/charts/cryostat/templates/storage_service.yaml b/charts/cryostat/templates/storage_service.yaml index 0d074d08..5fe70904 100644 --- a/charts/cryostat/templates/storage_service.yaml +++ b/charts/cryostat/templates/storage_service.yaml @@ -7,6 +7,10 @@ metadata: labels: {{- include "cryostat.labels" $ | nindent 4 }} app.kubernetes.io/component: storage + {{- with .Values.storage.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.storage.service.type }} ports: diff --git a/charts/cryostat/tests/cryostat_service_test.yaml b/charts/cryostat/tests/cryostat_service_test.yaml index 014b4edb..85cf0194 100644 --- a/charts/cryostat/tests/cryostat_service_test.yaml +++ b/charts/cryostat/tests/cryostat_service_test.yaml @@ -193,3 +193,37 @@ tests: app.kubernetes.io/version: "4.1.0-dev" helm.sh/chart: cryostat-2.0.0-dev app.kubernetes.io/component: cryostat + + - it: should create a Service with additional user-provided annotations + set: + core.service.annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external + asserts: + - exists: + path: metadata.annotations + - equal: + path: metadata.annotations + value: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external + + - it: should create a Service with OpenShift specific annotations and additional user-provided annotations when OpenShift auth is enabled + set: + authentication.openshift.enabled: true + core.service.annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external + asserts: + - exists: + path: metadata.annotations + - equal: + path: metadata.annotations + value: + service.alpha.openshift.io/serving-cert-secret-name: RELEASE-NAME-proxy-tls + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external diff --git a/charts/cryostat/tests/db_service_test.yaml b/charts/cryostat/tests/db_service_test.yaml index fcb4229a..d033982b 100644 --- a/charts/cryostat/tests/db_service_test.yaml +++ b/charts/cryostat/tests/db_service_test.yaml @@ -59,3 +59,19 @@ tests: helm.sh/chart: cryostat-2.0.0-dev app.kubernetes.io/component: db app.kubernetes.io/part-of: cryostat + + - it: should create a Service with additional user-provided annotations + set: + db.service.annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external + asserts: + - exists: + path: metadata.annotations + - equal: + path: metadata.annotations + value: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external diff --git a/charts/cryostat/tests/reports_service_test.yaml b/charts/cryostat/tests/reports_service_test.yaml index 843e4bab..9f671f4f 100644 --- a/charts/cryostat/tests/reports_service_test.yaml +++ b/charts/cryostat/tests/reports_service_test.yaml @@ -76,3 +76,22 @@ tests: app.kubernetes.io/version: "4.1.0-dev" helm.sh/chart: cryostat-2.0.0-dev app.kubernetes.io/component: reports + + - it: should create a Service with additional user-provided annotations + set: + reports: + replicas: 1 + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external + asserts: + - exists: + path: metadata.annotations + - equal: + path: metadata.annotations + value: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external diff --git a/charts/cryostat/tests/storage_service_test.yaml b/charts/cryostat/tests/storage_service_test.yaml index e59d7665..d5e0d7dc 100644 --- a/charts/cryostat/tests/storage_service_test.yaml +++ b/charts/cryostat/tests/storage_service_test.yaml @@ -60,3 +60,19 @@ tests: helm.sh/chart: cryostat-2.0.0-dev app.kubernetes.io/component: storage app.kubernetes.io/part-of: cryostat + + - it: should create a Service with additional user-provided annotations + set: + storage.service.annotations: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external + asserts: + - exists: + path: metadata.annotations + - equal: + path: metadata.annotations + value: + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-type: external diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index 6d51c7db..f607d2ba 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -515,6 +515,21 @@ } } }, + "service": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Type of Service to create for the database", + "default": "ClusterIP" + }, + "port": { + "type": "number", + "description": "Port number to expose on the Service", + "default": 5432 + } + } + }, "securityContext": { "type": "object", "properties": { @@ -540,21 +555,6 @@ } } }, - "service": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Type of Service to create for the database", - "default": "ClusterIP" - }, - "port": { - "type": "number", - "description": "Port number to expose on the Service", - "default": 5432 - } - } - }, "resources": { "type": "object", "properties": { @@ -638,6 +638,26 @@ "description": "Name of the secret containing the object storage secret access key. This secret must contain a STORAGE_ACCESS_KEY secret which is the object storage secret access key. It must not be updated across chart upgrades, or else the connection between Cryostat components and object storage will not be able to initialize. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable", "default": "" }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "Repository for the storage container image", + "default": "quay.io/cryostat/cryostat-storage" + }, + "pullPolicy": { + "type": "string", + "description": "Image pull policy for the storage container image", + "default": "Always" + }, + "tag": { + "type": "string", + "description": "Tag for the storage container image", + "default": "latest" + } + } + }, "securityContext": { "type": "object", "properties": { @@ -663,26 +683,6 @@ } } }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the storage container image", - "default": "quay.io/cryostat/cryostat-storage" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the storage container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the storage container image", - "default": "latest" - } - } - }, "encryption": { "type": "object", "properties": { diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index 7823879b..6857baea 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -15,6 +15,8 @@ core: type: ClusterIP ## @param core.service.httpPort Port number to expose on the Service for Cryostat's HTTP server httpPort: 8181 + ## @param core.service.annotations [object] Annotations to be applied to the Service for Cryostat's HTTP server + annotations: {} debug: log: ## @param core.debug.log.level Log level for troubleshooting and debugging @@ -159,6 +161,8 @@ reports: type: ClusterIP ## @param reports.service.httpPort Port number to expose on the Service for the Report Generator Deployment httpPort: 10001 + ## @param reports.service.annotations [object] Annotations to be applied to the Service for the Report Generator Deployment + annotations: {} ## @param reports.reportsSecretName Name of the secret containing the report generator access keys. This secret must contain a REPORTS_PASS secret which is the secret credential for the report generators. It must not be updated across chart upgrades, or else the connection between Cryostat and report generators will not be able to initialize. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable reportsSecretName: "" debug: @@ -212,6 +216,8 @@ db: type: ClusterIP ## @param db.service.port Port number to expose on the Service port: 5432 + ## @param db.service.annotations [object] Annotations to be applied to the Service for the database + annotations: {} resources: requests: ## @param db.resources.requests.cpu CPU resource request for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) @@ -276,6 +282,8 @@ storage: type: ClusterIP ## @param storage.service.port Port number to expose on the Service port: 8333 + ## @param storage.service.annotations [object] Annotations to be applied to the Service for the object storage + annotations: {} resources: requests: ## @param storage.resources.requests.cpu CPU resource request for the object storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources)